Table of contents
Access and Services Aggregation
访问 - 聚集层为第2层访问开关提供默认的门户服务,并将从较低速度访问端口的带宽合并为高速上行链接到核心。服务 - 聚集层提供了与网关,策略服务器以及WAN或Internet网关相似的功能。
Configuring the Aggregation Switch Groups
这following procedures describe the creation of an aggregation switch configuration in CLI format. The switch configuration may be created offline in a text editor and copied into MultiEdit or may be typed directly into MultiEdit in a UI group of Central. Switches in the group receive the configuration when synchronized to Central.
下图显示了ESP校园中的访问聚合和服务聚合开关。
Wired Aggregation
Enable MultiEdit for the Group
这base configuration of the switch was previously described in the切换组配置section of this guide. The following procedure completes the switch configuration using the Aruba Central MultiEdit tool, a CLI based configuration editor built into Central.
Step 1导航Central并使用管理员凭据登录。
Step 2在Aruba Central帐户主页上,启动Network Operations应用程序。
Step 3In the filter drop-down list, select an aggregation switch团体name, and then from the left menu, select设备。
第4步在开关页面的右上角,选择Config。
步骤5In the upper left of the Switches page, move the slider right to enableMultiEdit。
步骤6Select the devices for editing, then in the lower right pop-up, click编辑配置。
以下步骤提供一块configuration which can be pasted into the MultiEdit window. After pasting in the configuration chunk, right click any device specific values. A Modify Parameters window will appear on the right, allowing individual device values to be input.
配置OSPF和多播路由
In the following steps, OSPF routing is configured to peer on point-to-point IP links using interface addresses in a /30 subnet. Then, PIM-Sparse Mode is enabled on the same links to ensure multicast streams coming from the core can flow to the access VLANs.
这following figure may be used as a reference point for the configuration implemented below.
OSPF Topology
笔记:这switch configuration is automatically formatted on input. Paste CLI at the begining, end, or on a new line anywhere in the configuration.
Step 1Configure the global OSPF routing instance with area 0 and enable passive-interface default to avoid unwanted OSPF adjacencies. Use a pre-allocated loopback IP address as the router-id.
router ospf 1 area 0 passive-interface default router-id 10.0.3.1When creating a template for chassis switch configuration, enable graceful restart.
graceful-restart restart-interval 30Step 2Configure the global multicast routing instance.
router pim enable active-activeStep 3Create the loopback 0 interface and use a pre-allocated IP address. This should match the one used as the OSPF router-id. Enable OSPF in area 0 and PIM sparse mode on the interface.
interface loopback 0 ip address 10.0.3.1/32 ip ospf 1 area 0 ip pim-sparse enable第4步Configure OSPF and PIM-SM on the physical interfaces. Configure a large IP MTU, turn off passive mode, associate the OSPF router instance from above, and enable PIM sparse mode on the interface.
interface 1/1/1 description AG1_TO_CORE no shutdown ip mtu 9198 ip address 172.18.103.1/30 no ip ospf passive ip ospf network point-to-point ip ospf 1 area 0 ip pim-sparse enable步骤5Repeat the previous step for each interface connected between the aggregation and core switches.
Example: Aggregation 1 Switches
| AG1 IP Address | Subnet | Source Device | 对等设备 |
|---|---|---|---|
| 172.18.103.1 | 172.18.103.0/30 | AG1-SW1 | Core 1 |
| 172.18.103.9 | 172.18.103.8/30 | AG1-SW2 | Core 1 |
| 172.18.103.5 | 172.18.103.4/30 | AG1-SW1 | Core 2 |
| 172.18.103.13 | 172.18.103.12/30 | AG1-SW2 | Core 2 |
示例:聚合2开关
| AG2 IP Address | Subnet | Source Device | 对等设备 |
|---|---|---|---|
| 172.18.102.1 | 172.18.102.0/30 | AG2-SW1 | Core 1 |
| 172.18.102.9 | 172.18.102.8/30 | AG2-SW2 | Core 1 |
| 172.18.102.5 | 172.18.102.4/30 | AG2-SW1 | Core 2 |
| 172.18.102.13 | 172.18.102.12/30 | AG2-SW2 | Core 2 |
Example: Service Aggregation Switches
| 服务AG IP地址 | Subnet | Source Device | 对等设备 |
|---|---|---|---|
| 172.18.106.1 | 172.18.106.0/30 | S2-1 | Core 1 |
| 172.18.106.9 | 172.18.106.8/30 | S2-2 | Core 1 |
| 172.18.106.13 | 172.18.106.12/30 | S2-2 | Core 2 |
| 172.18.106.5 | 172.18.106.4/30 | S2-1 | Core 2 |
步骤6In the lower right of the MultiEdit window, clickSave。
步骤7When Config Status has returned to the Sync state for the modified devices, select列表from the upper right.
Verify OSPF Operation
Central提供了远程控制台功能,可在任何托管开关上进行CLI访问。用这个运行CLIshowcommands at validation steps throughout this guide.
步骤8From the left menu, selectTools。
步骤9On the Console tab, implement the following settings, and then selectCreate New Session。
设备类型:Switch
Switch:设备名称
用户名:admin
Password:密码
Step 10在远程控制台窗口中,键入the commandshow ip ospf neighbors,然后按Enter。下面显示的输出表示核心开关的健康OSPF会话。
Verify Multicast Operation
Step 11In a Remote Console window, type the commandshow ip pim neighbors,然后按Enter。下面显示的输出表明多播路由在配置的VLAN上运行。
配置聚合VLAN
这Layer 3 aggregation switch is the default gateway for access switches and will advertise the interface VLAN routes to the rest of the network.
Use this procedure to configure the VLANs for the aggregation switches.
Step 1If needed, select设备from the left hand menu, clickConfigin the upper right, and, with MultiEdit enabled, begin a newEdit Configsession.
Step 1Define the access VLAN numbers and names.
vlan 2 name ZTP_NATIVE vlan 3 name EMPLOYEE ... vlan 14 name CRITICAL_AUTH vlan 15 name MGMTStep 3配置VLAN和IP服务。配置大型IP MTU,设置DHCP IP助手地址,从上方关联OSPF路由器实例,启用PIM-SM,然后在接口上启用IGMP。
interface vlan 2 description ZTP_NATIVE ip mtu 9198 ip address 10.2.2.2/24 ip helper-address 10.2.120.98 ip helper-address 10.2.120.99 ip ospf 1 area 0.0.0.0 ip igmp enable ip pim-sparse enable笔记:这ip helper-addresscommand enables the forwarding of DHCP requests from endpoints to DHCP servers on other subnets. Multiple DHCP servers can be defined.
第4步Repeat the previous step for each VLAN.
Example: Access Aggregation
| VLAN名称 | VLAN ID | Access Agg 1 | Access Agg 2 | Network/Mask | Reserved Active gateway IP | IP helper address |
|---|---|---|---|---|---|---|
| ZTP_NATIVE | 2 | 10.2.2.2 | 10.2.2.3 | 10.2.2.0/24 | 10.2.2.1 | 10.2.120.98 10.2.120.99 |
| EMPLOYEE | 3 | 10.2.3.2 | 10.2.3.3 | 10.2.3.0/24 | 10.2.3.1 | 10.2.120.98 10.2.120.99 |
| VISITOR | 12 | 10.2.12.2 | 10.2.12.3 | 10.2.12.0/24 | 10.2.12.1 | 10.2.120.98 10.2.120.99 |
| REJECT_AUTH | 13 | 10.2.13.2 | 10.2.13.3 | 10.2.13.0/24 | 10.2.13.1 | 10.2.120.98 10.2.120.99 |
| critical_ auth | 14 | 10.2.14.2 | 10.2.14.3 | 10.2.14.0/24 | 10.2.14.1 | 10.2.120.98 10.2.120.99 |
| MGMT | 15 | 10.2.15.2 | 10.2.15.3 | 10.2.15.0/24 | 10.2.15.1 | 10.2.120.98 10.2.120.99 |
Example: Service Aggregation 1
| VLAN名称 | VLAN ID | Service Agg 1 | Service Agg 2 | Network/Mask | Reserved Active gateway IP | IP helper address |
|---|---|---|---|---|---|---|
| EMPLOYEE | 103 | 10.6.103.2 | 10.6.103.3 | 10.6.103.0/24 | 10.6.103.1 | 10.2.120.98 10.2.120.99 |
| VISITOR | 112 | 10.6.112.2 | 10.6.112.3 | 10.6.112.0/24 | 10.6.112.1 | 10.2.120.98 10.2.120.99 |
| REJECT_AUTH | 113 | 10.6.113.2 | 10.6.113.3 | 10.6.113.0/24 | 10.6.113.1 | 10.2.120.98 10.2.120.99 |
| critical_ auth | 114 | 10.6.114.2 | 10.6.114.3 | 10.6.114.0/24 | 10.6.114.1 | 10.2.120.98 10.2.120.99 |
| MGMT | 15 | 10.6.115.2 | 10.6.115.3 | 10.6.115.0/24 | 10.6.115.1 | 10.2.120.98 10.2.120.99 |
配置VSX
VSX is a redundancy protocol used to combine the layer 2 data plane of two AOS-CX switches into a single logical switch fabric. Management and control plane functions remain independent. VSX is supported on 6400, 8400, and 83xx switch models.
跨越树应以充当根桥的聚合开关启用。网关和访问开关配置了高桥ID,以防止它们成为根桥。
Use this procedure to configure VSX on each switch.
Step 1配置滞后接口用作VSX对的间切口链接(ISL)。允许此滞后上的所有VLAN进行简化的配置管理。
interface lag 128 no shutdown no routing vlan trunk native 1 vlan trunk allowed all lacp mode activeStep 2配置滞后接口的端口。至少需要两个端口,最多需要八个端口。以下CLI显示示例接口号。为了简化复制和粘贴过程,仅复制接口下方的配置行,然后在Multiedit的正确接口下粘贴它们。
接口1/1/49描述ISL_INTERFEEN否关闭滞后128 MTU 9198接口1/1/50说明ISL_Interface no shutdown lag lag 128 mtu 9198Step 3为VSX开关对之间的第3层保持阳光接口配置VRF。
vrf VSX_KEEPALIVE第4步将远离界面附加到静脉VRF上。仅复制下面的行interface。
接口1/1/1 VRF附件VSX_KEECALIVE IP地址10.99.99.1/30步骤5Enable the VSX instance with the ISL LAG interface, the IP information and VRF for the keep-alive session, a primary or secondary role, shared system-mac, and VSX sync features. Primary and secondary examples are shown for clarity. Only paste the configuration into MultiEdit one time, then edit individual switch values as needed.
笔记:这system MAC must be the same value on each switch in the VSX pair, but otherwise unique within the network.
示例:主VSX开关
vsx inter-switch-link lag 128 keepalive peer 10.99.99.2 source 10.99.99.1 vrf VSX_KEEPALIVE role primary system-mac 02:01:00:00:01:00 vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-globalExample: Secondary VSX Switch
vsx inter-switch-link lag 128 keepalive peer 10.99.99.1 source 10.99.99.2 vrf VSX_KEEPALIVE role secondary system-mac 02:01:00:00:01:00 vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-globalValidate VSX Configuration
步骤6In a Remote Console window, type the commandshow vsx status,然后按Enter。这output shown below indicates a healthy VSX deployment.
Configure a VLAN Active Gateway
An active gateway provides the ability to have a default route through either switch in a VSX pair by each switch using the same local MAC address and IP address.
Step 1使用VLAN独有的本地MAC地址和IP地址在每个VLAN上配置活动网关。如果VLAN已经根据上述步骤配置活动闸门lines.
示例:主VSX开关上的VLAN 2
接口VLAN 2 Active-Gateway IP Mac 12:01:00:00:00:01:00 Active-Gateway IP 10.2.2.1说明ZTP_Native IP MTU MTU 9198 IP地址10.2.2.2.24 IP Helper-Address 10.2.120.98 IP Helper-Address 10.2 10.2.120.99例如:二级VSX VLAN 2Switch
interface vlan 2 active-gateway ip mac 12:01:00:00:01:00 active-gateway ip 10.2.2.1 description ZTP_Native ip mtu 9198 ip address 10.2.2.3/24 ip helper-address 10.2.120.98 ip helper-address 10.2.120.99Configure Spanning Tree
Step 1Configure spanning tree globally. Enable Rapid Per VLAN STP for the access VLANs and set the highest priority in preparation for VSX.
Example: Access Aggregation STP
跨越树模式rpvst跨度树跨越树的优先级0跨度-tree vlan 1-3,5-6,13-15笔记:这spanning tree configuration on a services aggregation switch is identical, but with a pruned list of VLANs.
配置多chassis滞后接口
Configure an MC-LAG interface for each downstream access switch to enable uplink to both switches in the VSX pair without blocking.
Step 1Enable spanning tree root guard and LACP fallback to allow for safe ZTP of access switches. Assign a native VLAN of two and trunk the allowed access VLANs previously created. Enable LACP active and LACP fallback to facilitate access switch provisioning. Enable PIM-SM routing.
界面滞后1多个chassis无关机无路由VLAN TRUNK本机2 VLAN TRUNK允许1-3,5-6,13-15 LACP模式活动lacp模式活动LACP sublack spanning-tree-tree-root-guard root-guard root guard ip pim-sparse启用Step 2Repeat the previous step for each MC-LAG interface required for the connected access switches.
Step 3配置滞后接口的端口。以下CLI显示示例接口号。为了简化复制和粘贴过程,仅复制接口下方的配置行,然后在Multiedit的正确接口下粘贴它们。
接口1/1/1说明Downlink_to_access_sw_sw_or_ctrl no shutdown lag 1 mtu 9198第4步重复每个MC-LAG接口的上一个步骤。
组中的设备将自动同步新配置。同步状态将在“配置状态”页面上更新,并且在左侧菜单上观察到过程步骤执行。审核步道。