No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
CloudEngine 16800, 12800, 8800, 6800, and 5800 Series Switches M-LAG Best Practices
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Leaf Nodes

Configuring Leaf Nodes

Configuration Summary

No.

Configuration Task

No.

Configuration Task

Step 1

Configuring the System R...

Step 6

Configure an active-active group of leaf nodes.

Step 2

Configure basic device information and VPNs.

Step 7

Configure links on the leaf nodes to connect to the spine nodes.

Step 3

Configure the user name and password for device maintenance and management.

Step 8

Configure an interface for BMC interfaces to connect to a leaf node.

Step 4

Configure the leaf nodes to connect to the NMS.

Step 9

Configure storage service access and server access on the leaf nodes.

Step 5

Configure VLANs for forwarding server and storage traffic.

Step 10

Configure CRC and disable unused interfaces.

Procedure

  1. Configuring the System Resource Mode.

    Leaf-01-01

    Leaf-01-02

    Description

    assign forward ipv6 longer-mask resource share-mode

    assign forward ipv6 longer-mask resource share-mode

    For the CE6857EI, CE6857E, CE6857F, CE6865EI, CE6865E, CE8861, and CE8868 running a V2 version, set the resource allocation mode to shared mode for IPv6 addresses or IPv6 routes with prefix lengths greater than 64 and less than 128. In this mode, IPv4 addresses/IPv4 routes and IPv6 addresses/IPv6 routes share chip resources.

    The configuration takes effect only after the device is restarted.

  2. Configure basic device information and VPNs for device management.

    • Out-of-band management configuration

      Leaf-01-01

      Leaf-01-02

      Description

      system-view immediately

      system-view immediately

      Enter the system view and set the immediate validation mode.

      sysname Leaf-01-01

      sysname Leaf-01-02

      Name the leaf nodes.

      #

      #

      -

      ip vpn-instance Management_out

      ip vpn-instance Management_out

      Create a dedicated out-of-band management VPN instance named Management_out.

      ipv4-family

      ipv4-family

      route-distinguisher 13:40

      route-distinguisher 14:40

      ipv6-family

      ipv6-family

      route-distinguisher 13:40

      route-distinguisher 13:40

      #

      #

      -

      interface MEth0/0/0

      interface MEth0/0/0

      Add MEth0/0/0 to the dedicated out-of-band management VPN instance.

      ip binding vpn-instance Management_out

      ip binding vpn-instance Management_out

      ip address 192.168.21.16 24

      ip address 192.168.21.17 24

      Configure unique IP addresses for management interfaces on the devices.

      ipv6 enable

      ipv6 address 2001:db8:21::16/64

      ipv6 enable

      ipv6 address 2001:db8:21::17/64

      Configure unique IPv6 addresses for management interfaces on the devices.

      #

      #

      -

      ip route-static vpn-instance Management_out 10.0.0.0 255.0.0.0 192.168.21.1

      ip route-static vpn-instance Management_out 10.0.0.0 255.0.0.0 192.168.21.1

      Configure a static route for remote management. Do not use a default route.

      ipv6 route-static vpn-instance Management_out 0:: 0 2001:DB8:21::1

      ipv6 route-static vpn-instance Management_out 0:: 0 2001:DB8:21::1

      #

      #

      -
    • In-band management configuration

      CE device running a V2 version:

      Leaf-01-01

      Leaf-01-02

      Description

      ip vpn-instance Management_in

      ip vpn-instance Management_in

      Create a VPN instance named Management_in for in-band management on the storage network.

      ipv4-family

      ipv4-family

      -

      route-distinguisher 13:41

      route-distinguisher 14:41

      -

      ipv6-family

      ipv6-family

      -

      route-distinguisher 13:41

      route-distinguisher 13:41

      -

      #

      #

      -

      interface Vlanif 4010

      interface Vlanif 4010

      Create VLANIF 4010 and configure its IP address as the in-band management IP address. Add VLANIF 4010 to the VPN instance Management-in. You do not need to perform this operation if out-of-band management is used.

      (Constraints) In in-band management mode, the standby device cannot be managed due to DAD when the peer-link fails. Therefore, the out-of-band management mode is recommended.

      ip binding vpn-instance Management-in

      ip binding vpn-instance Management-in

      -

      ip address 10.130.21.11 255.255.255.0

      ip address 10.130.21.12 255.255.255.0

      Configuring an IPv4 Address.

      ipv6 enable

      ipv6 address fc00:130:21::11/64

      ipv6 enable

      ipv6 address fc00:130:21::12/64

      Configuring an IPv6 Address.

      #

      #

      -

      ip route-static vpn-instance Management-in 0.0.0.0 0 10.130.21.254

      ip route-static vpn-instance Management-in 0.0.0.0 0 10.130.21.254

      Configure the default route to the gateway address.

      ipv6 route-static vpn-instance Management_out 0:: 0 fc00:130:21::254

      ipv6 route-static vpn-instance Management_out 0:: 0 fc00:130:21::254

      CE device running a V3 version:

      The following figure shows the in-band management solution. Loopback interface addresses are configured as in-band management addresses, and routed proxy ARP and static routes are configured. After management traffic reaches Leaf2, Leaf2 forwards the traffic to Leaf1 through the DAD link at Layer 3. The following table describes the example configuration.

      Leaf-01-01

      Leaf-01-02

      Description

      interface Loopback0

      interface Loopback0

      Configure the loopback interface address as the in-band management address.

      ip binding vpn-instance Management-in

      ip binding vpn-instance Management-in

      -

      ip address 10.130.21.3 255.255.255.0

      ip address 10.130.21.4 255.255.255.0

      -

      #

      #

      -

      interface Vlanif4010

      interface Vlanif4010

      Configure the IP address of the interface connecting the leaf node to the spine node, which is on the same network segment as the gateway.

      ip binding vpn-instance Management-in

      ip binding vpn-instance Management-in

      Add the interface to the VPN instance Management-in.

      ip address 10.130.21.253 255.255.255.0

      ip address 10.130.21.253 255.255.255.0

      -

      arp proxy enable

      arp proxy enable

      -

      mac-address 0000-5e00-0112

      mac-address 0000-5e00-0112

      Specify the MAC address of the VLANIF interface. The MAC address cannot be all 0s, all 1s, or a multicast MAC address. The MAC address range varies depending on the device model, which will be described later in this section.

      #

      #

      -

      interface Eth-Trunk1.1

      interface Eth-Trunk1.1

      Configure the interconnection interface as the next hop of the specific route to the loopback address.

      ip binding vpn-instance Management-in

      ip binding vpn-instance Management-in

      -

      ip address 192.168.1.1 255.255.255.0

      ip address 192.168.1.2 255.255.255.0

      -

      #

      #

      -

      ip route-static vpn-instance Management-in 0.0.0.0 0 10.130.21.254

      ip route-static vpn-instance Management-in 0.0.0.0 0 10.130.21.254

      Configure the default route to the gateway address.

      ip route-static vpn-instance Management-in 10.130.21.4 24 192.168.1.2

      ip route-static vpn-instance Management-in 10.130.21.3 24 192.168.1.1

      Configure the route to the in-band loopback address with the next hop pointing to the peer device to ensure that management traffic can be forwarded to the destination device at Layer 3 after reaching the peer device.

  3. Configure the user name and password for device maintenance and management.

    Leaf-01-01

    Leaf-01-02

    Description

    user-interface console 0

    user-interface console 0

    Configure a console port login password to improve security. This configuration is mandatory.

    authentication-mode password

    authentication-mode password

    set authentication password cipher Myrhgl@131

    set authentication password cipher Myrhgl@131

    #

    #

    -

    user-interface maximum-vty 21

    user-interface maximum-vty 21

    Set the maximum number of VTY user interfaces to 21.

    user-interface vty 0 20

    user-interface vty 0 20

    -

    authentication-mode aaa

    authentication-mode aaa

    Set the authentication mode to AAA.

    user privilege level 3

    user privilege level 3

    Set the user level to 3.

    protocol inbound ssh

    protocol inbound ssh

    Specify the SSH protocol to improve security.

    #

    #

    -

    stelnet server enable

    stelnet server enable

    Enable the STelnet service on an SSH server.

    #

    #

    -

    aaa

    aaa

    Enter the AAA view.

    local-user huawei password irreversible-cipher Myrhgl@520

    local-user huawei password irreversible-cipher Myrhgl@520

    Set the local user name to huawei and password to Myrhgl@520 for an administrator to log in to and maintain the device.

    local-user huawei service-type ssh

    local-user huawei service-type ssh

    Specify the SSH protocol.

    CE device running a V2 version:

    local-user huawei level 3

    CE device running a V3 version:

    local-user huawei privilege level 3

    CE device running a V2 version:

    local-user huawei level 3

    CE device running a V3 version:

    local-user huawei privilege level 3

    Set the user level of the huawei user.

    #

    #

    -

    ssh user huawei

    ssh user huawei

    Create an SSH user.

    ssh user huawei authentication-type password

    ssh user huawei authentication-type password

    -

    ssh user huawei service-type stelnet

    ssh user huawei service-type stelnet

    -

    ssh server-source -i Meth0/0/0

    ssh server-source -i Meth0/0/0

    Specify the source interface of the SSH server (for example, use the MEth interface for out-of-band management) to restrict logins and improve security.

    If in-band management is used, you need to configure an in-band management interface, for example, VLANIF 4010 of a CE device running a V2 version or Loopback0 of a CE device running a V3 version.

    If the device is upgraded from V200R005C20 to V200R019C10, this configuration is not required. If the device running V200R019C10 or a later version is deployed, perform this configuration.

    ssh ipv6 server-source -a 2001:db8:21::16 -vpn-instance Management_out

    ssh ipv6 server-source -a 2001:db8:21::17 -vpn-instance Management_out

    Specifies the source IP address of the SSH server to restrict logins and improve security. For out-of-band management, enter the Meth interface address and VPN. For in-band management, add the IPv6 address of the in-band management interface (vlanif4010).

  4. Configure the leaf nodes to connect to the NMS.

    Leaf-01-01

    Leaf-01-02

    Description

    snmp-agent

    snmp-agent

    Enable the SNMP agent.

    snmp-agent sys-info version v3

    snmp-agent sys-info version v3

    Set the SNMP version to SNMPv3, which must be the same as the SNMP version used by the NMS.

    snmp-agent mib-view included myview iso

    snmp-agent mib-view included myview iso

    Configure the MIB view that can be accessed by the NMS. To ensure that the NMS can manage devices normally (for example, discovering device links based on LLDP), the MIB view must contain the iso node.

    snmp-agent group v3 uhmroot privacy write-view myview notify-view myview

    snmp-agent group v3 uhmroot privacy write-view myview notify-view myview

    -

    snmp-agent usm-user v3 uhmroot group dc-admin

    snmp-agent usm-user v3 uhmroot group dc-admin

    Set the SNMPv3 user name to uhmroot, which must be the same as the security name on the NMS.

    snmp-agent usm-user v3 uhmroot authentication-mode sha

    snmp-agent usm-user v3 uhmroot authentication-mode sha

    Configure the authentication mode and password for the uhmroot user, which must correspond to the authentication protocol and password on the NMS.

    Myrhgl12#$

    Myrhgl12#$

    -

    Myrhgl12#$

    Myrhgl12#$

    -

    snmp-agent usm-user v3 uhmroot privacy-mode aes128

    snmp-agent usm-user v3 uhmroot privacy-mode aes128

    Set the encryption mode and password of the uhmroot user, which must correspond to the proprietary protocol and encryption password on the NMS.

    Myrhgl12#$

    Myrhgl12#$

    -

    Myrhgl12#$

    Myrhgl12#$

    -

    #

    #

    -

    snmp-agent trap enable

    snmp-agent trap enable

    Enable the trap function for all modules. By default, the trap function of some modules is disabled.

    snmp-agent trap source MEth0/0/0

    snmp-agent trap source MEth0/0/0

    For out-of-band management, set the source interface for sending traps to MEth0/0/0.

    If in-band management is used, you need to configure an in-band management interface, for example, VLANIF 4010 of a device running a V2 version or Loopback0 of a device running a V3 version.

    #

    #

    -

    snmp-agent protocol source-interface MEth0/0/0

    snmp-agent protocol source-interface MEth0/0/0

    Specify the source interface used by SNMP to receive and respond to request packets from the NMS or controller.

    If in-band management is used, you need to configure an in-band management interface, for example, VLANIF 4010 of a CE device running a V2 version or Loopback0 of a CE device running a V3 version.

    If the device is upgraded from V200R005C20 to V200R019C10, this configuration is not required. If the device running V200R019C10 or a later version is deployed, perform this configuration.

    #

    #

    -

    rsa local-key-pair create

    rsa local-key-pair create

    Generate a local key pair.

    #

    #

    -

    user-interface vty 0 4

    user-interface vty 0 4

    -

    authentication-mode aaa

    authentication-mode aaa

    -

    protocol inbound ssh

    protocol inbound ssh

    Set the protocol type supported by VTY user interfaces to SSH.

    #

    #

    -

    stelnet server enable

    stelnet server enable

    Enable the STelnet service on an SSH server.

    #

    #

    -

    aaa

    aaa

    -

    local-user client password irreversible-cipher Myrhgl@131

    local-user client password irreversible-cipher Myrhgl@131

    Create a user named client and set a password for the user, which must be the same as the STelnet user name and password used by the NMS.

    CE device running a V2 version:

    local-user client level 3

    CE device running a V3 version:

    local-user client privilege level 3

    CE device running a V2 version:

    local-user client level 3

    CE device running a V3 version:

    local-user client privilege level 3

    Set the user level of the client user.

    local-user client service-type ssh

    local-user client service-type ssh

    Set the access type of the client user to SSH, which must be the same as the login protocol on the NMS.

    #

    #

    -

    ssh user client

    ssh user client

    Create an SSH user.

    ssh user client authentication-type password

    ssh user client authentication-type password

    Set the authentication mode of the client user to password authentication, which must be the same as that on the NMS.

    ssh user client service-type stelnet

    ssh user client service-type stelnet

    Set the service type of the SSH user client to STelnet.

    set net-manager vpn-instance Management-out (or Management-in)

    set net-manager vpn-instance Management-out (or Management-in)

    Set the default VPN instance for the NMS to manage devices to Management-out. For in-band management, set it to Management-in.

    #

    #

    -

    lldp enable

    lldp enable

    Enable LLDP.

    #

    #

    -

  5. Configure VLANs for forwarding server and storage traffic.

    Leaf-01-01

    Leaf-01-02

    Description

    vlan batch 4002 4010

    vlan batch 4002 4010

    Create VLANs in batches. For example, configure VLAN 4002 for forwarding storage data and VLAN 4010 for access of management interfaces on network devices and BMC interfaces on servers.

    #

    #

    -

  6. Configure an active-active group of leaf nodes.

    Leaf-01-01

    Leaf-01-02

    Description

    interface Eth-Trunk1

    interface Eth-Trunk1

    Deploy an independent Layer 3 interconnection link between the two leaf nodes to function as the M-LAG heartbeat link.

    undo portswitch

    undo portswitch

    -

    ip binding vpn-instance Management-in

    ip binding vpn-instance Management-in

    -

    ip address 10.254.120.2 255.255.255.0

    ip address 10.254.120.3 255.255.255.0

    Configure IPv4 addresses for interconnection.

    ipv6 enable

    ipv6 address fc00:254:120::2/64

    ipv6 enable

    ipv6 address fc00:254:120::3/64

    Configure IPv6 addresses for interconnection.

    m-lag unpaired-port reserved

    m-lag unpaired-port reserved

    Configure the interface not to enter the Error-Down state when the peer-link fails but DAD is normal.

    #

    #

    -

    interface 10GE1/0/7

    interface 10GE1/0/7

    -

    eth-trunk 1

    eth-trunk 1

    Configure the Eth-Trunk as the DAD link.

    #

    #

    -

    interface 10GE1/0/8

    interface 10GE1/0/8

    -

    eth-trunk 1

    eth-trunk 1

    Configure the Eth-Trunk as the DAD link.

    #

    #

    -

    stp tc-protection

    stp tc-protection

    Enable TC BPDU attack defense.

    stp bpdu-protection

    stp bpdu-protection

    Enable BPDU attack defense.

    stp mode rstp

    stp mode rstp

    Configure the working mode as RSTP. RSTP should be configured before the V-STP mode is configured.

    stp bridge-address 1-1-2

    stp bridge-address 1-1-2

    Configure the bridge MAC address used by the device to calculate the spanning tree. The bridge MAC addresses of the two leaf nodes in an M-LAG must be the same. It is recommended that the system MAC address of one device be used as the bridge MAC address. The bridge MAC addresses of devices in different M-LAGs are different.

    stp v-stp enable

    stp v-stp enable

    Configure the M-LAG in V-STP mode on the leaf nodes.

    #

    #

    -

    dfs-group 1

    dfs-group 1

    Configure DFS.

    priority 150

    priority 100

    Set the priority of the DFS group. The default value is 100.

    m-lag up-delay 240 auto-recovery interval 10

    m-lag up-delay 240 auto-recovery interval 10

    Configure the M-LAG member interfaces to go Up one by one at an interval of 10s after the delay.

    Device running a V2 version:

    source ip 10.254.120.2 vpn-instance Management-in peer 10.254.120.3

    Device running a V3 version:

    dual-active detection source ip 10.254.120.2 vpn-instance Management-in peer 10.254.120.3

    Device running a V2 version:

    source ip 10.254.120.3 vpn-instance Management-in peer 10.254.120.2

    Device running a V3 version:

    dual-active detection source ip 10.254.120.3 vpn-instance Management-in peer 10.254.120.2

    (Either IPv4 or IPv6) Configure the address of an independent Layer 3 interconnection interface as the source address of the DFS group and add the interface to the VPN instance Management-in.

    Device running a V2 version:

    source ipv6 fc00:254:120::2 vpn-instance Management-in peer fc00:254:120::3

    Device running a V3 version:

    dual-active detection source ipv6 fc00:254:120::2 vpn-instance Management-in peer fc00:254:120::3

    Device running a V2 version:

    source ipv6 fc00:254:120::3 vpn-instance Management-in peer fc00:254:120::2

    Device running a V3 version:

    dual-active detection source ipv6 fc00:254:120::3 vpn-instance Management-in peer fc00:254:120::2

    Device running a V2 version:

    dual-active detection enhanced enable

    Device running a V2 version:

    dual-active detection enhanced enable

    Enable enhanced DAD for double-fault failures in an M-LAG scenario. Before enabling this function, you need to configure the interfaces on the DAD link as reserved interfaces, and set the peer IP address of the DFS group.

    On a device running a V3 version, enhanced DAD for double-fault failures is enabled by default and does not need to be configured.

    Device running a V2 version: N/A

    Device running a V3 version:

    authentication-mode hmac-sha256 password Myrhgl@1314

    Device running a V2 version: N/A

    Device running a V3 version:

    authentication-mode hmac-sha256 password Myrhgl@1314

    Configure the authentication mode and password for DFS group synchronization packets. This configuration is required only on a device running a V3 version.

    #

    #

    -

    interface Eth-Trunk0

    interface Eth-Trunk0

    Create an Eth-Trunk for the peer-link.

    trunkport 40GE 1/0/1

    trunkport 40GE 1/0/1

    Deploy the peer-link on multiple links. If multiple cards are installed on the switch, the peer-link must be deployed on different cards. When the interfaces on a card are of different types, configure port speed decrease or bundle interfaces at different rates. (To bundle interfaces, run the lacp mixed-rate link enable command to forward packets after the interfaces are added to an Eth-Trunk interface in LACP mode, and run the distribute-weight command to configure the weight of load sharing for a member interface.)

    trunkport 40GE 1/0/2

    trunkport 40GE 1/0/2

    mode lacp-static

    mode lacp-static

    -

    peer-link 1

    peer-link 1

    -

    port vlan exclude 1

    port vlan exclude 1

    Configure the interface to reject packets from VLAN 1.

    #

    #

    -

  7. Configure links on the leaf nodes to connect to the spine nodes.

    Leaf-01-01

    Leaf-01-02

    Description

    interface Eth-Trunk100

    interface Eth-Trunk100

    Create an Eth-Trunk and configure physical interfaces.

    description Linkto_Spine

    description Linkto_Spine

    -

    trunkport 40GE 1/0/5 to 1/0/6

    trunkport 40GE 1/0/5 to 1/0/6

    -

    port link-type trunk

    port link-type trunk

    -

    undo port trunk allow-pass vlan 1

    undo port trunk allow-pass vlan 1

    Delete VLAN 1 from the Eth-Trunk.

    port trunk allow-pass vlan 4002 4010

    port trunk allow-pass vlan 4002 4010

    Configure the interface to allow packets from specific VLANs to pass through.

    mode lacp-static

    mode lacp-static

    Deploy the static LACP mode.

    dfs-group 1 m-lag 100

    dfs-group 1 m-lag 100

    Configure an M-LAG. You are advised to set the M-LAG ID to the Eth-Trunk ID.

    lacp timeout fast

    lacp timeout fast

    -

    stp disable

    stp disable

    Disable the STP function to speed up network convergence. Perform the same configuration on the peer interface.

    Enabling the STP function will increase the convergence time by 1s to 2s.

    Enable STP on interfaces where no service is deployed.

    #

    #

    -

  8. Configure an interface to connect to the leaf node in single-homed mode.

    In this example, an interface is configured for BMC management interfaces on servers to connect to the leaf node in single-homed mode.

    Leaf-01-01

    Leaf-01-02

    Description

    interface 10GE 1/0/25

    -

    Configure an interface for BMC management interfaces on servers to connect to the leaf node.

    description Linkto_RAID_A_BMC

    -

    -

    port default vlan 4010

    -

    Add the interface to the VLAN created in step 4.

    stp edged-port enable

    -

    Configure the interface as an STP edge interface.

    storm suppression broadcast packets 1000

    -

    Configure broadcast suppression on the interface of the access switch and configure the interface to receive 1000 pps broadcast traffic per second.

    storm suppression multicast packets 1000

    -

    Configure multicast suppression on the interface of the access switch and configure the interface to receive 1000 pps multicast traffic per second.

    storm suppression unknown-unicast 5

    -

    Configure unknown unicast suppression on the interface of the access switch. It is recommended that the number of unknown unicast packets on the interface per second be 5% of the interface bandwidth.

    #

    -

    -

  9. Configure storage service access and server access on the leaf nodes.

    • In the IP SAN storage service access scenario, add the service interfaces on controllers A and B to the same VLAN ID.

      Leaf-01-01

      Leaf-01-02

      Description

      interface 10GE 1/0/20

      interface 10GE 1/0/20

      Configure storage data access.

      description Linkto_RAID_A_Data

      description Linkto_RAID_A_Data

      -

      port default vlan 4002

      port default vlan 4002

      -

      stp edged-port enable

      stp edged-port enable

      Configure the interface as an STP edge interface.

      storm suppression broadcast packets 1000

      storm suppression broadcast packets 1000

      Configure broadcast suppression on the interface of the access switch and configure the interface to receive 1000 pps broadcast traffic per second.

      storm suppression multicast packets 1000

      storm suppression multicast packets 1000

      Configure multicast suppression on the interface of the access switch and configure the interface to receive 1000 pps multicast traffic per second.

      storm suppression unknown-unicast 5

      storm suppression unknown-unicast 5

      Configure unknown unicast suppression on the interface of the access switch. It is recommended that the number of unknown unicast packets on the interface per second be 5% of the interface bandwidth.

      #

      #

      -

      interface 10GE 1/0/21

      interface 10GE 1/0/21

      Configure storage data access.

      description Linkto_RAID_B_Data

      description Linkto_RAID_B_Data

      -

      port default vlan 4002

      port default vlan 4002

      -

      stp edged-port enable

      stp edged-port enable

      Configure the interface as an STP edge interface.

      storm suppression broadcast packets 1000

      storm suppression broadcast packets 1000

      Configure broadcast suppression on the interface of the access switch and configure the interface to receive 1000 pps broadcast traffic per second.

      storm suppression multicast packets 1000

      storm suppression multicast packets 1000

      Configure multicast suppression on the interface of the access switch and configure the interface to receive 1000 pps multicast traffic per second.

      storm suppression unknown-unicast 5

      storm suppression unknown-unicast 5

      Configure unknown unicast suppression on the interface of the access switch. It is recommended that the number of unknown unicast packets on the interface per second be 5% of the interface bandwidth.

      #

      #

      -
    • Configure server access or cloud storage access in load sharing mode.

      Leaf-01-01

      Leaf-01-02

      Description

      interface Eth-Trunk22

      interface Eth-Trunk22

      Create an Eth-Trunk.

      description Linkto_Server

      description Linkto_Server

      -

      trunkport 10GE 1/0/22

      trunkport 10GE 1/0/22

      -

      port link-type trunk

      port link-type trunk

      -

      undo port trunk allow-pass vlan 1

      undo port trunk allow-pass vlan 1

      Delete VLAN 1 from the Eth-Trunk.

      port trunk allow-pass vlan 4002 4010

      port trunk allow-pass vlan 4002 4010

      Configure the interface to allow packets from specific VLANs to pass through.

      mode lacp-static

      mode lacp-static

      Configure the static LACP mode as required.

      dfs-group 1 m-lag 22

      dfs-group 1 m-lag 22

      Configure an M-LAG.

      stp edged-port enable

      stp edged-port enable

      Configure the interface as an STP edge interface.

      #

      #

      -

      interface 10GE 1/0/22

      interface 10GE 1/0/22

      Configure server access or storage data access.

      description Linkto_Server

      description Linkto_Server

      -

      storm suppression broadcast packets 1000

      storm suppression broadcast packets 1000

      Configure broadcast suppression on the interface of the access switch and configure the interface to receive 1000 pps broadcast traffic per second.

      storm suppression multicast packets 1000

      storm suppression multicast packets 1000

      Configure multicast suppression on the interface of the access switch and configure the interface to receive 1000 pps multicast traffic per second.

      storm suppression unknown-unicast 5

      storm suppression unknown-unicast 5

      Configure unknown unicast suppression on the interface of the access switch. It is recommended that the number of unknown unicast packets on the interface per second be 5% of the interface bandwidth.

      #

      #

      -
    • Perform the following configuration for server access or storage device access in active/standby mode or Layer 3 NIC access using an independent IP address in single-homed mode. (In this example, the IP addresses of the two network interfaces on the server or storage device are in the same subnet, and the active-active gateway configuration is the same as that in other scenarios.)

      Leaf-01-01

      Leaf-01-02

      Description

      interface 10GE 1/0/23

      interface 10GE 1/0/23

      -

      description Linkto_Server

      description Linkto_Server

      -

      port link-type trunk

      port link-type trunk

      -

      undo port trunk allow-pass vlan 1

      undo port trunk allow-pass vlan 1

      Delete VLAN 1 from the Eth-Trunk.

      port trunk allow-pass vlan 4002 4010

      port trunk allow-pass vlan 4002 4010

      Configure the interface to allow packets from specific VLANs to pass through.

      stp edged-port enable

      stp edged-port enable

      Configure the interface as an STP edge interface.

      storm suppression broadcast packets 1000

      storm suppression broadcast packets 1000

      Configure broadcast suppression on the interface of the access switch and configure the interface to receive 1000 pps broadcast traffic per second.

      storm suppression multicast packets 1000

      storm suppression multicast packets 1000

      Configure multicast suppression on the interface of the access switch and configure the interface to receive 1000 pps multicast traffic per second.

      storm suppression unknown-unicast 5

      storm suppression unknown-unicast 5

      Configure unknown unicast suppression on the interface of the access switch. It is recommended that the number of unknown unicast packets on the interface per second be 5% of the interface bandwidth.

      #

      #

      -

  10. Configure CRC and disable unused interfaces.

    Leaf-01-01

    Leaf-01-02

    Description

    port-group group-member 10ge 1/0/1 to 10ge 1/0/18

    port-group group-member 10ge 1/0/1 to 10ge 1/0/18

    Create a temporary port group and add the unused physical interfaces to the port group.

    shutdown

    shutdown

    Shut down the interfaces.

    stp instance 0 cost 10000

    stp instance 0 cost 10000

    Increase the STP cost.

    port link-type trunk

    port link-type trunk

    -

    undo port trunk allow-pass vlan 1

    undo port trunk allow-pass vlan 1

    Delete VLAN 1 from the Eth-Trunk.

    #

    #

    -

    port-group group-member 40ge 1/0/1 to 40ge 1/0/6

    port-group group-member 40ge 1/0/1 to 40ge 1/0/6

    Create a temporary port group. CRC needs to be performed for all interfaces.

    trap-threshold crc-statistics 100 interval 10

    trap-threshold crc-statistics 100 interval 10

    Set the alarm threshold of CRC error packets to 100 and the alarm interval to 10s.

    port crc-statistics trigger error-down

    port crc-statistics trigger error-down

    Configure the interface to enter the Error-Down state when the number of received CRC error packets exceeds the threshold. In this way, services can be switched to the backup link in a timely manner, ensuring reliable data transmission.

    #

    #

    -

Translation
简体中文
Download
Updated: 2023-01-17

Document ID: EDOC1000137639

Views: 109716

Downloads: 2402

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :