====== Migration von MC-LAG zu Virtual-Chassis ======
{{::a-titelbild.png?nolink|}}
In diesem Beitrag beschreiben wir die Migration von Alcatel-Lucent OmniSwitch MC-LAG zum Virtual-Chassis. Nach unseren Erfahrungen werden für diesen Vorgang (Neustart der Geräte) **weniger als 5 Minuten** benötigt. Eine ausführliche Lektüre dieser Seite, ist aber die Grundvoraussetzung!
**Bitte prüfen Sie die Konfiguration sorgfältig bevor Sie die Systeme neustarten!**
===== Voraussetzungen =====
Wir nutzen VIM um viele, sonst fehleranfällige, Änderungen der Konfiguration zu automatisieren.
VIM ist ein großartiges Programm und sollte auf keinem Rechner fehlen.
* Download für MacOSX: http://code.google.com/p/macvim/
* Download für Windows: http://www.vim.org/download.php#pc
* Download für Linux: http://www.vim.org/download.php#unix
Damit VIM beim "Suchen & Ersetzen" die Zeilen farbig markiert, ist folgende Einstellung sinnvoll:
:set hlsearch
* Auf dem OmniSwitch wird die "Advanced"-Lizenz benötigt um das "Virtual Chassis" einsetzen zu können.
* Bitte beachten Sie die u-boot / AOS-Abhängigkeiten! Details dazu stehen in den "Upgrade Instructions".
===== Vergleich von MC-LAG mit Virtual-Chassis =====
^ MC-LAG ^ Virtual-Chassis ^
| Verfügbar seit AOS 7.1.1.R01 | Verfügbar seit AOS 7.3.1.R01 |
| L2-Learning in Hardware\\ (MAC-Tabelle wird zwischen den Chassis synchronisiert) | L2-Learning in Hardware\\ (MAC-Tabelle wird zwischen den Chassis synchronisiert) |
| Unabhängige Konfiguration mit separater Management-IP für jeden Switch | Konfiguration und Management des gesamten Virtual-Chassis erfolgt über eine IP-Adresse |
| Unabhängige Bridge-IDs | **Eine** Bridge-ID |
| Unabhängige Router | **Ein** Router |
| Nur eingeschränkte IPv4-L3-Unterstützung über MC-LAGs (z.B. Dynamisches Routing) | Vollständige Unterstützung |
| Keine IPv6-L3-Unterstützung über MC-LAGs (z.B. Gateway, Dynamisches Routing) | Vollständige Unterstützung |
| Virtual Fabric Link (VFL), fehlertolerantes und hochperformantes Link-Aggregat | Identisch |
| Limitiert auf zwei Chassis | Aktuell zwei Chassis, zukünftig sechs |
| ISSU nur für das gleiche Chassis | ISSU über Chassis hinweg |
==== Gründe um von MC-LAG zum Virtual-Chassis zu migrieren ====
* einfacheres Management
* IPv6-fähig
* IPv4/IPv6-Routing
===== Planung der Arbeitsschritte =====
* vcsetup.cfg's müssen vorbereitet werden
* MC-LAG und System/Session:
* "multi-chassis"-Zeilen müssen komplett aus der Konfiguration entfernt werden
* "session prompt" vom zweiten Core entfernen
* "system name", "system location", "system contact" & "ip interface" vom zweiten Core entfernen
* Link-Aggregation:
* "linkagg range" Zeile muss aus der Konfiguration entfernt werden
* linkagg {lacp|static} agg size admin-state {enable|disable} "multi-chassis active" muss aus der Konfiguration entfernt werden
* linkagg lacp agg "system-id xx:xx:xx:xx:xx:xx" muss aus der Konfiguration entfernt werden
* linkagg {lacp|static} port "system-id xx:xx:xx:xx:xx:xx" muss aus der Konfiguration entfernt werden
* linkagg {lacp|static} port "slot/port" zu "chassis/slot/port" konvertieren
* VLAN:
* multi-chassis vip-vlan konvertieren in normales vlan
* VLAN-Zuordnung von Ports tagged/untagged "slot/port" zu "chassis/slot/port" konvertieren
* IP-Interface:
* Entweder bisherige virtuelle Adresse (vip-address) als VRRP anlegen **ODER**
* IP-Interface mit "vip-address" betreiben (bisherige physikalische IP überschreiben)
* (IP Interfaces aus Chassis 2 komplett löschen)
* LLDP:
* "slot/port" zu "chassis/slot/port" konvertieren
* Weitere Konfigurationen
* Sind in der Konfiguration noch Kommandos enthalten die hier nicht behandelt werden?
===== Durchführung der vorbereitenden Arbeitsschritte =====
Wenn nicht anders angegeben, müssen die VIM-Kommandos jeweils einmal für "Chassis 1" und "Chassis 2"-Konfiguration durchgeführt werden.
==== Konvertieren und entfernen der Multi-Chassis & VF-Link Konfiguration ====
An dieser Stelle wird die Multi-Chassis Konfiguration entfernt, vorher sollten natürlich die Parameter in eine jeweils neue vcsetup.cfg übernommen werden. Wie diese Dateien aussehen müssen, steht u.a. hier: [[nxo_dc_vrd|NextiraOne - Data Center Validated Reference Design]]
Um die Konvertierung möglichst einfach zu gestalten, helfen die folgenden VIM-Kommandos beim Erstellen der zwei vcsetup.cfg's:
Ein hinter das "g" (global) angestelltes "c" (confirmation) fordert für jede Fundstelle vor Ersetzung eine Bestätigung ein. Wer also nicht jede Zeile bestätigen möchte, entfernt das "c".
Chassis 1:
:%s/^multi-chassis\ chassis-id\ \(\d\+\)$/virtual-chassis chassis-id \1 configured-chassis-id \1/gc
:%s/^multi-chassis\ vf-link\ create$/virtual-chassis chassis-id 1 vf-link 0 create/gc
:%s/^multi-chassis\ vf-link\ member-port\ \(\d\+\/\S*\)$/virtual-chassis chassis-id 1 vf-link 0 member-port 1\/\1/gc
:%s/^multi-chassis\ chassis-group\ \(\d\+\)$/virtual-chassis chassis-id 1 chassis-group \1/gc
Chassis 2:
:%s/^multi-chassis\ chassis-id\ \(\d\+\)$/virtual-chassis chassis-id \1 configured-chassis-id \1/gc
:%s/^multi-chassis\ vf-link\ create$/virtual-chassis chassis-id 2 vf-link 0 create/gc
:%s/^multi-chassis\ vf-link\ member-port\ \(\d\+\/\S*\)$/virtual-chassis chassis-id 2 vf-link 0 member-port 2\/\1/gc
:%s/^multi-chassis\ chassis-group\ \(\d\+\)$/virtual-chassis chassis-id 2 chassis-group \1/gc
{{::mclag-migration-bild8.png?nolink|}}
**Wer die Zeilen kopiert oder manuell die Dateien angelegt hat, kann nun die Zeilen löschen:**\\
(Löscht beide Varianten, multi-chassis und konvertierte virtual-chassis Kommandos)
:g/^\(multi\|virtual\)-chassis\ \(cha\|vf-\).*$/d
==== Entfernen der "linkagg range" aus der Konfiguration ====
:g/^linkagg\ range.*$/d
==== "multi-chassis active" aus den Link-Aggregationen entfernen ====
:%s/\ multi-chassis\ active.*$//gc
{{:mclag-migration-bild6.png?nolink|}}
==== "system-id xx:xx:xx:xx:xx:xx"-Zeilen aus Link-Aggregation Port und Aggs entfernen ====
:g/^linkagg\ \(.*system-id\).*$/d
==== Link-Aggregations - Konfiguration von "slot/port" zu "chassis/slot/port" konvertieren ====
Chassis 1:
:%s/^linkagg\ \(static\|lacp\)\ port\ \(\d\+\/\S*\)/linkagg \1 port 1\/\2/gc
Chassis 2:
:%s/^linkagg\ \(static\|lacp\)\ port\ \(\d\+\/\S*\)/linkagg \1 port 2\/\2/gc
{{:mclag-migration-bild7.png?nolink|}}
==== "multi-chassis vip-vlan" ersetzen durch normales "vlan" ====
:%s/^multi-chassis\ vip-vlan/vlan/gc
==== VLAN Portzuordnung von "slot/port" zu "chassis/slot/port" konvertieren ====
Chassis 1:
:%s/^vlan\ \(\d\+\)\ members\ port\ \(\d\+\/\S*\)/vlan \1 members port 1\/\2/gc
Chassis 2:
:%s/^vlan\ \(\d\+\)\ members\ port\ \(\d\+\/\S*\)/vlan \1 members port 2\/\2/gc
==== IP-Interfaces automatisiert konvertieren ====
Nachdem wir die beiden MC-LAG Nodes zu einem Virtual Chassis migriert haben, sollen Server/Clients die gleichen Gateways wie zuvor nutzen können - daher konvertieren wir im Folgenden die IP-Interfaces von bisherigen physikalischen IPs auf Ihre "VIP-Address" um.
(Soll dies nicht so gemacht werden, muss dieser Schritt natürlich manuell nach eigenem Wunsch durchgeführt werden.)
Chassis 1:
:%s/^ip\ interface\ \(\".*\"\)\ address \(\d\+\.\d\+\.\d\+\.\d\+\)\ mask\ \(\d\+\.\d\+\.\d\+\.\d\+\)\ vip-address\ \(\d\+\.\d\+\.\d\+\.\d\+\)/ip interface \1 address \4 mask \3/gc
Chassis 2:
:g/^ip\ interface.*$/d
{{::mclag-migration-bild9.png?nolink|}}
==== LLDP-Konfiguration von "slot/port" zu "chassis/slot/port" konvertieren ====
Chassis 1:
:%s/^lldp\ \(nearest-bridge\|non-tpmr\|nearest-customer\)\ port \(\d\+\/\S*\)/lldp \1 port 1\/\2/gc
Chassis 2:
:%s/^lldp\ \(nearest-bridge\|non-tpmr\|nearest-customer\)\ port \(\d\+\/\S*\)/lldp \1 port 2\/\2/gc
{{:mclag-migration-bild5.png?nolink|}}
==== Entfernung überflüssiger Parameter ====
**Aus der Konfiguration von __Chassis 2__ sollten noch einige Parameter entfernt werden die sonst beim Zusammenführen (merge) der beiden Dateien zu fehlender Übersicht führen können:**
:g/^system\ \(name\|contact\|location\)/d
:g/^session\ prompt/d
**Beide Dateien mit ":wq" abspeichern und schließen.**
==== Erstellen der vcboot.cfg für das Virtual Chassis ====
**Im folgenden sieht man wie die "primäre" Konfiguration wieder geöffent wurde:**
{{:mclag-migration-bild1.png?nolink|}}
**Wir holen uns nun über das folgende Kommando die zweite Datei inkl. farblich markierten Unterschieden dazu:**
:vert diffsplit CORE02.cfg
{{:mclag-migration-bild2.png?nolink|}}
Über die Tastenkombination STRG+WW kann zwischen den Fenstern gewechselt werden.
Mit der Tastenkombination Shift (Hochstelltaste)+V können wir Zeilenweise über die Cursortasten markieren und mit "d" die markierten Zeilen ausschneiden.
{{:mclag-migration-bild3.png?nolink|}}
Die ausgeschnittenen Zeilen fügen wir (nach wechseln ins andere Fenster mit Strg+WW) mit "p" an der gewünschten Stelle in der Konfiguration ein. Dieser Schritt muss für VLAN-Portzuordnung, Link-Aggregation-Portzuordnung, LLDP-Portkonfiguration usw. durchgeführt werden.
{{:mclag-migration-bild4.png?nolink|}}
**Nachdem alle relevanten Inhalte in die Konfiguration kopiert wurden, diese mit dem folgenden Kommando abspeichern:**
:w vcboot.cfg
===== Exemplarische Konfiguration =====
==== MC-LAG Knoten 1 (CORE01) ====
!========================================!
! File: /flash/working/boot.cfg !
!========================================!
! Chassis:
system name MC-Lag1
system contact myContact
system location "1. DC"
mac-retention admin-state enable
mac-retention dup-mac-trap admin-state enable
mac-retention timer 30
! Configuration:
! Capability Manager:
! Multi-Chassis:
multi-chassis chassis-id 1
multi-chassis vf-link create
multi-chassis vf-link member-port 1/1
multi-chassis vf-link member-port 1/20
multi-chassis chassis-group 9
! Virtual Chassis Manager:
! Virtual Flow Control:
! Interface:
! Link Aggregate:
linkagg range local 0-47 peer 48-95 multi-chassis 96-127
linkagg lacp agg 96 size 2 admin-state enable multi-chassis active
linkagg lacp agg 96 name "RACK01"
linkagg lacp agg 96 actor system-id 00:00:00:00:00:96
linkagg lacp agg 96 actor admin-key 96
linkagg lacp agg 97 size 2 admin-state enable multi-chassis active
linkagg lacp agg 97 name "RACK02"
linkagg lacp agg 97 actor system-id 00:00:00:00:00:97
linkagg lacp agg 97 actor admin-key 97
linkagg lacp agg 98 size 2 admin-state enable multi-chassis active
linkagg lacp agg 98 name "RACK03"
linkagg lacp agg 98 actor system-id 00:00:00:00:00:98
linkagg lacp agg 98 actor admin-key 98
linkagg lacp agg 99 size 2 admin-state enable multi-chassis active
linkagg lacp agg 99 name "RACK04"
linkagg lacp agg 99 actor system-id 00:00:00:00:00:99
linkagg lacp agg 99 actor admin-key 99
linkagg lacp agg 100 size 2 admin-state enable multi-chassis active
linkagg lacp agg 100 name "SW01"
linkagg lacp agg 100 actor system-id 00:00:00:00:01:00
linkagg lacp agg 100 actor admin-key 100
linkagg lacp agg 101 size 2 admin-state enable multi-chassis active
linkagg lacp agg 101 name "SW02"
linkagg lacp agg 101 actor system-id 00:00:00:00:01:01
linkagg lacp agg 101 actor admin-key 101
linkagg lacp agg 102 size 2 admin-state enable multi-chassis active
linkagg lacp agg 102 name "SW03"
linkagg lacp agg 102 actor system-id 00:00:00:00:01:02
linkagg lacp agg 102 actor admin-key 102
linkagg lacp agg 103 size 2 admin-state enable multi-chassis active
linkagg lacp agg 103 name "SW04"
linkagg lacp agg 103 actor system-id 00:00:00:00:01:03
linkagg lacp agg 103 actor admin-key 103
linkagg lacp agg 104 size 2 admin-state enable multi-chassis active
linkagg lacp agg 104 name "SW05"
linkagg lacp agg 104 actor system-id 00:00:00:00:01:04
linkagg lacp agg 104 actor admin-key 104
linkagg lacp agg 105 size 2 admin-state enable multi-chassis active
linkagg lacp agg 105 name "SW06"
linkagg lacp agg 105 actor system-id 00:00:00:00:01:05
linkagg lacp agg 105 actor admin-key 105
linkagg lacp agg 106 size 2 admin-state enable multi-chassis active
linkagg lacp agg 106 name "SW07"
linkagg lacp agg 106 actor system-id 00:00:00:00:01:06
linkagg lacp agg 106 actor admin-key 106
linkagg lacp port 1/2 actor admin-key 96
linkagg lacp port 1/2 actor system-id 00:00:00:00:00:96
linkagg lacp port 1/3 actor admin-key 97
linkagg lacp port 1/3 actor system-id 00:00:00:00:00:97
linkagg lacp port 1/4 actor admin-key 98
linkagg lacp port 1/4 actor system-id 00:00:00:00:00:98
linkagg lacp port 1/5 actor admin-key 99
linkagg lacp port 1/5 actor system-id 00:00:00:00:00:99
linkagg lacp port 1/6 actor admin-key 100
linkagg lacp port 1/6 actor system-id 00:00:00:00:01:00
linkagg lacp port 1/7 actor admin-key 101
linkagg lacp port 1/7 actor system-id 00:00:00:00:01:01
linkagg lacp port 1/8 actor admin-key 102
linkagg lacp port 1/8 actor system-id 00:00:00:00:01:02
linkagg lacp port 1/9 actor admin-key 103
linkagg lacp port 1/9 actor system-id 00:00:00:00:01:03
linkagg lacp port 1/10 actor admin-key 104
linkagg lacp port 1/10 actor system-id 00:00:00:00:01:04
linkagg lacp port 1/11 actor admin-key 105
linkagg lacp port 1/11 actor system-id 00:00:00:00:01:05
linkagg lacp port 1/12 actor admin-key 106
linkagg lacp port 1/12 actor system-id 00:00:00:00:01:06
! VLAN:
vlan 1 admin-state enable
vlan 1 name "Mgmt"
multi-chassis vip-vlan 100 admin-state enable
multi-chassis vip-vlan 100 name "Server"
vlan 102-104 admin-state enable
vlan 102 name "Guest"
vlan 103 name "VoIP"
vlan 104 name "Build"
vlan 106 admin-state enable
vlan 106 name "Dev"
multi-chassis vip-vlan 110-113 admin-state enable
multi-chassis vip-vlan 110 name "Client1"
multi-chassis vip-vlan 111 name "Client2"
multi-chassis vip-vlan 112 name "Client3"
multi-chassis vip-vlan 113 name "Client4"
multi-chassis vip-vlan 150 admin-state enable
multi-chassis vip-vlan 150 name "VIP VLAN"
vlan 100 members linkagg 96-99 tagged
vlan 102 members linkagg 100-106 tagged
vlan 103 members linkagg 96-106 tagged
vlan 104 members linkagg 96-106 tagged
vlan 106 members linkagg 96-106 tagged
vlan 110 members linkagg 100-101 tagged
vlan 111 members linkagg 102-103 tagged
vlan 112 members linkagg 104-105 tagged
vlan 113 members linkagg 106 tagged
vlan 150 members linkagg 96-99 tagged
! Spanning Tree:
spantree vlan 1 admin-state enable
spantree vlan 100 admin-state enable
spantree vlan 102 admin-state enable
spantree vlan 103 admin-state enable
spantree vlan 104 admin-state enable
spantree vlan 106 admin-state enable
spantree vlan 110 admin-state enable
spantree vlan 111 admin-state enable
spantree vlan 112 admin-state enable
spantree vlan 113 admin-state enable
spantree vlan 150 admin-state enable
! Bridging:
! Port Mirroring:
! Port Mapping:
! IP:
ip service port 21 admin-state enable
ip service port 22 admin-state enable
ip service port 23 admin-state enable
ip service port 80 admin-state enable
ip service port 123 admin-state enable
ip service port 443 admin-state enable
ip interface "Mgmt" address 192.168.130.197 mask 255.255.255.0 vlan 1 no forward ifindex 1
ip interface "Client1" address 10.2.140.197 mask 255.255.255.0 vip-address 10.2.140.1 vlan 110 ifindex 2
ip interface "Client2" address 10.2.141.197 mask 255.255.255.0 vip-address 10.2.141.1 vlan 111 ifindex 3
ip interface "Client3" address 10.2.142.197 mask 255.255.255.0 vip-address 10.2.142.1 vlan 112 ifindex 4
ip interface "Client4" address 10.2.143.197 mask 255.255.255.0 vip-address 10.2.143.1 vlan 113 ifindex 5
ip interface "Server" address 10.2.128.197 mask 255.255.255.0 vip-address 10.2.128.1 vlan 100 ifindex 6
ip interface "Transfer_Firewall" address 192.168.150.197 mask 255.255.255.0 vip-address 192.168.150.1 vlan 150 ifindex 7
! IPv6:
! IPSec:
! IPMS:
! AAA:
aaa authentication console "local"
aaa authentication ftp "local"
aaa authentication http "local"
aaa authentication snmp "local"
aaa authentication ssh "local"
user password-size min 6
! NTP:
ntp server 192.168.2.253
ntp client admin-state enable
! QOS:
policy condition from_voip source vlan 103
policy action set_dscp dscp 46
policy rule prio_voip condition from_voip action set_dscp
qos apply
! Policy Manager:
! VLAN Stacking:
! ERP:
! MVRP:
! LLDP:
lldp nearest-bridge port 1/1-20 tlv management system-capabilities enable
lldp nearest-bridge port 1/1-20 tlv management system-description enable
lldp nearest-bridge port 1/1-20 tlv management system-name enable
lldp nearest-bridge port 1/1-20 tlv management port-description enable
lldp non-tpmr port 1/1-20 tlv management system-capabilities enable
lldp non-tpmr port 1/1-20 tlv management system-description enable
lldp non-tpmr port 1/1-20 tlv management system-name enable
lldp non-tpmr port 1/1-20 tlv management port-description enable
lldp nearest-customer port 1/1-20 tlv management system-capabilities enable
lldp nearest-customer port 1/1-20 tlv management system-description enable
lldp nearest-customer port 1/1-20 tlv management system-name enable
lldp nearest-customer port 1/1-20 tlv management port-description enable
lldp nearest-bridge port 1/1-20 tlv management management-address enable
lldp non-tpmr port 1/1-20 tlv management management-address enable
lldp nearest-customer port 1/1-20 tlv management management-address enable
! UDLD:
! Server Load Balance:
! High Availability Vlan:
! Session Manager:
session cli timeout 30
session http timeout 30
session prompt default "CORE01 ->"
command-log enable
! Web:
! Trap Manager:
snmp station 192.168.2.203 162 "snmpv3" v3 enable
! Health Monitor:
! System Service:
swlog output socket 192.168.2.203
system timezone CET
! SNMP:
snmp security authentication set
snmp community-map mode enable
snmp community-map "public" user "snmp" enable
! BFD:
! IP Route Manager:
ip static-route 0.0.0.0/0 gateway 192.168.150.253 metric 1
! VRRP:
! UDP Relay:
! RIP:
! OSPF:
! ISIS:
! IP Multicast:
! DVMRP:
! IPMR:
! RIPng:
! OSPF3:
! BGP:
! Netsec:
! Module:
! RDP:
! DA-UNP:
! DHL:
! Ethernet-OAM:
! SAA:
! SPB-ISIS:
! SVCMGR:
! LDP:
! EVB:
==== Modifizierte Konfiguration MC-LAG Knoten 1 (CORE01) ====
!========================================!
! File: /flash/working/boot.cfg !
!========================================!
! Chassis:
system name MC-Lag1
system contact myContact
system location "1. DC"
mac-retention admin-state enable
mac-retention dup-mac-trap admin-state enable
mac-retention timer 30
! Configuration:
! Capability Manager:
! Multi-Chassis:
! Virtual Chassis Manager:
! Virtual Flow Control:
! Interface:
! Link Aggregate:
linkagg lacp agg 96 size 2 admin-state enable
linkagg lacp agg 96 name "RACK01"
linkagg lacp agg 96 actor admin-key 96
linkagg lacp agg 97 size 2 admin-state enable
linkagg lacp agg 97 name "RACK02"
linkagg lacp agg 97 actor admin-key 97
linkagg lacp agg 98 size 2 admin-state enable
linkagg lacp agg 98 name "RACK03"
linkagg lacp agg 98 actor admin-key 98
linkagg lacp agg 99 size 2 admin-state enable
linkagg lacp agg 99 name "RACK04"
linkagg lacp agg 99 actor admin-key 99
linkagg lacp agg 100 size 2 admin-state enable
linkagg lacp agg 100 name "SW01"
linkagg lacp agg 100 actor admin-key 100
linkagg lacp agg 101 size 2 admin-state enable
linkagg lacp agg 101 name "SW02"
linkagg lacp agg 101 actor admin-key 101
linkagg lacp agg 102 size 2 admin-state enable
linkagg lacp agg 102 name "SW03"
linkagg lacp agg 102 actor admin-key 102
linkagg lacp agg 103 size 2 admin-state enable
linkagg lacp agg 103 name "SW04"
linkagg lacp agg 103 actor admin-key 103
linkagg lacp agg 104 size 2 admin-state enable
linkagg lacp agg 104 name "SW05"
linkagg lacp agg 104 actor admin-key 104
linkagg lacp agg 105 size 2 admin-state enable
linkagg lacp agg 105 name "SW06"
linkagg lacp agg 105 actor admin-key 105
linkagg lacp agg 106 size 2 admin-state enable
linkagg lacp agg 106 name "SW07"
linkagg lacp agg 106 actor admin-key 106
linkagg lacp port 1/1/2 actor admin-key 96
linkagg lacp port 1/1/3 actor admin-key 97
linkagg lacp port 1/1/4 actor admin-key 98
linkagg lacp port 1/1/5 actor admin-key 99
linkagg lacp port 1/1/6 actor admin-key 100
linkagg lacp port 1/1/7 actor admin-key 101
linkagg lacp port 1/1/8 actor admin-key 102
linkagg lacp port 1/1/9 actor admin-key 103
linkagg lacp port 1/1/10 actor admin-key 104
linkagg lacp port 1/1/11 actor admin-key 105
linkagg lacp port 1/1/12 actor admin-key 106
! VLAN:
vlan 1 admin-state enable
vlan 1 name "Mgmt"
vlan 100 admin-state enable
vlan 100 name "Server"
vlan 102-104 admin-state enable
vlan 102 name "Guest"
vlan 103 name "VoIP"
vlan 104 name "Build"
vlan 106 admin-state enable
vlan 106 name "Dev"
vlan 110-113 admin-state enable
vlan 110 name "Client1"
vlan 111 name "Client2"
vlan 112 name "Client3"
vlan 113 name "Client4"
vlan 150 admin-state enable
vlan 150 name "VIP VLAN"
vlan 100 members linkagg 96-99 tagged
vlan 102 members linkagg 100-106 tagged
vlan 103 members linkagg 96-106 tagged
vlan 104 members linkagg 96-106 tagged
vlan 106 members linkagg 96-106 tagged
vlan 110 members linkagg 100-101 tagged
vlan 111 members linkagg 102-103 tagged
vlan 112 members linkagg 104-105 tagged
vlan 113 members linkagg 106 tagged
vlan 150 members linkagg 96-99 tagged
! Spanning Tree:
spantree vlan 1 admin-state enable
spantree vlan 100 admin-state enable
spantree vlan 102 admin-state enable
spantree vlan 103 admin-state enable
spantree vlan 104 admin-state enable
spantree vlan 106 admin-state enable
spantree vlan 110 admin-state enable
spantree vlan 111 admin-state enable
spantree vlan 112 admin-state enable
spantree vlan 113 admin-state enable
spantree vlan 150 admin-state enable
! Bridging:
! Port Mirroring:
! Port Mapping:
! IP:
ip service port 21 admin-state enable
ip service port 22 admin-state enable
ip service port 23 admin-state enable
ip service port 80 admin-state enable
ip service port 123 admin-state enable
ip service port 443 admin-state enable
ip interface "Mgmt" address 192.168.130.197 mask 255.255.255.0 vlan 1 no forward ifindex 1
ip interface "Client1" address 10.2.140.1 mask 255.255.255.0 vlan 110 ifindex 2
ip interface "Client2" address 10.2.141.1 mask 255.255.255.0 vlan 111 ifindex 3
ip interface "Client3" address 10.2.142.1 mask 255.255.255.0 vlan 112 ifindex 4
ip interface "Client4" address 10.2.143.1 mask 255.255.255.0 vlan 113 ifindex 5
ip interface "Server" address 10.2.128.1 mask 255.255.255.0 vlan 100 ifindex 6
ip interface "Transfer_Firewall" address 192.168.150.1 mask 255.255.255.0 vlan 150 ifindex 7
! IPv6:
! IPSec:
! IPMS:
! AAA:
aaa authentication console "local"
aaa authentication ftp "local"
aaa authentication http "local"
aaa authentication snmp "local"
aaa authentication ssh "local"
user password-size min 6
! NTP:
ntp server 192.168.2.253
ntp client admin-state enable
! QOS:
policy condition from_voip source vlan 103
policy action set_dscp dscp 46
policy rule prio_voip condition from_voip action set_dscp
qos apply
! Policy Manager:
! VLAN Stacking:
! ERP:
! MVRP:
! LLDP:
lldp nearest-bridge port 1/1/1-20 tlv management system-capabilities enable
lldp nearest-bridge port 1/1/1-20 tlv management system-description enable
lldp nearest-bridge port 1/1/1-20 tlv management system-name enable
lldp nearest-bridge port 1/1/1-20 tlv management port-description enable
lldp non-tpmr port 1/1/1-20 tlv management system-capabilities enable
lldp non-tpmr port 1/1/1-20 tlv management system-description enable
lldp non-tpmr port 1/1/1-20 tlv management system-name enable
lldp non-tpmr port 1/1/1-20 tlv management port-description enable
lldp nearest-customer port 1/1/1-20 tlv management system-capabilities enable
lldp nearest-customer port 1/1/1-20 tlv management system-description enable
lldp nearest-customer port 1/1/1-20 tlv management system-name enable
lldp nearest-customer port 1/1/1-20 tlv management port-description enable
lldp nearest-bridge port 1/1/1-20 tlv management management-address enable
lldp non-tpmr port 1/1/1-20 tlv management management-address enable
lldp nearest-customer port 1/1/1-20 tlv management management-address enable
! UDLD:
! Server Load Balance:
! High Availability Vlan:
! Session Manager:
session cli timeout 30
session http timeout 30
session prompt default "CORE01 ->"
command-log enable
! Web:
! Trap Manager:
snmp station 192.168.2.203 162 "snmpv3" v3 enable
! Health Monitor:
! System Service:
swlog output socket 192.168.2.203
system timezone CET
! SNMP:
snmp security authentication set
snmp community-map mode enable
snmp community-map "public" user "snmp" enable
! BFD:
! IP Route Manager:
ip static-route 0.0.0.0/0 gateway 192.168.150.253 metric 1
! VRRP:
! UDP Relay:
! RIP:
! OSPF:
! ISIS:
! IP Multicast:
! DVMRP:
! IPMR:
! RIPng:
! OSPF3:
! BGP:
! Netsec:
! Module:
! RDP:
! DA-UNP:
! DHL:
! Ethernet-OAM:
! SAA:
! SPB-ISIS:
! SVCMGR:
! LDP:
! EVB:
==== MC-LAG Knoten 2 (CORE02) ====
!========================================!
! File: /flash/working/boot.cfg !
!========================================!
! Chassis:
system name MC-Lag2
system contact myContact
system location "1. DC"
mac-retention admin-state enable
mac-retention dup-mac-trap admin-state enable
mac-retention timer 30
! Configuration:
! Capability Manager:
! Multi-Chassis:
multi-chassis chassis-id 2
multi-chassis vf-link create
multi-chassis vf-link member-port 1/1
multi-chassis vf-link member-port 1/20
multi-chassis chassis-group 9
! Virtual Chassis Manager:
! Virtual Flow Control:
! Interface:
! Link Aggregate:
linkagg range local 48-95 peer 0-47 multi-chassis 96-127
linkagg lacp agg 96 size 2 admin-state enable multi-chassis active
linkagg lacp agg 96 name "RACK01"
linkagg lacp agg 96 actor system-id 00:00:00:00:00:96
linkagg lacp agg 96 actor admin-key 96
linkagg lacp agg 97 size 2 admin-state enable multi-chassis active
linkagg lacp agg 97 name "RACK02"
linkagg lacp agg 97 actor system-id 00:00:00:00:00:97
linkagg lacp agg 97 actor admin-key 97
linkagg lacp agg 98 size 2 admin-state enable multi-chassis active
linkagg lacp agg 98 name "RACK03"
linkagg lacp agg 98 actor system-id 00:00:00:00:00:98
linkagg lacp agg 98 actor admin-key 98
linkagg lacp agg 99 size 2 admin-state enable multi-chassis active
linkagg lacp agg 99 name "RACK04"
linkagg lacp agg 99 actor system-id 00:00:00:00:00:99
linkagg lacp agg 99 actor admin-key 99
linkagg lacp agg 100 size 2 admin-state enable multi-chassis active
linkagg lacp agg 100 name "SW01"
linkagg lacp agg 100 actor system-id 00:00:00:00:01:00
linkagg lacp agg 100 actor admin-key 100
linkagg lacp agg 101 size 2 admin-state enable multi-chassis active
linkagg lacp agg 101 name "SW02"
linkagg lacp agg 101 actor system-id 00:00:00:00:01:01
linkagg lacp agg 101 actor admin-key 101
linkagg lacp agg 102 size 2 admin-state enable multi-chassis active
linkagg lacp agg 102 name "SW03"
linkagg lacp agg 102 actor system-id 00:00:00:00:01:02
linkagg lacp agg 102 actor admin-key 102
linkagg lacp agg 103 size 2 admin-state enable multi-chassis active
linkagg lacp agg 103 name "SW04"
linkagg lacp agg 103 actor system-id 00:00:00:00:01:03
linkagg lacp agg 103 actor admin-key 103
linkagg lacp agg 104 size 2 admin-state enable multi-chassis active
linkagg lacp agg 104 name "SW05"
linkagg lacp agg 104 actor system-id 00:00:00:00:01:04
linkagg lacp agg 104 actor admin-key 104
linkagg lacp agg 105 size 2 admin-state enable multi-chassis active
linkagg lacp agg 105 name "SW06"
linkagg lacp agg 105 actor system-id 00:00:00:00:01:05
linkagg lacp agg 105 actor admin-key 105
linkagg lacp agg 106 size 2 admin-state enable multi-chassis active
linkagg lacp agg 106 name "SW07"
linkagg lacp agg 106 actor system-id 00:00:00:00:01:06
linkagg lacp agg 106 actor admin-key 106
linkagg lacp port 1/2 actor admin-key 96
linkagg lacp port 1/2 actor system-id 00:00:00:00:00:96
linkagg lacp port 1/3 actor admin-key 97
linkagg lacp port 1/3 actor system-id 00:00:00:00:00:97
linkagg lacp port 1/4 actor admin-key 98
linkagg lacp port 1/4 actor system-id 00:00:00:00:00:98
linkagg lacp port 1/5 actor admin-key 99
linkagg lacp port 1/5 actor system-id 00:00:00:00:00:99
linkagg lacp port 1/6 actor admin-key 100
linkagg lacp port 1/6 actor system-id 00:00:00:00:01:00
linkagg lacp port 1/7 actor admin-key 101
linkagg lacp port 1/7 actor system-id 00:00:00:00:01:01
linkagg lacp port 1/8 actor admin-key 102
linkagg lacp port 1/8 actor system-id 00:00:00:00:01:02
linkagg lacp port 1/9 actor admin-key 103
linkagg lacp port 1/9 actor system-id 00:00:00:00:01:03
linkagg lacp port 1/10 actor admin-key 104
linkagg lacp port 1/10 actor system-id 00:00:00:00:01:04
linkagg lacp port 1/11 actor admin-key 105
linkagg lacp port 1/11 actor system-id 00:00:00:00:01:05
linkagg lacp port 1/12 actor admin-key 106
linkagg lacp port 1/12 actor system-id 00:00:00:00:01:06
! VLAN:
vlan 1 admin-state enable
vlan 1 name "Mgmt"
multi-chassis vip-vlan 100 admin-state enable
multi-chassis vip-vlan 100 name "Server"
vlan 102-104 admin-state enable
vlan 102 name "Guest"
vlan 103 name "VoIP"
vlan 104 name "Build"
vlan 106 admin-state enable
vlan 106 name "Dev"
multi-chassis vip-vlan 110-113 admin-state enable
multi-chassis vip-vlan 110 name "Client1"
multi-chassis vip-vlan 111 name "Client2"
multi-chassis vip-vlan 112 name "Client3"
multi-chassis vip-vlan 113 name "Client4"
multi-chassis vip-vlan 150 admin-state enable
multi-chassis vip-vlan 150 name "VIP VLAN"
vlan 100 members linkagg 96-99 tagged
vlan 102 members linkagg 100-106 tagged
vlan 103 members linkagg 96-106 tagged
vlan 104 members linkagg 96-106 tagged
vlan 106 members linkagg 96-106 tagged
vlan 110 members linkagg 100-101 tagged
vlan 111 members linkagg 102-103 tagged
vlan 112 members linkagg 104-105 tagged
vlan 113 members linkagg 106 tagged
vlan 150 members linkagg 96-99 tagged
! Spanning Tree:
spantree vlan 1 admin-state enable
spantree vlan 100 admin-state enable
spantree vlan 102 admin-state enable
spantree vlan 103 admin-state enable
spantree vlan 104 admin-state enable
spantree vlan 106 admin-state enable
spantree vlan 110 admin-state enable
spantree vlan 111 admin-state enable
spantree vlan 112 admin-state enable
spantree vlan 113 admin-state enable
spantree vlan 150 admin-state enable
! Bridging:
! Port Mirroring:
! Port Mapping:
! IP:
ip service port 21 admin-state enable
ip service port 22 admin-state enable
ip service port 23 admin-state enable
ip service port 80 admin-state enable
ip service port 123 admin-state enable
ip service port 443 admin-state enable
ip interface "Mgmt" address 192.168.130.198 mask 255.255.255.0 vlan 1 no forward ifindex 1
ip interface "Client1" address 10.2.140.198 mask 255.255.255.0 vip-address 10.2.140.1 vlan 110 ifindex 2
ip interface "Client2" address 10.2.141.198 mask 255.255.255.0 vip-address 10.2.141.1 vlan 111 ifindex 3
ip interface "Client3" address 10.2.142.198 mask 255.255.255.0 vip-address 10.2.142.1 vlan 112 ifindex 4
ip interface "Client4" address 10.2.143.198 mask 255.255.255.0 vip-address 10.2.143.1 vlan 113 ifindex 5
ip interface "Server" address 10.2.128.198 mask 255.255.255.0 vip-address 10.2.128.1 vlan 100 ifindex 6
ip interface "Transfer_Firewall" address 192.168.150.198 mask 255.255.255.0 vip-address 192.168.150.1 vlan 150 ifindex 7
! IPv6:
! IPSec:
! IPMS:
! AAA:
aaa authentication console "local"
aaa authentication ftp "local"
aaa authentication http "local"
aaa authentication snmp "local"
aaa authentication ssh "local"
user password-size min 6
! NTP:
ntp server 192.168.2.253
ntp client admin-state enable
! QOS:
policy condition from_voip source vlan 103
policy action set_dscp dscp 46
policy rule prio_voip condition from_voip action set_dscp
qos apply
! Policy Manager:
! VLAN Stacking:
! ERP:
! MVRP:
! LLDP:
lldp nearest-bridge port 1/1-20 tlv management system-capabilities enable
lldp nearest-bridge port 1/1-20 tlv management system-description enable
lldp nearest-bridge port 1/1-20 tlv management system-name enable
lldp nearest-bridge port 1/1-20 tlv management port-description enable
lldp non-tpmr port 1/1-20 tlv management system-capabilities enable
lldp non-tpmr port 1/1-20 tlv management system-description enable
lldp non-tpmr port 1/1-20 tlv management system-name enable
lldp non-tpmr port 1/1-20 tlv management port-description enable
lldp nearest-customer port 1/1-20 tlv management system-capabilities enable
lldp nearest-customer port 1/1-20 tlv management system-description enable
lldp nearest-customer port 1/1-20 tlv management system-name enable
lldp nearest-customer port 1/1-20 tlv management port-description enable
lldp nearest-bridge port 1/1-20 tlv management management-address enable
lldp non-tpmr port 1/1-20 tlv management management-address enable
lldp nearest-customer port 1/1-20 tlv management management-address enable
! UDLD:
! Server Load Balance:
! High Availability Vlan:
! Session Manager:
session cli timeout 30
session http timeout 30
session prompt default "CORE02 ->"
command-log enable
! Web:
! Trap Manager:
snmp station 192.168.2.203 162 "snmpv3" v3 enable
! Health Monitor:
! System Service:
swlog output socket 192.168.2.203
system timezone CET
! SNMP:
snmp security authentication set
snmp community-map mode enable
snmp community-map "public" user "snmp" enable
! BFD:
! IP Route Manager:
ip static-route 0.0.0.0/0 gateway 192.168.150.253 metric 1
! VRRP:
! UDP Relay:
! RIP:
! OSPF:
! ISIS:
! IP Multicast:
! DVMRP:
! IPMR:
! RIPng:
! OSPF3:
! BGP:
! Netsec:
! Module:
! RDP:
! DA-UNP:
! DHL:
! Ethernet-OAM:
! SAA:
! SPB-ISIS:
! SVCMGR:
! LDP:
! EVB:
==== Modifizierte Konfiguration MC-LAG Knoten 2 (CORE02) ====
!========================================!
! File: /flash/working/boot.cfg !
!========================================!
! Chassis:
mac-retention admin-state enable
mac-retention dup-mac-trap admin-state enable
mac-retention timer 30
! Configuration:
! Capability Manager:
! Multi-Chassis:
! Virtual Chassis Manager:
! Virtual Flow Control:
! Interface:
! Link Aggregate:
linkagg lacp agg 96 size 2 admin-state enable
linkagg lacp agg 96 name "RACK01"
linkagg lacp agg 96 actor admin-key 96
linkagg lacp agg 97 size 2 admin-state enable
linkagg lacp agg 97 name "RACK02"
linkagg lacp agg 97 actor admin-key 97
linkagg lacp agg 98 size 2 admin-state enable
linkagg lacp agg 98 name "RACK03"
linkagg lacp agg 98 actor admin-key 98
linkagg lacp agg 99 size 2 admin-state enable
linkagg lacp agg 99 name "RACK04"
linkagg lacp agg 99 actor admin-key 99
linkagg lacp agg 100 size 2 admin-state enable
linkagg lacp agg 100 name "SW01"
linkagg lacp agg 100 actor admin-key 100
linkagg lacp agg 101 size 2 admin-state enable
linkagg lacp agg 101 name "SW02"
linkagg lacp agg 101 actor admin-key 101
linkagg lacp agg 102 size 2 admin-state enable
linkagg lacp agg 102 name "SW03"
linkagg lacp agg 102 actor admin-key 102
linkagg lacp agg 103 size 2 admin-state enable
linkagg lacp agg 103 name "SW04"
linkagg lacp agg 103 actor admin-key 103
linkagg lacp agg 104 size 2 admin-state enable
linkagg lacp agg 104 name "SW05"
linkagg lacp agg 104 actor admin-key 104
linkagg lacp agg 105 size 2 admin-state enable
linkagg lacp agg 105 name "SW06"
linkagg lacp agg 105 actor admin-key 105
linkagg lacp agg 106 size 2 admin-state enable
linkagg lacp agg 106 name "SW07"
linkagg lacp agg 106 actor admin-key 106
linkagg lacp port 2/1/2 actor admin-key 96
linkagg lacp port 2/1/3 actor admin-key 97
linkagg lacp port 2/1/4 actor admin-key 98
linkagg lacp port 2/1/5 actor admin-key 99
linkagg lacp port 2/1/6 actor admin-key 100
linkagg lacp port 2/1/7 actor admin-key 101
linkagg lacp port 2/1/8 actor admin-key 102
linkagg lacp port 2/1/9 actor admin-key 103
linkagg lacp port 2/1/10 actor admin-key 104
linkagg lacp port 2/1/11 actor admin-key 105
linkagg lacp port 2/1/12 actor admin-key 106
! VLAN:
vlan 1 admin-state enable
vlan 1 name "Mgmt"
vlan 100 admin-state enable
vlan 100 name "Server"
vlan 102-104 admin-state enable
vlan 102 name "Guest"
vlan 103 name "VoIP"
vlan 104 name "Build"
vlan 106 admin-state enable
vlan 106 name "Dev"
vlan 110-113 admin-state enable
vlan 110 name "Client1"
vlan 111 name "Client2"
vlan 112 name "Client3"
vlan 113 name "Client4"
vlan 150 admin-state enable
vlan 150 name "VIP VLAN"
vlan 100 members linkagg 96-99 tagged
vlan 102 members linkagg 100-106 tagged
vlan 103 members linkagg 96-106 tagged
vlan 104 members linkagg 96-106 tagged
vlan 106 members linkagg 96-106 tagged
vlan 110 members linkagg 100-101 tagged
vlan 111 members linkagg 102-103 tagged
vlan 112 members linkagg 104-105 tagged
vlan 113 members linkagg 106 tagged
vlan 150 members linkagg 96-99 tagged
! Spanning Tree:
spantree vlan 1 admin-state enable
spantree vlan 100 admin-state enable
spantree vlan 102 admin-state enable
spantree vlan 103 admin-state enable
spantree vlan 104 admin-state enable
spantree vlan 106 admin-state enable
spantree vlan 110 admin-state enable
spantree vlan 111 admin-state enable
spantree vlan 112 admin-state enable
spantree vlan 113 admin-state enable
spantree vlan 150 admin-state enable
! Bridging:
! Port Mirroring:
! Port Mapping:
! IP:
ip service port 21 admin-state enable
ip service port 22 admin-state enable
ip service port 23 admin-state enable
ip service port 80 admin-state enable
ip service port 123 admin-state enable
ip service port 443 admin-state enable
! IPv6:
! IPSec:
! IPMS:
! AAA:
aaa authentication console "local"
aaa authentication ftp "local"
aaa authentication http "local"
aaa authentication snmp "local"
aaa authentication ssh "local"
user password-size min 6
! NTP:
ntp server 192.168.2.253
ntp client admin-state enable
! QOS:
policy condition from_voip source vlan 103
policy action set_dscp dscp 46
policy rule prio_voip condition from_voip action set_dscp
qos apply
! Policy Manager:
! VLAN Stacking:
! ERP:
! MVRP:
! LLDP:
lldp nearest-bridge port 2/1/1-20 tlv management system-capabilities enable
lldp nearest-bridge port 2/1/1-20 tlv management system-description enable
lldp nearest-bridge port 2/1/1-20 tlv management system-name enable
lldp nearest-bridge port 2/1/1-20 tlv management port-description enable
lldp non-tpmr port 2/1/1-20 tlv management system-capabilities enable
lldp non-tpmr port 2/1/1-20 tlv management system-description enable
lldp non-tpmr port 2/1/1-20 tlv management system-name enable
lldp non-tpmr port 2/1/1-20 tlv management port-description enable
lldp nearest-customer port 2/1/1-20 tlv management system-capabilities enable
lldp nearest-customer port 2/1/1-20 tlv management system-description enable
lldp nearest-customer port 2/1/1-20 tlv management system-name enable
lldp nearest-customer port 2/1/1-20 tlv management port-description enable
lldp nearest-bridge port 2/1/1-20 tlv management management-address enable
lldp non-tpmr port 2/1/1-20 tlv management management-address enable
lldp nearest-customer port 2/1/1-20 tlv management management-address enable
! UDLD:
! Server Load Balance:
! High Availability Vlan:
! Session Manager:
session cli timeout 30
session http timeout 30
command-log enable
! Web:
! Trap Manager:
snmp station 192.168.2.203 162 "snmpv3" v3 enable
! Health Monitor:
! System Service:
swlog output socket 192.168.2.203
system timezone CET
! SNMP:
snmp security authentication set
snmp community-map mode enable
snmp community-map "public" user "snmp" enable
! BFD:
! IP Route Manager:
ip static-route 0.0.0.0/0 gateway 192.168.150.253 metric 1
! VRRP:
! UDP Relay:
! RIP:
! OSPF:
! ISIS:
! IP Multicast:
! DVMRP:
! IPMR:
! RIPng:
! OSPF3:
! BGP:
! Netsec:
! Module:
! RDP:
! DA-UNP:
! DHL:
! Ethernet-OAM:
! SAA:
! SPB-ISIS:
! SVCMGR:
! LDP:
! EVB:
==== Finale Zielkonfiguration (VC-CORE01, vcboot.cfg) ====
!========================================!
! File: /flash/working/boot.cfg !
!========================================!
! Chassis:
system name MC-Lag1
system contact myContact
system location "1. DC"
mac-retention admin-state enable
mac-retention dup-mac-trap admin-state enable
mac-retention timer 30
! Configuration:
! Capability Manager:
! Multi-Chassis:
! Virtual Chassis Manager:
! Virtual Flow Control:
! Interface:
! Link Aggregate:
linkagg lacp agg 96 size 2 admin-state enable
linkagg lacp agg 96 name "RACK01"
linkagg lacp agg 96 actor admin-key 96
linkagg lacp agg 97 size 2 admin-state enable
linkagg lacp agg 97 name "RACK02"
linkagg lacp agg 97 actor admin-key 97
linkagg lacp agg 98 size 2 admin-state enable
linkagg lacp agg 98 name "RACK03"
linkagg lacp agg 98 actor admin-key 98
linkagg lacp agg 99 size 2 admin-state enable
linkagg lacp agg 99 name "RACK04"
linkagg lacp agg 99 actor admin-key 99
linkagg lacp agg 100 size 2 admin-state enable
linkagg lacp agg 100 name "SW01"
linkagg lacp agg 100 actor admin-key 100
linkagg lacp agg 101 size 2 admin-state enable
linkagg lacp agg 101 name "SW02"
linkagg lacp agg 101 actor admin-key 101
linkagg lacp agg 102 size 2 admin-state enable
linkagg lacp agg 102 name "SW03"
linkagg lacp agg 102 actor admin-key 102
linkagg lacp agg 103 size 2 admin-state enable
linkagg lacp agg 103 name "SW04"
linkagg lacp agg 103 actor admin-key 103
linkagg lacp agg 104 size 2 admin-state enable
linkagg lacp agg 104 name "SW05"
linkagg lacp agg 104 actor admin-key 104
linkagg lacp agg 105 size 2 admin-state enable
linkagg lacp agg 105 name "SW06"
linkagg lacp agg 105 actor admin-key 105
linkagg lacp agg 106 size 2 admin-state enable
linkagg lacp agg 106 name "SW07"
linkagg lacp agg 106 actor admin-key 106
linkagg lacp port 1/1/2 actor admin-key 96
linkagg lacp port 1/1/3 actor admin-key 97
linkagg lacp port 1/1/4 actor admin-key 98
linkagg lacp port 1/1/5 actor admin-key 99
linkagg lacp port 1/1/6 actor admin-key 100
linkagg lacp port 1/1/7 actor admin-key 101
linkagg lacp port 1/1/8 actor admin-key 102
linkagg lacp port 1/1/9 actor admin-key 103
linkagg lacp port 1/1/10 actor admin-key 104
linkagg lacp port 1/1/11 actor admin-key 105
linkagg lacp port 1/1/12 actor admin-key 106
linkagg lacp port 2/1/2 actor admin-key 96
linkagg lacp port 2/1/3 actor admin-key 97
linkagg lacp port 2/1/4 actor admin-key 98
linkagg lacp port 2/1/5 actor admin-key 99
linkagg lacp port 2/1/6 actor admin-key 100
linkagg lacp port 2/1/7 actor admin-key 101
linkagg lacp port 2/1/8 actor admin-key 102
linkagg lacp port 2/1/9 actor admin-key 103
linkagg lacp port 2/1/10 actor admin-key 104
linkagg lacp port 2/1/11 actor admin-key 105
linkagg lacp port 2/1/12 actor admin-key 106
! VLAN:
vlan 1 admin-state enable
vlan 1 name "Mgmt"
vlan 100 admin-state enable
vlan 100 name "Server"
vlan 102-104 admin-state enable
vlan 102 name "Guest"
vlan 103 name "VoIP"
vlan 104 name "Build"
vlan 106 admin-state enable
vlan 106 name "Dev"
vlan 110-113 admin-state enable
vlan 110 name "Client1"
vlan 111 name "Client2"
vlan 112 name "Client3"
vlan 113 name "Client4"
vlan 150 admin-state enable
vlan 150 name "VIP VLAN"
vlan 100 members linkagg 96-99 tagged
vlan 102 members linkagg 100-106 tagged
vlan 103 members linkagg 96-106 tagged
vlan 104 members linkagg 96-106 tagged
vlan 106 members linkagg 96-106 tagged
vlan 110 members linkagg 100-101 tagged
vlan 111 members linkagg 102-103 tagged
vlan 112 members linkagg 104-105 tagged
vlan 113 members linkagg 106 tagged
vlan 150 members linkagg 96-99 tagged
! Spanning Tree:
spantree vlan 1 admin-state enable
spantree vlan 100 admin-state enable
spantree vlan 102 admin-state enable
spantree vlan 103 admin-state enable
spantree vlan 104 admin-state enable
spantree vlan 106 admin-state enable
spantree vlan 110 admin-state enable
spantree vlan 111 admin-state enable
spantree vlan 112 admin-state enable
spantree vlan 113 admin-state enable
spantree vlan 150 admin-state enable
! Bridging:
! Port Mirroring:
! Port Mapping:
! IP:
ip service port 21 admin-state enable
ip service port 22 admin-state enable
ip service port 23 admin-state enable
ip service port 80 admin-state enable
ip service port 123 admin-state enable
ip service port 443 admin-state enable
ip interface "Mgmt" address 192.168.130.197 mask 255.255.255.0 vlan 1 no forward ifindex 1
ip interface "Client1" address 10.2.140.1 mask 255.255.255.0 vlan 110 ifindex 2
ip interface "Client2" address 10.2.141.1 mask 255.255.255.0 vlan 111 ifindex 3
ip interface "Client3" address 10.2.142.1 mask 255.255.255.0 vlan 112 ifindex 4
ip interface "Client4" address 10.2.143.1 mask 255.255.255.0 vlan 113 ifindex 5
ip interface "Server" address 10.2.128.1 mask 255.255.255.0 vlan 100 ifindex 6
ip interface "Transfer_Firewall" address 192.168.150.1 mask 255.255.255.0 vlan 150 ifindex 7
! IPv6:
! IPSec:
! IPMS:
! AAA:
aaa authentication console "local"
aaa authentication ftp "local"
aaa authentication http "local"
aaa authentication snmp "local"
aaa authentication ssh "local"
user password-size min 6
! NTP:
ntp server 192.168.2.253
ntp client admin-state enable
! QOS:
policy condition from_voip source vlan 103
policy action set_dscp dscp 46
policy rule prio_voip condition from_voip action set_dscp
qos apply
! Policy Manager:
! VLAN Stacking:
! ERP:
! MVRP:
! LLDP:
lldp nearest-bridge port 1/1/1-20 tlv management system-capabilities enable
lldp nearest-bridge port 1/1/1-20 tlv management system-description enable
lldp nearest-bridge port 1/1/1-20 tlv management system-name enable
lldp nearest-bridge port 1/1/1-20 tlv management port-description enable
lldp non-tpmr port 1/1/1-20 tlv management system-capabilities enable
lldp non-tpmr port 1/1/1-20 tlv management system-description enable
lldp non-tpmr port 1/1/1-20 tlv management system-name enable
lldp non-tpmr port 1/1/1-20 tlv management port-description enable
lldp nearest-customer port 1/1/1-20 tlv management system-capabilities enable
lldp nearest-customer port 1/1/1-20 tlv management system-description enable
lldp nearest-customer port 1/1/1-20 tlv management system-name enable
lldp nearest-customer port 1/1/1-20 tlv management port-description enable
lldp nearest-bridge port 1/1/1-20 tlv management management-address enable
lldp non-tpmr port 1/1/1-20 tlv management management-address enable
lldp nearest-customer port 1/1/1-20 tlv management management-address enable
lldp nearest-bridge port 2/1/1-20 tlv management system-capabilities enable
lldp nearest-bridge port 2/1/1-20 tlv management system-description enable
lldp nearest-bridge port 2/1/1-20 tlv management system-name enable
lldp nearest-bridge port 2/1/1-20 tlv management port-description enable
lldp non-tpmr port 2/1/1-20 tlv management system-capabilities enable
lldp non-tpmr port 2/1/1-20 tlv management system-description enable
lldp non-tpmr port 2/1/1-20 tlv management system-name enable
lldp non-tpmr port 2/1/1-20 tlv management port-description enable
lldp nearest-customer port 2/1/1-20 tlv management system-capabilities enable
lldp nearest-customer port 2/1/1-20 tlv management system-description enable
lldp nearest-customer port 2/1/1-20 tlv management system-name enable
lldp nearest-customer port 2/1/1-20 tlv management port-description enable
lldp nearest-bridge port 2/1/1-20 tlv management management-address enable
lldp non-tpmr port 2/1/1-20 tlv management management-address enable
lldp nearest-customer port 2/1/1-20 tlv management management-address enable
! UDLD:
! Server Load Balance:
! High Availability Vlan:
! Session Manager:
session cli timeout 30
session http timeout 30
session prompt default "CORE01 ->"
command-log enable
! Web:
! Trap Manager:
snmp station 192.168.2.203 162 "snmpv3" v3 enable
! Health Monitor:
! System Service:
swlog output socket 192.168.2.203
system timezone CET
! SNMP:
snmp security authentication set
snmp community-map mode enable
snmp community-map "public" user "snmp" enable
! BFD:
! IP Route Manager:
ip static-route 0.0.0.0/0 gateway 192.168.150.253 metric 1
! VRRP:
! UDP Relay:
! RIP:
! OSPF:
! ISIS:
! IP Multicast:
! DVMRP:
! IPMR:
! RIPng:
! OSPF3:
! BGP:
! Netsec:
! Module:
! RDP:
! DA-UNP:
! DHL:
! Ethernet-OAM:
! SAA:
! SPB-ISIS:
! SVCMGR:
! LDP:
! EVB:
===== Durchführung der MC-LAG zu Virtual-Chassis Migration =====
==== Vorbereiten von CORE01 ====
**Anlegen eines Verzeichnisses für Virtual-Chassis Betrieb und Erstellung vcsetup.cfg:**
CORE01 -> mkdir vc-config
CORE01 -> cd vc-config
CORE01 -> vi vcsetup.cfg
(Datei editieren, nach folgendem Beispiel)
Dieses Beispiel folgt den bisherigen Einstellungen der VFL-Ports von MC-LAG, was in den meisten Fällen sinnvoll ist.
!========================================!
! File: /flash/vc-config/vcsetup.cfg !
!========================================!
! Virtual Chassis Manager:
virtual-chassis chassis-id 1 configured-chassis-id 1
virtual-chassis chassis-id 1 vf-link 0 create
virtual-chassis chassis-id 1 vf-link 0 member-port 1/1/1
virtual-chassis chassis-id 1 vf-link 0 member-port 1/1/20
virtual-chassis chassis-id 1 chassis-group 9
! IP:
ip interface local chassis-id 1 emp address 192.168.1.1 mask 255.255.255.0
Wir empfehlen **dringend** den EMP-Port bzw. das Out-of-Band Management zu konfigurieren, dies ist für die Remote-Chassis-Split-Detection zur Vermeidung einer sogenannten "Split-Brain"-Situation notwendig!
**Hochladen/Kopieren des AOS-Betriebssystems:**
Laden Sie die vcboot.cfg per FTP in das Verzeichnis vc-config hoch!
CORE01 ->
CORE01 -> ls
vcboot.cfg vcsetup.cfg
CORE01 -> cp ../732-344-GA/Tos.img .
CORE01 -> ls -l
-rw-r--r-- 1 admin user 126642216 Aug 16 09:51 Tos.img
-rw------- 1 admin user 8279 Aug 16 09:50 vcboot.cfg
-rw-r--r-- 1 admin user 497 Aug 16 09:49 vcsetup.cfg
CORE01 ->
==== Vorbereiten von CORE02 ====
**Anlegen eines Verzeichnisses für Virtual-Chassis Betrieb und Erstellung vcsetup.cfg:**
CORE02 -> mkdir vc-config
CORE02 -> cd vc-config
CORE02 -> vi vcsetup.cfg
(Datei editieren, nach folgendem Beispiel)
Dieses Beispiel folgt den bisherigen Einstellungen der VFL-Ports von MC-LAG, was in den meisten Fällen sinnvoll ist.
!========================================!
! File: /flash/vc-config/vcsetup.cfg !
!========================================!
! Virtual Chassis Manager:
virtual-chassis chassis-id 2 configured-chassis-id 2
virtual-chassis chassis-id 2 vf-link 0 create
virtual-chassis chassis-id 2 vf-link 0 member-port 2/1/1
virtual-chassis chassis-id 2 vf-link 0 member-port 2/1/20
virtual-chassis chassis-id 2 chassis-group 9
! IP:
ip interface local chassis-id 2 emp address 192.168.1.2 mask 255.255.255.0
Wir empfehlen **dringend** den EMP-Port bzw. das Out-of-Band Management zu konfigurieren, dies ist für die Remote-Chassis-Split-Detection zur Vermeidung einer sogenannten "Split-Brain"-Situation notwendig!
**Hochladen/Kopieren des AOS-Betriebssystems:**
Laden Sie die vcboot.cfg per FTP in das Verzeichnis vc-config hoch!
CORE02 ->
CORE02 -> ls
vcboot.cfg vcsetup.cfg
CORE02 -> cp ../732-344-GA/Tos.img .
CORE02 -> ls -l
-rw-r--r-- 1 admin user 126642216 Aug 16 09:51 Tos.img
-rw------- 1 admin user 8279 Aug 16 09:50 vcboot.cfg
-rw-r--r-- 1 admin user 497 Aug 16 09:49 vcsetup.cfg
CORE02 ->
==== Neustart der beiden Geräte ====
**Auf CORE01:**
CORE01 -> reload from vc-config no rollback-timeout
**Auf CORE02:**
CORE02 -> reload from vc-config no rollback-timeout
==== Relevante Meldungen auf der Konsole ====
Wichtig ist **Chassis Supervision: CMM has reached the ready state [L8]**, in diesem Moment ist das Virtual-Chassis in Betrieb und beginnt damit Datenverkehr zu verarbeiten.
Fri Aug 16 10:03:44 : vcmCmm chas_sup info message:
+++ CMM:vcmCMM_cs_handle_chassis_ready@3602: Chassis 1 ready (data 0) [L1]
Fri Aug 16 10:04:05 : vcmCmm port_mgr info message:
+++ CMM:vcmCMM_client_rx_pm@1551: VFL link 1/0 up (pri 1/1/1:0x0) [L2]
Fri Aug 16 10:04:05 : vcmCmm protocol info message:
+++ CMM:vcmCMN_protocol_ready_update_cb@13348: Chassis 1, role Master, status Running, master 1 [L3]
Fri Aug 16 10:04:05 : vcmCmm ipc info message:
+++ CMM:vcmCMM_peer_connected@1792: Remote endpoint (chassis 2, slot 65) [L4]
Fri Aug 16 10:04:08 : vcmCmm node_sync info message:
+++ CMM:notify_sync_complete@757: Sync complete 'multi node' (peers 1, conn 1, sync 1) [L5]
Fri Aug 16 10:04:08 : ChassisSupervisor bootMgr info message:
+++ Sending VC Takeover to NIs and applications [L6]
Fri Aug 16 10:04:08 : isis_spb_0 TASK info message:
+++ VC Takeover: chassis_id:1
Fri Aug 16 10:04:08 : ipv4 itf info message:
+++ Interface EMP-CHAS1 192.168.1.1/255.255.255.0
Fri Aug 16 10:04:08 : SNMP aluSubagent_thread info message:
+++ snmp_vc_takeover_callback | VC Takeover complete
Fri Aug 16 10:04:10 : qosNi Info info message:
+++ VC Takeover in progress.
+++ VC Takeover complete.
Fri Aug 16 10:04:10 : ChassisSupervisor bootMgr info message:
+++ Received VC Takeover Complete event from all apps [L7]
Chassis Supervision: CMM has reached the ready state [L8]
Chassis Supervision: CMM has reached the ready state [L8]
Fri Aug 16 10:04:12 : ChassisSupervisor reloadMgr info message:
+++ Redundancy time expired - updating next running to vc-config
**Diese Zeit ist seit dem Neustart der Geräte bis zur "ready state"-Meldung vergangen:**
{{:mclag-migrationszeit.jpg?nolink&300|}}
==== Überprüfung der Virtual-Chassis Topologie ====
CORE01 -> show virtual-chassis topology
Local Chassis: 1
Config
Chas Role Status Chas ID Pri Group MAC-Address
-----+------------+-------------------+--------+-----+------+------------------
1 Master Running 1 100 9 e8:e7:32:11:ca:ed
2 Slave Running 2 100 9 e8:e7:32:11:ca:d1
==== Abschluss der Migration ====
Nachdem wir festgestellt haben dass alles wie gewünscht funktioniert, sollte die laufende Konfiguration gespeichert und zertifiziert werden.
CORE01 -> write memory flash-synchro