CloudEngine 16800, 12800, 8800, 6800, and 5800 Series Switches M-LAG Best Practices
Configuring Leaf Nodes
Configuration Summary
- Configure the system resource mode.
- Configure basic device information and VPNs.
- Configure the user name and password for device maintenance and management.
- Configure the leaf nodes to connect to the NMS.
- Configure VLANs for forwarding server and storage traffic.
- Configure an active-active group of leaf nodes.
- Configure links on the leaf nodes to connect to the spine nodes.
- Configure an interface for BMC interfaces to connect to a leaf node.
- Configure storage service access and server access on the leaf nodes.
- Configure CRC and disable unused interfaces.
Procedure
- Configure the system resource mode.
Leaf-01-01
Leaf-01-02
Description
assign forward ipv6 longer-mask resource share-mode
assign forward ipv6 longer-mask resource share-mode
For the CE6857EI, CE6857E, CE6857F, CE6865EI, CE6865E, CE8861, and CE8868 running a V2 version, set the resource allocation mode to shared mode for IPv6 addresses/IPv6 routes with the prefix length greater than 64 bits and less than 128 bits. In this mode, IPv4 addresses/IPv4 routes and IPv6 addresses/IPv6 routes share chip resources.
This configuration takes effect after the device is restarted.
- Configure basic device information and VPNs for device management.
- Out-of-band management configuration
Leaf-01-01
Leaf-01-02
Description
system-view immediately
system-view immediately
Enter the system view and set the immediate validation mode.
sysname Leaf-01-01
sysname Leaf-01-02
Name the leaf nodes.
#
#
-
ip vpn-instance Management_out
ip vpn-instance Management_out
Create a dedicated out-of-band management VPN instance named Management_out.
ipv4-family
ipv4-family
route-distinguisher 13:40
route-distinguisher 14:40
ipv6-family
ipv6-family
route-distinguisher 13:40
route-distinguisher 13:40
#
#
-
interface MEth0/0/0
interface MEth0/0/0
Add MEth0/0/0 to the dedicated out-of-band management VPN instance.
ip binding vpn-instance Management_out
ip binding vpn-instance Management_out
ip address 192.168.21.16 24
ip address 192.168.21.17 24
Configure a unique IPv4 address for the management interface on each device.
ipv6 enable
ipv6 address 2001:db8:21::16/64
ipv6 enable
ipv6 address 2001:db8:21::17/64
Configure a unique IPv6 address for the management interface on each device.
#
#
-
ip route-static vpn-instance Management_out 0.0.0.0 0.0.0.0 192.168.21.1
ip route-static vpn-instance Management_out 0.0.0.0 0.0.0.0 192.168.21.1
Configure a static route for remote management.
ipv6 route-static vpn-instance Management_out 0:: 0 2001:DB8:21::1
ipv6 route-static vpn-instance Management_out 0:: 0 2001:DB8:21::1
Configure a static route for remote management.
#
#
-
- In-band management configuration
CE device running a V2 version, V300R023C00, or a later version:
Leaf-01-01
Leaf-01-02
Description
ip vpn-instance Management_in
ip vpn-instance Management_in
Create a VPN instance named Management_in for in-band management on the storage network.
ipv4-family
ipv4-family
-
route-distinguisher 13:41
route-distinguisher 14:41
-
ipv6-family
ipv6-family
-
route-distinguisher 13:41
route-distinguisher 13:41
-
#
#
-
interface Vlanif 4010
interface Vlanif 4010
Create VLANIF 4010 and configure its IP address as the in-band management IP address. Bind VLANIF 4010 to the VPN instance Management_in. You do not need to perform this operation if out-of-band management is used.
(Constraints) In in-band management mode, the standby device cannot be managed due to DAD when the peer-link fails. Therefore, the out-of-band management mode is recommended.
ip binding vpn-instance Management_in
ip binding vpn-instance Management_in
-
ip address 10.130.21.11 255.255.255.0
ip address 10.130.21.12 255.255.255.0
Configure an IPv4 address.
ipv6 enable
ipv6 address fc00:130:21::11/64
ipv6 enable
ipv6 address fc00:130:21::12/64
Configure an IPv6 address.
#
#
-
ip route-static vpn-instance Management_in 0.0.0.0 0 10.130.21.254
ip route-static vpn-instance Management_in 0.0.0.0 0 10.130.21.254
Configure the default route to the gateway address.
ipv6 route-static vpn-instance Management_in 0:: 0 fc00:130:21::254
ipv6 route-static vpn-instance Management_in 0:: 0 fc00:130:21::254
Configure the default route to the gateway address.
CE device running a V3 version:
![]()
In V300R022C10 and earlier versions, only this in-band management solution is available. In V300R023C00 and later versions, the in-band management solution for devices running V2 versions can be used.
The following figure shows the in-band management solution. Loopback interface addresses are configured as in-band management addresses, and routed proxy ARP and static routes are configured for in-band management. After management traffic reaches Leaf2, Leaf2 forwards the traffic to Leaf1 through the DAD link at Layer 3 for communication. The following table describes the example configuration.
![]()
Leaf-01-01
Leaf-01-02
Description
interface Loopback0
interface Loopback0
Configure the loopback interface address as the in-band management address.
ip binding vpn-instance Management_in
ip binding vpn-instance Management_in
-
ip address 10.130.21.3 255.255.255..255
ip address 10.130.21.4 255.255.255..255
-
#
#
-
interface Vlanif4010
interface Vlanif4010
Configure the IP address of the interface connecting a leaf node to a spine node, which is on the same network segment as the gateway.
ip binding vpn-instance Management_in
ip binding vpn-instance Management_in
Bind the interface to the VPN instance Management_in.
ip address 10.130.21.253 255.255.255.0
ip address 10.130.21.253 255.255.255.0
-
arp proxy enable
arp proxy enable
-
mac-address 0000-5e00-0112
mac-address 0000-5e00-0112
Specify the MAC address of the VLANIF interface. The MAC address cannot be all 0s, all 1s, or a multicast MAC address. The MAC address range varies depending on the device model. For details, see the following "NOTE."
#
#
-
interface Eth-Trunk1.1
interface Eth-Trunk1.1
Configure the interconnection interface as the next hop of the specific route to the loopback address.
ip binding vpn-instance Management_in
ip binding vpn-instance Management_in
-
ip address 192.168.1.1 255.255.255.0
ip address 192.168.1.2 255.255.255.0
-
dot1q termination vid 2001
dot1q termination vid 2001
-
#
#
-
ip route-static vpn-instance Management_in 0.0.0.0 0 10.130.21.254
ip route-static vpn-instance Management_in 0.0.0.0 0 10.130.21.254
Configure the default route to the gateway address.
ip route-static vpn-instance Management_in 10.130.21.4 32 192.168.1.2
ip route-static vpn-instance Management_in 10.130.21.3 32 192.168.1.1
Configure a route to the in-band loopback address with the next hop pointing to the peer device to ensure that management traffic can be forwarded to the destination device at Layer 3 after reaching the peer device.
![]()
In this document, M-LAG networking is used, and virtual MAC addresses must be configured. The MAC address range varies depending on the device model.
- For a fixed switch running a V2 version, see mac-address (VLANIF interface view) in the product documentation.
- For a CE12800 series switch running a V2 version, see mac-address (VLANIF interface view) in the product documentation.
- For a CE16800 series switch running a V2 version, see mac-address (VLANIF interface view) in the product documentation.
- For a fixed switch running a V3 version, see mac-address in the product documentation.
- For a CE16800 series switch running a V3 version, see mac-address in the product documentation.
- Out-of-band management configuration
- Configure the user name and password for device maintenance and management.
Leaf-01-01
Leaf-01-02
Description
user-interface console 0
user-interface console 0
Configure a console port login password to improve security. This configuration is mandatory.
authentication-mode password
authentication-mode password
set authentication password cipher Myrhgl@131
set authentication password cipher Myrhgl@131
#
#
-
user-interface maximum-vty 21
user-interface maximum-vty 21
Set the maximum number of VTY user interfaces to 21.
user-interface vty 0 20
user-interface vty 0 20
-
authentication-mode aaa
authentication-mode aaa
Set the authentication mode to AAA.
user privilege level 3
user privilege level 3
Set the user level to 3.
protocol inbound ssh
protocol inbound ssh
Specify the SSH protocol to improve security.
#
#
-
stelnet server enable
stelnet server enable
Enable the STelnet service on an SSH server.
#
#
-
aaa
aaa
Enter the AAA view.
local-user huawei password irreversible-cipher Myrhgl@520
local-user huawei password irreversible-cipher Myrhgl@520
Set the local user name to huawei and password to Myrhgl@520 for an administrator to log in to and maintain the device.
local-user huawei service-type ssh
local-user huawei service-type ssh
Specify the SSH protocol.
CE device running a V2 version:
local-user huawei level 3
CE device running a V3 version:
local-user huawei privilege level 3
CE device running a V2 version:
local-user huawei level 3
CE device running a V3 version:
local-user huawei privilege level 3
Set the user level of the huawei user.
#
#
-
ssh user huawei
ssh user huawei
Create an SSH user.
ssh user huawei authentication-type password
ssh user huawei authentication-type password
-
ssh user huawei service-type stelnet
ssh user huawei service-type stelnet
-
ssh server-source -i Meth0/0/0
ssh server-source -i Meth0/0/0
Specify the source interface of the SSH server (for example, use the MEth interface for out-of-band management) to restrict login and improve security.
If in-band management is used, you need to configure an in-band management interface, for example, VLANIF 4010 of a CE device running a V2 version or Loopback0 of a CE device running a V3 version.
If the device is upgraded from V200R005C20 to V200R019C10, this configuration is not required. If the device running V200R019C10 or a later version is deployed, perform this configuration.
ssh ipv6 server-source -a 2001:db8:21::16 -vpn-instance Management_out
ssh ipv6 server-source -a 2001:db8:21::17 -vpn-instance Management_out
Specify the source IP address of the SSH server to restrict login and improve security. For out-of-band management, enter the IP address of the MEth interface and specify a VPN instance. For in-band management, enter the IPv6 address of the in-band management interface (VLANIF 4010).
acl 2001
rule permit source 192.168.2.0 24
#
ssh server acl 2001
acl 2001
rule permit source 192.168.2.0 24
#
ssh server acl 2001
Configure an ACL for the SSH server to allow only clients with specified IP addresses to log in. The ACL for the SSH server also takes effect for STelnet, SFTP, and NETCONF.
- Configure the leaf nodes to connect to the NMS.
Leaf-01-01
Leaf-01-02
Description
snmp-agent
snmp-agent
Enable the SNMP agent.
snmp-agent sys-info version v3
snmp-agent sys-info version v3
Set the SNMP version to SNMPv3, which must be the same as the SNMP version used by the NMS.
snmp-agent mib-view included myview iso
snmp-agent mib-view included myview iso
Configure the MIB view that can be accessed by the NMS. To ensure that the NMS can manage devices normally (for example, discovering device links based on LLDP), the MIB view must contain the iso node.
snmp-agent group v3 uhmroot privacy write-view myview notify-view myview
snmp-agent group v3 uhmroot privacy write-view myview notify-view myview
-
snmp-agent usm-user v3 uhmroot group dc-admin
snmp-agent usm-user v3 uhmroot group dc-admin
Set the SNMPv3 user name to uhmroot, which must be the same as the security name on the NMS.
snmp-agent usm-user v3 uhmroot authentication-mode sha
snmp-agent usm-user v3 uhmroot authentication-mode sha
Configure the authentication mode and password for the uhmroot user, which must correspond to the authentication protocol and password on the NMS.
Myrhgl12#$
Myrhgl12#$
-
Myrhgl12#$
Myrhgl12#$
-
snmp-agent usm-user v3 uhmroot privacy-mode aes128
snmp-agent usm-user v3 uhmroot privacy-mode aes128
Set the encryption mode and password of the uhmroot user, which must correspond to the proprietary protocol and encryption password on the NMS.
Myrhgl12#$
Myrhgl12#$
-
Myrhgl12#$
Myrhgl12#$
-
acl 2002
rule permit source 192.168.3.0 24
#
snmp-agent usm-user v3 uhmroot acl 2002
acl 2002
rule permit source 192.168.3.0 24
#
snmp-agent usm-user v3 uhmroot acl 2002
Configure an ACL for SNMP users to allow only SNMP users with specified IP addresses to access the network.
#
#
-
snmp-agent trap enable
snmp-agent trap enable
Enable the trap function for all modules. By default, the trap function of some modules is disabled.
snmp-agent trap source MEth0/0/0
snmp-agent trap source MEth0/0/0
For out-of-band management, set the source interface for sending traps to MEth0/0/0.
If in-band management is used, you need to configure an in-band management interface, for example, VLANIF 4010 of a device running a V2 version or Loopback0 of a device running a V3 version.
#
#
-
snmp-agent protocol source-interface MEth0/0/0
snmp-agent protocol source-interface MEth0/0/0
Specify the source interface for SNMP to receive and respond to request packets from the NMS or controller.
If in-band management is used, you need to configure an in-band management interface, for example, VLANIF 4010 of a CE device running a V2 version or Loopback0 of a CE device running a V3 version.
If the device is upgraded from V200R005C20 to V200R019C10, this configuration is not required. If the device running V200R019C10 or a later version is deployed, perform this configuration.
#
#
-
rsa local-key-pair create
rsa local-key-pair create
Generate a local key pair.
#
#
-
user-interface vty 0 4
user-interface vty 0 4
-
authentication-mode aaa
authentication-mode aaa
-
protocol inbound ssh
protocol inbound ssh
Set the protocol type supported by VTY user interfaces to SSH.
#
#
-
stelnet server enable
stelnet server enable
Enable the STelnet service on an SSH server.
#
#
-
aaa
aaa
-
local-user client password irreversible-cipher Myrhgl@131
local-user client password irreversible-cipher Myrhgl@131
Create a user named client and set a password for the user, which must be the same as the STelnet user name and password used by the NMS.
CE device running a V2 version:
local-user client level 3
CE device running a V3 version:
local-user client privilege level 3
CE device running a V2 version:
local-user client level 3
CE device running a V3 version:
local-user client privilege level 3
Set the user level of the client user.
local-user client service-type ssh
local-user client service-type ssh
Set the access type of the client user to SSH, which must be the same as the login protocol on the NMS.
#
#
-
ssh user client
ssh user client
Create an SSH user.
ssh user client authentication-type password
ssh user client authentication-type password
Set the authentication mode of the client user to password authentication, which must be the same as that on the NMS.
ssh user client service-type stelnet
ssh user client service-type stelnet
Set the service type of the SSH user client to STelnet.
set net-manager vpn-instance Management_out (or Management_in)
set net-manager vpn-instance Management_out (or Management_in)
Set the default VPN instance for the NMS to manage devices to Management_out. For in-band management, set it to Management_in.
#
#
-
lldp enable
lldp enable
Enable LLDP.
#
#
-
- Configure VLANs for forwarding server and storage traffic.
Leaf-01-01
Leaf-01-02
Description
vlan batch 4002 4010
vlan batch 4002 4010
Create VLANs in batches. For example, configure VLAN 4002 for forwarding storage data and VLAN 4010 for access of management interfaces on network devices and BMC interfaces on servers.
#
#
-
- Configure an active-active group of leaf nodes.
Leaf-01-01
Leaf-01-02
Description
interface Eth-Trunk1
interface Eth-Trunk1
Deploy an independent Layer 3 interconnection link between the two leaf nodes to function as the M-LAG heartbeat link.
undo portswitch
undo portswitch
-
ip binding vpn-instance Management_in
ip binding vpn-instance Management_in
-
ip address 10.254.120.2 255.255.255.0
ip address 10.254.120.3 255.255.255.0
Configure IPv4 addresses for interconnection.
ipv6 enable
ipv6 address fc00:254:120::2/64
ipv6 enable
ipv6 address fc00:254:120::3/64
Configure IPv6 addresses for interconnection.
#
#
-
interface 10GE1/0/7
interface 10GE1/0/7
-
eth-trunk 1
eth-trunk 1
Configure the Eth-Trunk as the DAD link.
#
#
-
interface 10GE1/0/8
interface 10GE1/0/8
-
eth-trunk 1
eth-trunk 1
Configure the Eth-Trunk as the DAD link.
#
#
-
stp tc-protection
stp tc-protection
Enable TC BPDU attack defense.
stp bpdu-protection
stp bpdu-protection
Enable BPDU attack defense.
stp mode rstp
stp mode rstp
Configure the working mode as RSTP. RSTP should be configured before the V-STP mode is configured.
stp bridge-address 1-1-2
stp bridge-address 1-1-2
Configure the bridge MAC address used by the device to calculate the spanning tree. The bridge MAC addresses of the two leaf nodes in an M-LAG must be the same. It is recommended that the system MAC address of one device be used as the bridge MAC address. The bridge MAC addresses of devices in different M-LAGs are different.
stp v-stp enable
stp v-stp enable
Configure the M-LAG in V-STP mode on the leaf nodes.
#
#
-
dfs-group 1
dfs-group 1
Configure DFS.
priority 150
priority 100
Configure the DFS group priority. The default value is 100.
m-lag up-delay 240 auto-recovery interval 10
m-lag up-delay 240 auto-recovery interval 10
Configure the M-LAG member interfaces to go Up one by one at an interval of 10s after the delay.
Device running a V2 version:
source ip 10.254.120.2 vpn-instance Management_in peer 10.254.120.3
Device running a V3 version:
dual-active detection source ip 10.254.120.2 vpn-instance Management_in peer 10.254.120.3
Device running a V2 version:
source ip 10.254.120.3 vpn-instance Management_in peer 10.254.120.2
Device running a V3 version:
dual-active detection source ip 10.254.120.3 vpn-instance Management_in peer 10.254.120.2
(Either IPv4 or IPv6) Configure the IPv4 address of an independent Layer 3 interconnection interface as the source address of the DFS group and associate the address with VPN instance Management_in.
Device running a V2 version:
source ipv6 fc00:254:120::2 vpn-instance Management_in peer fc00:254:120::3
Device running a V3 version:
dual-active detection source ipv6 fc00:254:120::2 vpn-instance Management_in peer fc00:254:120::3
Device running a V2 version:
source ipv6 fc00:254:120::3 vpn-instance Management_in peer fc00:254:120::2
Device running a V3 version:
dual-active detection source ipv6 fc00:254:120::3 vpn-instance Management_in peer fc00:254:120::2
(Either IPv4 or IPv6) Configure the IPv6 address of an independent Layer 3 interconnection interface as the source address of the DFS group and associate the address with VPN instance Management_in.
Device running a V2 version:
dual-active detection enhanced enable
Device running a V2 version:
dual-active detection enhanced enable
Enable enhanced DAD for double-fault failures in an M-LAG scenario. Before enabling this function, you need to configure the interfaces on the DAD link as reserved interfaces, and set the peer IP address of the DFS group.
On a device running a V3 version, enhanced DAD for double-fault failures is enabled by default and does not need to be configured.
Device running a V2 version: N/A
Device running a V3 version:
authentication-mode hmac-sha256 password Myrhgl@1314
Device running a V2 version: N/A
Device running a V3 version:
authentication-mode hmac-sha256 password Myrhgl@1314
Configure the authentication mode and password for DFS group synchronization packets. This configuration is required only on a device running a V3 version.
#
#
-
interface Eth-Trunk0
interface Eth-Trunk0
Create an Eth-Trunk for the peer-link.
trunkport 40GE 1/0/1
trunkport 40GE 1/0/1
Deploy the peer-link on multiple links. If multiple cards are installed on the switch, the peer-link must be deployed on different cards. When the interfaces on a card are of different types, configure port speed decrease or bundle interfaces at different rates. (To bundle interfaces, run the lacp mixed-rate link enable command to forward packets after the interfaces are added to an Eth-Trunk interface in LACP mode, and run the distribute-weight command to configure the weight of load sharing for a member interface.)
trunkport 40GE 1/0/2
trunkport 40GE 1/0/2
mode lacp-static
mode lacp-static
-
peer-link 1
peer-link 1
-
port vlan exclude 1
port vlan exclude 1
Configure the interface to reject packets from VLAN 1.
#
#
-
interface Eth-Trunk1
interface Eth-Trunk1
-
m-lag unpaired-port reserved
m-lag unpaired-port reserved
Configure the interface not to enter the Error-Down state when the peer-link fails but DAD is normal.
#
- Configure links on the leaf nodes to connect to the spine nodes.
Leaf-01-01
Leaf-01-02
Description
interface Eth-Trunk100
interface Eth-Trunk100
Create an Eth-Trunk and configure physical interfaces.
description Linkto_Spine
description Linkto_Spine
-
trunkport 40GE 1/0/5 to 1/0/6
trunkport 40GE 1/0/5 to 1/0/6
-
port link-type trunk
port link-type trunk
-
undo port trunk allow-pass vlan 1
undo port trunk allow-pass vlan 1
Delete the Eth-Trunk interface from VLAN 1.
port trunk allow-pass vlan 4002 4010
port trunk allow-pass vlan 4002 4010
Configure the interface to allow packets from specific VLANs to pass through.
mode lacp-static
mode lacp-static
Deploy the static LACP mode.
dfs-group 1 m-lag 100
dfs-group 1 m-lag 100
Configure an M-LAG. You are advised to set the M-LAG ID to the Eth-Trunk ID.
lacp timeout fast
lacp timeout fast
-
stp disable
stp disable
Disable the STP function to speed up network convergence. Perform the same configuration on the peer interface.
Enabling the STP function will increase the convergence time by 1s to 2s.
Enable STP on interfaces where no service is deployed.
#
#
-
- Configure an interface to connect to the leaf node in single-homed mode.In this example, an interface is configured for BMC management interfaces on servers to connect to the leaf node in single-homed mode.
Leaf-01-01
Leaf-01-02
Description
interface 10GE 1/0/25
-
Configure an interface for BMC management interfaces on servers to connect to the leaf node.
description Linkto_RAID_A_BMC
-
-
port default vlan 4010
-
Add the interface to the VLAN created in step 4.
stp edged-port enable
-
Configure the interface as an STP edge interface.
storm suppression broadcast packets 1000
-
Configure broadcast suppression on the interface of the access switch and configure the interface to receive 1000 pps broadcast traffic per second.
storm suppression multicast packets 1000
-
Configure multicast suppression on the interface of the access switch and configure the interface to receive 1000 pps multicast traffic per second.
storm suppression unknown-unicast 5
-
Configure unknown unicast suppression on the interface of the access switch. It is recommended that the number of unknown unicast packets on the interface per second be 5% of the interface bandwidth.
#
-
-
- Configure storage service access and server access on the leaf nodes.
- In the IP SAN storage service access scenario, add the service interfaces on controllers A and B to the same VLAN ID.
Leaf-01-01
Leaf-01-02
Description
interface 10GE 1/0/20
interface 10GE 1/0/20
Configure storage data access.
description Linkto_RAID_A_Data
description Linkto_RAID_A_Data
-
port default vlan 4002
port default vlan 4002
-
stp edged-port enable
stp edged-port enable
Configure the interface as an STP edge interface.
storm suppression broadcast packets 1000
storm suppression broadcast packets 1000
Configure broadcast suppression on the interface of the access switch and configure the interface to receive 1000 pps broadcast traffic per second.
storm suppression multicast packets 1000
storm suppression multicast packets 1000
Configure multicast suppression on the interface of the access switch and configure the interface to receive 1000 pps multicast traffic per second.
storm suppression unknown-unicast 5
storm suppression unknown-unicast 5
Configure unknown unicast suppression on the interface of the access switch. It is recommended that the number of unknown unicast packets on the interface per second be 5% of the interface bandwidth.
#
#
-
interface 10GE 1/0/21
interface 10GE 1/0/21
Configure storage data access.
description Linkto_RAID_B_Data
description Linkto_RAID_B_Data
-
port default vlan 4002
port default vlan 4002
-
stp edged-port enable
stp edged-port enable
Configure the interface as an STP edge interface.
storm suppression broadcast packets 1000
storm suppression broadcast packets 1000
Configure broadcast suppression on the interface of the access switch and configure the interface to receive 1000 pps broadcast traffic per second.
storm suppression multicast packets 1000
storm suppression multicast packets 1000
Configure multicast suppression on the interface of the access switch and configure the interface to receive 1000 pps multicast traffic per second.
storm suppression unknown-unicast 5
storm suppression unknown-unicast 5
Configure unknown unicast suppression on the interface of the access switch. It is recommended that the number of unknown unicast packets on the interface per second be 5% of the interface bandwidth.
#
#
-
- Configure server access or cloud storage access in load sharing mode.
Leaf-01-01
Leaf-01-02
Description
interface Eth-Trunk22
interface Eth-Trunk22
Create an Eth-Trunk.
description Linkto_Server
description Linkto_Server
-
trunkport 10GE 1/0/22
trunkport 10GE 1/0/22
-
port link-type trunk
port link-type trunk
-
undo port trunk allow-pass vlan 1
undo port trunk allow-pass vlan 1
Delete the Eth-Trunk interface from VLAN 1.
port trunk allow-pass vlan 4002 4010
port trunk allow-pass vlan 4002 4010
Configure the interface to allow packets from specific VLANs to pass through.
mode lacp-static
mode lacp-static
Configure the static LACP mode as required.
dfs-group 1 m-lag 22
dfs-group 1 m-lag 22
Configure an M-LAG.
stp edged-port enable
stp edged-port enable
Configure the interface as an STP edge interface.
#
#
-
interface 10GE 1/0/22
interface 10GE 1/0/22
Configure server access or storage data access.
description Linkto_Server
description Linkto_Server
-
storm suppression broadcast packets 1000
storm suppression broadcast packets 1000
Configure broadcast suppression on the interface of the access switch and configure the interface to receive 1000 pps broadcast traffic per second.
storm suppression multicast packets 1000
storm suppression multicast packets 1000
Configure multicast suppression on the interface of the access switch and configure the interface to receive 1000 pps multicast traffic per second.
storm suppression unknown-unicast 5
storm suppression unknown-unicast 5
Configure unknown unicast suppression on the interface of the access switch. It is recommended that the number of unknown unicast packets on the interface per second be 5% of the interface bandwidth.
#
#
-
- Perform the following configuration for server access or storage device access in active/standby mode or Layer 3 NIC access using an independent IP address in single-homed mode. (In this example, the IP addresses of the two network interfaces on the server or storage device are in the same subnet, and the active-active gateway configuration is the same as that in other scenarios.)
Leaf-01-01
Leaf-01-02
Description
interface 10GE 1/0/23
interface 10GE 1/0/23
-
description Linkto_Server
description Linkto_Server
-
port link-type trunk
port link-type trunk
-
undo port trunk allow-pass vlan 1
undo port trunk allow-pass vlan 1
Delete the Eth-Trunk interface from VLAN 1.
port trunk allow-pass vlan 4002 4010
port trunk allow-pass vlan 4002 4010
Configure the interface to allow packets from specific VLANs to pass through.
stp edged-port enable
stp edged-port enable
Configure the interface as an STP edge interface.
storm suppression broadcast packets 1000
storm suppression broadcast packets 1000
Configure broadcast suppression on the interface of the access switch and configure the interface to receive 1000 pps broadcast traffic per second.
storm suppression multicast packets 1000
storm suppression multicast packets 1000
Configure multicast suppression on the interface of the access switch and configure the interface to receive 1000 pps multicast traffic per second.
storm suppression unknown-unicast 5
storm suppression unknown-unicast 5
Configure unknown unicast suppression on the interface of the access switch. It is recommended that the number of unknown unicast packets on the interface per second be 5% of the interface bandwidth.
#
#
-
- In the IP SAN storage service access scenario, add the service interfaces on controllers A and B to the same VLAN ID.
- Configure CRC and disable unused interfaces.
Leaf-01-01
Leaf-01-02
Description
port-group group-member 10ge 1/0/1 to 10ge 1/0/18
port-group group-member 10ge 1/0/1 to 10ge 1/0/18
Create a temporary port group and add the unused physical interfaces to the port group.
shutdown
shutdown
Shut down the interfaces.
stp instance 0 cost 10000
stp instance 0 cost 10000
Increase the STP cost.
port link-type trunk
port link-type trunk
-
undo port trunk allow-pass vlan 1
undo port trunk allow-pass vlan 1
Delete the Eth-Trunk interface from VLAN 1.
#
#
-
port-group group-member 40ge 1/0/1 to 40ge 1/0/6
port-group group-member 40ge 1/0/1 to 40ge 1/0/6
Create a temporary port group. CRC needs to be performed for all interfaces.
trap-threshold crc-statistics 100 interval 10
trap-threshold crc-statistics 100 interval 10
Set the alarm threshold of CRC error packets to 100 and the alarm interval to 10s.
port crc-statistics trigger error-down
port crc-statistics trigger error-down
Configure the interface to enter the Error-Down state when the number of received CRC error packets exceeds the threshold. In this way, services can be switched to the backup link in a timely manner, ensuring reliable data transmission.
#
#
-
vlan 1
storm suppression multicast cir 64 kbps
storm suppression broadcast cir 64 kbps
storm suppression unknown-unicast cir 64 kbps
#
vlan 1
storm suppression multicast cir 64 kbps
storm suppression broadcast cir 64 kbps
storm suppression unknown-unicast cir 64 kbps
#
Configure traffic suppression in VLAN 1 to prevent broadcast storms.
