No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
S12700 V200R010C00 Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring link aggregation, VLANs, Voice VLAN, VLAN mapping, QinQ, GVRP, MAC table, STP/RSTP/MSTP, SEP, and so on.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring VCMP

Configuring VCMP

Context

VCMP implements centralized VLAN management and manages network devices based on VCMP domains (for details, see VCMP Domain). VCMP defines four roles: server, client, transparent, and silent (for details, see VCMP Roles). Switches added to a VCMP domain as clients are managed by the VCMP server in the same VCMP domain. After a VLAN is created or deleted on the VCMP server, VCMP clients automatically synchronize VLAN information with the server. VCMP reduces the workload on modifying the same VLAN information on multiple switches and ensures VLAN information consistency.

You are advised to configure VCMP on an enterprise network as follows:
  • Configure an aggregation or core switch as the VCMP server. Only one VCMP server exists in a VCMP domain.
  • Configure access switches as VCMP clients.
  • Configure switches that do not need to be managed by the VCMP server and are located between the VCMP server and clients as VCMP transparent switches.
  • Configure edge devices connected to other networks as VCMP silent switches to prevent the connected networks from being affected.

A VCMP client identifies the VCMP server by device ID. The VCMP client obtains the device ID of the VCMP server from the first received VCMP packet, and synchronizes VLAN information with only the VCMP server specified by the device ID. The device ID of the VCMP server learned by a VCMP client remains unchanged unless the role of the VCMP client changes. The VCMP server can receive and transmit VCMP packets and achieve centralized management only when being configured with the device ID.

When an unauthorized switch is added to a VCMP domain, VCMP clients in this VCMP domain may synchronize VLAN information of the unauthorized switch, affecting network stability. To prevent unauthorized switches from joining a VCMP domain, configure an authentication password on the VCMP server and clients in the VCMP domain.

Pre-configuration Tasks

Before configuring VCMP, complete the following tasks:

  • Connect interfaces and setting physical parameters of the interfaces to ensure that the physical status of the interfaces is Up. For details, see Ethernet Interface Configuration in the S12700 V200R010C00 Configuration Guide - Interface Management.

  • Configure the link type of interfaces as trunk and hybrid so that the interfaces can forward VCMP packets.

    • VCMP is often used with LNP to dynamically negotiate the link type, which simplifies use configurations. For detailed LNP configuration, see steps 1 to 6 in Configuring Interface-based VLAN Assignment (LNP Dynamically Negotiates the Link Type).

    • You can run the display lnp summary command to check whether LNP is configured on the switch and check the link type of the interface. If LNP is not configured on the switch or the link type of the interface is not trunk or hybrid, run the port link-type { hybrid | trunk } command to configure the link type of the interface.

Procedure

  1. Run: 

    system-view

    The system view is displayed.

  2. Run: 

    vcmp role { client | server | silent | transparent }

    A VCMP role of the switch is configured.

    By default, switches in a VCMP domain are VCMP clients.

    If a switch is upgraded from a version that does not support VCMP to a VCMP-supporting version, the VCMP role is silent by default.

  3. Perform the following operations based on the VCMP role of the switch.

    • Perform the following operations on the VCMP server:

      1. Run:

        vcmp domain domain-name

        A VCMP domain is configured.

        By default, no VCMP domain is created.

        All switches in a VCMP domain must use the same VCMP domain name.

        Each switch can be added to only one VCMP domain.

      2. Run:

        vcmp device-id device-name

        A device ID is set for the VCMP server.

        By default, no device ID is set for the VCMP server.

      3. (Optional) Run:

        vcmp authentication sha2-256 password password

        A VCMP domain authentication password is configured.

        The VCMP server and clients in a VCMP domain must be configured with the same authentication password. To ensure device security, change the password periodically.

        By default, no authentication password is configured in a VCMP domain, and VCMP packets pass authentication.

    • Perform the following operations on a VCMP client:

      1. (Optional) Run:

        vcmp domain domain-name

        A VCMP domain is configured.

        By default, no VCMP domain is created.

        All switches in a VCMP domain must use the same VCMP domain name. If the domain name is not set on a VCMP client, the VCMP client learns the domain name in the first received VCMP packet.

        Each switch can be added to only one VCMP domain.

      2. (Optional) Run:

        vcmp authentication sha2-256 password password

        A VCMP domain authentication password is configured.

        The VCMP server and clients in a VCMP domain must be configured with the same authentication password. To ensure device security, change the password periodically.

        By default, no authentication password is configured in a VCMP domain, and VCMP packets pass authentication.

    • When the VCMP role is transparent or silent, go to the next step.

  4. Run: 

    interface interface-type interface-number

    The view of a Layer 2 Ethernet interface where VCMP is to be enabled is displayed.

    VCMP can be enabled only on Layer 2 Ethernet interfaces.

  5. Run: 

    undo vcmp disable

    VCMP is enabled on the interface.

    By default, VCMP is enabled on all interfaces of a switch.

    If an edge switch in a VCMP domain needs to be managed, configure the edge switch as a VCMP client. To prevent VCMP packets in the local VCMP domain from being transmitted to other VCMP domains, run the vcmp disable command to disable VCMP on the edge switch interface connected to other VCMP domains.

  6. (Optional) Run: 

    snmp-agent trap enablefeature-namevcmp

    The VCMP trap function is enabled.

    To protect the switch against attacks of bogus VCMP servers, enable the VCMP trap function. When receiving VCMP packets from bogus VCMP servers, the switch sends traps about the multi-server event to the NMS.

Checking the Configuration

After you configure VCMP, check whether the configuration takes effect.

  • Run the display vcmp status command to check the VCMP configuration, including the VCMP domain name, VCMP role, device ID, configuration revision number, and VCMP domain authentication password.

  • Run the display vcmp interface brief command to check the VCMP status on Layer 2 Ethernet interfaces.

Translation
简体中文
Download
Updated: 2022-05-23

Document ID: EDOC1000142081

Views: 1065725

Downloads: 901

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :