Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring SVF to Deploy a Wired Campus Network Access Layer (S12700 as the Parent)
Networking Requirements
A new wired campus network has many access devices. The widely distributed access devices complicate management and configuration of the access layer. Unified management and configuration of access devices are required to reduce the management cost.
As shown in Figure 4-9, two aggregation switches set up a CSS and function as the parent to connect to multiple ASs.
In this example, the S12700 functions as the parent, the S5720-28P-SI-AC functions as a level-1 AS, and the S5720-28TP-LI-AC functions as a level-2 AS.
Configuration Roadmap
The configuration roadmap is as follows:
Configure the parent as a CSS to ensure high reliability of the SVF system.
Enable the SVF function on the parent.
Configure AS access parameters, including the AS name, authentication mode, and fabric ports that connect the parent to level-1 ASs and level-1 ASs to level-2 ASs.
Connect the parent to level-1 ASs and level-1 ASs to level-2 ASs using cables.
Configure service profiles and bind them to ASs.
Procedure
- Configure two switches in the parent to set up a CSS.
- Log in to the CSS and enable the SVF function.
# Configure the management VLAN in the SVF system and enable the SVF function on the parent.
<HUAWEI> system-view [HUAWEI] vlan batch 11 [HUAWEI] dhcp enable [HUAWEI] interface vlanif 11 [HUAWEI-Vlanif11] ip address 192.168.11.1 24 [HUAWEI-Vlanif11] dhcp select interface [HUAWEI-Vlanif11] dhcp server option 43 ip-address 192.168.11.1 [HUAWEI-Vlanif11] quit [HUAWEI] capwap source interface vlanif 11 [HUAWEI] stp mode rstp [HUAWEI] uni-mng Warning: This operation will enable the uni-mng mode and disconnect all ASs. STP calculation may be triggered and service traffic will be affected. Continue? [Y/N]:y
- Configure AS access parameters.# (Optional) Configure a name for each AS.
- If you do not perform this step, the system will generate AS device information when ASs connect to the SVF system. An AS name is in the format of system default name-system MAC address.
- If you need to perform this step, ensure that the configured model and mac-address parameters are consistent with the actual AS information. The value of mac-address must be the AS management MAC address or system MAC address. To view the AS management MAC address, run the display as access configuration command on the AS. If the management MAC displays --, the value of mac-address is the system MAC address. If the configured parameters are inconsistent with the actual AS information, the AS cannot go online.
[HUAWEI-um] as name as1 model S5720-28P-SI-AC mac-address 0200-0000-0011 [HUAWEI-um-as-as1] quit [HUAWEI-um] as name as2 model S5720-28P-SI-AC mac-address 0200-0000-0022 [HUAWEI-um-as-as2] quit [HUAWEI-um] as name as3 model S5720-28P-SI-AC mac-address 0200-0000-0033 [HUAWEI-um-as-as3] quit [HUAWEI-um] as name as4 model S5720-28TP-LI-AC mac-address 0200-0000-0044 [HUAWEI-um-as-as4] quit [HUAWEI-um] as name as5 model S5720-28TP-LI-AC mac-address 0200-0000-0055 [HUAWEI-um-as-as5] quit
# Configure fabric ports that connect the parent to level-1 ASs. The following uses fabric port 1 that connects the parent to AS 1 as an example.
[HUAWEI-um] interface fabric-port 1 [HUAWEI-um-fabric-port-1] port member-group interface eth-trunk 1 [HUAWEI-um-fabric-port-1] quit [HUAWEI-um] quit [HUAWEI] interface gigabitethernet 1/1/0/1 [HUAWEI-GigabitEthernet1/1/0/1] eth-trunk 1 [HUAWEI-GigabitEthernet1/1/0/1] quit [HUAWEI] interface gigabitethernet 2/1/0/1 [HUAWEI-GigabitEthernet2/1/0/1] eth-trunk 1 [HUAWEI-GigabitEthernet2/1/0/1] quit
The configurations of fabric ports 2 and 3 that connect the parent to AS 2 and AS 3 respectively are similar to the configuration of fabric port 1, and are not mentioned here.
# Configure the fabric ports that connect level-1 ASs to level-2 ASs.
[HUAWEI] uni-mng [HUAWEI-um] as name as1 [HUAWEI-um-as-as1] down-direction fabric-port 4 member-group interface eth-trunk 4 [HUAWEI-um-as-as1] port eth-trunk 4 trunkmember interface gigabitethernet 0/0/23 to 0/0/24 [HUAWEI-um-as-as1] quit [HUAWEI-um] as name as3 [HUAWEI-um-as-as3] down-direction fabric-port 5 member-group interface eth-trunk 5 [HUAWEI-um-as-as3] port eth-trunk 5 trunkmember interface gigabitethernet 0/0/23 to 0/0/24 [HUAWEI-um-as-as3] quit [HUAWEI-um] quit
# Configure ASs to be authenticated using a whitelist when they connect to the SVF system.
To view the AS management MAC address, run the display as access configuration command on the AS. If the management MAC displays --, the MAC address configured in the whitelist is the AS system MAC address. Otherwise, the MAC address configured in the whitelist is the AS management MAC address.
[HUAWEI] as-auth [HUAWEI-as-auth] undo auth-mode [HUAWEI-as-auth] whitelist mac-address 0200-0000-0011 [HUAWEI-as-auth] whitelist mac-address 0200-0000-0022 [HUAWEI-as-auth] whitelist mac-address 0200-0000-0033 [HUAWEI-as-auth] whitelist mac-address 0200-0000-0044 [HUAWEI-as-auth] whitelist mac-address 0200-0000-0055 [HUAWEI-as-auth] quit
- Connect the parent to level-1 ASs and level-1 ASs to level-2 ASs using cables.# Run the reset saved-configuration command to clear the configurations of ASs, restart the ASs, and then connect the parent to level-1 ASs and level-1 ASs to level-2 ASs using cables. Subsequently, an SVF system is set up.
- Before restarting an AS, check whether the port that connects this AS to the parent is a downlink port. You can run the display port connection-type access all command on this AS to view all downlink ports on it. If this port is a downlink port, run the uni-mng up-direction fabric-port command on this AS to configure this port as an uplink port before restarting this AS. Otherwise, this AS cannot go online.
- Before connecting an AS to the parent, ensure that the AS has no configuration file and no input on the console port.
# After connecting cables, run the display as all command to check whether ASs have connected to the SVF system.
[HUAWEI] display as all Total: 5, Normal: 5, Fault: 0, Idle: 0, Version mismatch: 0 -------------------------------------------------------------------------------- No. Type MAC IP State Name -------------------------------------------------------------------------------- 0 S5720-SI 0200-0000-0011 192.168.11.254 normal as1 1 S5720-SI 0200-0000-0022 192.168.11.253 normal as2 2 S5720-SI 0200-0000-0033 192.168.11.252 normal as3 3 S5720-LI 0200-0000-0044 192.168.11.251 normal as4 4 S5720-LI 0200-0000-0055 192.168.11.250 normal as5 --------------------------------------------------------------------------------When the State field in the command output displays normal for an AS, the AS has connected to the SVF system.
- Configure service profiles and bind them to ASs.# Configure an AS administrator profile and bind it to all ASs.
[HUAWEI] uni-mng [HUAWEI-um] as-admin-profile name admin_profile [HUAWEI-um-as-admin-admin_profile] user asuser password hello@123 [HUAWEI-um-as-admin-admin_profile] quit [HUAWEI-um] as-group name admin_group [HUAWEI-um-as-group-admin_group] as name-include as [HUAWEI-um-as-group-admin_group] as-admin-profile admin_profile [HUAWEI-um-as-group-admin_group] quit
# Configure network basic profiles and bind them to AS ports.[HUAWEI-um] network-basic-profile name basic_profile_1 [HUAWEI-um-net-basic-basic_profile_1] user-vlan 10 [HUAWEI-um-net-basic-basic_profile_1] quit [HUAWEI-um] network-basic-profile name basic_profile_2 [HUAWEI-um-net-basic-basic_profile_2] user-vlan 20 [HUAWEI-um-net-basic-basic_profile_2] quit [HUAWEI-um] port-group name port_group_1 [HUAWEI-um-portgroup-port_group_1] as name as1 interface all [HUAWEI-um-portgroup-port_group_1] as name as2 interface all [HUAWEI-um-portgroup-port_group_1] as name as4 interface all [HUAWEI-um-portgroup-port_group_1] network-basic-profile basic_profile_1 [HUAWEI-um-portgroup-port_group_1] quit [HUAWEI-um] port-group name port_group_2 [HUAWEI-um-portgroup-port_group_2] as name as3 interface all [HUAWEI-um-portgroup-port_group_2] as name as5 interface all [HUAWEI-um-portgroup-port_group_2] network-basic-profile basic_profile_2 [HUAWEI-um-portgroup-port_group_2] quit [HUAWEI-um] quit
# Commit the configuration to deliver the configurations in service profiles to ASs.
[HUAWEI-um] commit as all Warning: Committing the configuration will take a long time. Continue?[Y/N]: y# Run the display uni-mng commit-result profile command to check whether the configurations in service profiles have been delivered to ASs.
[HUAWEI-um] display uni-mng commit-result profile Result of profile: -------------------------------------------------------------------------------- AS Name Commit Time Commit/Execute Result -------------------------------------------------------------------------------- as1 2014-08-25 22:29:18 Success/Success as2 2014-08-25 22:29:18 Success/Success as3 2014-08-25 22:29:20 Success/Success as4 2014-08-25 22:29:20 Success/Success as5 2014-08-25 22:29:20 Success/Success --------------------------------------------------------------------------------When the Commit/Execute Result field in the command output displays Success/Success for an AS, the configurations in service profiles have been delivered to the AS.
Configuration Files
SVF system configuration file
# vlan batch 11 # stp mode rstp stp instance 0 priority 28672 # lldp enable # dhcp enable # interface Vlanif11 ip address 192.168.11.1 255.255.255.0 dhcp select interface dhcp server option 43 ip-address 192.168.11.1 # interface Eth-Trunk1 port link-type hybrid port hybrid tagged vlan 1 10 to 11 stp root-protection stp edged-port disable mode lacp loop-detection disable mad relay # interface Eth-Trunk2 port link-type hybrid port hybrid tagged vlan 1 10 to 11 stp root-protection stp edged-port disable mode lacp loop-detection disable mad relay # interface Eth-Trunk3 port link-type hybrid port hybrid tagged vlan 1 11 20 stp root-protection stp edged-port disable mode lacp loop-detection disable mad relay # interface GigabitEthernet1/1/0/1 eth-trunk 1 # interface GigabitEthernet1/1/0/2 eth-trunk 2 # interface GigabitEthernet1/1/0/3 eth-trunk 3 # interface GigabitEthernet2/1/0/1 eth-trunk 1 # interface GigabitEthernet2/1/0/2 eth-trunk 2 # interface GigabitEthernet2/1/0/3 eth-trunk 3 # capwap source interface vlanif11 # wlan wlan ap lldp enable wlan work-group default # as-auth whitelist mac-address 0200-0000-0011 whitelist mac-address 0200-0000-0022 whitelist mac-address 0200-0000-0033 whitelist mac-address 0200-0000-0044 whitelist mac-address 0200-0000-0055 # uni-mng as name as1 model S5720-28P-SI-AC mac-address 0200-0000-0011 down-direction fabric-port 4 member-group interface Eth-Trunk 4 port Eth-Trunk 4 trunkmember interface GigabitEthernet 0/0/23 port Eth-Trunk 4 trunkmember interface GigabitEthernet 0/0/24 as name as2 model S5720-28P-SI-AC mac-address 0200-0000-0022 as name as3 model S5720-28P-SI-AC mac-address 0200-0000-0033 down-direction fabric-port 5 member-group interface Eth-Trunk 5 port Eth-Trunk 5 trunkmember interface GigabitEthernet 0/0/23 port Eth-Trunk 5 trunkmember interface GigabitEthernet 0/0/24 as name as4 model S5720-28TP-LI-AC mac-address 0200-0000-0044 as name as5 model S5720-28TP-LI-AC mac-address 0200-0000-0055 interface fabric-port 1 port member-group interface Eth-Trunk 1 interface fabric-port 2 port member-group interface Eth-Trunk 2 interface fabric-port 3 port member-group interface Eth-Trunk 3 as-admin-profile name admin_profile user asuser password %^%#Ky,WNqWh_DZ[(V96yvSEph)VLMc/+U}>]i2:"9n:%^%# network-basic-profile name basic_profile_1 user-vlan 10 network-basic-profile name basic_profile_2 user-vlan 20 as-group name admin_group as-admin-profile admin_profile as name as1 as name as2 as name as3 as name as4 as name as5 port-group name port_group_1 network-basic-profile basic_profile_1 as name as1 interface GigabitEthernet 0/0/1 to 0/0/22 as name as2 interface GigabitEthernet 0/0/1 to 0/0/24 as name as4 interface Ethernet 0/0/1 to 0/0/24 port-group name port_group_2 network-basic-profile basic_profile_2 as name as3 interface GigabitEthernet 0/0/1 to 0/0/22 as name as5 interface Ethernet 0/0/1 to 0/0/24 # return