九游会首页登录

  • <tr id='qpwe'><strong id='m7xtm'></strong> <small id='j0q7ib'></small><button id='6yjxq8'></button><li id='zgo1'> <noscript id='avvu'><big id='2g9v'></big><dt id='dgs5'></dt></noscript></li></tr> <ol id='y8n6'><option id='egvrjw'><table id='vhah'><blockquote id='maozc'> <tbody id='3s9u'></tbody></blockquote></table></option></ol><u id='e07y5'></u><kbd id='7epnt'> <kbd id='wdxx5p'></kbd></kbd>

    <code id='x9enat'><strong id='gc9t5'></strong></code>

    <fieldset id='20tk12'></fieldset>
          <span id='0hi3w4'></span>

              <ins id='a8uug4'></ins>
              <acronym id='h2pd'><em id='qq1qa'></em><td id='lxuwc'><div id='j2qgp1'></div></td></acronym><address id='9no9'><big id='g7sa76'><big id='cfbk'></big><legend id='d4rvl'></legend></big></address>

              <i id='grnv9m'><div id='u0bhl8'><ins id='08c4'></ins></div></i>
              <i id='j6xf03'></i>
            1. <dl id='hjsm3o'></dl>
              1. <blockquote id='2bwu0u'><q id='91yh'><noscript id='xmyo8'></noscript><dt id='p4ybkt'></dt></q></blockquote><noframes id='memc'><i id='2wdhd'></i>
                 
                欢迎光临广西九游会首页登录信息!
                配置SVF实现有线园区网接入层示例
                来源: | 作者:广西九游会首页登录信息 | 发布时间: 2022-08-08 | 6 次浏览 | 分享到:
                适用于大中型园区纯有线接入的网络。

                配置SVF实现有线园区网接入层示例

                组网需求

                在新建的有线园区网中,接入层设备较多且分布较广,使得接入层设备的管理、配置较为复杂。用户希望可以对接入层设备做统一的管理与配置,以减少管理成本。

                j9九游会老哥俱乐部所示,汇聚层由两台交换机组成集群系统,作为Parent连接多台AS。

                Parent以S12700为例,一级AS以S5720-28P-SI-AC为例,二级AS以S5720-28TP-LI-AC为例。

                配置思路

                采用如下的思路配置:

                1.  配置Parent组成集群,以保证SVF系统的高可靠性。

                2.  使能Parent的SVF功能。

                3.  配置AS的接入参数,包括AS的名称、认证方式、Parent连接一级AS的Fabric-port、一级AS连接二级AS的Fabric-port。

                4.  连接一级AS与Parent、二级AS与一级AS之间的线缆。

                5.  配置业务模板并将其绑定至各AS。

                操作步骤

                1.  配置Parent中的两台交换机组成集群系统。

                2.  登录集群系统并使能SVF功能。

                # 配置SVF的管理VLAN并使能Parent的SVF功能。

                <HUAWEI> system-view

                [HUAWEI] vlan batch 11

                [HUAWEI] dhcp enable

                [HUAWEI] interface vlanif 11

                [HUAWEI-Vlanif11] ip address 192.168.11.1 24

                [HUAWEI-Vlanif11] dhcp select interface

                [HUAWEI-Vlanif11] dhcp server option 43 ip-address 192.168.11.1

                [HUAWEI-Vlanif11] quit

                [HUAWEI] capwap source interface vlanif 11

                [HUAWEI] stp mode rstp

                [HUAWEI] uni-mng

                Warning: This operation will enable the uni-mng mode and disconnect all ASs. STP calculation may be triggered and service traffic will be affected. Continue? [Y/N]:y

                3.  配置AS的接入参数。

                # (可选)配置各AS的名称。

                ·        如果不执行此步骤,则系统会在AS上线时自动生成AS设备信息的相关配置,其中AS名称为“系统默认名称-系统MAC地址”。

                ·        如果要执行此步骤,请确保配置的model以及mac-address参数与设备实际信息一致,其中mac-address一定要是AS的管理MAC或系统MAC(在AS上执行命令display as access configuration查看管理MAC地址,如果管理MAC显示为“--”,mac-address就使用系统MAC地址),配置与实际接入的AS信息不符将导致AS无法上线。

                [HUAWEI-um] as name as1 model S5720-28P-SI-AC mac-address 00e0-fc00-0011

                [HUAWEI-um-as-as1] quit

                [HUAWEI-um] as name as2 model S5720-28P-SI-AC mac-address 00e0-fc00-0022

                [HUAWEI-um-as-as2] quit

                [HUAWEI-um] as name as3 model S5720-28P-SI-AC mac-address 00e0-fc00-0033

                [HUAWEI-um-as-as3] quit

                [HUAWEI-um] as name as4 model S5720-28TP-LI-AC mac-address 00e0-fc00-0044

                [HUAWEI-um-as-as4] quit

                [HUAWEI-um] as name as5 model S5720-28TP-LI-AC mac-address 00e0-fc00-0055

                [HUAWEI-um-as-as5] quit

                # 配置Parent连接一级AS的Fabric-port。以配置Parent连接as1的Fabric-port为例。

                [HUAWEI-um] interface fabric-port 1

                [HUAWEI-um-fabric-port-1] port member-group interface eth-trunk 1

                [HUAWEI-um-fabric-port-1] quit

                [HUAWEI-um] quit

                [HUAWEI] interface gigabitethernet 1/1/0/1

                [HUAWEI-GigabitEthernet1/1/0/1] eth-trunk 1

                [HUAWEI-GigabitEthernet1/1/0/1] quit

                [HUAWEI] interface gigabitethernet 2/1/0/1

                [HUAWEI-GigabitEthernet2/1/0/1] eth-trunk 1

                [HUAWEI-GigabitEthernet2/1/0/1] quit

                配置Parent连接as2的Fabric-port 2、连接as3的Fabric-port 3的过程请参照as1,过程略。

                # 配置一级AS连接二级AS的Fabric-port。

                [HUAWEI] uni-mng

                [HUAWEI-um] as name as1

                [HUAWEI-um-as-as1] down-direction fabric-port 4 member-group interface eth-trunk 4

                [HUAWEI-um-as-as1] port eth-trunk 4 trunkmember interface gigabitethernet 0/0/23 to 0/0/24

                [HUAWEI-um-as-as1] quit

                [HUAWEI-um] as name as3

                [HUAWEI-um-as-as3] down-direction fabric-port 5 member-group interface eth-trunk 5

                [HUAWEI-um-as-as3] port eth-trunk 5 trunkmember interface gigabitethernet 0/0/23 to 0/0/24

                [HUAWEI-um-as-as3] quit

                [HUAWEI-um] quit

                # 配置AS上线接入时进行白名单认证。

                在AS上执行命令display as access configuration查看AS的管理MAC,如果管理MAC显示为“--”,白名单中配置的MAC就是AS的系统MAC,否则就是管理MAC。

                [HUAWEI] as-auth

                [HUAWEI-as-auth] undo auth-mode

                [HUAWEI-as-auth] whitelist mac-address 00e0-fc00-0011

                [HUAWEI-as-auth] whitelist mac-address 00e0-fc00-0022

                [HUAWEI-as-auth] whitelist mac-address 00e0-fc00-0033

                [HUAWEI-as-auth] whitelist mac-address 00e0-fc00-0044

                [HUAWEI-as-auth] whitelist mac-address 00e0-fc00-0055

                [HUAWEI-as-auth] quit

                4.  连接一级AS与Parent、二级AS与一级AS之间的线缆。

                # 执行命令reset saved-configuration清空AS的配置并重新启动后,连接一级AS与Parent、二级AS与一级AS之间的线缆,SVF即可建立。

                ·        在重启AS前,请先判断AS与Parent相连的接口是否是下行接口。若AS与Parent相连的接口是下行接口,请在AS重启前执行命令uni-mng up-direction fabric-port设置该接口为上行接口(可执行命令display uni-mng up-direction fabric-port查看接口是否成功设置为上行接口),否则会导致AS无法正常上线。

                ·        AS连接Parent时要求必须为空配置(无启动配置文件)且Console口无输入。

                # 连接线缆后,执行命令display as all查看各AS是否成功上线接入。

                [HUAWEI] display as all

                Total: 5, Normal: 5, Fault: 0, Idle: 0, Version mismatch: 0

                --------------------------------------------------------------------------------

                No.  Type           MAC            IP              State        Name

                --------------------------------------------------------------------------------

                0    S5720-SI       00e0-fc00-0011 192.168.11.254  normal      as1

                1    S5720-SI       00e0-fc00-0022 192.168.11.253  normal      as2

                2    S5720-SI       00e0-fc00-0033 192.168.11.252  normal      as3

                3    S5720-LI       00e0-fc00-0044 192.168.11.251  normal      as4

                4    S5720-LI       00e0-fc00-0055 192.168.11.250  normal      as5

                --------------------------------------------------------------------------------

                当“State”的状态为“normal”时表示AS已成功上线接入。

                5.  配置业务模板并绑定至AS。

                # 配置AS管理员模板并绑定至所有的AS。

                [HUAWEI] uni-mng

                [HUAWEI-um] as-admin-profile name admin_profile

                [HUAWEI-um-as-admin-admin_profile] user asuser password hello@123

                [HUAWEI-um-as-admin-admin_profile] quit

                [HUAWEI-um] as-group name admin_group

                [HUAWEI-um-as-group-admin_group] as name-include as

                [HUAWEI-um-as-group-admin_group] as-admin-profile admin_profile

                [HUAWEI-um-as-group-admin_group] quit

                # 配置网络基础模板并绑定至AS的端口。

                [HUAWEI-um] network-basic-profile name basic_profile_1

                [HUAWEI-um-net-basic-basic_profile_1] user-vlan 10

                [HUAWEI-um-net-basic-basic_profile_1] quit

                [HUAWEI-um] network-basic-profile name basic_profile_2

                [HUAWEI-um-net-basic-basic_profile_2] user-vlan 20

                [HUAWEI-um-net-basic-basic_profile_2] quit

                [HUAWEI-um] port-group name port_group_1

                [HUAWEI-um-portgroup-port_group_1] as name as1 interface all

                [HUAWEI-um-portgroup-port_group_1] as name as2 interface all

                [HUAWEI-um-portgroup-port_group_1] as name as4 interface all

                [HUAWEI-um-portgroup-port_group_1] network-basic-profile basic_profile_1

                [HUAWEI-um-portgroup-port_group_1] quit

                [HUAWEI-um] port-group name port_group_2

                [HUAWEI-um-portgroup-port_group_2] as name as3 interface all

                [HUAWEI-um-portgroup-port_group_2] as name as5 interface all

                [HUAWEI-um-portgroup-port_group_2] network-basic-profile basic_profile_2

                [HUAWEI-um-portgroup-port_group_2] quit

                [HUAWEI-um] quit

                # 提交配置,使业务模板中的配置下发至AS。

                [HUAWEI-um] commit as all

                Warning: Committing the configuration will take a long time. Continue?[Y/N]: y

                # 执行命令display uni-mng commit-result profile查看业务模板中的配置是否已成功下发至AS。

                [HUAWEI-um] display uni-mng commit-result profile

                Result of profile:

                --------------------------------------------------------------------------------

                 AS Name                         Commit Time               Commit/Execute Result

                --------------------------------------------------------------------------------

                 as1                             2014-08-25 22:29:18       Success/Success

                 as2                             2014-08-25 22:29:18       Success/Success

                 as3                             2014-08-25 22:29:20       Success/Success

                 as4                             2014-08-25 22:29:20       Success/Success

                 as5                             2014-08-25 22:29:20       Success/Success

                --------------------------------------------------------------------------------

                当“Commit/Execute Result”的状态为“Success/Success”时表示业务模板中的配置已成功下发至AS。

                配置文件

                 

                 

                 

                 

                #

                vlan batch 11

                #

                stp mode rstp

                stp instance 0 priority 28672

                #

                lldp enable

                #

                dhcp enable

                #

                interface Vlanif11

                 ip address 192.168.11.1 255.255.255.0

                 dhcp select interface

                 dhcp server option 43 ip-address 192.168.11.1

                #

                interface Eth-Trunk1

                 port link-type hybrid

                 port hybrid tagged vlan 1 10 to 11

                 stp root-protection

                 stp edged-port disable

                 mode lacp

                 loop-detection disable

                 mad relay

                #

                interface Eth-Trunk2

                 port link-type hybrid

                 port hybrid tagged vlan 1 10 to 11

                 stp root-protection

                 stp edged-port disable

                 mode lacp

                 loop-detection disable

                 mad relay

                #

                interface Eth-Trunk3

                 port link-type hybrid

                 port hybrid tagged vlan 1 11 20

                 stp root-protection

                 stp edged-port disable

                 mode lacp

                 loop-detection disable

                 mad relay

                #

                interface GigabitEthernet1/1/0/1

                 eth-trunk 1

                #

                interface GigabitEthernet1/1/0/2

                 eth-trunk 2

                #

                interface GigabitEthernet1/1/0/3

                 eth-trunk 3

                #

                interface GigabitEthernet2/1/0/1

                 eth-trunk 1

                #

                interface GigabitEthernet2/1/0/2

                 eth-trunk 2

                #

                interface GigabitEthernet2/1/0/3

                 eth-trunk 3

                #

                capwap source interface vlanif11

                #

                wlan  wlan ap lldp enable  wlan work-group default #

                as-auth

                 whitelist mac-address 00e0-fc00-0011

                 whitelist mac-address 00e0-fc00-0022

                 whitelist mac-address 00e0-fc00-0033

                 whitelist mac-address 00e0-fc00-0044

                 whitelist mac-address 00e0-fc00-0055

                #

                uni-mng

                 as name as1 model S5720-28P-SI-AC mac-address 00e0-fc00-0011

                  down-direction fabric-port 4 member-group interface Eth-Trunk 4

                  port Eth-Trunk 4 trunkmember interface GigabitEthernet 0/0/23

                  port Eth-Trunk 4 trunkmember interface GigabitEthernet 0/0/24

                 as name as2 model S5720-28P-SI-AC mac-address 00e0-fc00-0022

                 as name as3 model S5720-28P-SI-AC mac-address 00e0-fc00-0033

                  down-direction fabric-port 5 member-group interface Eth-Trunk 5

                  port Eth-Trunk 5 trunkmember interface GigabitEthernet 0/0/23

                  port Eth-Trunk 5 trunkmember interface GigabitEthernet 0/0/24

                 as name as4 model S5720-28TP-LI-AC mac-address 00e0-fc00-0044 

                 as name as5 model S5720-28TP-LI-AC mac-address 00e0-fc00-0055

                 interface fabric-port 1

                  port member-group interface Eth-Trunk 1

                 interface fabric-port 2

                  port member-group interface Eth-Trunk 2

                 interface fabric-port 3

                  port member-group interface Eth-Trunk 3

                 as-admin-profile name admin_profile

                  user asuser password %^%#Ky,WNqWh_DZ[(V96yvSEph)VLMc/+U}>]i2:"9n:%^%#

                 network-basic-profile name basic_profile_1

                  user-vlan 10

                 network-basic-profile name basic_profile_2

                  user-vlan 20

                 as-group name admin_group

                  as-admin-profile admin_profile

                  as name as1

                  as name as2

                  as name as3

                  as name as4 

                  as name as5

                 port-group name port_group_1

                  network-basic-profile basic_profile_1

                  as name as1 interface GigabitEthernet 0/0/1 to 0/0/22

                  as name as2 interface GigabitEthernet 0/0/1 to 0/0/24

                  as name as4 interface Ethernet 0/0/1 to 0/0/24

                 port-group name port_group_2

                  network-basic-profile basic_profile_2

                  as name as3 interface GigabitEthernet 0/0/1 to 0/0/22

                  as name as5 interface Ethernet 0/0/1 to 0/0/24 

                #

                return