Benutzer-Werkzeuge

Webseiten-Werkzeuge


mc-lag_zu_virtual-chassis_migration

Migration von MC-LAG zu Virtual-Chassis

In diesem Beitrag beschreiben wir die Migration von Alcatel-Lucent OmniSwitch MC-LAG zum Virtual-Chassis. Nach unseren Erfahrungen werden für diesen Vorgang (Neustart der Geräte) weniger als 5 Minuten benötigt. Eine ausführliche Lektüre dieser Seite, ist aber die Grundvoraussetzung!

Bitte prüfen Sie die Konfiguration sorgfältig bevor Sie die Systeme neustarten!

Voraussetzungen

Wir nutzen VIM um viele, sonst fehleranfällige, Änderungen der Konfiguration zu automatisieren.

VIM ist ein großartiges Programm und sollte auf keinem Rechner fehlen.

Damit VIM beim „Suchen & Ersetzen“ die Zeilen farbig markiert, ist folgende Einstellung sinnvoll:

:set hlsearch
  • Auf dem OmniSwitch wird die „Advanced“-Lizenz benötigt um das „Virtual Chassis“ einsetzen zu können.
  • Bitte beachten Sie die u-boot / AOS-Abhängigkeiten! Details dazu stehen in den „Upgrade Instructions“.

Vergleich von MC-LAG mit Virtual-Chassis

MC-LAG Virtual-Chassis
Verfügbar seit AOS 7.1.1.R01 Verfügbar seit AOS 7.3.1.R01
L2-Learning in Hardware
(MAC-Tabelle wird zwischen den Chassis synchronisiert)
L2-Learning in Hardware
(MAC-Tabelle wird zwischen den Chassis synchronisiert)
Unabhängige Konfiguration mit separater Management-IP für jeden Switch Konfiguration und Management des gesamten Virtual-Chassis erfolgt über eine IP-Adresse
Unabhängige Bridge-IDs Eine Bridge-ID
Unabhängige Router Ein Router
Nur eingeschränkte IPv4-L3-Unterstützung über MC-LAGs (z.B. Dynamisches Routing) Vollständige Unterstützung
Keine IPv6-L3-Unterstützung über MC-LAGs (z.B. Gateway, Dynamisches Routing) Vollständige Unterstützung
Virtual Fabric Link (VFL), fehlertolerantes und hochperformantes Link-Aggregat Identisch
Limitiert auf zwei Chassis Aktuell zwei Chassis, zukünftig sechs
ISSU nur für das gleiche Chassis ISSU über Chassis hinweg

Gründe um von MC-LAG zum Virtual-Chassis zu migrieren

  • einfacheres Management
  • IPv6-fähig
  • IPv4/IPv6-Routing

Planung der Arbeitsschritte

  • vcsetup.cfg's müssen vorbereitet werden
  • MC-LAG und System/Session:
    • „multi-chassis“-Zeilen müssen komplett aus der Konfiguration entfernt werden
    • „session prompt“ vom zweiten Core entfernen
    • „system name“, „system location“, „system contact“ & „ip interface“ vom zweiten Core entfernen
  • Link-Aggregation:
    • „linkagg range“ Zeile muss aus der Konfiguration entfernt werden
    • linkagg {lacp|static} agg <agg> size <size> admin-state {enable|disable} „multi-chassis active“ muss aus der Konfiguration entfernt werden
    • linkagg lacp agg <agg> „system-id xx:xx:xx:xx:xx:xx“ muss aus der Konfiguration entfernt werden
    • linkagg {lacp|static} port „system-id xx:xx:xx:xx:xx:xx“ muss aus der Konfiguration entfernt werden
    • linkagg {lacp|static} port „slot/port“ zu „chassis/slot/port“ konvertieren
  • VLAN:
    • multi-chassis vip-vlan konvertieren in normales vlan
    • VLAN-Zuordnung von Ports tagged/untagged „slot/port“ zu „chassis/slot/port“ konvertieren
  • IP-Interface:
    • Entweder bisherige virtuelle Adresse (vip-address) als VRRP anlegen ODER
    • IP-Interface mit „vip-address“ betreiben (bisherige physikalische IP überschreiben)
    • (IP Interfaces aus Chassis 2 komplett löschen)
  • LLDP:
    • „slot/port“ zu „chassis/slot/port“ konvertieren
  • Weitere Konfigurationen
    • Sind in der Konfiguration noch Kommandos enthalten die hier nicht behandelt werden?

Durchführung der vorbereitenden Arbeitsschritte

Wenn nicht anders angegeben, müssen die VIM-Kommandos jeweils einmal für „Chassis 1“ und „Chassis 2“-Konfiguration durchgeführt werden.

An dieser Stelle wird die Multi-Chassis Konfiguration entfernt, vorher sollten natürlich die Parameter in eine jeweils neue vcsetup.cfg übernommen werden. Wie diese Dateien aussehen müssen, steht u.a. hier: NextiraOne - Data Center Validated Reference Design

Um die Konvertierung möglichst einfach zu gestalten, helfen die folgenden VIM-Kommandos beim Erstellen der zwei vcsetup.cfg's:

Ein hinter das „g“ (global) angestelltes „c“ (confirmation) fordert für jede Fundstelle vor Ersetzung eine Bestätigung ein. Wer also nicht jede Zeile bestätigen möchte, entfernt das „c“.

Chassis 1:
:%s/^multi-chassis\ chassis-id\ \(\d\+\)$/virtual-chassis chassis-id \1 configured-chassis-id \1/gc
:%s/^multi-chassis\ vf-link\ create$/virtual-chassis chassis-id 1 vf-link 0 create/gc
:%s/^multi-chassis\ vf-link\ member-port\ \(\d\+\/\S*\)$/virtual-chassis chassis-id 1 vf-link 0 member-port 1\/\1/gc
:%s/^multi-chassis\ chassis-group\ \(\d\+\)$/virtual-chassis chassis-id 1 chassis-group \1/gc

Chassis 2:
:%s/^multi-chassis\ chassis-id\ \(\d\+\)$/virtual-chassis chassis-id \1 configured-chassis-id \1/gc
:%s/^multi-chassis\ vf-link\ create$/virtual-chassis chassis-id 2 vf-link 0 create/gc
:%s/^multi-chassis\ vf-link\ member-port\ \(\d\+\/\S*\)$/virtual-chassis chassis-id 2 vf-link 0 member-port 2\/\1/gc
:%s/^multi-chassis\ chassis-group\ \(\d\+\)$/virtual-chassis chassis-id 2 chassis-group \1/gc

Wer die Zeilen kopiert oder manuell die Dateien angelegt hat, kann nun die Zeilen löschen:
(Löscht beide Varianten, multi-chassis und konvertierte virtual-chassis Kommandos)

:g/^\(multi\|virtual\)-chassis\ \(cha\|vf-\).*$/d

Entfernen der "linkagg range" aus der Konfiguration

:g/^linkagg\ range.*$/d 
:%s/\ multi-chassis\ active.*$//gc

:g/^linkagg\ \(.*system-id\).*$/d
Chassis 1:
:%s/^linkagg\ \(static\|lacp\)\ port\ \(\d\+\/\S*\)/linkagg \1 port 1\/\2/gc

Chassis 2:
:%s/^linkagg\ \(static\|lacp\)\ port\ \(\d\+\/\S*\)/linkagg \1 port 2\/\2/gc

"multi-chassis vip-vlan" ersetzen durch normales "vlan"

:%s/^multi-chassis\ vip-vlan/vlan/gc

VLAN Portzuordnung von "slot/port" zu "chassis/slot/port" konvertieren

Chassis 1:
:%s/^vlan\ \(\d\+\)\ members\ port\ \(\d\+\/\S*\)/vlan \1 members port 1\/\2/gc

Chassis 2:
:%s/^vlan\ \(\d\+\)\ members\ port\ \(\d\+\/\S*\)/vlan \1 members port 2\/\2/gc

IP-Interfaces automatisiert konvertieren

Nachdem wir die beiden MC-LAG Nodes zu einem Virtual Chassis migriert haben, sollen Server/Clients die gleichen Gateways wie zuvor nutzen können - daher konvertieren wir im Folgenden die IP-Interfaces von bisherigen physikalischen IPs auf Ihre „VIP-Address“ um.

(Soll dies nicht so gemacht werden, muss dieser Schritt natürlich manuell nach eigenem Wunsch durchgeführt werden.)

Chassis 1:
:%s/^ip\ interface\ \(\".*\"\)\ address \(\d\+\.\d\+\.\d\+\.\d\+\)\ mask\ \(\d\+\.\d\+\.\d\+\.\d\+\)\ vip-address\ \(\d\+\.\d\+\.\d\+\.\d\+\)/ip interface \1 address \4 mask \3/gc 

Chassis 2:
:g/^ip\ interface.*$/d 

LLDP-Konfiguration von "slot/port" zu "chassis/slot/port" konvertieren

Chassis 1:
:%s/^lldp\ \(nearest-bridge\|non-tpmr\|nearest-customer\)\ port \(\d\+\/\S*\)/lldp \1 port 1\/\2/gc 

Chassis 2:
:%s/^lldp\ \(nearest-bridge\|non-tpmr\|nearest-customer\)\ port \(\d\+\/\S*\)/lldp \1 port 2\/\2/gc

Entfernung überflüssiger Parameter

Aus der Konfiguration von Chassis 2 sollten noch einige Parameter entfernt werden die sonst beim Zusammenführen (merge) der beiden Dateien zu fehlender Übersicht führen können:

:g/^system\ \(name\|contact\|location\)/d 
:g/^session\ prompt/d

Beide Dateien mit „:wq“ abspeichern und schließen.

Erstellen der vcboot.cfg für das Virtual Chassis

Im folgenden sieht man wie die „primäre“ Konfiguration wieder geöffent wurde:

Wir holen uns nun über das folgende Kommando die zweite Datei inkl. farblich markierten Unterschieden dazu:

:vert diffsplit CORE02.cfg

Über die Tastenkombination STRG+WW kann zwischen den Fenstern gewechselt werden. Mit der Tastenkombination Shift (Hochstelltaste)+V können wir Zeilenweise über die Cursortasten markieren und mit „d“ die markierten Zeilen ausschneiden.

Die ausgeschnittenen Zeilen fügen wir (nach wechseln ins andere Fenster mit Strg+WW) mit „p“ an der gewünschten Stelle in der Konfiguration ein. Dieser Schritt muss für VLAN-Portzuordnung, Link-Aggregation-Portzuordnung, LLDP-Portkonfiguration usw. durchgeführt werden.

Nachdem alle relevanten Inhalte in die Konfiguration kopiert wurden, diese mit dem folgenden Kommando abspeichern:

:w vcboot.cfg

Exemplarische Konfiguration

MC-LAG Knoten 1 (CORE01)

CORE01.cfg
!========================================!
! File: /flash/working/boot.cfg          !
!========================================!
! Chassis:
system name MC-Lag1
system contact myContact
system location "1. DC"
mac-retention admin-state enable
mac-retention dup-mac-trap admin-state enable
mac-retention timer 30
 
! Configuration:
 
! Capability Manager:
! Multi-Chassis:
multi-chassis chassis-id 1
multi-chassis vf-link create
multi-chassis vf-link member-port 1/1
multi-chassis vf-link member-port 1/20
multi-chassis chassis-group 9
 
! Virtual Chassis Manager:
! Virtual Flow Control:
! Interface:
! Link Aggregate:
linkagg range local 0-47 peer 48-95 multi-chassis 96-127 
linkagg lacp agg 96 size 2 admin-state enable multi-chassis active
linkagg lacp agg 96 name "RACK01"
linkagg lacp agg 96 actor system-id 00:00:00:00:00:96
linkagg lacp agg 96 actor admin-key 96
linkagg lacp agg 97 size 2 admin-state enable multi-chassis active
linkagg lacp agg 97 name "RACK02"
linkagg lacp agg 97 actor system-id 00:00:00:00:00:97
linkagg lacp agg 97 actor admin-key 97
linkagg lacp agg 98 size 2 admin-state enable multi-chassis active
linkagg lacp agg 98 name "RACK03"
linkagg lacp agg 98 actor system-id 00:00:00:00:00:98
linkagg lacp agg 98 actor admin-key 98
linkagg lacp agg 99 size 2 admin-state enable multi-chassis active
linkagg lacp agg 99 name "RACK04"
linkagg lacp agg 99 actor system-id 00:00:00:00:00:99
linkagg lacp agg 99 actor admin-key 99
linkagg lacp agg 100 size 2 admin-state enable multi-chassis active
linkagg lacp agg 100 name "SW01"
linkagg lacp agg 100 actor system-id 00:00:00:00:01:00
linkagg lacp agg 100 actor admin-key 100
linkagg lacp agg 101 size 2 admin-state enable multi-chassis active
linkagg lacp agg 101 name "SW02"
linkagg lacp agg 101 actor system-id 00:00:00:00:01:01
linkagg lacp agg 101 actor admin-key 101
linkagg lacp agg 102 size 2 admin-state enable multi-chassis active
linkagg lacp agg 102 name "SW03"
linkagg lacp agg 102 actor system-id 00:00:00:00:01:02
linkagg lacp agg 102 actor admin-key 102
linkagg lacp agg 103 size 2 admin-state enable multi-chassis active
linkagg lacp agg 103 name "SW04"
linkagg lacp agg 103 actor system-id 00:00:00:00:01:03
linkagg lacp agg 103 actor admin-key 103
linkagg lacp agg 104 size 2 admin-state enable multi-chassis active
linkagg lacp agg 104 name "SW05"
linkagg lacp agg 104 actor system-id 00:00:00:00:01:04
linkagg lacp agg 104 actor admin-key 104
linkagg lacp agg 105 size 2 admin-state enable multi-chassis active
linkagg lacp agg 105 name "SW06"
linkagg lacp agg 105 actor system-id 00:00:00:00:01:05
linkagg lacp agg 105 actor admin-key 105
linkagg lacp agg 106 size 2 admin-state enable multi-chassis active
linkagg lacp agg 106 name "SW07"
linkagg lacp agg 106 actor system-id 00:00:00:00:01:06
linkagg lacp agg 106 actor admin-key 106
linkagg lacp port 1/2 actor admin-key 96
linkagg lacp port 1/2 actor system-id 00:00:00:00:00:96
linkagg lacp port 1/3 actor admin-key 97
linkagg lacp port 1/3 actor system-id 00:00:00:00:00:97
linkagg lacp port 1/4 actor admin-key 98
linkagg lacp port 1/4 actor system-id 00:00:00:00:00:98
linkagg lacp port 1/5 actor admin-key 99
linkagg lacp port 1/5 actor system-id 00:00:00:00:00:99
linkagg lacp port 1/6 actor admin-key 100
linkagg lacp port 1/6 actor system-id 00:00:00:00:01:00
linkagg lacp port 1/7 actor admin-key 101
linkagg lacp port 1/7 actor system-id 00:00:00:00:01:01
linkagg lacp port 1/8 actor admin-key 102
linkagg lacp port 1/8 actor system-id 00:00:00:00:01:02
linkagg lacp port 1/9 actor admin-key 103
linkagg lacp port 1/9 actor system-id 00:00:00:00:01:03
linkagg lacp port 1/10 actor admin-key 104
linkagg lacp port 1/10 actor system-id 00:00:00:00:01:04
linkagg lacp port 1/11 actor admin-key 105
linkagg lacp port 1/11 actor system-id 00:00:00:00:01:05
linkagg lacp port 1/12 actor admin-key 106
linkagg lacp port 1/12 actor system-id 00:00:00:00:01:06
 
! VLAN:
vlan 1 admin-state enable
vlan 1 name "Mgmt"
multi-chassis vip-vlan 100 admin-state enable
multi-chassis vip-vlan 100 name "Server"
vlan 102-104 admin-state enable
vlan 102 name "Guest"
vlan 103 name "VoIP"
vlan 104 name "Build"
vlan 106 admin-state enable
vlan 106 name "Dev"
multi-chassis vip-vlan 110-113 admin-state enable
multi-chassis vip-vlan 110 name "Client1"
multi-chassis vip-vlan 111 name "Client2"
multi-chassis vip-vlan 112 name "Client3"
multi-chassis vip-vlan 113 name "Client4"
multi-chassis vip-vlan 150 admin-state enable
multi-chassis vip-vlan 150 name "VIP VLAN"
vlan 100 members linkagg 96-99 tagged
vlan 102 members linkagg 100-106 tagged
vlan 103 members linkagg 96-106 tagged
vlan 104 members linkagg 96-106 tagged
vlan 106 members linkagg 96-106 tagged
vlan 110 members linkagg 100-101 tagged
vlan 111 members linkagg 102-103 tagged
vlan 112 members linkagg 104-105 tagged
vlan 113 members linkagg 106 tagged
vlan 150 members linkagg 96-99 tagged
 
! Spanning Tree:
spantree vlan 1 admin-state enable 
spantree vlan 100 admin-state enable 
spantree vlan 102 admin-state enable 
spantree vlan 103 admin-state enable 
spantree vlan 104 admin-state enable 
spantree vlan 106 admin-state enable 
spantree vlan 110 admin-state enable 
spantree vlan 111 admin-state enable 
spantree vlan 112 admin-state enable 
spantree vlan 113 admin-state enable 
spantree vlan 150 admin-state enable 
 
! Bridging:
! Port Mirroring:
! Port Mapping:
! IP:
ip service port 21 admin-state enable
ip service port 22 admin-state enable
ip service port 23 admin-state enable
ip service port 80 admin-state enable
ip service port 123 admin-state enable
ip service port 443 admin-state enable
ip interface "Mgmt" address 192.168.130.197 mask 255.255.255.0 vlan 1 no forward ifindex 1
ip interface "Client1" address 10.2.140.197 mask 255.255.255.0 vip-address 10.2.140.1 vlan 110 ifindex 2
ip interface "Client2" address 10.2.141.197 mask 255.255.255.0 vip-address 10.2.141.1 vlan 111 ifindex 3
ip interface "Client3" address 10.2.142.197 mask 255.255.255.0 vip-address 10.2.142.1 vlan 112 ifindex 4
ip interface "Client4" address 10.2.143.197 mask 255.255.255.0 vip-address 10.2.143.1 vlan 113 ifindex 5
ip interface "Server" address 10.2.128.197 mask 255.255.255.0 vip-address 10.2.128.1 vlan 100 ifindex 6
ip interface "Transfer_Firewall" address 192.168.150.197 mask 255.255.255.0 vip-address 192.168.150.1 vlan 150 ifindex 7
 
! IPv6:
! IPSec:
! IPMS:
! AAA:
aaa authentication console "local" 
aaa authentication ftp "local" 
aaa authentication http "local" 
aaa authentication snmp "local" 
aaa authentication ssh "local" 
 
user password-size min 6
 
! NTP:
ntp server 192.168.2.253
ntp client admin-state enable
 
! QOS:
policy condition from_voip source vlan 103 
policy action set_dscp dscp 46 
policy rule prio_voip condition from_voip action set_dscp 
qos apply
 
! Policy Manager:
! VLAN Stacking:
! ERP:
! MVRP:
! LLDP:
lldp nearest-bridge port 1/1-20 tlv management system-capabilities enable
lldp nearest-bridge port 1/1-20 tlv management system-description enable
lldp nearest-bridge port 1/1-20 tlv management system-name enable
lldp nearest-bridge port 1/1-20 tlv management port-description enable
lldp non-tpmr port 1/1-20 tlv management system-capabilities enable
lldp non-tpmr port 1/1-20 tlv management system-description enable
lldp non-tpmr port 1/1-20 tlv management system-name enable
lldp non-tpmr port 1/1-20 tlv management port-description enable
lldp nearest-customer port 1/1-20 tlv management system-capabilities enable
lldp nearest-customer port 1/1-20 tlv management system-description enable
lldp nearest-customer port 1/1-20 tlv management system-name enable
lldp nearest-customer port 1/1-20 tlv management port-description enable
lldp nearest-bridge port 1/1-20 tlv management management-address enable
lldp non-tpmr port 1/1-20 tlv management management-address enable
lldp nearest-customer port 1/1-20 tlv management management-address enable
 
! UDLD:
! Server Load Balance:
! High Availability Vlan:
! Session Manager:
session cli timeout 30
session http timeout 30
session prompt default "CORE01 ->"
command-log enable
 
! Web:
! Trap Manager:
snmp station 192.168.2.203 162 "snmpv3" v3 enable
 
! Health Monitor:
! System Service:
swlog output socket 192.168.2.203
system timezone CET
 
! SNMP:
snmp security authentication set
snmp community-map mode enable
snmp community-map "public" user "snmp" enable
 
! BFD:
! IP Route Manager:
ip static-route 0.0.0.0/0 gateway 192.168.150.253 metric 1
 
! VRRP:
! UDP Relay:
! RIP:
! OSPF:
! ISIS:
! IP Multicast:
! DVMRP:
! IPMR:
! RIPng:
! OSPF3:
! BGP:
! Netsec:
! Module:
! RDP:
! DA-UNP:
! DHL:
! Ethernet-OAM:
! SAA:
! SPB-ISIS:
! SVCMGR:
! LDP:
! EVB:

Modifizierte Konfiguration MC-LAG Knoten 1 (CORE01)

modifiziert-CORE01.cfg
!========================================!
! File: /flash/working/boot.cfg          !
!========================================!
! Chassis:
system name MC-Lag1
system contact myContact
system location "1. DC"
mac-retention admin-state enable
mac-retention dup-mac-trap admin-state enable
mac-retention timer 30
 
! Configuration:
 
! Capability Manager:
! Multi-Chassis:
 
! Virtual Chassis Manager:
! Virtual Flow Control:
! Interface:
! Link Aggregate:
linkagg lacp agg 96 size 2 admin-state enable
linkagg lacp agg 96 name "RACK01"
linkagg lacp agg 96 actor admin-key 96
linkagg lacp agg 97 size 2 admin-state enable
linkagg lacp agg 97 name "RACK02"
linkagg lacp agg 97 actor admin-key 97
linkagg lacp agg 98 size 2 admin-state enable
linkagg lacp agg 98 name "RACK03"
linkagg lacp agg 98 actor admin-key 98
linkagg lacp agg 99 size 2 admin-state enable
linkagg lacp agg 99 name "RACK04"
linkagg lacp agg 99 actor admin-key 99
linkagg lacp agg 100 size 2 admin-state enable
linkagg lacp agg 100 name "SW01"
linkagg lacp agg 100 actor admin-key 100
linkagg lacp agg 101 size 2 admin-state enable
linkagg lacp agg 101 name "SW02"
linkagg lacp agg 101 actor admin-key 101
linkagg lacp agg 102 size 2 admin-state enable
linkagg lacp agg 102 name "SW03"
linkagg lacp agg 102 actor admin-key 102
linkagg lacp agg 103 size 2 admin-state enable
linkagg lacp agg 103 name "SW04"
linkagg lacp agg 103 actor admin-key 103
linkagg lacp agg 104 size 2 admin-state enable
linkagg lacp agg 104 name "SW05"
linkagg lacp agg 104 actor admin-key 104
linkagg lacp agg 105 size 2 admin-state enable
linkagg lacp agg 105 name "SW06"
linkagg lacp agg 105 actor admin-key 105
linkagg lacp agg 106 size 2 admin-state enable
linkagg lacp agg 106 name "SW07"
linkagg lacp agg 106 actor admin-key 106
linkagg lacp port 1/1/2 actor admin-key 96
linkagg lacp port 1/1/3 actor admin-key 97
linkagg lacp port 1/1/4 actor admin-key 98
linkagg lacp port 1/1/5 actor admin-key 99
linkagg lacp port 1/1/6 actor admin-key 100
linkagg lacp port 1/1/7 actor admin-key 101
linkagg lacp port 1/1/8 actor admin-key 102
linkagg lacp port 1/1/9 actor admin-key 103
linkagg lacp port 1/1/10 actor admin-key 104
linkagg lacp port 1/1/11 actor admin-key 105
linkagg lacp port 1/1/12 actor admin-key 106
 
! VLAN:
vlan 1 admin-state enable
vlan 1 name "Mgmt"
vlan 100 admin-state enable
vlan 100 name "Server"
vlan 102-104 admin-state enable
vlan 102 name "Guest"
vlan 103 name "VoIP"
vlan 104 name "Build"
vlan 106 admin-state enable
vlan 106 name "Dev"
vlan 110-113 admin-state enable
vlan 110 name "Client1"
vlan 111 name "Client2"
vlan 112 name "Client3"
vlan 113 name "Client4"
vlan 150 admin-state enable
vlan 150 name "VIP VLAN"
vlan 100 members linkagg 96-99 tagged
vlan 102 members linkagg 100-106 tagged
vlan 103 members linkagg 96-106 tagged
vlan 104 members linkagg 96-106 tagged
vlan 106 members linkagg 96-106 tagged
vlan 110 members linkagg 100-101 tagged
vlan 111 members linkagg 102-103 tagged
vlan 112 members linkagg 104-105 tagged
vlan 113 members linkagg 106 tagged
vlan 150 members linkagg 96-99 tagged
 
! Spanning Tree:
spantree vlan 1 admin-state enable 
spantree vlan 100 admin-state enable 
spantree vlan 102 admin-state enable 
spantree vlan 103 admin-state enable 
spantree vlan 104 admin-state enable 
spantree vlan 106 admin-state enable 
spantree vlan 110 admin-state enable 
spantree vlan 111 admin-state enable 
spantree vlan 112 admin-state enable 
spantree vlan 113 admin-state enable 
spantree vlan 150 admin-state enable 
 
! Bridging:
! Port Mirroring:
! Port Mapping:
! IP:
ip service port 21 admin-state enable
ip service port 22 admin-state enable
ip service port 23 admin-state enable
ip service port 80 admin-state enable
ip service port 123 admin-state enable
ip service port 443 admin-state enable
ip interface "Mgmt" address 192.168.130.197 mask 255.255.255.0 vlan 1 no forward ifindex 1
ip interface "Client1" address 10.2.140.1 mask 255.255.255.0 vlan 110 ifindex 2
ip interface "Client2" address 10.2.141.1 mask 255.255.255.0 vlan 111 ifindex 3
ip interface "Client3" address 10.2.142.1 mask 255.255.255.0 vlan 112 ifindex 4
ip interface "Client4" address 10.2.143.1 mask 255.255.255.0 vlan 113 ifindex 5
ip interface "Server" address 10.2.128.1 mask 255.255.255.0 vlan 100 ifindex 6
ip interface "Transfer_Firewall" address 192.168.150.1 mask 255.255.255.0 vlan 150 ifindex 7
 
! IPv6:
! IPSec:
! IPMS:
! AAA:
aaa authentication console "local" 
aaa authentication ftp "local" 
aaa authentication http "local" 
aaa authentication snmp "local" 
aaa authentication ssh "local" 
 
user password-size min 6
 
! NTP:
ntp server 192.168.2.253
ntp client admin-state enable
 
! QOS:
policy condition from_voip source vlan 103 
policy action set_dscp dscp 46 
policy rule prio_voip condition from_voip action set_dscp 
qos apply
 
! Policy Manager:
! VLAN Stacking:
! ERP:
! MVRP:
! LLDP:
lldp nearest-bridge port 1/1/1-20 tlv management system-capabilities enable
lldp nearest-bridge port 1/1/1-20 tlv management system-description enable
lldp nearest-bridge port 1/1/1-20 tlv management system-name enable
lldp nearest-bridge port 1/1/1-20 tlv management port-description enable
lldp non-tpmr port 1/1/1-20 tlv management system-capabilities enable
lldp non-tpmr port 1/1/1-20 tlv management system-description enable
lldp non-tpmr port 1/1/1-20 tlv management system-name enable
lldp non-tpmr port 1/1/1-20 tlv management port-description enable
lldp nearest-customer port 1/1/1-20 tlv management system-capabilities enable
lldp nearest-customer port 1/1/1-20 tlv management system-description enable
lldp nearest-customer port 1/1/1-20 tlv management system-name enable
lldp nearest-customer port 1/1/1-20 tlv management port-description enable
lldp nearest-bridge port 1/1/1-20 tlv management management-address enable
lldp non-tpmr port 1/1/1-20 tlv management management-address enable
lldp nearest-customer port 1/1/1-20 tlv management management-address enable
 
! UDLD:
! Server Load Balance:
! High Availability Vlan:
! Session Manager:
session cli timeout 30
session http timeout 30
session prompt default "CORE01 ->"
command-log enable
 
! Web:
! Trap Manager:
snmp station 192.168.2.203 162 "snmpv3" v3 enable
 
! Health Monitor:
! System Service:
swlog output socket 192.168.2.203
system timezone CET
 
! SNMP:
snmp security authentication set
snmp community-map mode enable
snmp community-map "public" user "snmp" enable
 
! BFD:
! IP Route Manager:
ip static-route 0.0.0.0/0 gateway 192.168.150.253 metric 1
 
! VRRP:
! UDP Relay:
! RIP:
! OSPF:
! ISIS:
! IP Multicast:
! DVMRP:
! IPMR:
! RIPng:
! OSPF3:
! BGP:
! Netsec:
! Module:
! RDP:
! DA-UNP:
! DHL:
! Ethernet-OAM:
! SAA:
! SPB-ISIS:
! SVCMGR:
! LDP:
! EVB:

MC-LAG Knoten 2 (CORE02)

CORE02.cfg
!========================================!
! File: /flash/working/boot.cfg          !
!========================================!
! Chassis:
system name MC-Lag2
system contact myContact
system location "1. DC"
mac-retention admin-state enable
mac-retention dup-mac-trap admin-state enable
mac-retention timer 30
 
! Configuration:
 
! Capability Manager:
! Multi-Chassis:
multi-chassis chassis-id 2
multi-chassis vf-link create
multi-chassis vf-link member-port 1/1
multi-chassis vf-link member-port 1/20
multi-chassis chassis-group 9
 
! Virtual Chassis Manager:
! Virtual Flow Control:
! Interface:
! Link Aggregate:
linkagg range local 48-95 peer 0-47 multi-chassis 96-127 
linkagg lacp agg 96 size 2 admin-state enable multi-chassis active
linkagg lacp agg 96 name "RACK01"
linkagg lacp agg 96 actor system-id 00:00:00:00:00:96
linkagg lacp agg 96 actor admin-key 96
linkagg lacp agg 97 size 2 admin-state enable multi-chassis active
linkagg lacp agg 97 name "RACK02"
linkagg lacp agg 97 actor system-id 00:00:00:00:00:97
linkagg lacp agg 97 actor admin-key 97
linkagg lacp agg 98 size 2 admin-state enable multi-chassis active
linkagg lacp agg 98 name "RACK03"
linkagg lacp agg 98 actor system-id 00:00:00:00:00:98
linkagg lacp agg 98 actor admin-key 98
linkagg lacp agg 99 size 2 admin-state enable multi-chassis active
linkagg lacp agg 99 name "RACK04"
linkagg lacp agg 99 actor system-id 00:00:00:00:00:99
linkagg lacp agg 99 actor admin-key 99
linkagg lacp agg 100 size 2 admin-state enable multi-chassis active
linkagg lacp agg 100 name "SW01"
linkagg lacp agg 100 actor system-id 00:00:00:00:01:00
linkagg lacp agg 100 actor admin-key 100
linkagg lacp agg 101 size 2 admin-state enable multi-chassis active
linkagg lacp agg 101 name "SW02"
linkagg lacp agg 101 actor system-id 00:00:00:00:01:01
linkagg lacp agg 101 actor admin-key 101
linkagg lacp agg 102 size 2 admin-state enable multi-chassis active
linkagg lacp agg 102 name "SW03"
linkagg lacp agg 102 actor system-id 00:00:00:00:01:02
linkagg lacp agg 102 actor admin-key 102
linkagg lacp agg 103 size 2 admin-state enable multi-chassis active
linkagg lacp agg 103 name "SW04"
linkagg lacp agg 103 actor system-id 00:00:00:00:01:03
linkagg lacp agg 103 actor admin-key 103
linkagg lacp agg 104 size 2 admin-state enable multi-chassis active
linkagg lacp agg 104 name "SW05"
linkagg lacp agg 104 actor system-id 00:00:00:00:01:04
linkagg lacp agg 104 actor admin-key 104
linkagg lacp agg 105 size 2 admin-state enable multi-chassis active
linkagg lacp agg 105 name "SW06"
linkagg lacp agg 105 actor system-id 00:00:00:00:01:05
linkagg lacp agg 105 actor admin-key 105
linkagg lacp agg 106 size 2 admin-state enable multi-chassis active
linkagg lacp agg 106 name "SW07"
linkagg lacp agg 106 actor system-id 00:00:00:00:01:06
linkagg lacp agg 106 actor admin-key 106
linkagg lacp port 1/2 actor admin-key 96
linkagg lacp port 1/2 actor system-id 00:00:00:00:00:96
linkagg lacp port 1/3 actor admin-key 97
linkagg lacp port 1/3 actor system-id 00:00:00:00:00:97
linkagg lacp port 1/4 actor admin-key 98
linkagg lacp port 1/4 actor system-id 00:00:00:00:00:98
linkagg lacp port 1/5 actor admin-key 99
linkagg lacp port 1/5 actor system-id 00:00:00:00:00:99
linkagg lacp port 1/6 actor admin-key 100
linkagg lacp port 1/6 actor system-id 00:00:00:00:01:00
linkagg lacp port 1/7 actor admin-key 101
linkagg lacp port 1/7 actor system-id 00:00:00:00:01:01
linkagg lacp port 1/8 actor admin-key 102
linkagg lacp port 1/8 actor system-id 00:00:00:00:01:02
linkagg lacp port 1/9 actor admin-key 103
linkagg lacp port 1/9 actor system-id 00:00:00:00:01:03
linkagg lacp port 1/10 actor admin-key 104
linkagg lacp port 1/10 actor system-id 00:00:00:00:01:04
linkagg lacp port 1/11 actor admin-key 105
linkagg lacp port 1/11 actor system-id 00:00:00:00:01:05
linkagg lacp port 1/12 actor admin-key 106
linkagg lacp port 1/12 actor system-id 00:00:00:00:01:06
 
! VLAN:
vlan 1 admin-state enable
vlan 1 name "Mgmt"
multi-chassis vip-vlan 100 admin-state enable
multi-chassis vip-vlan 100 name "Server"
vlan 102-104 admin-state enable
vlan 102 name "Guest"
vlan 103 name "VoIP"
vlan 104 name "Build"
vlan 106 admin-state enable
vlan 106 name "Dev"
multi-chassis vip-vlan 110-113 admin-state enable
multi-chassis vip-vlan 110 name "Client1"
multi-chassis vip-vlan 111 name "Client2"
multi-chassis vip-vlan 112 name "Client3"
multi-chassis vip-vlan 113 name "Client4"
multi-chassis vip-vlan 150 admin-state enable
multi-chassis vip-vlan 150 name "VIP VLAN"
vlan 100 members linkagg 96-99 tagged
vlan 102 members linkagg 100-106 tagged
vlan 103 members linkagg 96-106 tagged
vlan 104 members linkagg 96-106 tagged
vlan 106 members linkagg 96-106 tagged
vlan 110 members linkagg 100-101 tagged
vlan 111 members linkagg 102-103 tagged
vlan 112 members linkagg 104-105 tagged
vlan 113 members linkagg 106 tagged
vlan 150 members linkagg 96-99 tagged
 
! Spanning Tree:
spantree vlan 1 admin-state enable 
spantree vlan 100 admin-state enable 
spantree vlan 102 admin-state enable 
spantree vlan 103 admin-state enable 
spantree vlan 104 admin-state enable 
spantree vlan 106 admin-state enable 
spantree vlan 110 admin-state enable 
spantree vlan 111 admin-state enable 
spantree vlan 112 admin-state enable 
spantree vlan 113 admin-state enable 
spantree vlan 150 admin-state enable 
 
! Bridging:
! Port Mirroring:
! Port Mapping:
! IP:
ip service port 21 admin-state enable
ip service port 22 admin-state enable
ip service port 23 admin-state enable
ip service port 80 admin-state enable
ip service port 123 admin-state enable
ip service port 443 admin-state enable
ip interface "Mgmt" address 192.168.130.198 mask 255.255.255.0 vlan 1 no forward ifindex 1
ip interface "Client1" address 10.2.140.198 mask 255.255.255.0 vip-address 10.2.140.1 vlan 110 ifindex 2
ip interface "Client2" address 10.2.141.198 mask 255.255.255.0 vip-address 10.2.141.1 vlan 111 ifindex 3
ip interface "Client3" address 10.2.142.198 mask 255.255.255.0 vip-address 10.2.142.1 vlan 112 ifindex 4
ip interface "Client4" address 10.2.143.198 mask 255.255.255.0 vip-address 10.2.143.1 vlan 113 ifindex 5
ip interface "Server" address 10.2.128.198 mask 255.255.255.0 vip-address 10.2.128.1 vlan 100 ifindex 6
ip interface "Transfer_Firewall" address 192.168.150.198 mask 255.255.255.0 vip-address 192.168.150.1 vlan 150 ifindex 7
 
! IPv6:
! IPSec:
! IPMS:
! AAA:
aaa authentication console "local" 
aaa authentication ftp "local" 
aaa authentication http "local" 
aaa authentication snmp "local" 
aaa authentication ssh "local" 
 
user password-size min 6
 
! NTP:
ntp server 192.168.2.253
ntp client admin-state enable
 
! QOS:
policy condition from_voip source vlan 103 
policy action set_dscp dscp 46 
policy rule prio_voip condition from_voip action set_dscp 
qos apply
 
! Policy Manager:
! VLAN Stacking:
! ERP:
! MVRP:
! LLDP:
lldp nearest-bridge port 1/1-20 tlv management system-capabilities enable
lldp nearest-bridge port 1/1-20 tlv management system-description enable
lldp nearest-bridge port 1/1-20 tlv management system-name enable
lldp nearest-bridge port 1/1-20 tlv management port-description enable
lldp non-tpmr port 1/1-20 tlv management system-capabilities enable
lldp non-tpmr port 1/1-20 tlv management system-description enable
lldp non-tpmr port 1/1-20 tlv management system-name enable
lldp non-tpmr port 1/1-20 tlv management port-description enable
lldp nearest-customer port 1/1-20 tlv management system-capabilities enable
lldp nearest-customer port 1/1-20 tlv management system-description enable
lldp nearest-customer port 1/1-20 tlv management system-name enable
lldp nearest-customer port 1/1-20 tlv management port-description enable
lldp nearest-bridge port 1/1-20 tlv management management-address enable
lldp non-tpmr port 1/1-20 tlv management management-address enable
lldp nearest-customer port 1/1-20 tlv management management-address enable
 
! UDLD:
! Server Load Balance:
! High Availability Vlan:
! Session Manager:
session cli timeout 30
session http timeout 30
session prompt default "CORE02 ->"
command-log enable
 
! Web:
! Trap Manager:
snmp station 192.168.2.203 162 "snmpv3" v3 enable
 
! Health Monitor:
! System Service:
swlog output socket 192.168.2.203
system timezone CET
 
! SNMP:
snmp security authentication set
snmp community-map mode enable
snmp community-map "public" user "snmp" enable
 
! BFD:
! IP Route Manager:
ip static-route 0.0.0.0/0 gateway 192.168.150.253 metric 1
 
! VRRP:
! UDP Relay:
! RIP:
! OSPF:
! ISIS:
! IP Multicast:
! DVMRP:
! IPMR:
! RIPng:
! OSPF3:
! BGP:
! Netsec:
! Module:
! RDP:
! DA-UNP:
! DHL:
! Ethernet-OAM:
! SAA:
! SPB-ISIS:
! SVCMGR:
! LDP:
! EVB:

Modifizierte Konfiguration MC-LAG Knoten 2 (CORE02)

modifiziert-CORE02.cfg
!========================================!
! File: /flash/working/boot.cfg          !
!========================================!
! Chassis:
mac-retention admin-state enable
mac-retention dup-mac-trap admin-state enable
mac-retention timer 30
 
! Configuration:
 
! Capability Manager:
! Multi-Chassis:
 
! Virtual Chassis Manager:
! Virtual Flow Control:
! Interface:
! Link Aggregate:
linkagg lacp agg 96 size 2 admin-state enable
linkagg lacp agg 96 name "RACK01"
linkagg lacp agg 96 actor admin-key 96
linkagg lacp agg 97 size 2 admin-state enable
linkagg lacp agg 97 name "RACK02"
linkagg lacp agg 97 actor admin-key 97
linkagg lacp agg 98 size 2 admin-state enable
linkagg lacp agg 98 name "RACK03"
linkagg lacp agg 98 actor admin-key 98
linkagg lacp agg 99 size 2 admin-state enable
linkagg lacp agg 99 name "RACK04"
linkagg lacp agg 99 actor admin-key 99
linkagg lacp agg 100 size 2 admin-state enable
linkagg lacp agg 100 name "SW01"
linkagg lacp agg 100 actor admin-key 100
linkagg lacp agg 101 size 2 admin-state enable
linkagg lacp agg 101 name "SW02"
linkagg lacp agg 101 actor admin-key 101
linkagg lacp agg 102 size 2 admin-state enable
linkagg lacp agg 102 name "SW03"
linkagg lacp agg 102 actor admin-key 102
linkagg lacp agg 103 size 2 admin-state enable
linkagg lacp agg 103 name "SW04"
linkagg lacp agg 103 actor admin-key 103
linkagg lacp agg 104 size 2 admin-state enable
linkagg lacp agg 104 name "SW05"
linkagg lacp agg 104 actor admin-key 104
linkagg lacp agg 105 size 2 admin-state enable
linkagg lacp agg 105 name "SW06"
linkagg lacp agg 105 actor admin-key 105
linkagg lacp agg 106 size 2 admin-state enable
linkagg lacp agg 106 name "SW07"
linkagg lacp agg 106 actor admin-key 106
linkagg lacp port 2/1/2 actor admin-key 96
linkagg lacp port 2/1/3 actor admin-key 97
linkagg lacp port 2/1/4 actor admin-key 98
linkagg lacp port 2/1/5 actor admin-key 99
linkagg lacp port 2/1/6 actor admin-key 100
linkagg lacp port 2/1/7 actor admin-key 101
linkagg lacp port 2/1/8 actor admin-key 102
linkagg lacp port 2/1/9 actor admin-key 103
linkagg lacp port 2/1/10 actor admin-key 104
linkagg lacp port 2/1/11 actor admin-key 105
linkagg lacp port 2/1/12 actor admin-key 106
 
! VLAN:
vlan 1 admin-state enable
vlan 1 name "Mgmt"
vlan 100 admin-state enable
vlan 100 name "Server"
vlan 102-104 admin-state enable
vlan 102 name "Guest"
vlan 103 name "VoIP"
vlan 104 name "Build"
vlan 106 admin-state enable
vlan 106 name "Dev"
vlan 110-113 admin-state enable
vlan 110 name "Client1"
vlan 111 name "Client2"
vlan 112 name "Client3"
vlan 113 name "Client4"
vlan 150 admin-state enable
vlan 150 name "VIP VLAN"
vlan 100 members linkagg 96-99 tagged
vlan 102 members linkagg 100-106 tagged
vlan 103 members linkagg 96-106 tagged
vlan 104 members linkagg 96-106 tagged
vlan 106 members linkagg 96-106 tagged
vlan 110 members linkagg 100-101 tagged
vlan 111 members linkagg 102-103 tagged
vlan 112 members linkagg 104-105 tagged
vlan 113 members linkagg 106 tagged
vlan 150 members linkagg 96-99 tagged
 
! Spanning Tree:
spantree vlan 1 admin-state enable 
spantree vlan 100 admin-state enable 
spantree vlan 102 admin-state enable 
spantree vlan 103 admin-state enable 
spantree vlan 104 admin-state enable 
spantree vlan 106 admin-state enable 
spantree vlan 110 admin-state enable 
spantree vlan 111 admin-state enable 
spantree vlan 112 admin-state enable 
spantree vlan 113 admin-state enable 
spantree vlan 150 admin-state enable 
 
! Bridging:
! Port Mirroring:
! Port Mapping:
! IP:
ip service port 21 admin-state enable
ip service port 22 admin-state enable
ip service port 23 admin-state enable
ip service port 80 admin-state enable
ip service port 123 admin-state enable
ip service port 443 admin-state enable
 
! IPv6:
! IPSec:
! IPMS:
! AAA:
aaa authentication console "local" 
aaa authentication ftp "local" 
aaa authentication http "local" 
aaa authentication snmp "local" 
aaa authentication ssh "local" 
 
user password-size min 6
 
! NTP:
ntp server 192.168.2.253
ntp client admin-state enable
 
! QOS:
policy condition from_voip source vlan 103 
policy action set_dscp dscp 46 
policy rule prio_voip condition from_voip action set_dscp 
qos apply
 
! Policy Manager:
! VLAN Stacking:
! ERP:
! MVRP:
! LLDP:
lldp nearest-bridge port 2/1/1-20 tlv management system-capabilities enable
lldp nearest-bridge port 2/1/1-20 tlv management system-description enable
lldp nearest-bridge port 2/1/1-20 tlv management system-name enable
lldp nearest-bridge port 2/1/1-20 tlv management port-description enable
lldp non-tpmr port 2/1/1-20 tlv management system-capabilities enable
lldp non-tpmr port 2/1/1-20 tlv management system-description enable
lldp non-tpmr port 2/1/1-20 tlv management system-name enable
lldp non-tpmr port 2/1/1-20 tlv management port-description enable
lldp nearest-customer port 2/1/1-20 tlv management system-capabilities enable
lldp nearest-customer port 2/1/1-20 tlv management system-description enable
lldp nearest-customer port 2/1/1-20 tlv management system-name enable
lldp nearest-customer port 2/1/1-20 tlv management port-description enable
lldp nearest-bridge port 2/1/1-20 tlv management management-address enable
lldp non-tpmr port 2/1/1-20 tlv management management-address enable
lldp nearest-customer port 2/1/1-20 tlv management management-address enable
 
! UDLD:
! Server Load Balance:
! High Availability Vlan:
! Session Manager:
session cli timeout 30
session http timeout 30
command-log enable
 
! Web:
! Trap Manager:
snmp station 192.168.2.203 162 "snmpv3" v3 enable
 
! Health Monitor:
! System Service:
swlog output socket 192.168.2.203
system timezone CET
 
! SNMP:
snmp security authentication set
snmp community-map mode enable
snmp community-map "public" user "snmp" enable
 
! BFD:
! IP Route Manager:
ip static-route 0.0.0.0/0 gateway 192.168.150.253 metric 1
 
! VRRP:
! UDP Relay:
! RIP:
! OSPF:
! ISIS:
! IP Multicast:
! DVMRP:
! IPMR:
! RIPng:
! OSPF3:
! BGP:
! Netsec:
! Module:
! RDP:
! DA-UNP:
! DHL:
! Ethernet-OAM:
! SAA:
! SPB-ISIS:
! SVCMGR:
! LDP:
! EVB:

Finale Zielkonfiguration (VC-CORE01, vcboot.cfg)

vcboot.cfg
!========================================!
! File: /flash/working/boot.cfg          !
!========================================!
! Chassis:
system name MC-Lag1
system contact myContact
system location "1. DC"
mac-retention admin-state enable
mac-retention dup-mac-trap admin-state enable
mac-retention timer 30
 
! Configuration:
 
! Capability Manager:
! Multi-Chassis:
 
! Virtual Chassis Manager:
! Virtual Flow Control:
! Interface:
! Link Aggregate:
linkagg lacp agg 96 size 2 admin-state enable
linkagg lacp agg 96 name "RACK01"
linkagg lacp agg 96 actor admin-key 96
linkagg lacp agg 97 size 2 admin-state enable
linkagg lacp agg 97 name "RACK02"
linkagg lacp agg 97 actor admin-key 97
linkagg lacp agg 98 size 2 admin-state enable
linkagg lacp agg 98 name "RACK03"
linkagg lacp agg 98 actor admin-key 98
linkagg lacp agg 99 size 2 admin-state enable
linkagg lacp agg 99 name "RACK04"
linkagg lacp agg 99 actor admin-key 99
linkagg lacp agg 100 size 2 admin-state enable
linkagg lacp agg 100 name "SW01"
linkagg lacp agg 100 actor admin-key 100
linkagg lacp agg 101 size 2 admin-state enable
linkagg lacp agg 101 name "SW02"
linkagg lacp agg 101 actor admin-key 101
linkagg lacp agg 102 size 2 admin-state enable
linkagg lacp agg 102 name "SW03"
linkagg lacp agg 102 actor admin-key 102
linkagg lacp agg 103 size 2 admin-state enable
linkagg lacp agg 103 name "SW04"
linkagg lacp agg 103 actor admin-key 103
linkagg lacp agg 104 size 2 admin-state enable
linkagg lacp agg 104 name "SW05"
linkagg lacp agg 104 actor admin-key 104
linkagg lacp agg 105 size 2 admin-state enable
linkagg lacp agg 105 name "SW06"
linkagg lacp agg 105 actor admin-key 105
linkagg lacp agg 106 size 2 admin-state enable
linkagg lacp agg 106 name "SW07"
linkagg lacp agg 106 actor admin-key 106
linkagg lacp port 1/1/2 actor admin-key 96
linkagg lacp port 1/1/3 actor admin-key 97
linkagg lacp port 1/1/4 actor admin-key 98
linkagg lacp port 1/1/5 actor admin-key 99
linkagg lacp port 1/1/6 actor admin-key 100
linkagg lacp port 1/1/7 actor admin-key 101
linkagg lacp port 1/1/8 actor admin-key 102
linkagg lacp port 1/1/9 actor admin-key 103
linkagg lacp port 1/1/10 actor admin-key 104
linkagg lacp port 1/1/11 actor admin-key 105
linkagg lacp port 1/1/12 actor admin-key 106
linkagg lacp port 2/1/2 actor admin-key 96
linkagg lacp port 2/1/3 actor admin-key 97
linkagg lacp port 2/1/4 actor admin-key 98
linkagg lacp port 2/1/5 actor admin-key 99
linkagg lacp port 2/1/6 actor admin-key 100
linkagg lacp port 2/1/7 actor admin-key 101
linkagg lacp port 2/1/8 actor admin-key 102
linkagg lacp port 2/1/9 actor admin-key 103
linkagg lacp port 2/1/10 actor admin-key 104
linkagg lacp port 2/1/11 actor admin-key 105
linkagg lacp port 2/1/12 actor admin-key 106
 
! VLAN:
vlan 1 admin-state enable
vlan 1 name "Mgmt"
vlan 100 admin-state enable
vlan 100 name "Server"
vlan 102-104 admin-state enable
vlan 102 name "Guest"
vlan 103 name "VoIP"
vlan 104 name "Build"
vlan 106 admin-state enable
vlan 106 name "Dev"
vlan 110-113 admin-state enable
vlan 110 name "Client1"
vlan 111 name "Client2"
vlan 112 name "Client3"
vlan 113 name "Client4"
vlan 150 admin-state enable
vlan 150 name "VIP VLAN"
vlan 100 members linkagg 96-99 tagged
vlan 102 members linkagg 100-106 tagged
vlan 103 members linkagg 96-106 tagged
vlan 104 members linkagg 96-106 tagged
vlan 106 members linkagg 96-106 tagged
vlan 110 members linkagg 100-101 tagged
vlan 111 members linkagg 102-103 tagged
vlan 112 members linkagg 104-105 tagged
vlan 113 members linkagg 106 tagged
vlan 150 members linkagg 96-99 tagged
 
! Spanning Tree:
spantree vlan 1 admin-state enable 
spantree vlan 100 admin-state enable 
spantree vlan 102 admin-state enable 
spantree vlan 103 admin-state enable 
spantree vlan 104 admin-state enable 
spantree vlan 106 admin-state enable 
spantree vlan 110 admin-state enable 
spantree vlan 111 admin-state enable 
spantree vlan 112 admin-state enable 
spantree vlan 113 admin-state enable 
spantree vlan 150 admin-state enable 
 
! Bridging:
! Port Mirroring:
! Port Mapping:
! IP:
ip service port 21 admin-state enable
ip service port 22 admin-state enable
ip service port 23 admin-state enable
ip service port 80 admin-state enable
ip service port 123 admin-state enable
ip service port 443 admin-state enable
ip interface "Mgmt" address 192.168.130.197 mask 255.255.255.0 vlan 1 no forward ifindex 1
ip interface "Client1" address 10.2.140.1 mask 255.255.255.0 vlan 110 ifindex 2
ip interface "Client2" address 10.2.141.1 mask 255.255.255.0 vlan 111 ifindex 3
ip interface "Client3" address 10.2.142.1 mask 255.255.255.0 vlan 112 ifindex 4
ip interface "Client4" address 10.2.143.1 mask 255.255.255.0 vlan 113 ifindex 5
ip interface "Server" address 10.2.128.1 mask 255.255.255.0 vlan 100 ifindex 6
ip interface "Transfer_Firewall" address 192.168.150.1 mask 255.255.255.0 vlan 150 ifindex 7
 
! IPv6:
! IPSec:
! IPMS:
! AAA:
aaa authentication console "local" 
aaa authentication ftp "local" 
aaa authentication http "local" 
aaa authentication snmp "local" 
aaa authentication ssh "local" 
 
user password-size min 6
 
! NTP:
ntp server 192.168.2.253
ntp client admin-state enable
 
! QOS:
policy condition from_voip source vlan 103 
policy action set_dscp dscp 46 
policy rule prio_voip condition from_voip action set_dscp 
qos apply
 
! Policy Manager:
! VLAN Stacking:
! ERP:
! MVRP:
! LLDP:
lldp nearest-bridge port 1/1/1-20 tlv management system-capabilities enable
lldp nearest-bridge port 1/1/1-20 tlv management system-description enable
lldp nearest-bridge port 1/1/1-20 tlv management system-name enable
lldp nearest-bridge port 1/1/1-20 tlv management port-description enable
lldp non-tpmr port 1/1/1-20 tlv management system-capabilities enable
lldp non-tpmr port 1/1/1-20 tlv management system-description enable
lldp non-tpmr port 1/1/1-20 tlv management system-name enable
lldp non-tpmr port 1/1/1-20 tlv management port-description enable
lldp nearest-customer port 1/1/1-20 tlv management system-capabilities enable
lldp nearest-customer port 1/1/1-20 tlv management system-description enable
lldp nearest-customer port 1/1/1-20 tlv management system-name enable
lldp nearest-customer port 1/1/1-20 tlv management port-description enable
lldp nearest-bridge port 1/1/1-20 tlv management management-address enable
lldp non-tpmr port 1/1/1-20 tlv management management-address enable
lldp nearest-customer port 1/1/1-20 tlv management management-address enable
lldp nearest-bridge port 2/1/1-20 tlv management system-capabilities enable
lldp nearest-bridge port 2/1/1-20 tlv management system-description enable
lldp nearest-bridge port 2/1/1-20 tlv management system-name enable
lldp nearest-bridge port 2/1/1-20 tlv management port-description enable
lldp non-tpmr port 2/1/1-20 tlv management system-capabilities enable
lldp non-tpmr port 2/1/1-20 tlv management system-description enable
lldp non-tpmr port 2/1/1-20 tlv management system-name enable
lldp non-tpmr port 2/1/1-20 tlv management port-description enable
lldp nearest-customer port 2/1/1-20 tlv management system-capabilities enable
lldp nearest-customer port 2/1/1-20 tlv management system-description enable
lldp nearest-customer port 2/1/1-20 tlv management system-name enable
lldp nearest-customer port 2/1/1-20 tlv management port-description enable
lldp nearest-bridge port 2/1/1-20 tlv management management-address enable
lldp non-tpmr port 2/1/1-20 tlv management management-address enable
lldp nearest-customer port 2/1/1-20 tlv management management-address enable
 
! UDLD:
! Server Load Balance:
! High Availability Vlan:
! Session Manager:
session cli timeout 30
session http timeout 30
session prompt default "CORE01 ->"
command-log enable
 
! Web:
! Trap Manager:
snmp station 192.168.2.203 162 "snmpv3" v3 enable
 
! Health Monitor:
! System Service:
swlog output socket 192.168.2.203
system timezone CET
 
! SNMP:
snmp security authentication set
snmp community-map mode enable
snmp community-map "public" user "snmp" enable
 
! BFD:
! IP Route Manager:
ip static-route 0.0.0.0/0 gateway 192.168.150.253 metric 1
 
! VRRP:
! UDP Relay:
! RIP:
! OSPF:
! ISIS:
! IP Multicast:
! DVMRP:
! IPMR:
! RIPng:
! OSPF3:
! BGP:
! Netsec:
! Module:
! RDP:
! DA-UNP:
! DHL:
! Ethernet-OAM:
! SAA:
! SPB-ISIS:
! SVCMGR:
! LDP:
! EVB:

Durchführung der MC-LAG zu Virtual-Chassis Migration

Vorbereiten von CORE01

Anlegen eines Verzeichnisses für Virtual-Chassis Betrieb und Erstellung vcsetup.cfg:

CORE01 -> mkdir vc-config
CORE01 -> cd vc-config
CORE01 -> vi vcsetup.cfg
(Datei editieren, nach folgendem Beispiel) 

Dieses Beispiel folgt den bisherigen Einstellungen der VFL-Ports von MC-LAG, was in den meisten Fällen sinnvoll ist.

vcsetup.cfg
!========================================!
! File: /flash/vc-config/vcsetup.cfg     !
!========================================!
! Virtual Chassis Manager:
virtual-chassis chassis-id 1 configured-chassis-id 1
virtual-chassis chassis-id 1 vf-link 0 create       
virtual-chassis chassis-id 1 vf-link 0 member-port 1/1/1 
virtual-chassis chassis-id 1 vf-link 0 member-port 1/1/20
virtual-chassis chassis-id 1 chassis-group 9             
 
! IP:                                                                     
ip interface local chassis-id 1 emp address 192.168.1.1 mask 255.255.255.0

Wir empfehlen dringend den EMP-Port bzw. das Out-of-Band Management zu konfigurieren, dies ist für die Remote-Chassis-Split-Detection zur Vermeidung einer sogenannten „Split-Brain“-Situation notwendig!

Hochladen/Kopieren des AOS-Betriebssystems:

Laden Sie die vcboot.cfg per FTP in das Verzeichnis vc-config hoch!

CORE01 -> 
CORE01 -> ls
vcboot.cfg   vcsetup.cfg
CORE01 -> cp ../732-344-GA/Tos.img .
CORE01 -> ls -l
-rw-r--r--    1 admin    user     126642216 Aug 16 09:51 Tos.img
-rw-------    1 admin    user          8279 Aug 16 09:50 vcboot.cfg
-rw-r--r--    1 admin    user           497 Aug 16 09:49 vcsetup.cfg
CORE01 -> 

Vorbereiten von CORE02

Anlegen eines Verzeichnisses für Virtual-Chassis Betrieb und Erstellung vcsetup.cfg:

CORE02 -> mkdir vc-config
CORE02 -> cd vc-config
CORE02 -> vi vcsetup.cfg
(Datei editieren, nach folgendem Beispiel)

Dieses Beispiel folgt den bisherigen Einstellungen der VFL-Ports von MC-LAG, was in den meisten Fällen sinnvoll ist.

vcsetup.cfg
!========================================!
! File: /flash/vc-config/vcsetup.cfg     !
!========================================!
! Virtual Chassis Manager:
virtual-chassis chassis-id 2 configured-chassis-id 2
virtual-chassis chassis-id 2 vf-link 0 create
virtual-chassis chassis-id 2 vf-link 0 member-port 2/1/1
virtual-chassis chassis-id 2 vf-link 0 member-port 2/1/20
virtual-chassis chassis-id 2 chassis-group 9
 
! IP:
ip interface local chassis-id 2 emp address 192.168.1.2 mask 255.255.255.0

Wir empfehlen dringend den EMP-Port bzw. das Out-of-Band Management zu konfigurieren, dies ist für die Remote-Chassis-Split-Detection zur Vermeidung einer sogenannten „Split-Brain“-Situation notwendig!

Hochladen/Kopieren des AOS-Betriebssystems:

Laden Sie die vcboot.cfg per FTP in das Verzeichnis vc-config hoch!

CORE02 -> 
CORE02 -> ls
vcboot.cfg   vcsetup.cfg
CORE02 -> cp ../732-344-GA/Tos.img .
CORE02 -> ls -l
-rw-r--r--    1 admin    user     126642216 Aug 16 09:51 Tos.img
-rw-------    1 admin    user          8279 Aug 16 09:50 vcboot.cfg
-rw-r--r--    1 admin    user           497 Aug 16 09:49 vcsetup.cfg
CORE02 -> 

Neustart der beiden Geräte

Auf CORE01:

CORE01 -> reload from vc-config no rollback-timeout

Auf CORE02:

CORE02 -> reload from vc-config no rollback-timeout

Relevante Meldungen auf der Konsole

Wichtig ist Chassis Supervision: CMM has reached the ready state [L8], in diesem Moment ist das Virtual-Chassis in Betrieb und beginnt damit Datenverkehr zu verarbeiten.

Fri Aug 16 10:03:44 : vcmCmm chas_sup info message:
+++ CMM:vcmCMM_cs_handle_chassis_ready@3602: Chassis 1 ready (data 0) [L1]
 
Fri Aug 16 10:04:05 : vcmCmm port_mgr info message:
+++ CMM:vcmCMM_client_rx_pm@1551: VFL link 1/0 up (pri 1/1/1:0x0) [L2]

Fri Aug 16 10:04:05 : vcmCmm protocol info message:
+++ CMM:vcmCMN_protocol_ready_update_cb@13348: Chassis 1, role Master, status Running, master 1 [L3]

Fri Aug 16 10:04:05 : vcmCmm ipc info message:
+++ CMM:vcmCMM_peer_connected@1792: Remote endpoint (chassis 2, slot 65) [L4]

Fri Aug 16 10:04:08 : vcmCmm node_sync info message:
+++ CMM:notify_sync_complete@757: Sync complete 'multi node' (peers 1, conn 1, sync 1) [L5]

Fri Aug 16 10:04:08 : ChassisSupervisor bootMgr info message:
+++ Sending VC Takeover to NIs and applications [L6]

Fri Aug 16 10:04:08 : isis_spb_0 TASK info message:
+++ VC Takeover: chassis_id:1

Fri Aug 16 10:04:08 : ipv4 itf info message:
+++ Interface EMP-CHAS1 192.168.1.1/255.255.255.0

Fri Aug 16 10:04:08 : SNMP aluSubagent_thread info message:
+++ snmp_vc_takeover_callback | VC Takeover complete

Fri Aug 16 10:04:10 : qosNi Info info message:
+++ VC Takeover in progress.
+++ VC Takeover complete.

Fri Aug 16 10:04:10 : ChassisSupervisor bootMgr info message:
+++ Received VC Takeover Complete event from all apps [L7]
Chassis Supervision: CMM has reached the ready state [L8]
Chassis Supervision: CMM has reached the ready state [L8]

Fri Aug 16 10:04:12 : ChassisSupervisor reloadMgr info message:
+++ Redundancy time expired - updating next running to vc-config

Diese Zeit ist seit dem Neustart der Geräte bis zur „ready state“-Meldung vergangen:

Überprüfung der Virtual-Chassis Topologie

CORE01 -> show virtual-chassis topology 
Local Chassis: 1
                                        Config 
 Chas  Role         Status              Chas ID  Pri   Group  MAC-Address      
-----+------------+-------------------+--------+-----+------+------------------
 1     Master       Running             1        100   9      e8:e7:32:11:ca:ed
 2     Slave        Running             2        100   9      e8:e7:32:11:ca:d1

Abschluss der Migration

Nachdem wir festgestellt haben dass alles wie gewünscht funktioniert, sollte die laufende Konfiguration gespeichert und zertifiziert werden.

CORE01 -> write memory flash-synchro
mc-lag_zu_virtual-chassis_migration.txt · Zuletzt geändert: 2014/06/18 22:46 von benny