Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 02-Ethernet link aggregation configuration | 464.64 KB |
Contents
Configuring Ethernet link aggregation
About Ethernet link aggregation
Ethernet link aggregation application scenario
Aggregate interface, aggregation group, and member port
How static link aggregation works
How dynamic link aggregation works
Load sharing modes for link aggregation groups
Restrictions and guidelines: Mixed use of manual and automatic link aggregation configuration
Ethernet link aggregation tasks at a glance
Configuring a manual link aggregation
Restrictions and guidelines for aggregation group configuration
Configuring a Layer 2 aggregation group
Configuring a Layer 3 aggregation group
Configuring an aggregate interface
Setting the minimum and maximum numbers of Selected ports for an aggregation group
Configuring the description of an aggregate interface
Setting the MAC address for an aggregate interface
Configuring jumbo frame support
Specifying ignored VLANs for a Layer 2 aggregate interface
Setting the MTU of a Layer 3 aggregate interface
Setting the expected bandwidth for an aggregate interface
Configuring an edge aggregate interface
Configuring physical state change suppression on an aggregate interface
Shutting down an aggregate interface
Enabling rate statistics for subinterfaces of a Layer 3 aggregate interface
Enabling packet statistics for a Layer 3 aggregate subinterface
Restoring the default settings for an aggregate interface
Configuring load sharing for link aggregation groups
Setting load sharing modes for link aggregation groups
Enabling local-first load sharing for link aggregation
Enabling forwarding acceleration for link aggregation
Isolating aggregate interfaces on the device
Enabling link-aggregation traffic redirection
About link-aggregation traffic redirection
Restrictions and guidelines for link-aggregation traffic redirection
Enabling link-aggregation traffic redirection globally
Display and maintenance commands for Ethernet link aggregation
Ethernet link aggregation configuration examples
Example: Configuring a Layer 2 static aggregation group
Example: Configuring a Layer 2 dynamic aggregation group
Example: Configuring Layer 2 aggregation load sharing
Example: Configuring a Layer 3 static aggregation group
Configuring Ethernet link aggregation
About Ethernet link aggregation
Ethernet link aggregation bundles multiple physical Ethernet links into one logical link (called an aggregate link). Link aggregation provides the following benefits:
· Increased bandwidth beyond the limits of a single individual link. In an aggregate link, traffic is distributed across the member ports.
· Improved link reliability. The member ports dynamically back up one another. When a member port fails, its traffic is automatically switched to other member ports.
Ethernet link aggregation application scenario
As shown in Figure 1, Device A and Device B are connected by three physical Ethernet links. These physical Ethernet links are combined into an aggregate link called link aggregation 1. The bandwidth of this aggregate link can reach up to the total bandwidth of the three physical Ethernet links. At the same time, the three Ethernet links back up one another. When a physical Ethernet link fails, the traffic transmitted on the failed link is switched to the other two links.
Figure 1 Ethernet link aggregation diagram
Aggregate interface, aggregation group, and member port
Each link aggregation is represented by a logical aggregate interface. Each aggregate interface has an automatically created aggregation group, which contains member ports to be used for aggregation. The type and number of an aggregation group are the same as its aggregate interface.
Supported aggregate interface types
An aggregate interface can be one of the following types:
· Layer 2—A Layer 2 aggregate interface is created manually. The member ports in a Layer 2 aggregation group can only be Layer 2 Ethernet interfaces.
· Layer 3—A Layer 3 aggregate interface is created manually. The member ports in its Layer 3 aggregation group can only be Layer 3 Ethernet interfaces.
On a Layer 3 aggregate interface, you can create subinterfaces. A Layer 3 aggregate subinterface processes traffic only for the VLAN numbered with the same ID as the subinterface number.
The port rate of an aggregate interface equals the total rate of its Selected member ports. Its duplex mode is the same as that of the Selected member ports. For more information about Selected member ports, see "Aggregation states of member ports in an aggregation group."
Aggregation states of member ports in an aggregation group
A member port in an aggregation group can be in any of the following aggregation states:
· Selected—A Selected port can forward traffic.
· Unselected—An Unselected port cannot forward traffic.
· Individual—An Individual port can forward traffic as a normal physical port. This state is peculiar to the member ports of edge aggregate interfaces. A Selected or Unselected member port of an edge aggregate interface is placed in Individual state if the following events occur in sequence:
a. The member port goes down and then comes up.
b. The LACP timeout timer expires because it has not received LACPDUs.
For more information about edge aggregate interfaces, see "Edge aggregate interface."
Operational key
When aggregating ports, the system automatically assigns each port an operational key based on port information, such as port rate and duplex mode. Any change to this information triggers a recalculation of the operational key.
In an aggregation group, all Selected ports have the same operational key.
Configuration types
Port configuration includes the attribute configuration and protocol configuration. Attribute configuration affects the aggregation state of the port but the protocol configuration does not.
Attribute configuration
To become a Selected port, a member port must have the same attribute configuration as the aggregate interface. Table 1 describes the attribute configuration.
Table 1 Attribute configuration
|
Feature |
Attribute configuration |
|
VLAN |
VLAN attribute settings: · Permitted VLAN IDs. · PVID. · Link type (trunk, hybrid, or access). For information about VLANs, see "Configuring VLANs." |
Protocol configuration
Protocol configuration of a member port does not affect the aggregation state of the member port. MAC address learning and spanning tree settings are examples of the protocol configuration.
Link aggregation modes
An aggregation group operates in one of the following modes:
· Static—Static aggregation is stable. An aggregation group in static mode is called a static aggregation group. The aggregation states of the member ports in a static aggregation group are not affected by the peer ports.
· Dynamic—An aggregation group in dynamic mode is called a dynamic aggregation group. Dynamic aggregation is implemented through IEEE 802.3ad Link Aggregation Control Protocol (LACP). The local system and the peer system automatically maintain the aggregation states of the member ports. Dynamic link aggregation reduces the administrators' workload.
How static link aggregation works
Reference port selection process
When setting the aggregation states of the ports in an aggregation group, the system automatically chooses a member port as the reference port. A Selected port must have the same operational key and attribute configurations as the reference port.
The system chooses a reference port from the member ports in up state.
The candidate reference ports are organized into different priority levels following these rules:
1. In descending order of port priority.
2. Full duplex.
3. In descending order of speed.
4. Half duplex.
5. In descending order of speed.
From the candidate ports with the same attribute configurations as the aggregate interface, the one with the highest priority level is chosen as the reference port.
· If multiple ports have the same priority level, the port that has been Selected (if any) is chosen. If multiple ports with the same priority level have been Selected, the one with the smallest port number is chosen.
· If multiple ports have the same priority level and none of them has been Selected, the port with the smallest port number is chosen.
Setting the aggregation state of each member port
After the reference port is chosen, the system sets the aggregation state of each member port in the static aggregation group.
Figure 2 Setting the aggregation state of a member port in a static aggregation group
After the limit on Selected ports is reached, the aggregation state of a new member port varies by following conditions:
· The port is placed in Unselected state if the port and the Selected ports have the same port priority. This mechanism prevents traffic interruption on the existing Selected ports. A device reboot can cause the device to recalculate the aggregation states of member ports.
· The port is placed in Selected state when the following conditions are met:
¡ The port and the Selected ports have different port priorities, and the port has a higher port priority than a minimum of one Selected port.
¡ The port has the same attribute configurations as the aggregate interface.
Any operational key or attribute configuration change might affect the aggregation states of link aggregation member ports.
Dynamic link aggregation
About LACP
Dynamic aggregation is implemented through IEEE 802.3ad Link Aggregation Control Protocol (LACP).
LACP uses LACPDUs to exchange aggregation information between LACP-enabled devices. Each member port in a dynamic aggregation group can exchange information with its peer. When a member port receives an LACPDU, it compares the received information with information received on the other member ports. In this way, the two systems reach an agreement on which ports are placed in Selected state.
LACP functions
LACP offers basic LACP functions and extended LACP functions, as described in Table 2.
|
Category |
Description |
|
Basic LACP functions |
Implemented through the basic LACPDU fields, including the system LACP priority, system MAC address, port priority, port number, and operational key. |
|
Extended LACP functions |
Implemented by extending the LACPDU with new TLV fields. Extended LACP can implement LACP MAD for the IRF feature. · If a device supports both extended LACP and IRF, it can participate in LACP MAD as either an IRF member device or an intermediate device. · If a device supports extended LACP but not IRF, it can participate in LACP MAD only as an intermediate device. For more information about IRF and the LACP MAD mechanism, see Virtual Technologies Configuration Guide. |
LACP operating modes
LACP can operate in active or passive mode.
When LACP is operating in passive mode on a local member port and its peer port, both ports cannot send LACPDUs. When LACP is operating in active mode on either end of a link, both ports can send LACPDUs.
LACP priorities
LACP priorities include system LACP priority and port priority, as described in Table 3. The smaller the priority value, the higher the priority.
|
Type |
Description |
|
System LACP priority |
Used by two peer devices (or systems) to determine which one is superior in link aggregation. In dynamic link aggregation, the system that has higher system LACP priority sets the Selected state of member ports on its side. The system that has lower priority sets the aggregation state of local member ports the same as their respective peer ports. |
|
Port priority |
Determines the likelihood of a member port to be a Selected port on a system. A port with a higher port priority is more likely to become Selected. |
LACP timeout interval
The LACP timeout interval specifies how long a member port waits to receive LACPDUs from the peer port. If a local member port has not received LACPDUs from the peer within the LACP timeout interval plus 3 seconds, the member port considers the peer as failed.
The LACP timeout interval also determines the LACPDU sending rate of the peer. LACP timeout intervals include the following types:
· Short timeout interval—3 seconds. If you use the short timeout interval, the peer sends one LACPDU per second.
· Long timeout interval—90 seconds. If you use the long timeout interval, the peer sends one LACPDU every 30 seconds.
How dynamic link aggregation works
Choosing a reference port
The system chooses a reference port from the member ports in up state. A Selected port must have the same operational key and attribute configurations as the reference port.
The local system (the actor) and the peer system (the partner) negotiate a reference port by using the following workflow:
1. The two systems determine the system with the smaller system ID.
A system ID contains the system LACP priority and the system MAC address.
a. The two systems compare their LACP priority values.
The lower the LACP priority, the smaller the system ID. If the LACP priority values are the same, the two systems proceed to step b.
b. The two systems compare their MAC addresses.
The lower the MAC address, the smaller the system ID.
2. The system with the smaller system ID chooses the port with the smallest port ID as the reference port.
A port ID contains a port priority and a port number. The lower the port priority, the smaller the port ID.
a. The system chooses the port with the lowest priority value as the reference port.
If the ports have the same priority, the system proceeds to step b.
b. The system compares their port numbers.
The smaller the port number, the smaller the port ID.
The port with the smallest port number and the same attribute configurations as the aggregate interface is chosen as the reference port.
Setting the aggregation state of each member port
After the reference port is chosen, the system with the smaller system ID sets the state of each member port on its side.
Figure 3 Setting the state of a member port in a dynamic aggregation group
The system with the greater system ID can detect the aggregation state changes on the peer system. The system with the greater system ID sets the aggregation state of local member ports the same as their peer ports.
When you aggregate interfaces in dynamic mode, follow these guidelines:
· A dynamic link aggregation group chooses only full-duplex ports as the Selected ports.
· For stable aggregation and service continuity, do not change the operational key or attribute configurations on any member port.
· When a member port changes to the Selected or Unselected state, its peer port changes to the same aggregation state.
· After the Selected port limit is reached, a newly joining port becomes a Selected port if it is more eligible than a current Selected port.
Edge aggregate interface
Dynamic link aggregation fails on a server-facing aggregate interface if dynamic link aggregation is configured only on the device. The device forwards traffic by using only one of the physical ports that are connected to the server.
To improve link reliability, configure the aggregate interface as an edge aggregate interface. This feature enables all member ports of the aggregation group to forward traffic. When a member port fails, its traffic is automatically switched to other member ports.
After dynamic link aggregation is configured on the server, the device can receive LACPDUs from the server. Then, link aggregation between the device and the server operates correctly.
An edge aggregate interface takes effect only when it is configured on an aggregate interface corresponding to a dynamic aggregation group.
Load sharing modes for link aggregation groups
In a link aggregation group, traffic can be load shared across the Selected ports based on any of the following modes:
· Per-flow load sharing—Distributes traffic on a per-flow basis. The load sharing mode classifies packets into flows and forwards packets of the same flow on the same link. This mode can be one of or a combination of the following traffic classification criteria:
¡ Ingress port.
¡ Source or destination IP.
¡ Source or destination MAC.
¡ Source or destination port number.
· Bandwidth usage-based load sharing—Distributes a data flow to the Selected port that had the lowest bandwidth usage when the first packet of that data flow arrived. In this mode, each flow is identified by an IP five-tuple (source and destination IP addresses, source and destination ports, and protocol). For packets that do not contain the IP five-tuple, the default load sharing mode applies.
· Packet type-based load sharing—Automatically selects a load sharing mode depending on the packet type. For example, the load sharing mode differs between IPv4 packets and Layer 2 packets. This mode is also called the flexible mode.
Restrictions and guidelines: Mixed use of manual and automatic link aggregation configuration
To avoid unexpected aggregation issues, do not use manual assignment and automatic link aggregation together. If you use these features together, an automatically assigned member port might move between aggregation groups or undesirably change from Selected to Unselected in some situations.
Ethernet link aggregation tasks at a glance
To configure Ethernet link aggregation, perform the following tasks:
1. Configuring link aggregations
¡ Configuring a manual link aggregation
2. (Optional.) Configuring an aggregate interface
¡ Setting the minimum and maximum numbers of Selected ports for an aggregation group
¡ Configuring the description of an aggregate interface
¡ Configuring jumbo frame support
¡ Specifying ignored VLANs for a Layer 2 aggregate interface
To have the system ignore the permit state and tagging mode of a VLAN when it decides Selected ports, perform this task.
¡ Setting the MTU of a Layer 3 aggregate interface
¡ Setting the expected bandwidth for an aggregate interface
¡ Configuring an edge aggregate interface
An edge aggregate interface uses all member ports to forward traffic when the aggregation peer is not enabled with dynamic link aggregation.
¡ Configuring physical state change suppression on an aggregate interface
¡ Shutting down an aggregate interface
¡ Enabling rate statistics for subinterfaces of a Layer 3 aggregate interface
¡ Enabling packet statistics for a Layer 3 aggregate subinterface
¡ Restoring the default settings for an aggregate interface
3. (Optional.) Configuring load sharing for link aggregation groups
¡ Setting load sharing modes for link aggregation groups
¡ Enabling local-first load sharing for link aggregation
4. (Optional.) Enabling forwarding acceleration for link aggregation
5. (Optional.) Isolating aggregate interfaces on the device
6. (Optional.) Enabling link-aggregation traffic redirection
This feature redirects traffic on an unavailable Selected port to the remaining available Selected ports of an aggregation group to avoid traffic interruption.
Configuring a manual link aggregation
Restrictions and guidelines for aggregation group configuration
Layer 2 aggregation group restrictions
You cannot assign an interface to a Layer 2 aggregation group if the redundancy group node feature or MAC authentication is configured on that interface. For more information about redundancy groups, see Virtual Technologies Configuration Guide. For more information about MAC authentication, see Security Configuration Guide.
Layer 3 aggregation group restrictions
You cannot assign an interface to a Layer 3 aggregation group if any features in Table 4 are configured on that interface.
Table 4 Features incompatible with Layer 3 aggregation member interfaces
|
Feature on the interface |
Reference |
|
Reth interface |
Reth interfaces in Virtual Technologies Configuration Guide |
|
Redundancy group node |
Redundancy groups in Virtual Technologies Configuration Guide |
Aggregation member port restrictions
Deleting an aggregate interface also deletes its aggregation group and causes all member ports to leave the aggregation group.
The following restrictions apply if you have not enabled multi-VLAN termination on an aggregate interface by using the link-aggregation multivlan-termination command:
· You cannot assign both Ethernet interfaces and Ethernet subinterfaces to the aggregation group.
· You cannot create subinterfaces on an Ethernet interface that is in the aggregation group.
· You cannot assign an Ethernet interface that has subinterfaces to the aggregation group.
You cannot create aggregate subinterfaces on an aggregate interface if its aggregation group contains Ethernet subinterfaces. You cannot assign Ethernet subinterfaces to an aggregation group if its aggregate interface has aggregate subinterfaces.
Before you assign an Ethernet subinterface to an aggregation group, perform the following tasks:
· If multi-VLAN termination is not enabled on the aggregate interface, configure VLAN termination on the Ethernet subinterface. You will be unable to modify the VLAN termination configuration after you assign the subinterface to the aggregation group. To configure VLAN termination, use the following commands:
¡ vlan-type dot1q default.
¡ vlan-type dot1q untagged.
¡ vlan-type dot1q vid.
· To assign Ethernet subinterfaces that terminate different VLANs to the same aggregation group, enable multi-VLAN termination on the aggregate interface. If multi-VLAN termination is not enabled on the aggregate interface, you must make sure the Ethernet subinterfaces to be assigned to its aggregation group terminate the same VLAN.
· If you are assigning the Ethernet subinterface to a dynamic aggregation group, specify only one VLAN ID when you execute the vlan-type dot1q vid vlan-id-list [ loose ] command.
Attribute and protocol configuration restrictions
For a link aggregation, attribute configuration changes on the aggregate interface are automatically synchronized to all member ports. If an attribute setting on the aggregate interface fails to be synchronized to a Selected member port, the port might change to the Unselected state. To have the port become Selected again, you can change the attribute configurations on the aggregate interface or the member port. The configurations that have been synchronized from the aggregate interface are retained on the member ports even after the aggregate interface is deleted.
Any attribute configuration change on a member port might affect the aggregation states and running services of the member ports. The system displays a warning message every time you try to change an attribute configuration setting on a member port.
The protocol configurations for an aggregate interface take effect only on the current aggregate interface. The protocol configurations for a member port take effect only when the port leaves its aggregation group.
Configuration consistency requirements
You must configure the same aggregation mode at the two ends of an aggregate link.
· For a successful static aggregation, make sure the ports at both ends of each link are in the same aggregation state.
· For a successful dynamic aggregation, make sure the ports at both ends of a link are assigned to the correct aggregation group. The two ends can automatically negotiate the aggregation state of each member port.
Configuring a Layer 2 aggregation group
Configuring a Layer 2 static aggregation group
1. Enter system view.
system-view
2. Create a Layer 2 aggregate interface and enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 static aggregation group numbered the same as that interface.
3. Return to system view.
quit
4. Assign an interface to the Layer 2 aggregation group:
a. Enter Layer 2 Ethernet interface view.
interface interface-type interface-number
b. Assign the interface to the Layer 2 aggregation group.
port link-aggregation group group-id
Repeat the substeps to assign more interfaces to the aggregation group.
5. (Optional.) Set the port priority of the interface.
link-aggregation port-priority priority
The default port priority of an interface is 32768.
Configuring a Layer 2 dynamic aggregation group
1. Enter system view.
system-view
2. Set the system LACP priority.
lacp system-priority priority
By default, the system LACP priority is 32768.
Changing the system LACP priority might affect the aggregation states of the ports in a dynamic aggregation group.
3. Create a Layer 2 aggregate interface and enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2 static aggregation group numbered the same as that interface.
4. Configure the aggregation group to operate in dynamic mode.
link-aggregation mode dynamic
By default, an aggregation group operates in static mode.
5. Return to system view.
quit
6. Assign an interface to the Layer 2 aggregation group:
a. Enter Layer 2 Ethernet interface view.
interface interface-type interface-number
b. Assign the interface to the Layer 2 aggregation group.
port link-aggregation group group-id
Repeat these substeps to assign more Layer 2 Ethernet interfaces to the aggregation group.
7. Set the LACP operating mode for the interface.
¡ Set the LACP operating mode to passive.
lacp mode passive
¡ Set the LACP operating mode to active.
undo lacp mode
By default, LACP is operating in active mode.
8. (Optional.) Set the port priority for the interface.
link-aggregation port-priority priority
The default setting is 32768.
9. (Optional.) Set the short LACP timeout interval (3 seconds) for the interface.
lacp period short
By default, the long LACP timeout interval (90 seconds) is used by the interface.
To avoid traffic interruption during an ISSU, do not set the short LACP timeout interval before performing the ISSU. For more information about ISSU, see Fundamentals Configuration Guide.
Configuring a Layer 3 aggregation group
Configuring a Layer 3 static aggregation group
1. Enter system view.
system-view
2. Create a Layer 3 aggregate interface and enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
When you create a Layer 3 aggregate interface, the system automatically creates a Layer 3 static aggregation group numbered the same as that interface.
3. Return to system view.
quit
4. Assign an interface to the Layer 3 aggregation group:
a. Enter Layer 3 Ethernet interface view.
interface interface-type interface-number
b. Assign the interface to the Layer 3 aggregation group.
port link-aggregation group group-id
Repeat the substeps to assign more interfaces to the aggregation group.
5. (Optional.) Set the port priority of the interface.
link-aggregation port-priority priority
The default port priority of an interface is 32768.
Configuring a Layer 3 dynamic aggregation group
1. Enter system view.
system-view
2. Set the system LACP priority.
lacp system-priority priority
By default, the system LACP priority is 32768.
Changing the system LACP priority might affect the aggregation states of the ports in the dynamic aggregation group.
3. Create a Layer 3 aggregate interface and enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
When you create a Layer 3 aggregate interface, the system automatically creates a Layer 3 static aggregation group numbered the same as that interface.
4. Configure the aggregation group to operate in dynamic mode.
link-aggregation mode dynamic
By default, an aggregation group operates in static mode.
5. Return to system view.
quit
6. Assign an interface to the Layer 3 aggregation group:
a. Enter Layer 3 Ethernet interface view.
interface interface-type interface-number
b. Assign the interface to the Layer 3 aggregation group.
port link-aggregation group group-id
Repeat these two substeps to assign more Layer 3 Ethernet interfaces to the aggregation group.
7. Set the LACP operating mode for the interface.
¡ Set the LACP operating mode to passive.
lacp mode passive
¡ Set the LACP operating mode to active.
undo lacp mode
By default, LACP is operating in active mode.
8. (Optional.) Set the port priority of the interface.
link-aggregation port-priority priority
The default setting is 32768.
9. (Optional.) Set the short LACP timeout interval (3 seconds) for the interface.
lacp period short
By default, the long LACP timeout interval (90 seconds) is used by the interface.
To avoid traffic interruption during an ISSU, do not set the short LACP timeout interval before performing the ISSU. For more information about ISSU, see Fundamentals Configuration Guide.
Configuring an aggregate interface
Most settings that can be made on Layer 2 or Layer 3 Ethernet interfaces can also be made on Layer 2 or Layer 3 aggregate interfaces.
Setting the minimum and maximum numbers of Selected ports for an aggregation group
About this task
The bandwidth of an aggregate link increases as the number of Selected member ports increases. To avoid congestion, you can set the minimum number of Selected ports required for bringing up an aggregate interface.
This minimum threshold setting affects the aggregation states of aggregation member ports and the state of the aggregate interface.
· When the number of member ports eligible to be Selected ports is smaller than the minimum threshold, the following events occur:
¡ The eligible member ports are placed in Unselected state.
¡ The link layer state of the aggregate interface becomes down.
· When the number of member ports eligible to be Selected ports reaches or exceeds the minimum threshold, the following events occur:
¡ The eligible member ports are placed in Selected state.
¡ The link layer state of the aggregate interface becomes up.
The maximum number of Selected ports allowed in an aggregation group is limited by either manual configuration or hardware limitation, whichever value is smaller.
You can implement backup between two ports by performing the following tasks:
· Assigning two ports to an aggregation group.
· Setting the maximum number of Selected ports to 1 for the aggregation group.
Then, only one Selected port is allowed in the aggregation group, and the Unselected port acts as a backup port.
Restrictions and guidelines
The minimum and maximum numbers of Selected ports must be the same between the local and peer aggregation groups.
For an aggregation group, the maximum number of Selected ports must be equal to or higher than the minimum number of Selected ports.
Procedure
1. Enter system view.
system-view
2. Enter aggregate interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
3. Set the minimum number of Selected ports for the aggregation group.
link-aggregation selected-port minimum min-number
By default, the minimum number of Selected ports is not specified for an aggregation group.
4. Set the maximum number of Selected ports for the aggregation group.
link-aggregation selected-port maximum max-number
The maximum number of Selected ports for an aggregation group is in the range of 1 to 16.
Configuring the description of an aggregate interface
About this task
You can configure the description of an aggregate interface for administration purposes, for example, describing the purpose of the interface.
Procedure
1. Enter system view.
system-view
2. Enter aggregate interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
¡ Enter Layer 3 aggregate subinterface view.
interface route-aggregation interface-number.subnumber }
3. Configure the interface description.
description text
By default, the description of an interface is interface-name Interface.
Setting the MAC address for an aggregate interface
About this task
Typically, all aggregate interfaces on a device use the same MAC address, and aggregate interfaces on different devices use different MAC addresses. However, you must set different MAC addresses for aggregate interfaces on a device in some situations.
Procedure
1. Enter system view.
system-view
2. Enter aggregate interface view.
¡ Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
3. Assign a MAC address to the aggregate interface.
mac-address mac-address
By default, all aggregate interfaces on the device use the same MAC address. The default MAC address of an aggregate interface varies by device.
Configuring jumbo frame support
About this task
An aggregate interface might receive frames larger than the maximum frame size allowed by an interface during high-throughput data exchanges, such as file transfers. These frames are called jumbo frames.
How an aggregate interface processes jumbo frames depends on whether jumbo frame support is enabled on the interface.
· If configured to deny jumbo frames, the aggregate interface discards jumbo frames.
· If enabled with jumbo frame support, the aggregate interface performs the following operations:
¡ Processes jumbo frames within the allowed length.
¡ Discards jumbo frames that exceed the allowed length.
Procedure
1. Enter system view.
system-view
2. Enter aggregate interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
3. Allow jumbo frames.
jumboframe enable [ size ]
The default setting varies by device model. For more information, see the command reference.
If you execute this command multiple times, the most recent configuration takes effect.
Disabling the default action of selecting a Selected port for dynamic aggregation groups that have not received LACPDUs
About this task
The default port selection action applies to dynamic aggregation groups.
This action automatically chooses the port with the lowest ID from among all up member ports as a Selected port if none of them has received LACPDUs before the LACP timeout interval expires.
After this action is disabled, a dynamic aggregation group will not have any Selected ports to forward traffic if it has not received LACPDUs before the LACP timeout interval expires.
Procedure
1. Enter system view.
system-view
2. Disable the default port selection action.
lacp default-selected-port disable
By default, the default port selection action is enabled for dynamic aggregation groups.
Specifying ignored VLANs for a Layer 2 aggregate interface
About this task
By default, to become Selected, the member ports must have the same VLAN permit state and tagging mode as the corresponding Layer 2 aggregate interface. To have the system ignore the permit state and tagging mode of a VLAN when choosing Selected ports, specify the VLAN as an ignored VLAN.
Restrictions and guidelines
This feature takes effect only when the link type of a Layer 2 aggregate interface is hybrid or trunk.
Procedure
1. Enter system view.
system-view
2. Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
3. Specify ignored VLANs.
link-aggregation ignore vlan vlan-id-list
By default, a Layer 2 aggregate interface does not ignore any VLANs.
Setting the MTU of a Layer 3 aggregate interface
About this task
The MTU of an interface affects IP packets fragmentation and reassembly on the interface.
Procedure
1. Enter system view.
system-view
2. Enter Layer 3 aggregate interface or subinterface view.
interface route-aggregation { interface-number | interface-number.subnumber }
3. Set the MTU.
mtu size
The default setting is 1500 bytes.
Setting the expected bandwidth for an aggregate interface
About this task
Expected bandwidth is an informational parameter used only by higher-layer protocols for calculation. You cannot adjust the actual bandwidth of an interface by performing this task.
Procedure
1. Enter system view.
system-view
2. Enter aggregate interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
¡ Enter Layer 3 aggregate subinterface view.
interface route-aggregation interface-number.subnumber }
3. Set the expected bandwidth for the interface.
bandwidth bandwidth-value
By default, the expected bandwidth (in kbps) is the interface baud rate divided by 1000.
Configuring an edge aggregate interface
Restrictions and guidelines
This configuration takes effect only on aggregate interface in dynamic mode.
Link-aggregation traffic redirection cannot operate correctly on an edge aggregate interface. For more information about link-aggregation traffic redirection, see "Enabling link-aggregation traffic redirection."
Procedure
1. Enter system view.
system-view
2. Enter aggregate interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
3. Configure the aggregate interface as an edge aggregate interface.
lacp edge-port
By default, an aggregate interface does not operate as an edge aggregate interface.
Configuring physical state change suppression on an aggregate interface
About this task
The physical link state of an aggregate interface is either up or down. Each time the physical link of an interface comes up or goes down, the system immediately reports the change to the CPU. The CPU then performs the following operations:
· Notifies the upper-layer protocol modules (such as routing and forwarding modules) of the change for guiding packet forwarding.
· Automatically generates traps and logs to inform users to take the correct actions.
To prevent frequent physical link flapping from affecting system performance, configure physical state change suppression. You can configure this feature to suppress link-down events, link-up events, or both. If an event of the specified type persists when the suppression interval expires, the system reports the event to the CPU.
Restrictions and guidelines
On an interface, you can configure different suppression intervals for link-up and link-down events. If you execute the link-delay command multiple times for an event type, the most recent configuration takes effect on that event type.
Procedure
1. Enter system view.
system-view
2. Enter aggregate interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
3. Configure physical state change suppression.
link-delay [ msec ] delay-time [ mode { up | updown } ]
By default, each time the physical link of an aggregate interface goes up or comes down, the system immediately reports the change to the CPU.
To suppress only link-down events, do not specify the mode keyword. To suppress only link-up events, specify the mode up keywords. To suppress both link-down and link-up events, specify the mode updown keywords.
Shutting down an aggregate interface
Restrictions and guidelines
|
|
CAUTION: The shutdown command will disconnect all links established on an interface. Make sure you are fully aware of the impacts of this command when you use it on a live network. |
Shutting down or bringing up an aggregate interface affects the aggregation states and link states of member ports in the corresponding aggregation group as follows:
· When an aggregate interface is shut down, all its Selected ports become Unselected and all member ports go down.
· When an aggregate interface is brought up, the aggregation states of all its member ports are recalculated.
Procedure
1. Enter system view.
system-view
2. Enter aggregate interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
¡ Enter Layer 3 aggregate subinterface view.
interface route-aggregation interface-number.subnumber }
3. Shut down the interface.
shutdown
By default, an interface is not manually shut down.
Enabling rate statistics for subinterfaces of a Layer 3 aggregate interface
Restrictions and guidelines
Rate statistics collection for Layer 3 aggregate subinterfaces is resource intensive. When you use this feature on a live network, make sure you fully understand its impact.
This feature enables the device to periodically refresh rate statistics for the subinterfaces of a Layer 3 aggregate interface. The rate statistics are available in two statistics polling intervals after you enable this feature. To set the statistics polling interval, use the flow-interval command.
Procedure
1. Enter system view.
system-view
2. Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
3. Enable rate statistics collection for the subinterfaces of the Layer 3 aggregate interface.
sub-interface rate-statistic
By default, rate statistics collection is disabled for Layer 3 aggregate subinterfaces.
4. (Optional.) Display rate statistics for a Layer 3 aggregate subinterface.
display interface route-aggregation interface-number.subnumber
Enabling packet statistics for a Layer 3 aggregate subinterface
Restrictions and guidelines
The packet statistics feature is CPU intensive. When you use this command for Layer 3 aggregate subinterfaces, make sure you fully understand its impact on system performance.
You can use the flow-interval command to adjust the interval at which the statistics are polled. To conserve hardware resources, increase the polling interval. For more information about this command, see Ethernet interface commands in Interface Command Reference.
Procedure
1. Enter system view.
system-view
2. Enter Layer 3 aggregate subinterface view.
interface route-aggregation interface-number.subnumber
3. Enable packet statistics for the Layer 3 aggregate subinterface.
traffic-statistic enable
By default, the packet statistics feature is disabled for a Layer 3 aggregate subinterface.
4. (Optional.) Display the packet statistics for the Layer 3 aggregate subinterface.
display interface route-aggregation interface-number.subnumber
In the command output, the Input and Output fields display packet statistics.
Restoring the default settings for an aggregate interface
Restrictions and guidelines
|
|
CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you execute it on a live network. |
The default command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.
To resolve this issue:
1. Use the display this command in interface view to identify these commands.
2. Use their undo forms or follow the command reference to restore their default settings.
3. If the restoration attempt still fails, follow the error message instructions to resolve the issue.
Procedure
1. Enter system view.
system-view
2. Enter aggregate interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
¡ Enter Layer 3 aggregate subinterface view.
interface route-aggregation interface-number.subnumber }
3. Restore the default settings for the aggregate interface.
default
Configuring load sharing for link aggregation groups
Setting load sharing modes for link aggregation groups
About this task
You can set the global or group-specific load sharing mode. A link aggregation group preferentially uses the group-specific load sharing mode. If the group-specific load sharing mode is not available, the group uses the global load sharing mode.
Setting the global link-aggregation load sharing mode
1. Enter system view.
system-view
2. Set the global link-aggregation load sharing mode.
link-aggregation global load-sharing mode { destination-ip | destination-mac | destination-port | ingress-port | source-ip | source-mac | source-port } *
By default, the system automatically chooses a load sharing mode depending on the packet type.
Setting the group-specific load sharing mode
1. Enter system view.
system-view
2. Enter aggregate interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
3. Set the load sharing mode for the aggregation group.
link-aggregation load-sharing mode { destination-ip | destination-mac | destination-port | source-ip | source-mac | source-port } *
By default, an aggregation group uses the global link-aggregation load sharing mode.
Enabling local-first load sharing for link aggregation
About this task
Use local-first load sharing in a multichassis link aggregation scenario to distribute traffic preferentially across member ports on the ingress device.
When you aggregate ports on different member devices in an IRF fabric, you can use local-first load sharing to reduce traffic on IRF links, as shown in Figure 4. For more information about IRF, see Virtual Technologies Configuration Guide.
Figure 4 Load sharing for multichassis link aggregation in an IRF fabric
Hardware and feature compatibility
The following compatibility matrixes show the support of hardware platforms for this command:
|
Series |
Models |
Command compatibility |
|
F1000-X-G5 series |
F1000-A-G5, F1000-S-G5, F1000-C-G5, F1000-C-G5-LI, F1000-E-G5, F1000-H-G5 |
Yes |
|
F1000-X-XI series |
F1000-E-XI |
Yes |
|
Series |
Models |
Command compatibility |
|
F100-X-G5 series |
F100-A-G5, F100-E-G5, F100-C-G5, F100-M-G5, F100-S-G5 |
Yes |
|
F100-C-A series |
F100-C-A2, F100-C-A1 |
No |
|
F100-X-XI series |
F100-A-XI |
No |
|
F100-C-XI, F100-S-XI |
Yes |
Enabling local-first load sharing for link aggregation globally
1. Enter system view.
system-view
2. Enable local-first load sharing for link aggregation globally.
link-aggregation load-sharing mode local-first
By default, local-first load sharing is enabled globally.
Enabling forwarding acceleration for link aggregation
About this task
This feature accelerates traffic forwarding on an aggregate interface whose member ports are located on multiple slots.
Restrictions and guidelines
Forwarding acceleration takes effect on an aggregate interface only when it is enabled both globally and on the aggregate interface.
Procedure
1. Enter system view.
system-view
2. Enable forwarding acceleration globally.
link-aggregation global forwarding-acceleration enable
By default, forwarding acceleration is disabled globally.
3. Enter aggregate interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
4. Enable forwarding acceleration on the interface.
link-aggregation forwarding-acceleration enable
By default, forwarding acceleration is enabled on aggregate interfaces.
Isolating aggregate interfaces on the device
About this task
Aggregate interface isolation gracefully changes member ports of all dynamic aggregate interfaces to Unselected state. The member ports of the counterpart aggregation groups will also be placed in Unselected state.
Restrictions and guidelines
This feature takes effect only on dynamic aggregate interfaces. It cannot isolate static aggregate interfaces.
Procedure
1. Enter system view.
system-view
2. Isolate aggregate interfaces.
link-aggregation lacp isolate
By default, aggregate interfaces are not isolated.
To remove DR interface isolation, execute the undo form of this command.
Enabling link-aggregation traffic redirection
About link-aggregation traffic redirection
This feature operates on dynamic link aggregation groups. It redirects traffic on a Selected port to the remaining available Selected ports of an aggregation group if the port is shut down by using the shutdown command or the slot that hosts the port reboots.
|
|
NOTE: The device does not redirect traffic to member ports that become Selected during the traffic redirection process. |
This feature ensures zero packet loss for known unicast traffic, but does not protect unknown unicast traffic.
Restrictions and guidelines for link-aggregation traffic redirection
Link-aggregation traffic redirection applies only to dynamic link aggregation groups.
As a best practice, enable link-aggregation traffic redirection on a per-interface basis. If you enable this feature globally, communication with a third-party peer device might be affected if the peer is not compatible with this feature.
To prevent traffic interruption, enable link-aggregation traffic redirection at both ends of the aggregate link.
To prevent packet loss that might occur at a reboot, do not enable the spanning tree feature together with link-aggregation traffic redirection.
Link-aggregation traffic redirection does not operate correctly on an edge aggregate interface.
Enabling link-aggregation traffic redirection globally
1. Enter system view.
system-view
2. Enable link-aggregation traffic redirection globally.
link-aggregation lacp traffic-redirect-notification enable
By default, link-aggregation traffic redirection is disabled globally.
Display and maintenance commands for Ethernet link aggregation
Execute display commands in any view and reset commands in user view.
Ethernet link aggregation configuration examples
Example: Configuring a Layer 2 static aggregation group
Network configuration
As shown in Figure 5, configure a Layer 2 static aggregation group on both Device A and Device B to aggregate the links between them.
Procedure
1. Configure interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/4 to operate in Layer 2 mode.
<DeviceA> system-view
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/4
[DeviceA-if-range] port link-mode bridge
[DeviceA-if-range] quit
2. Create VLAN 10, and assign interface GigabitEthernet 1/0/4 to VLAN 10.
[DeviceA] vlan 10
[DeviceA-vlan10] port gigabitethernet 1/0/4
[DeviceA-vlan10] quit
3. Configure a Layer 2 static aggregation group:
# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 1 and 10.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 1 10
[DeviceA-Bridge-Aggregation1] quit
# Assign interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1.
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
4. Configure interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 as trunk ports and assign them to VLANs 1 and 10.
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[DeviceA-if-range] port link-type trunk
[DeviceA-if-range] port trunk permit vlan 1 10
[DeviceA-if-range] quit
5. Add interfaces to security zones.
[DeviceA] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/4 vlan 10
[Device-security-zone-Trust] quit
[DeviceA] security-zone name untrust
[Device-security-zone-Untrust] import interface bridge-aggregation 1 vlan 1 10
[Device-security-zone-Untrust] quit
6. Configure a security policy:
Configure rules to permit traffic between the Trust and Untrust security zones, so the devices can communicate with each other:
# Configure a rule named trust-untrust to permit the packets sent from the Trust security zone to the Untrust security zone.
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name trust-untrust
[DeviceA-security-policy-ip-0-trust-untrust] action pass
[DeviceA-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceA-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceA-security-policy-ip-0-trust-untrust] quit
[DeviceA-security-policy-ip] quit
# Configure a rule named untrust-trust to permit the packets sent from the Untrust security zone to the Trust security zone.
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name untrust-trust
[DeviceA-security-policy-ip-1-untrust-trust] action pass
[DeviceA-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceA-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceA-security-policy-ip-1-untrust-trust] quit
[DeviceA-security-policy-ip] quit
7. Configure Device B in the same way Device A is configured. (Details not shown.)
Verifying the configuration
# Display detailed information about all aggregation groups on Device A.
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1
GE1/0/2 S 32768 1
GE1/0/3 S 32768 1
The output shows that link aggregation group 1 is a Layer 2 static aggregation group that contains three Selected ports.
Example: Configuring a Layer 2 dynamic aggregation group
Network configuration
As shown in Figure 6, configure a Layer 2 dynamic aggregation group on both Device A and Device B to aggregate the links between them.
Procedure
1. Configure interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/4 to operate in Layer 2 mode.
<DeviceA> system-view
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/4
[DeviceA-if-range] port link-mode bridge
[DeviceA-if-range] quit
2. Create VLAN 10, and assign interface GigabitEthernet 1/0/4 to VLAN 10.
[DeviceA] vlan 10
[DeviceA-vlan10] port gigabitethernet 1/0/4
[DeviceA-vlan10] quit
3. Configure a Layer 2 dynamic aggregation group:
# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port, assign it to VLANs 1 and 10, and set the link aggregation mode to dynamic.
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 1 10
[DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation1] quit
# Assign interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to link aggregation group 1.
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
4. Configure interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 as trunk ports and assign them to VLANs 1 and 10.
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[DeviceA-if-range] port link-type trunk
[DeviceA-if-range] port trunk permit vlan 1 10
[DeviceA-if-range] quit
5. Add interfaces to security zones.
[DeviceA] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/4 vlan 10
[Device-security-zone-Trust] quit
[DeviceA] security-zone name untrust
[Device-security-zone-Untrust] import interface bridge-aggregation 1 vlan 1 10
[Device-security-zone-Untrust] quit
6. Configure a security policy:
Configure rules to permit traffic between the Trust and Untrust security zones, so the devices can communicate with each other:
# Configure a rule named trust-untrust to permit the packets sent from the Trust security zone to the Untrust security zone.
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name trust-untrust
[DeviceA-security-policy-ip-0-trust-untrust] action pass
[DeviceA-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceA-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceA-security-policy-ip-0-trust-untrust] quit
[DeviceA-security-policy-ip] quit
# Configure a rule named untrust-trust to permit the packets sent from the Untrust security zone to the Trust security zone.
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name untrust-trust
[DeviceA-security-policy-ip-1-untrust-trust] action pass
[DeviceA-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceA-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceA-security-policy-ip-1-untrust-trust] quit
[DeviceA-security-policy-ip] quit
7. Configure Device B in the same way Device A is configured. (Details not shown.)
Verifying the configuration
# Display detailed information about all aggregation groups on Device A.
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Creation Mode: Manual
Aggregation Mode: Dynamic
Loadsharing Type: Shar
System ID: 0x8000, 000f-e267-6c6a
Local:
Port Status Priority Oper-Key Flag
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1 {ACDEF}
GE1/0/2 S 32768 1 {ACDEF}
GE1/0/3 S 32768 1 {ACDEF}
Remote:
Actor Partner Priority Oper-Key SystemID Flag
--------------------------------------------------------------------------------
GE1/0/1 1 32768 1 0x8000, 000f-e267-57ad {ACDEF}
GE1/0/2 2 32768 1 0x8000, 000f-e267-57ad {ACDEF}
GE1/0/3 3 32768 1 0x8000, 000f-e267-57ad {ACDEF}
The output shows that link aggregation group 1 is a Layer 2 dynamic aggregation group that contains three Selected ports.
Example: Configuring Layer 2 aggregation load sharing
Network configuration
As shown in Figure 7, perform the following tasks:
· Configure Layer 2 static aggregation groups 1 and 2 on Device A and Device B, respectively.
· Configure link aggregation groups 1 and 2 to load share traffic across aggregation group member ports.
¡ Configure link aggregation group 1 to load share packets based on source MAC addresses.
¡ Configure link aggregation group 2 to load share packets based on destination MAC addresses.
Procedure
1. Configure interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/5 to operate in Layer 2 mode.
<DeviceA> system-view
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/5
[DeviceA-if-range] port link-mode bridge
[DeviceA-if-range] quit
2. Create VLAN 10, and assign interface GigabitEthernet 1/0/5 to VLAN 10.
[DeviceA] vlan 10
[DeviceA-vlan10] port gigabitethernet 1/0/5
[DeviceA-vlan10] quit
3. Configure Layer 2 aggregation groups:
# Configure Layer 2 aggregate interface Bridge-Aggregation 1 as a trunk port and assign it to VLANs 1 and 10, and configure it to load share packets based on source MAC addresses..
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 1 10
[DeviceA-Bridge-Aggregation1] link-aggregation load-sharing mode source-mac
[DeviceA-Bridge-Aggregation1] quit
# Assign interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to link aggregation group 1.
[DeviceA] interface range GigabitEthernet1/0/1 to GigabitEthernet1/0/2
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
# Configure Layer 2 aggregate interface Bridge-Aggregation 2 as a trunk port and assign it to VLANs 1 and 10, and configure it to load share packets based on destination MAC addresses..
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 1 10
[DeviceA-Bridge-Aggregation1] link-aggregation load-sharing mode destination-mac
[DeviceA-Bridge-Aggregation1] quit
# Assign interfaces GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to link aggregation group 2.
[DeviceA] interface range gigabitethernet 1/0/3 to gigabitethernet 1/0/4
[DeviceA-if-range] port link-aggregation group 2
[DeviceA-if-range] quit
4. Configure interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/4 as trunk ports and assign them to VLANs 1 and 10.
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/4
[DeviceA-if-range] port link-type trunk
[DeviceA-if-range] port trunk permit vlan 1 10
[DeviceA-if-range] quit
5. Add interfaces to security zones.
[DeviceA] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/5 vlan 10
[Device-security-zone-Trust] quit
[DeviceA] security-zone name untrust
[Device-security-zone-Untrust] import interface bridge-aggregation 1 vlan 1 10
[Device-security-zone-Untrust] import interface bridge-aggregation 2 vlan 1 10
[Device-security-zone-Untrust] quit
6. Configure a security policy:
Configure rules to permit traffic between the Trust and Untrust security zones, so the devices can communicate with each other:
# Configure a rule named trust-untrust to permit the packets sent from the Trust security zone to the Untrust security zone
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name trust-untrust
[DeviceA-security-policy-ip-0-trust-untrust] action pass
[DeviceA-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceA-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceA-security-policy-ip-0-trust-untrust] quit
[DeviceA-security-policy-ip] quit
# Configure a rule named untrust-trust to permit the packets sent from the Untrust security zone to the Trust security zone
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name untrust-trust
[DeviceA-security-policy-ip-1-untrust-trust] action pass
[DeviceA-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceA-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceA-security-policy-ip-1-untrust-trust] quit
[DeviceA-security-policy-ip] quit
7. Configure Device B in the same way Device A is configured. (Details not shown.)
Verifying the configuration
# Display detailed information about all aggregation groups on Device A.
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1
GE1/0/2 S 32768 1
Aggregate Interface: Bridge-Aggregation2
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/3 S 32768 2
GE1/0/4 S 32768 2
The output shows that:
· Link aggregation groups 1 and 2 are both load-shared Layer 2 static aggregation groups.
· Each aggregation group contains two Selected ports.
# Display all the group-specific load sharing modes on Device A.
[DeviceA] display link-aggregation load-sharing mode interface
Bridge-Aggregation1 Load-Sharing Mode:
source-mac address
Bridge-Aggregation2 Load-Sharing Mode:
destination-mac address
The output shows that:
· Link aggregation group 1 distributes packets based on source MAC addresses.
· Link aggregation group 2 distributes packets based on destination MAC addresses.
Example: Configuring a Layer 3 static aggregation group
Network configuration
As shown in Figure 8, configure a Layer 3 static aggregation group on both Device A and Device B to aggregate the links between them.
Procedure
1. Configure a Layer 3 static aggregation group:
# Create Layer 3 aggregate interface Route-Aggregation 1, and assign an IP address to the aggregate interface.
<DeviceA> system-view
[DeviceA] interface route-aggregation 1
[DeviceA-Route-Aggregation1] ip address 192.168.2.1 24
[DeviceA-Route-Aggregation1] quit
# Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to aggregation group 1.
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
2. Assign an IP address to interface GigabitEthernet 1/0/4.
[DeviceA] interface GigabitEthernet 1/0/4
[DeviceA-GigabitEthernet1/0/4] ip address 192.168.1.2 24
[DeviceA-GigabitEthernet1/0/4] quit
3. Configure settings for routing.
This example configure a static route for PC B, and the next hop is 192.168.2.2.
[DeviceA] ip route-static 192.168.3.1 24 192.168.2.2
4. Add interfaces to security zones.
[DeviceA] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/4
[Device-security-zone-Trust] quit
[DeviceA] security-zone name untrust
[Device-security-zone-Untrust] import interface route-aggregation 1
[Device-security-zone-Untrust] quit
5. Configure a security policy:
Configure rules to permit traffic between PC A and PC B:
# Configure a rule named trust-untrust to permit the packets sent from the Trust security zone to the Untrust security zone.
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name trust-untrust
[DeviceA-security-policy-ip-0-trust-untrust] action pass
[DeviceA-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceA-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceA-security-policy-ip-0-trust-untrust] source-ip-subnet 192.168.1.0 24
[DeviceA-security-policy-ip-0-trust-untrust] destination-ip-subnet 192.168.3.0 24
[DeviceA-security-policy-ip-0-trust-untrust] quit
[DeviceA-security-policy-ip] quit
# Configure a rule named untrust-trust to permit the packets sent from the Untrust security zone to the Trust security zone
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name untrust-trust
[DeviceA-security-policy-ip-1-untrust-trust] action pass
[DeviceA-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceA-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceA-security-policy-ip-1-untrust-trust] source-ip-subnet 192.168.3.0 24
[DeviceA-security-policy-ip-1-untrust-trust] destination-ip-subnet 192.168.1.0 24
[DeviceA-security-policy-ip-1-untrust-trust] quit
[DeviceA-security-policy-ip] quit
6. Configure Device B in the same way Device A is configured. (Details not shown.)
Verifying the configuration
# Display detailed information about all aggregation groups on Device A.
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1
GE1/0/2 S 32768 1
GE1/0/3 S 32768 1
The output shows that link aggregation group 1 is a Layer 3 static aggregation group that contains three Selected ports.
Example: Configuring a Layer 3 dynamic aggregation group
Network configuration
As shown in Figure 9, configure a Layer 3 dynamic aggregation group on both Device A and Device B to aggregate the links between them.
Procedure
1. Configure a dynamic aggregation group:
# Create Layer 3 aggregate interface Route-Aggregation 1.
<DeviceA> system-view
[DeviceA] interface route-aggregation 1
# Assign an IP address to Route-Aggregation 1.
[DeviceA-Route-Aggregation1] ip address 192.168.2.1 24
# Set the link aggregation mode to dynamic.
[DeviceA-Route-Aggregation1] link-aggregation mode dynamic
[DeviceA-Route-Aggregation1] quit
# Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to aggregation group 1.
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
2. Assign an IP address to interface GigabitEthernet 1/0/4.
[DeviceA] interface GigabitEthernet 1/0/4
[DeviceA-GigabitEthernet1/0/4] ip address 192.168.1.2 24
[DeviceA-GigabitEthernet1/0/4] quit
3. Configure settings for routing.
This example configure a static route for PC B, and the next hop in the routes is 192.168.2.2.
[DeviceA] ip route-static 192.168.3.1 24 192.168.2.2
4. Add interfaces to security zones.
[DeviceA] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/4
[Device-security-zone-Trust] quit
[DeviceA] security-zone name untrust
[Device-security-zone-Untrust] import interface route-aggregation 1
[Device-security-zone-Untrust] quit
5. Configure a security policy:
Configure rules to permit traffic between PC A and PC B:
# Configure a rule named trust-untrust to permit the packets sent from the Trust security zone to the Untrust security zone.
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name trust-untrust
[DeviceA-security-policy-ip-0-trust-untrust] action pass
[DeviceA-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceA-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceA-security-policy-ip-0-trust-untrust] source-ip-subnet 192.168.1.0 24
[DeviceA-security-policy-ip-0-trust-untrust] destination-ip-subnet 192.168.3.0 24
[DeviceA-security-policy-ip-0-trust-untrust] quit
[DeviceA-security-policy-ip] quit
# Configure a rule named untrust-trust to permit the packets sent from the Untrust security zone to the Trust security zone
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name untrust-trust
[DeviceA-security-policy-ip-1-untrust-trust] action pass
[DeviceA-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceA-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceA-security-policy-ip-1-untrust-trust] source-ip-subnet 192.168.3.0 24
[DeviceA-security-policy-ip-1-untrust-trust] destination-ip-subnet 192.168.1.0 24
[DeviceA-security-policy-ip-1-untrust-trust] quit
[DeviceA-security-policy-ip] quit
6. Configure Device B in the same way Device A is configured. (Details not shown.)
Verifying the configuration
# Display detailed information about all aggregation groups on Device A.
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Creation Mode: Manual
Aggregation Mode: Dynamic
Loadsharing Type: Shar
System ID: 0x8000, 000f-e267-6c6a
Local:
Port Status Priority Oper-Key Flag
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1 {ACDEF}
GE1/0/2 S 32768 1 {ACDEF}
GE1/0/3 S 32768 1 {ACDEF}
Remote:
Actor Partner Priority Oper-Key SystemID Flag
--------------------------------------------------------------------------------
GE1/0/1 1 32768 1 0x8000, 000f-e267-57ad {ACDEF}
GE1/0/2 2 32768 1 0x8000, 000f-e267-57ad {ACDEF}
GE1/0/3 3 32768 1 0x8000, 000f-e267-57ad {ACDEF}
The output shows that link aggregation group 1 is a Layer 3 dynamic aggregation group that contains three Selected ports.
Example: Configuring Layer 3 aggregation load sharing
Network configuration
As shown in Figure 10, perform the following tasks:
· Configure Layer 3 static aggregation groups 1 and 2 on Device A and Device B, respectively.
· Configure link aggregation groups 1 and 2 to load share traffic across aggregation group member ports.
¡ Configure link aggregation group 1 to load share packets based on source IP addresses.
¡ Configure link aggregation group 2 to load share packets based on destination IP addresses.
Procedure
1. Configure Layer 3 aggregation groups:
# Create Layer 3 aggregate interface Route-Aggregation 1.
<DeviceA> system-view
[DeviceA] interface route-aggregation 1
# Configure Layer 3 aggregation group 1 to load share packets based on source IP addresses.
[DeviceA-Route-Aggregation1] link-aggregation load-sharing mode source-ip
# Assign an IP address to Layer 3 aggregate interface Route-Aggregation 1.
[DeviceA-Route-Aggregation1] ip address 192.168.2.1 24
[DeviceA-Route-Aggregation1] quit
# Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to aggregation group 1.
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/2
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
# Create Layer 3 aggregate interface Route-Aggregation 2.
[DeviceA] interface route-aggregation 2
# Configure Layer 3 aggregation group 2 to load share packets based on destination IP addresses.
[DeviceA-Route-Aggregation2] link-aggregation load-sharing mode destination-ip
# Assign an IP address to Layer 3 aggregate interface Route-Aggregation 2.
[DeviceA-Route-Aggregation2] ip address 192.168.3.1 24
[DeviceA-Route-Aggregation2] quit
# Assign Layer 3 Ethernet interfaces GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 to aggregation group 2.
[DeviceA] interface range gigabitethernet 1/0/3 to gigabitethernet 1/0/4
[DeviceA-if-range] port link-aggregation group 2
[DeviceA-if-range] quit
2. Assign an IP address to interface GigabitEthernet 1/0/5.
[DeviceA] interface gigabitethernet 1/0/5
[DeviceA-GigabitEthernet1/0/5] ip address 192.168.1.2 24
[DeviceA-GigabitEthernet1/0/5] quit
3. Configure settings for routing.
This example configure static routes for PC B, and the next hops in the routes are 192.168.2.2 and 192.168.3.2.
[DeviceA] ip route-static 192.168.4.1 24 192.168.2.2
[DeviceA] ip route-static 192.168.4.1 24 192.168.3.2
4. Add interfaces to security zones.
[DeviceA] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/5
[Device-security-zone-Trust] quit
[DeviceA] security-zone name untrust
[Device-security-zone-Untrust] import interface route-aggregation 1
[Device-security-zone-Untrust] import interface route-aggregation 2
[Device-security-zone-Untrust] quit
5. Configure a security policy:
Configure rules to permit traffic between PC A and PC B:
# Configure a rule named trust-untrust to permit the packets sent from the Trust security zone to the Untrust security zone.
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name trust-untrust
[DeviceA-security-policy-ip-0-trust-untrust] action pass
[DeviceA-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceA-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceA-security-policy-ip-0-trust-untrust] source-ip-subnet 192.168.1.0 24
[DeviceA-security-policy-ip-0-trust-untrust] destination-ip-subnet 192.168.4.0 24
[DeviceA-security-policy-ip-0-trust-untrust] quit
[DeviceA-security-policy-ip] quit
# Configure a rule named untrust-trust to permit the packets sent from the Untrust security zone to the Trust security zone.
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name untrust-trust
[DeviceA-security-policy-ip-1-untrust-trust] action pass
[DeviceA-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceA-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceA-security-policy-ip-1-untrust-trust] source-ip-subnet 192.168.4.0 24
[DeviceA-security-policy-ip-1-untrust-trust] destination-ip-subnet 192.168.1.0 24
[DeviceA-security-policy-ip-1-untrust-trust] quit
[DeviceA-security-policy-ip] quit
6. Configure Device B in the same way Device A is configured. (Details not shown.)
Verifying the configuration
# Display detailed information about all aggregation groups on Device A.
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1
GE1/0/2 S 32768 1
Aggregate Interface: Route-Aggregation2
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/3 S 32768 2
GE1/0/4 S 32768 2
The output shows that:
· Link aggregation groups 1 and 2 are both load-shared Layer 3 static aggregation groups.
· Each aggregation group contains two Selected ports.
# Display all the group-specific load sharing modes on Device A.
[DeviceA] display link-aggregation load-sharing mode interface
Route-Aggregation1 Load-Sharing Mode:
source-ip address
Route-Aggregation2 Load-Sharing Mode:
destination-ip address
The output shows that:
· Link aggregation group 1 distributes packets based on source IP addresses.
· Link aggregation group 2 distributes packets based on destination IP addresses.
