首页　| 　博文目录　| 　关于我

博客访问： 10167965
博文数量： 1669
博客积分： 16831
博客等级：上将
技术积分： 12594
用户组：普通用户
注册时间： 2011-02-25 07:23

个人简介

柔中带刚，刚中带柔，淫荡中富含柔和，刚猛中荡漾风骚，无坚不摧，无孔不入！

文章分类

全部博文（1669）

NGINX（1）
MongoDB（2）
docker（8）
shadowsocks（1）
CloudFoundry（11）
CloudStack（102）
openstack（61）
PHP（0）
mail（0）
hadoop（25）
GemFire（1）
文件系统（4）
CDN（7）
下载及资源（15）
数据缓存（8）
web 加速（9）
分布式文件系统架（23）
虚拟化（133）
同步（6）
网站架构（50）
windows 监控（15）
mysql 监控（5）
oracle 监控（2）
linux 监控（24）
web 监控（35）
其他数据库（27）
备份恢复（28）
VPN及认证（24）
云系统（29）
windows（29）
WEB 故障（13）
mysql 备份（10）
oracle 集群（15）
HA及负载均衡（52）
存储（66）
shell（39）
web 应用（19）
mysql 优化（16）
mysql 故障（14）
mysql 安全（8）
mysql 配置（29）
mysql 应用（10）
web 安全（21）
SAN交换路由（26）
web 优化（46）
基础解释（24）
linux 安全（37）
linux 故障（22）
linux 应用（85）
linux 配置（64）
web 配置（23）
oracle 备份（33）
UNIX（12）
Solaris（5）
Aix（1）
oracle 配置（69）
oracle 优化（62）
oracle 安全（10）
oracle 应用（30）
交流（29）
oracle 故障（59）
linux 优化（31）
未分配的博文（4）

文章存档

2023年（4）

2022年（1）

2021年（10）

2020年（24）

2019年（4）

2018年（19）

2017年（66）

2016年（60）

2015年（49）

2014年（201）

2013年（221）

2012年（638）

2011年（372）

我的朋友

配置M-LAG+VS+旁挂防火墙综合应用示例

适用产品和版本

CE12800系列产品V100R005C10或更高版本。

组网需求

如所示为某数据中心网络，客户希望构建一个稳定的大二层网络。要求双归接入保证可靠性，同时链路之间进行负载分担提高链路利用率。汇聚层部署VS划分不同的分区，提高机柜的利用率。同时为了满足服务器业务的安全性，在汇聚层旁挂防火墙（SeGW）提供安全防护功能。

本示例中，交换机以CE12804为例，安全网关设备以USG9520为例。

图1-1 配置M-LAG+VS+旁挂防火墙综合应用组网图

数据规划

设备名称		接口	IP地址	虚拟IP地址
SwitchA		管理网口	10.1.1.1/24	-
SwitchB		管理网口	10.1.1.2/24	-
SwitchC	VS1	管理网口	10.2.1.1/24	-
		VLANIF11	10.4.1.1/24	10.4.1.111
		VLANIF20	10.5.1.1/24	10.5.1.111
	VS2	管理网口	10.3.1.1/24	-
		VLANIF30	10.6.1.1/24	10.6.1.111
		VLANIF200	10.8.1.1/24	-
		VLANIF300	10.11.1.1/24	-
SwitchD	VS3	管理网口	10.2.1.2/24	-
		VLANIF11	10.4.1.2/24	10.4.1.111
		VLANIF20	10.5.1.2/24	10.5.1.111
	VS4	管理网口	10.3.1.2/24	-
		VLANIF30	10.6.1.2/24	10.6.1.111
		VLANIF210	10.9.1.1/24	-
		VLANIF300	10.11.1.2/24	-
SwitchE		VLANIF200	10.8.1.2/24	-
SwitchE		VLANIF400	10.12.1.1/24	-
SwitchF		VLANIF210	10.9.1.2/24	-
SwitchF		VLANIF400	10.12.1.2/24	-
SeGW A		GigabitEthernet 3/0/0	10.10.0.1/24	-
		上行接口浮动IP	10.6.1.3/24	-
		下行接口浮动IP	10.5.1.3/24	-
SeGW B		GigabitEthernet 3/0/0	10.10.0.2/24	-
		上行接口浮动IP	10.6.1.3/24	-
		下行接口浮动IP	10.5.1.3/24	-
服务器所在网段		-	10.20.20.0/24	-

配置思路

采用如下的思路配置：

在SwitchC和SwitchD上配置划分VS。
在SwitchA和SwitchB之间、VS1和VS3之间、VS2和VS4之间配置M-LAG，并配置VRPP备份组分别作为用户侧网关和防火墙的下一跳。
配置安全网关设备采用路由模式接入，并启用双机热备功能，采用主备备份方式工作，增强网络的健壮性。
在汇聚层和核心层交换机上使能OSPF。

操作步骤

配置划分VS

这里以SwitchC为例，SwitchD的配置与SwitchC类似，不再赘述。

创建VS1，VS1为Group模式，使用缺省的逻辑资源规格。为VS1分配物理端口10GE1/0/0～10GE1/0/23。

<HUAWEI> system-view [~HUAWEI] sysname SwitchC [*HUAWEI] commit [~SwitchC] admin [~SwitchC-admin] virtual-system vs1 [*SwitchC-admin-vs:vs1] port-mode group [*SwitchC-admin-vs:vs1] assign interface 10GE 1/0/0 Warning: All configurations of the interfaces will be deleted. Interfaces 10GE1/0/0-23 of the same group will be assigned. Continue?
 [Y/N]: y [*SwitchC-admin-vs:vs1] quit [*SwitchC-admin] commit

创建VS2，VS2为Group模式，使用缺省的逻辑资源规格。为VS2分配物理端口10GE1/0/24～10GE1/0/47。

[~SwitchC-admin] virtual-system vs2 [*SwitchC-admin-vs:vs2] port-mode group [*SwitchC-admin-vs:vs2] assign interface 10GE 1/0/24 Warning: All configurations of the interfaces will be deleted. Interfaces 10GE1/0/24-47 of the same group will be assigned. Continue?
 [Y/N]: y [*SwitchC-admin-vs:vs2] quit [*SwitchC-admin] commit

验证配置结果

# 查看VS1的详细信息。

[~SwitchC-admin] display virtual-system name vs1 verbose Name         : vs1
Status       : running
Description  :
Create time  : 2013-07-18 09:32:01
Port mode    : group
System MAC   : 000a-0b0c-0d04
Assigned slot(s)
pvmb         : 9
pvmb         : 10
CPU(s)
slot 9       : 0%
slot 10       : 0%
Memory(s)
slot 9       : 5%, 202632/3884636 (Used Kbytes/Max Kbytes)
slot 10       : 2%, 202628/8021592 (Used Kbytes/Max Kbytes)
Assigned interface(s)
  10GE1/0/0, slot 1
  10GE1/0/1, slot 1
  10GE1/0/2, slot 1
  10GE1/0/3, slot 1
  10GE1/0/4, slot 1
  10GE1/0/5, slot 1
  10GE1/0/6, slot 1
  10GE1/0/7, slot 1
  10GE1/0/8, slot 1
  10GE1/0/9, slot 1
  10GE1/0/10, slot 1
  10GE1/0/11, slot 1
  10GE1/0/12, slot 1
  10GE1/0/13, slot 1
  10GE1/0/14, slot 1
  10GE1/0/15, slot 1
  10GE1/0/16, slot 1
  10GE1/0/17, slot 1
  10GE1/0/18, slot 1
  10GE1/0/19, slot 1
  10GE1/0/20, slot 1
  10GE1/0/21, slot 1
  10GE1/0/22, slot 1
  10GE1/0/23, slot 1
Assigned resource(s)
u4route      : 60000(Max)
m4route      : 1000(Max)
u6route      : 16000(Max)
m6route      : 100(Max)
vlan         : 4063(Max)
vpn-instance : 4096(Max)
cpu          : 5(weight)
memory       : 100(ratio-threshold)
mpls         : enable
trill        : enable
mcast        : enable

# 查看VS2的信息。

[~SwitchC-admin] display virtual-system name vs2 verbose Name         : vs2
Status       : running
Description  :
Create time  : 2013-07-18 09:34:22
Port mode    : group
System MAC   : 000a-0b0c-0d05
Assigned slot(s)
pvmb         : 9
pvmb         : 10
CPU(s)
slot 9       : 0%
slot 10       : 0%
Memory(s)
slot 9       : 5%, 202632/3884636 (Used Kbytes/Max Kbytes)
slot 10       : 2%, 201272/8021592 (Used Kbytes/Max Kbytes)
Assigned interface(s)
  10GE1/0/24, slot 1
  10GE1/0/25, slot 1
  10GE1/0/26, slot 1
  10GE1/0/27, slot 1
  10GE1/0/28, slot 1
  10GE1/0/29, slot 1
  10GE1/0/30, slot 1
  10GE1/0/31, slot 1
  10GE1/0/32, slot 1
  10GE1/0/33, slot 1
  10GE1/0/34, slot 1
  10GE1/0/35, slot 1
  10GE1/0/36, slot 1
  10GE1/0/37, slot 1
  10GE1/0/38, slot 1
  10GE1/0/39, slot 1
  10GE1/0/40, slot 1
  10GE1/0/41, slot 1
  10GE1/0/42, slot 1
  10GE1/0/43, slot 1
  10GE1/0/44, slot 1
  10GE1/0/45, slot 1
  10GE1/0/46, slot 1
  10GE1/0/47, slot 1
Assigned resource(s)
u4route      : 60000(Max)
m4route      : 1000(Max)
u6route      : 16000(Max)
m6route      : 100(Max)
vlan         : 4063(Max)
vpn-instance : 4096(Max)
cpu          : 5(weight)
memory       : 100(ratio-threshold)
mpls         : enable
trill        : enable
mcast        : enable

配置M-LAG

分别在SwitchA、SwitchB、VS1、VS2、VS3和VS4上配置DFS Group、peer-link、V-STP和M-LAG接口。

配置交换机连接服务器的Eth-Trunk接口加入VLAN 11并绑定DFS Group，以配置连接Server 1为例。DFS Group绑定的管理网口IP地址要保证可以相互通信。

服务器上行连接交换机的端口需要绑定在一个聚合链路中且链路聚合模式需要和交换机侧的聚合模式匹配。

# 配置SwitchA。

<HUAWEI> system-view [~HUAWEI] sysname SwitchA [*HUAWEI] commit [~SwitchA] interface meth 0/0/0 [*SwitchA-MEth0/0/0] ip address 10.1.1.1 24 [*SwitchA-MEth0/0/0] quit [*SwitchA] dfs-group 1 [*SwitchA-dfs-group-1] source ip 10.1.1.1 [*SwitchA-dfs-group-1] priority 150 [*SwitchA-dfs-group-1] m-lag up-delay 30 [*SwitchA-dfs-group-1] quit [*SwitchA] interface eth-trunk 0 [*SwitchA-Eth-Trunk0] trunkport 10ge 1/0/4 to 1/0/5 [*SwitchA-Eth-Trunk0] mode lacp-static [*SwitchA-Eth-Trunk0] peer-link 1 [*SwitchA-Eth-Trunk0] quit [*SwitchA] stp mode rstp [*SwitchA] stp v-stp enable [*SwitchA] vlan batch 11 [*SwitchA] interface eth-trunk 10 [*SwitchA-Eth-Trunk10] mode lacp-dynamic [*SwitchA-Eth-Trunk10] port link-type access [*SwitchA-Eth-Trunk10] port default vlan 11 [*SwitchA-Eth-Trunk10] trunkport 10ge 1/0/1 [*SwitchA-Eth-Trunk10] dfs-group 1 m-lag 1 [*SwitchA-Eth-Trunk10] quit [*SwitchA] interface eth-trunk 20 [*SwitchA-Eth-Trunk20] mode lacp-static [*SwitchA-Eth-Trunk20] port link-type trunk [*SwitchA-Eth-Trunk20] port trunk allow-pass vlan 11 [*SwitchA-Eth-Trunk20] trunkport 10ge 1/0/6 to 1/0/7 [*SwitchA-Eth-Trunk20] dfs-group 1 m-lag 2 [*SwitchA-Eth-Trunk20] quit [*SwitchA] commit

# 配置SwitchB。

<HUAWEI> system-view [~HUAWEI] sysname SwitchB [*HUAWEI] commit [~SwitchB] interface meth 0/0/0 [*SwitchB-MEth0/0/0] ip address 10.1.1.2 24 [*SwitchB-MEth0/0/0] quit [*SwitchB] dfs-group 1 [*SwitchB-dfs-group-1] source ip 10.1.1.2 [*SwitchB-dfs-group-1] priority 120 [*SwitchB-dfs-group-1] m-lag up-delay 30 [*SwitchB-dfs-group-1] quit [*SwitchB] interface eth-trunk 0 [*SwitchB-Eth-Trunk0] trunkport 10ge 1/0/4 to 1/0/5 [*SwitchB-Eth-Trunk0] mode lacp-static [*SwitchB-Eth-Trunk0] peer-link 1 [*SwitchB-Eth-Trunk0] quit [*SwitchB] stp mode rstp [*SwitchB] stp v-stp enable [*SwitchB] vlan batch 11 [*SwitchB] interface eth-trunk 10 [*SwitchB-Eth-Trunk10] mode lacp-dynamic [*SwitchB-Eth-Trunk10] port link-type access [*SwitchB-Eth-Trunk10] port default vlan 11 [*SwitchB-Eth-Trunk10] trunkport 10ge 1/0/1 [*SwitchB-Eth-Trunk10] dfs-group 1 m-lag 1 [*SwitchB-Eth-Trunk10] quit [*SwitchB] interface eth-trunk 20 [*SwitchB-Eth-Trunk20] mode lacp-static [*SwitchB-Eth-Trunk20] port link-type trunk [*SwitchB-Eth-Trunk20] port trunk allow-pass vlan 11 [*SwitchB-Eth-Trunk20] trunkport 10ge 1/0/6 to 1/0/7 [*SwitchB-Eth-Trunk20] dfs-group 1 m-lag 2 [*SwitchB-Eth-Trunk20] quit [*SwitchB] commit

# 配置VS1。

 switch virtual-system vs1  system-view [~SwitchC-vs1] interface MEth 0/0/0 [~SwitchC-vs1-MEth0/0/0] ip address 10.2.1.1 24 [*SwitchC-vs1-MEth0/0/0] quit [*SwitchC-vs1] dfs-group 1 [*SwitchC-vs1-dfs-group-1] source ip 10.2.1.1 [*SwitchC-vs1-dfs-group-1] priority 150 [*SwitchC-vs1-dfs-group-1] m-lag up-delay 30 [*SwitchC-vs1-dfs-group-1] quit [*SwitchC-vs1] interface eth-trunk 0 [*SwitchC-vs1-Eth-Trunk0] trunkport 10ge 1/0/3 to 1/0/4 [*SwitchC-vs1-Eth-Trunk0] mode lacp-static [*SwitchC-vs1-Eth-Trunk0] peer-link 1 [*SwitchC-vs1-Eth-Trunk0] quit [*SwitchC-vs1] stp mode rstp [*SwitchC-vs1] stp v-stp enable [*SwitchC-vs1] vlan batch 11 20 [*SwitchC-vs1] interface eth-trunk 30 [*SwitchC-vs1-Eth-Trunk30] mode lacp-static [*SwitchC-vs1-Eth-Trunk30] port link-type trunk [*SwitchC-vs1-Eth-Trunk30] port trunk allow-pass vlan 11 [*SwitchC-vs1-Eth-Trunk30] trunkport 10ge 1/0/1 to 1/0/2 [*SwitchC-vs1-Eth-Trunk30] dfs-group 1 m-lag 1 [*SwitchC-vs1-Eth-Trunk30] quit [*SwitchC-vs1] interface eth-trunk 40 [*SwitchC-vs1-Eth-Trunk40] mode lacp-static [*SwitchC-vs1-Eth-Trunk40] port link-type trunk [*SwitchC-vs1-Eth-Trunk40] port trunk allow-pass vlan 20 [*SwitchC-vs1-Eth-Trunk40] trunkport 10ge 1/0/5 [*SwitchC-vs1-Eth-Trunk40] dfs-group 1 m-lag 2 [*SwitchC-vs1-Eth-Trunk40] quit [*SwitchC-vs1] interface eth-trunk 50 [*SwitchC-vs1-Eth-Trunk50] mode lacp-static [*SwitchC-vs1-Eth-Trunk50] port link-type trunk [*SwitchC-vs1-Eth-Trunk50] port trunk allow-pass vlan 20 [*SwitchC-vs1-Eth-Trunk50] trunkport 10ge 1/0/6 [*SwitchC-vs1-Eth-Trunk50] dfs-group 1 m-lag 3 [*SwitchC-vs1-Eth-Trunk50] quit [*SwitchC-vs1] commit [~SwitchC-vs1] quit

# 配置VS2。

 switch virtual-system vs2  system-view [~SwitchC-vs2] interface MEth 0/0/0 [~SwitchC-vs2-MEth0/0/0] ip address 10.3.1.1 24 [*SwitchC-vs2-MEth0/0/0] quit [*SwitchC-vs2] dfs-group 1 [*SwitchC-vs2-dfs-group-1] source ip 10.3.1.1 [*SwitchC-vs2-dfs-group-1] priority 150 [*SwitchC-vs2-dfs-group-1] m-lag up-delay 30 [*SwitchC-vs2-dfs-group-1] quit [*SwitchC-vs2] interface eth-trunk 0 [*SwitchC-vs2-Eth-Trunk0] trunkport 10ge 1/0/32 to 1/0/33 [*SwitchC-vs2-Eth-Trunk0] mode lacp-static [*SwitchC-vs2-Eth-Trunk0] peer-link 1 [*SwitchC-vs2-Eth-Trunk0] quit [*SwitchC-vs2] stp mode rstp [*SwitchC-vs2] stp v-stp enable [*SwitchC-vs2] vlan batch 30 [*SwitchC-vs2] interface eth-trunk 60 [*SwitchC-vs2-Eth-Trunk60] mode lacp-static [*SwitchC-vs2-Eth-Trunk60] port link-type trunk [*SwitchC-vs2-Eth-Trunk60] port trunk allow-pass vlan 30 [*SwitchC-vs2-Eth-Trunk60] trunkport 10ge 1/0/34 [*SwitchC-vs2-Eth-Trunk60] dfs-group 1 m-lag 2 [*SwitchC-vs2-Eth-Trunk60] quit [*SwitchC-vs2] interface eth-trunk 70 [*SwitchC-vs2-Eth-Trunk70] mode lacp-static [*SwitchC-vs2-Eth-Trunk70] port link-type trunk [*SwitchC-vs2-Eth-Trunk70] port trunk allow-pass vlan 30 [*SwitchC-vs2-Eth-Trunk70] trunkport 10ge 1/0/35 [*SwitchC-vs2-Eth-Trunk70] dfs-group 1 m-lag 3 [*SwitchC-vs2-Eth-Trunk70] quit [*SwitchC-vs2] commit [~SwitchC-vs2] quit

# 配置VS3。

 switch virtual-system vs3  system-view [~SwitchD-vs3] interface MEth 0/0/0 [~SwitchD-vs3-MEth0/0/0] ip address 10.2.1.2 24 [*SwitchD-vs3-MEth0/0/0] quit [*SwitchD-vs3] dfs-group 1 [*SwitchD-vs3-dfs-group-1] source ip 10.2.1.2 [*SwitchD-vs3-dfs-group-1] priority 120 [*SwitchD-vs3-dfs-group-1] m-lag up-delay 30 [*SwitchD-vs3-dfs-group-1] quit [*SwitchD-vs3] interface eth-trunk 0 [*SwitchD-vs3-Eth-Trunk0] trunkport 10ge 1/0/3 to 1/0/4 [*SwitchD-vs3-Eth-Trunk0] mode lacp-static [*SwitchD-vs3-Eth-Trunk0] peer-link 1 [*SwitchD-vs3-Eth-Trunk0] quit [*SwitchD-vs3] stp mode rstp [*SwitchD-vs3] stp v-stp enable [*SwitchD-vs3] vlan batch 11 20 [*SwitchD-vs3] interface eth-trunk 30 [*SwitchD-vs3-Eth-Trunk30] mode lacp-static [*SwitchD-vs3-Eth-Trunk30] port link-type trunk [*SwitchD-vs3-Eth-Trunk30] port trunk allow-pass vlan 11 [*SwitchD-vs3-Eth-Trunk30] trunkport 10ge 1/0/1 to 1/0/2 [*SwitchD-vs3-Eth-Trunk30] dfs-group 1 m-lag 1 [*SwitchD-vs3-Eth-Trunk30] quit [*SwitchD-vs3] interface eth-trunk 40 [*SwitchD-vs3-Eth-Trunk40] mode lacp-static [*SwitchD-vs3-Eth-Trunk40] port link-type trunk [*SwitchD-vs3-Eth-Trunk40] port trunk allow-pass vlan 20 [*SwitchD-vs3-Eth-Trunk40] trunkport 10ge 1/0/5 [*SwitchD-vs3-Eth-Trunk40] dfs-group 1 m-lag 2 [*SwitchD-vs3-Eth-Trunk40] quit [*SwitchD-vs3] interface eth-trunk 50 [*SwitchD-vs3-Eth-Trunk50] mode lacp-static [*SwitchD-vs3-Eth-Trunk50] port link-type trunk [*SwitchD-vs3-Eth-Trunk50] port trunk allow-pass vlan 20 [*SwitchD-vs3-Eth-Trunk50] trunkport 10ge 1/0/6 [*SwitchD-vs3-Eth-Trunk50] dfs-group 1 m-lag 3 [*SwitchD-vs3-Eth-Trunk50] quit [*SwitchD-vs3] commit [~SwitchD-vs3] quit

# 配置VS4。

 switch virtual-system vs4  system-view [~SwitchD-vs4] interface MEth 0/0/0 [~SwitchD-vs4-MEth0/0/0] ip address 10.3.1.2 24 [*SwitchD-vs4-MEth0/0/0] quit [*SwitchD-vs4] dfs-group 1 [*SwitchD-vs4-dfs-group-1] source ip 10.3.1.2 [*SwitchD-vs4-dfs-group-1] priority 120 [*SwitchD-vs4-dfs-group-1] m-lag up-delay 30 [*SwitchD-vs4-dfs-group-1] quit [*SwitchD-vs4] interface eth-trunk 0 [*SwitchD-vs4-Eth-Trunk0] trunkport 10ge 1/0/32 to 1/0/33 [*SwitchD-vs4-Eth-Trunk0] mode lacp-static [*SwitchD-vs4-Eth-Trunk0] peer-link 1 [*SwitchD-vs4-Eth-Trunk0] quit [*SwitchD-vs4] stp mode rstp [*SwitchD-vs4] stp v-stp enable [*SwitchD-vs4] vlan batch 30 [*SwitchD-vs4] interface eth-trunk 60 [*SwitchD-vs4-Eth-Trunk60] mode lacp-static [*SwitchD-vs4-Eth-Trunk60] port link-type trunk [*SwitchD-vs4-Eth-Trunk60] port trunk allow-pass vlan 30 [*SwitchD-vs4-Eth-Trunk60] trunkport 10ge 1/0/34 [*SwitchD-vs4-Eth-Trunk60] dfs-group 1 m-lag 2 [*SwitchD-vs4-Eth-Trunk60] quit [*SwitchD-vs4] interface eth-trunk 70 [*SwitchD-vs4-Eth-Trunk70] mode lacp-static [*SwitchD-vs4-Eth-Trunk70] port link-type trunk [*SwitchD-vs4-Eth-Trunk70] port trunk allow-pass vlan 30 [*SwitchD-vs4-Eth-Trunk70] trunkport 10ge 1/0/35 [*SwitchD-vs4-Eth-Trunk70] dfs-group 1 m-lag 3 [*SwitchD-vs4-Eth-Trunk70] quit [*SwitchD-vs4] commit [~SwitchD-vs4] quit

分别在SwitchA、SwitchB、VS1、VS2、VS3和VS4上配置LACP M-LAG的系统优先级、系统ID。

# 配置SwitchA。

[~SwitchA] interface eth-trunk 10 [~SwitchA-Eth-Trunk10] lacp m-lag priority 10 [*SwitchA-Eth-Trunk10] lacp m-lag system-id 00e0-fc00-0000 [*SwitchA-Eth-Trunk10] quit [*SwitchA] interface eth-trunk 20 [*SwitchA-Eth-Trunk20] lacp m-lag priority 10 [*SwitchA-Eth-Trunk20] lacp m-lag system-id 00e0-fc00-0000 [*SwitchA-Eth-Trunk20] quit [*SwitchA] commit

# 配置SwitchB。

[~SwitchB] interface eth-trunk 10 [~SwitchB-Eth-Trunk10] lacp m-lag priority 10 [*SwitchB-Eth-Trunk10] lacp m-lag system-id 00e0-fc00-0000 [*SwitchB-Eth-Trunk10] quit [*SwitchB] interface eth-trunk 20 [*SwitchB-Eth-Trunk20] lacp m-lag priority 10 [*SwitchB-Eth-Trunk20] lacp m-lag system-id 00e0-fc00-0000 [*SwitchB-Eth-Trunk20] quit [*SwitchB] commit

# 配置VS1。

 switch virtual-system vs1  system-view [~SwitchC-vs1] interface eth-trunk 30 [*SwitchC-vs1-Eth-Trunk30] lacp m-lag priority 10 [*SwitchC-vs1-Eth-Trunk30] lacp m-lag system-id 00e0-fc00-0001 [*SwitchC-vs1-Eth-Trunk30] quit [*SwitchC-vs1] interface eth-trunk 40 [*SwitchC-vs1-Eth-Trunk40] lacp m-lag priority 10 [*SwitchC-vs1-Eth-Trunk40] lacp m-lag system-id 00e0-fc00-0001 [*SwitchC-vs1-Eth-Trunk40] quit [*SwitchC-vs1] interface eth-trunk 50 [*SwitchC-vs1-Eth-Trunk50] lacp m-lag priority 10 [*SwitchC-vs1-Eth-Trunk50] lacp m-lag system-id 00e0-fc00-0001 [*SwitchC-vs1-Eth-Trunk50] quit [*SwitchC-vs1] commit [~SwitchC-vs1] quit

# 配置VS2。

 switch virtual-system vs2  system-view [~SwitchC-vs2] interface eth-trunk 60 [*SwitchC-vs2-Eth-Trunk60] lacp m-lag priority 10 [*SwitchC-vs2-Eth-Trunk60] lacp m-lag system-id 00e0-fc00-0002 [*SwitchC-vs2-Eth-Trunk60] quit [*SwitchC-vs2] interface eth-trunk 70 [*SwitchC-vs2-Eth-Trunk70] lacp m-lag priority 10 [*SwitchC-vs2-Eth-Trunk70] lacp m-lag system-id 00e0-fc00-0002 [*SwitchC-vs2-Eth-Trunk70] quit [*SwitchC-vs2] commit [~SwitchC-vs2 quit

# 配置VS3。

 switch virtual-system vs3  system-view [~SwitchD-vs3] interface eth-trunk 30 [*SwitchD-vs3-Eth-Trunk30] lacp m-lag priority 10 [*SwitchD-vs3-Eth-Trunk30] lacp m-lag system-id 00e0-fc00-0001 [*SwitchD-vs3-Eth-Trunk30] quit [*SwitchD-vs3] interface eth-trunk 40 [*SwitchD-vs3-Eth-Trunk40] lacp m-lag priority 10 [*SwitchD-vs3-Eth-Trunk40] lacp m-lag system-id 00e0-fc00-0001 [*SwitchD-vs3-Eth-Trunk40] quit [*SwitchD-vs3] interface eth-trunk 50 [*SwitchD-vs3-Eth-Trunk50] lacp m-lag priority 10 [*SwitchD-vs3-Eth-Trunk50] lacp m-lag system-id 00e0-fc00-0001 [*SwitchD-vs3-Eth-Trunk50] quit [*SwitchD-vs3] commit [~SwitchD-vs3] quit

# 配置VS4。

 switch virtual-system vs4  system-view [~SwitchD-vs4] interface eth-trunk 60 [*SwitchD-vs4-Eth-Trunk60] lacp m-lag priority 10 [*SwitchC-vs4-Eth-Trunk60] lacp m-lag system-id 00e0-fc00-0002 [*SwitchD-vs4-Eth-Trunk60] quit [*SwitchD-vs4] interface eth-trunk 70 [*SwitchD-vs4-Eth-Trunk70] lacp m-lag priority 10 [*SwitchD-vs4-Eth-Trunk70] lacp m-lag system-id 00e0-fc00-0002 [*SwitchD-vs4-Eth-Trunk70] quit [*SwitchD-vs4] commit [~SwitchD-vs4] quit

在VS1和VS3、VS2和VS4上创建VLANIF接口并配置IP地址，在接口VLANIF11上创建VRRP备份组作为用户侧网关，在接口VLANIF20上创建VRRP备份组作为防火墙下行的下一跳，在接口VLANIF30上创建VRRP备份组作为防火墙上行的下一跳。

# 配置VS1。

 switch virtual-system vs1  system-view [~SwitchC-vs1] interface vlanif 11 [*SwitchC-vs1-Vlanif11] ip address 10.4.1.1 24 [*SwitchC-vs1-Vlanif11] vrrp vrid 1 virtual-ip 10.4.1.111 [*SwitchC-vs1-Vlanif11] quit [*SwitchC-vs1] interface vlanif 20 [*SwitchC-vs1-Vlanif20] ip address 10.5.1.1 24 [*SwitchC-vs1-Vlanif20] vrrp vrid 2 virtual-ip 10.5.1.111 [*SwitchC-vs1-Vlanif20] quit [*SwitchC-vs1] ip route-static 0.0.0.0 0 10.5.1.3 [*SwitchC-vs1] commit [~SwitchC-vs1] quit

# 配置VS2。

 switch virtual-system vs2  system-view [~SwitchC-vs2] interface vlanif 30 [*SwitchC-vs2-Vlanif30] ip address 10.6.1.1 24 [*SwitchC-vs2-Vlanif30] vrrp vrid 1 virtual-ip 10.6.1.111 [*SwitchC-vs2-Vlanif30] quit [*SwitchC-vs2] ip route-static 10.20.20.0 24 10.6.1.3 [*SwitchC-vs2] commit [~SwitchC-vs2] quit

# 配置VS3。

 switch virtual-system vs3  system-view [~SwitchD-vs3] interface vlanif 11 [*SwitchD-vs3-Vlanif11] ip address 10.4.1.2 24 [*SwitchD-vs3-Vlanif11] vrrp vrid 1 virtual-ip 10.4.1.111 [*SwitchD-vs3-Vlanif11] quit [*SwitchD-vs3] interface vlanif 20 [*SwitchD-vs3-Vlanif20] ip address 10.5.1.2 24 [*SwitchD-vs3-Vlanif20] vrrp vrid 2 virtual-ip 10.5.1.111 [*SwitchD-vs3-Vlanif20] quit [*SwitchD-vs3] ip route-static 0.0.0.0 0 10.5.1.3 [*SwitchD-vs3] commit [~SwitchD-vs3] quit

# 配置VS4。

 switch virtual-system vs4  system-view [~SwitchD-vs4] interface vlanif 30 [*SwitchD-vs4-Vlanif30] ip address 10.6.1.2 24 [*SwitchD-vs4-Vlanif30] vrrp vrid 1 virtual-ip 10.6.1.111 [*SwitchD-vs4-Vlanif30] quit [*SwitchD-vs4] ip route-static 10.20.20.0 24 10.6.1.3 [*SwitchD-vs4] commit [~SwitchD-vs4] quit

配置SeGW A和SeGW B为路由模式（主备方式）双机热备份

将SeGW A和SeGW B的上下行接口。

# 配置SeGW A。

 system-view [USG9000] sysname SeGW A [SeGWA] interface eth-trunk 1 [SeGWA-Eth-Trunk1] mode lacp-static [SeGWA-Eth-Trunk1] trunkport GigabitEthernet 1/0/0 to 1/0/1 [SeGWA-Eth-Trunk1] ip address 10.5.1.3 24 float master [SeGWA-Eth-Trunk1] quit [SeGWA] interface eth-trunk 2 [SeGWA-Eth-Trunk2] mode lacp-static [SeGWA-Eth-Trunk2] trunkport GigabitEthernet 2/0/0 to 2/0/1 [SeGWA-Eth-Trunk2] ip address 10.6.1.3 24 float master [SeGWA-Eth-Trunk2] quit

# 配置SeGW B。

 system-view [USG9000] sysname SeGW B [SeGWB] interface eth-trunk 1 [SeGWB-Eth-Trunk1] mode lacp-static [SeGWB-Eth-Trunk1] trunkport GigabitEthernet 1/0/0 to 1/0/1 [SeGWB-Eth-Trunk1] ip address 10.5.1.3 24 float slave [SeGWB-Eth-Trunk1] quit [SeGWB] interface eth-trunk 2 [SeGWB-Eth-Trunk2] mode lacp-static [SeGWB-Eth-Trunk2] trunkport GigabitEthernet 2/0/0 to 2/0/1 [SeGWB-Eth-Trunk2] ip address 10.6.1.3 24 float slave [SeGWB-Eth-Trunk2] quit

配置SeGW A和SeGW B的心跳接口的IP地址

# 配置SeGW A。

[SeGWA] interface GigabitEthernet 3/0/0 [SeGWA-GigabitEthernet3/0/0] ip address 10.10.0.1 24 [SeGWA-GigabitEthernet3/0/0] quit

# 配置SeGW B。

[SeGWB] interface GigabitEthernet 3/0/0 [SeGWB-GigabitEthernet3/0/0] ip address 10.10.0.2 24 [SeGWB-GigabitEthernet3/0/0] quit

将SeGW A和SeGW B的上行业务接口加入untrust区域，下行业务接口加入trust区域，心跳口加入dmz区域。

# 配置SeGW A。

[SeGWA] firewall zone untrust [SeGWA-zone-untrust] add interface eth-trunk 2 [SeGWA-zone-untrust] quit [SeGWA] firewall zone trust [SeGWA-zone-trust] add interface eth-trunk 1 [SeGWA-zone-trust] quit [SeGWA] firewall zone dmz [SeGWA-zone-dmz] add interface GigabitEthernet 3/0/0 [SeGWA-zone-dmz] quit

# 配置SeGW B。

[SeGWB] firewall zone untrust [SeGWB-zone-untrust] add interface eth-trunk 2 [SeGWB-zone-untrust] quit [SeGWB] firewall zone trust [SeGWB-zone-trust] add interface eth-trunk 1 [SeGWB-zone-trust] quit [SeGWB] firewall zone dmz [SeGWB-zone-dmz] add interface GigabitEthernet 3/0/0 [SeGWB-zone-dmz] quit

指定心跳接口，启用双机热备。

# 配置SeGW A。

[SeGWA] hrp interface GigabitEthernet 3/0/0 remote 10.10.0.2 [SeGWA] hrp enable

# 配置SeGW B。

[SeGWB] hrp interface GigabitEthernet 3/0/0 remote 10.10.0.1 [SeGWB] hrp enable

配置静态路由，分别指定防火墙上行流量的下一跳和下行流量的下一跳。

# 配置SeGW A。

[SeGWA] ip route-static 0.0.0.0 24 10.6.1.111 [SeGWA] ip route-static 10.20.20.0 24 10.5.1.111

# 配置SeGW B。

[SeGWB] ip route-static 0.0.0.0 24 10.6.1.111 [SeGWB] ip route-static 10.20.20.0 24 10.5.1.111

双机热备功能配置完成后，需要在SeGW A上配置安全策略、IPS、攻击防范等安全功能。SeGW A的配置会自动备份到SeGW B。具体配置请参考安全网关设备的相关资料，这里不做具体介绍。

在VS2、VS4、SwitchE和SwitchF上使能OSPF

配置VS2、VS4、SwitchE和SwitchF上的接口加入VLAN及对应VLANIF接口的IP地址。

# 配置VS2。

 switch virtual-system vs2  system-view [~SwitchC-vs2] vlan batch 200 300 [*SwitchC-vs2] interface 10ge 1/0/31 [*SwitchC-vs2-10GE1/0/31] port link-type trunk [*SwitchC-vs2-10GE1/0/31] port trunk allow-pass vlan 200 [*SwitchC-vs2-10GE1/0/31] quit [*SwitchC-vs2] interface vlanif 200 [*SwitchC-vs2-Vlanif200] ip address 10.8.1.1 24 [*SwitchC-vs2-Vlanif200] quit [*SwitchC-vs2] interface vlanif 300 [*SwitchC-vs2-Vlanif300] ip address 10.11.1.1 24 [*SwitchC-vs2-Vlanif300] quit [*SwitchC-vs2] commit [~SwitchC-vs2] quit

# 配置VS4。

 switch virtual-system vs4  system-view [~SwitchD-vs4] vlan batch 210 300 [*SwitchD-vs4] interface 10ge 1/0/31 [*SwitchD-vs4-10GE1/0/31] port link-type trunk [*SwitchD-vs4-10GE1/0/31] port trunk allow-pass vlan 210 [*SwitchD-vs4-10GE1/0/31] quit [*SwitchD-vs4] interface vlanif 210 [*SwitchD-vs4-Vlanif210] ip address 10.9.1.1 24 [*SwitchD-vs4-Vlanif210] quit [*SwitchD-vs4] interface vlanif 300 [*SwitchD-vs4-Vlanif300] ip address 10.11.1.2 24 [*SwitchD-vs4-Vlanif300] quit [*SwitchD-vs4] commit [~SwitchD-vs4] quit

# 配置SwitchE。

<HUAWEI> system-view [~HUAWEI] sysname SwitchE [*HUAWEI] commit [~SwitchE] vlan batch 200 400 [*SwitchE] interface 10ge 1/0/1 [*SwitchE-10GE1/0/1] port link-type trunk [*SwitchE-10GE1/0/1] port trunk allow-pass vlan 200 [*SwitchE-10GE1/0/1] quit [*SwitchE] interface 10ge 1/0/2 [*SwitchE-10GE1/0/2] port link-type trunk [*SwitchE-10GE1/0/2] port trunk allow-pass vlan 400 [*SwitchE-10GE1/0/2] quit [*SwitchE] interface vlanif 200 [*SwitchE-Vlanif200] ip address 10.8.1.2 24 [*SwitchE-Vlanif200] quit [*SwitchE] interface vlanif 400 [*SwitchE-Vlanif400] ip address 10.12.1.1 24 [*SwitchE-Vlanif400] quit [*SwitchE] commit

# 配置SwitchF。

<HUAWEI> system-view [~HUAWEI] sysname SwitchF [*HUAWEI] commit [~SwitchF] vlan batch 210 400 [*SwitchF] interface 10ge 1/0/1 [*SwitchF-10GE1/0/1] port link-type trunk [*SwitchF-10GE1/0/1] port trunk allow-pass vlan 210 [*SwitchF-10GE1/0/1] quit [*SwitchF] interface 10ge 1/0/2 [*SwitchF-10GE1/0/2] port link-type trunk [*SwitchF-10GE1/0/2] port trunk allow-pass vlan 400 [*SwitchF-10GE1/0/2] quit [*SwitchF] interface vlanif 210 [*SwitchF-Vlanif210] ip address 10.9.1.2 24 [*SwitchF-Vlanif210] quit [*SwitchF] interface vlanif 400 [*SwitchF-Vlanif400] ip address 10.12.1.2 24 [*SwitchF-Vlanif400] quit [*SwitchF] commit

配置VS2、VS4、SwitchE和SwitchF的OSFP功能，使三层可以通信。

# 配置VS2。

 switch virtual-system vs2  system-view [~SwitchC-vs2] ospf 1 [*SwitchC-vs2-ospf-1] area 0 [*SwitchC-vs2-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255 [*SwitchC-vs2-ospf-1-area-0.0.0.0] network 10.6.1.0 0.0.0.255 [*SwitchC-vs2-ospf-1-area-0.0.0.0] network 10.8.1.0 0.0.0.255 [*SwitchC-vs2-ospf-1-area-0.0.0.0] network 10.11.1.0 0.0.0.255 [*SwitchC-vs2-ospf-1-area-0.0.0.0] quit [*SwitchC-vs2-ospf-1] quit [*SwitchC-vs2] commit [~SwitchC-vs2] quit

# 配置VS4。

 switch virtual-system vs4  system-view [~SwitchD-vs4] ospf 1 [*SwitchD-vs4-ospf-1] area 0 [*SwitchD-vs4-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255 [*SwitchD-vs4-ospf-1-area-0.0.0.0] network 10.6.1.0 0.0.0.255 [*SwitchD-vs4-ospf-1-area-0.0.0.0] network 10.9.1.0 0.0.0.255 [*SwitchD-vs4-ospf-1-area-0.0.0.0] network 10.11.1.0 0.0.0.255 [*SwitchD-vs4-ospf-1-area-0.0.0.0] quit [*SwitchD-vs4-ospf-1] quit [*SwitchD-vs4] commit [~SwitchD-vs4] quit

# 配置SwitchE。

[~SwitchE] ospf 1 [*SwitchE-ospf-1] area 0 [*SwitchE-ospf-1-area-0.0.0.0] network 10.8.1.0 0.0.0.255 [*SwitchE-ospf-1-area-0.0.0.0] network 10.12.1.0 0.0.0.255 [*SwitchE-ospf-1-area-0.0.0.0] quit [*SwitchE-ospf-1] quit [*SwitchE] commit

# 配置SwitchF。

[~SwitchF] ospf 1 [*SwitchF-ospf-1] area 0 [*SwitchF-ospf-1-area-0.0.0.0] network 10.9.1.0 0.0.0.255 [*SwitchF-ospf-1-area-0.0.0.0] network 10.12.1.0 0.0.0.255 [*SwitchF-ospf-1-area-0.0.0.0] quit [*SwitchF-ospf-1] quit [*SwitchF] commit

验证配置结果

执行命令display dfs-group，查看M-LAG的相关信息。

# 查看DFS Group编号为1的M-LAG信息。（这里以SwitchA和SwitchB组成的M-LAG为例，VS1和VS3、VS2和VS4类似）

[~SwitchA] display dfs-group 1 m-lag *                : Local node                                                                                                       
Heart beat state : OK Node 1 *                                                                                                                            
  Dfs-Group ID   : 1                                                                                                                
  Priority       : 150                                                                                                              
  Address        : ip address 10.1.1.1                                                                                              
  State          : Master Causation      : -                                                                                                                
  System ID      : 0025-9e95-7c31                                                                                                   
  SysName        : SwitchA                                                                                                              
  Version        :                                                                                                       
  Device Type    : CE12800                                                                                                          
Node 2                                                                                                                              
  Dfs-Group ID   : 1                                                                                                                
  Priority       : 120                                                                                                              
  Address        : ip address 10.1.1.2                                                                                              
  State          : Backup Causation      : -                                                                                                                
  System ID      : 0025-9e95-7c11                                                                                                   
  SysName        : SwitchB                                                                                                              
  Version        :                                                                                                       
  Device Type    : CE12800

# 查看SwitchA上的M-LAG信息。

[~SwitchA] display dfs-group 1 node 1 m-lag brief * - Local node

M-Lag ID     Interface      Port State    Status                                                                                     
       1     Eth-Trunk 10 Up active(*)-active  
       2     Eth-Trunk 20 Up active(*)-active

通过以上显示信息可以看到，“Heart beat state”的状态是“OK”，表明心跳状态正常；SwitchA作为Node 1，优先级为150，“State”的状态是“Master”；SwitchB作为Node 2，优先级为120，“State”的状态是“Backup”。同时“Causation”的状态是“-”，Node 1的“Port State”状态为“Up”，Node 2的“Port State”状态为“Up”，且Node 1和Node 2的M-LAG状态均为“active”，表明M-LAG的配置正确。

在VS1和VS3上分别执行display vrrp命令，可以看到VS1和VS3在备份组中的状态均为Master。

 switch virtual-system vs1  display vrrp verbose Vlanif11 | Virtual Router 1 State        : Master Virtual IP     : 10.4.1.111
Master IP      : 10.4.1.1
PriorityRun    : 100
PriorityConfig : 100                                                        
MasterPriority : 100                                                        
Preempt        : YES   Delay Time : 0s    Remain : --    
TimerRun       : 1s                                                              
TimerConfig    : 1s                                                           
Auth Type      : NONE                                                            
Virtual MAC    : 0000-5e00-0101                                                
Check TTL      : YES                                                             
Config Type    : Normal                                                   
Create Time       : 2015-03-20 11:39:18                                           
Last Change Time  : 2015-03-25 11:38:58 

Vlanif20 | Virtual Router 2 State        : Master Virtual IP     : 10.5.1.111
Master IP      : 10.5.1.1
PriorityRun    : 100
PriorityConfig : 100                                                        
MasterPriority : 100                                                        
Preempt        : YES   Delay Time : 0s    Remain : --    
TimerRun       : 1s                                                              
TimerConfig    : 1s                                                           
Auth Type      : NONE                                                            
Virtual MAC    : 0000-5e00-0101                                                
Check TTL      : YES                                                             
Config Type    : Normal                                                   
Create Time       : 2015-03-20 11:39:18                                           
Last Change Time  : 2015-03-25 11:38:58

 switch virtual-system vs3  display vrrp verbose Vlanif11 | Virtual Router 1 State        : Master Virtual IP     : 10.4.1.111
Master IP      : 10.4.1.2
PriorityRun    : 100
PriorityConfig : 100                                                        
MasterPriority : 100                                                        
Preempt        : YES   Delay Time : 0s   Remain : --     
TimerRun       : 1s                                                        
TimerConfig    : 1s                                                        
Auth Type      : NONE                                                       
Virtual MAC    : 0000-5e00-0101                                             
Check TTL      : YES                                                        
Config Type    : Normal                                                
Create Time      : 2015-03-20 11:39:18                                      
Last Change Time : 2015-03-25 11:38:58 

Vlanif20 | Virtual Router 2 State        : Master Virtual IP     : 10.5.1.111
Master IP      : 10.5.1.2
PriorityRun    : 100
PriorityConfig : 100                                                        
MasterPriority : 100                                                        
Preempt        : YES   Delay Time : 0s   Remain : --     
TimerRun       : 1s                                                        
TimerConfig    : 1s                                                        
Auth Type      : NONE                                                       
Virtual MAC    : 0000-5e00-0101                                             
Check TTL      : YES                                                        
Config Type    : Normal                                                
Create Time      : 2015-03-20 11:39:18                                      
Last Change Time : 2015-03-25 11:38:58

在VS2和VS4上分别执行display vrrp命令，可以看到VS2和VS4在备份组中的状态均为Master。

 switch virtual-system vs2  display vrrp verbose Vlanif30 | Virtual Router 1 State        : Master Virtual IP     : 10.6.1.111
Master IP      : 10.6.1.1
PriorityRun    : 100
PriorityConfig : 100                                                        
MasterPriority : 100                                                        
Preempt        : YES   Delay Time : 0s    Remain : --    
TimerRun       : 1s                                                              
TimerConfig    : 1s                                                           
Auth Type      : NONE                                                            
Virtual MAC    : 0000-5e00-0102                                                
Check TTL      : YES                                                             
Config Type    : Normal                                                   
Create Time       : 2015-03-20 11:39:18                                           
Last Change Time  : 2015-03-25 11:38:58

 switch virtual-system vs4  display vrrp verbose Vlanif30 | Virtual Router 1 State        : Master Virtual IP     : 10.6.1.111
Master IP      : 10.6.1.2
PriorityRun    : 100
PriorityConfig : 100                                                        
MasterPriority : 100                                                        
Preempt        : YES   Delay Time : 0s   Remain : --     
TimerRun       : 1s                                                        
TimerConfig    : 1s                                                        
Auth Type      : NONE                                                       
Virtual MAC    : 0000-5e00-0102                                             
Check TTL      : YES                                                        
Config Type    : Normal                                                
Create Time      : 2015-03-20 11:39:18                                      
Last Change Time : 2015-03-25 11:38:58

在SeGW A上执行display hrp state命令，检查当前HRP的状态，显示以下信息表示HRP建立成功。

HRP_M[SeGWA] display hrp state  Role: active, peer: active  Running priority: 51008, peer: 51008  Core state: normal, peer: normal Backup channel usage: 0%                                                       
 Stable time: 0 days, 18 hours, 41 minutes

配置文件

SwitchA的配置文件

#
sysname SwitchA
#
dfs-group 1
 priority 150
 source ip 10.1.1.1
 m-lag up-delay 30
#
vlan batch 11
#
stp v-stp enable
stp mode rstp
#
interface MEth0/0/0
 ip address 10.1.1.1 255.255.255.0
#
interface Eth-Trunk0
 mode lacp-static
 peer-link 1
#
interface Eth-Trunk10
 port default vlan 11
 mode lacp-dynamic
 dfs-group 1 m-lag 1
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0000
#
interface Eth-Trunk20
 port link-type trunk
 port trunk allow-pass vlan 11
 mode lacp-static
 dfs-group 1 m-lag 2
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0000
#
interface 10GE1/0/1
 eth-trunk 10
#
interface 10GE1/0/4
 eth-trunk 0
#
interface 10GE1/0/5
 eth-trunk 0
#
interface 10GE1/0/6
 eth-trunk 20
#
interface 10GE1/0/7
 eth-trunk 20
#
return

SwitchB的配置文件

#
sysname SwitchB
#
dfs-group 1
 priority 120
 source ip 10.1.1.2
 m-lag up-delay 30
#
vlan batch 11
#
stp v-stp enable
stp mode rstp
#
interface MEth0/0/0
 ip address 10.1.1.2 255.255.255.0
#
interface Eth-Trunk0
 mode lacp-static
 peer-link 1
#
interface Eth-Trunk10
 port default vlan 11
 mode lacp-dynamic
 dfs-group 1 m-lag 1
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0000
#
interface Eth-Trunk20
 port link-type trunk
 port trunk allow-pass vlan 11
 mode lacp-static
 dfs-group 1 m-lag 2
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0000
#
interface 10GE1/0/1
 eth-trunk 10
#
interface 10GE1/0/4
 eth-trunk 0
#
interface 10GE1/0/5
 eth-trunk 0
#
interface 10GE1/0/6
 eth-trunk 20
#
interface 10GE1/0/7
 eth-trunk 20
#
return

SwitchC的配置文件

#
sysname SwitchC
#
admin
 virtual-system vs1 
  port-mode group
  resource u4route upper-limit 60000
  resource m4route upper-limit 1000
  resource u6route upper-limit 16000
  resource m6route upper-limit 100
  resource vlan upper-limit 4063
  resource mpls enable
  resource trill enable
  resource mcast enable
  resource vpn-instance upper-limit 4096
  resource cpu weight 5
  resource memory ratio-threshold 100
  assign interface 10GE1/0/0
  assign interface 10GE1/0/1
  assign interface 10GE1/0/2
  assign interface 10GE1/0/3
  assign interface 10GE1/0/4
  assign interface 10GE1/0/5
  assign interface 10GE1/0/6
  assign interface 10GE1/0/7
  assign interface 10GE1/0/8
  assign interface 10GE1/0/9
  assign interface 10GE1/0/10
  assign interface 10GE1/0/11
  assign interface 10GE1/0/12
  assign interface 10GE1/0/13
  assign interface 10GE1/0/14
  assign interface 10GE1/0/15
  assign interface 10GE1/0/16
  assign interface 10GE1/0/17
  assign interface 10GE1/0/18
  assign interface 10GE1/0/19
  assign interface 10GE1/0/20
  assign interface 10GE1/0/21
  assign interface 10GE1/0/22
  assign interface 10GE1/0/23
 virtual-system vs2 
  port-mode group
  resource u4route upper-limit 60000
  resource m4route upper-limit 1000
  resource u6route upper-limit 16000
  resource m6route upper-limit 100
  resource vlan upper-limit 4063
  resource mpls enable
  resource trill enable
  resource mcast enable
  resource vpn-instance upper-limit 4096
  resource cpu weight 5
  resource memory ratio-threshold 100
  assign interface 10GE1/0/24
  assign interface 10GE1/0/25
  assign interface 10GE1/0/26
  assign interface 10GE1/0/27
  assign interface 10GE1/0/28
  assign interface 10GE1/0/29
  assign interface 10GE1/0/30
  assign interface 10GE1/0/31
  assign interface 10GE1/0/32
  assign interface 10GE1/0/33
  assign interface 10GE1/0/34
  assign interface 10GE1/0/35
  assign interface 10GE1/0/36
  assign interface 10GE1/0/37
  assign interface 10GE1/0/38
  assign interface 10GE1/0/39
  assign interface 10GE1/0/40
  assign interface 10GE1/0/41
  assign interface 10GE1/0/42
  assign interface 10GE1/0/43
  assign interface 10GE1/0/44
  assign interface 10GE1/0/45
  assign interface 10GE1/0/46
  assign interface 10GE1/0/47
#
return

SwitchD的配置文件

#
sysname SwitchD
#
admin
 virtual-system vs3 
  port-mode group
  resource u4route upper-limit 60000
  resource m4route upper-limit 1000
  resource u6route upper-limit 16000
  resource m6route upper-limit 100
  resource vlan upper-limit 4063
  resource mpls enable
  resource trill enable
  resource mcast enable
  resource vpn-instance upper-limit 4096
  resource cpu weight 5
  resource memory ratio-threshold 100
  assign interface 10GE1/0/0
  assign interface 10GE1/0/1
  assign interface 10GE1/0/2
  assign interface 10GE1/0/3
  assign interface 10GE1/0/4
  assign interface 10GE1/0/5
  assign interface 10GE1/0/6
  assign interface 10GE1/0/7
  assign interface 10GE1/0/8
  assign interface 10GE1/0/9
  assign interface 10GE1/0/10
  assign interface 10GE1/0/11
  assign interface 10GE1/0/12
  assign interface 10GE1/0/13
  assign interface 10GE1/0/14
  assign interface 10GE1/0/15
  assign interface 10GE1/0/16
  assign interface 10GE1/0/17
  assign interface 10GE1/0/18
  assign interface 10GE1/0/19
  assign interface 10GE1/0/20
  assign interface 10GE1/0/21
  assign interface 10GE1/0/22
  assign interface 10GE1/0/23
 virtual-system vs4 
  port-mode group
  resource u4route upper-limit 60000
  resource m4route upper-limit 1000
  resource u6route upper-limit 16000
  resource m6route upper-limit 100
  resource vlan upper-limit 4063
  resource mpls enable
  resource trill enable
  resource mcast enable
  resource vpn-instance upper-limit 4096
  resource cpu weight 5
  resource memory ratio-threshold 100
  assign interface 10GE1/0/24
  assign interface 10GE1/0/25
  assign interface 10GE1/0/26
  assign interface 10GE1/0/27
  assign interface 10GE1/0/28
  assign interface 10GE1/0/29
  assign interface 10GE1/0/30
  assign interface 10GE1/0/31
  assign interface 10GE1/0/32
  assign interface 10GE1/0/33
  assign interface 10GE1/0/34
  assign interface 10GE1/0/35
  assign interface 10GE1/0/36
  assign interface 10GE1/0/37
  assign interface 10GE1/0/38
  assign interface 10GE1/0/39
  assign interface 10GE1/0/40
  assign interface 10GE1/0/41
  assign interface 10GE1/0/42
  assign interface 10GE1/0/43
  assign interface 10GE1/0/44
  assign interface 10GE1/0/45
  assign interface 10GE1/0/46
  assign interface 10GE1/0/47
#
return

VS1的配置文件

#
sysname vs1
#
dfs-group 1
 priority 150
 source ip 10.2.1.1
 m-lag up-delay 30
#
vlan batch 11 20
#
stp v-stp enable
stp mode rstp
#
interface Vlanif11
 ip address 10.4.1.1 255.255.255.0
 vrrp vrid 1 virtual-ip 10.4.1.111
#
interface Vlanif20
 ip address 10.5.1.1 255.255.255.0
 vrrp vrid 2 virtual-ip 10.5.1.111
#
interface MEth0/0/0
 ip address 10.2.1.1 255.255.255.0
#
interface Eth-Trunk0
 mode lacp-static
 peer-link 1
#
interface Eth-Trunk30
 port link-type trunk
 port trunk allow-pass vlan 11
 mode lacp-static
 dfs-group 1 m-lag 1
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0001
#
interface Eth-Trunk40
 port link-type trunk
 port trunk allow-pass vlan 20
 mode lacp-static
 dfs-group 1 m-lag 2
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0001
#
interface Eth-Trunk50
 port link-type trunk
 port trunk allow-pass vlan 20
 mode lacp-static
 dfs-group 1 m-lag 3
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0001
#
interface 10GE1/0/1
 eth-trunk 30
#
interface 10GE1/0/2
 eth-trunk 30
#
interface 10GE1/0/3
 eth-trunk 0
#
interface 10GE1/0/4
 eth-trunk 0
#
interface 10GE1/0/5
 eth-trunk 40
#
interface 10GE1/0/6
 eth-trunk 50
#
ip route-static 0.0.0.0 0.0.0.0 10.5.1.3
#
return

VS2的配置文件

#
sysname vs2
#
dfs-group 1
 priority 150
 source ip 10.3.1.1
 m-lag up-delay 30
#
vlan batch 30 200 300
#
stp v-stp enable
stp mode rstp
#
interface Vlanif30
 ip address 10.6.1.1 255.255.255.0
 vrrp vrid 1 virtual-ip 10.6.1.111
#
interface Vlanif200
 ip address 10.8.1.1 255.255.255.0
#
interface Vlanif300
 ip address 10.11.1.1 255.255.255.0
#
interface MEth0/0/0
 ip address 10.3.1.1 255.255.255.0
#
interface Eth-Trunk0
 mode lacp-static
 peer-link 1
#
interface Eth-Trunk60
 port link-type trunk
 port trunk allow-pass vlan 30
 mode lacp-static
 dfs-group 1 m-lag 2
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0002
#
interface Eth-Trunk70
 port link-type trunk
 port trunk allow-pass vlan 30
 mode lacp-static
 dfs-group 1 m-lag 3
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0002
#
interface 10GE1/0/31
 port link-type trunk
 port trunk allow-pass vlan 200
#
interface 10GE1/0/32
 eth-trunk 0
#
interface 10GE1/0/33
 eth-trunk 0
#
interface 10GE1/0/34
 eth-trunk 60
#
interface 10GE1/0/35
 eth-trunk 70
#
ip route-static 10.20.20.0 255.255.255.0 10.6.1.3
#
ospf 1
 area 0.0.0.0
  network 10.3.1.0 0.0.0.255
  network 10.6.1.0 0.0.0.255
  network 10.8.1.0 0.0.0.255
  network 10.11.1.0 0.0.0.255
#
return

VS3的配置文件

#
sysname vs3
#
dfs-group 1
 priority 120
 source ip 10.2.1.2
 m-lag up-delay 30
#
vlan batch 11 20
#
stp v-stp enable
stp mode rstp
#
interface Vlanif11
 ip address 10.4.1.2 255.255.255.0
 vrrp vrid 1 virtual-ip 10.4.1.111
#
interface Vlanif20
 ip address 10.5.1.2 255.255.255.0
 vrrp vrid 2 virtual-ip 10.5.1.111
#
interface MEth0/0/0
 ip address 10.2.1.2 255.255.255.0
#
interface Eth-Trunk0
 mode lacp-static
 peer-link 1
#
interface Eth-Trunk30
 port link-type trunk
 port trunk allow-pass vlan 11
 mode lacp-static
 dfs-group 1 m-lag 1
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0001
#
interface Eth-Trunk40
 port link-type trunk
 port trunk allow-pass vlan 20
 mode lacp-static
 dfs-group 1 m-lag 2
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0001
#
interface Eth-Trunk50
 port link-type trunk
 port trunk allow-pass vlan 20
 mode lacp-static
 dfs-group 1 m-lag 3
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0001
#
interface 10GE1/0/1
 eth-trunk 30
#
interface 10GE1/0/2
 eth-trunk 30
#
interface 10GE1/0/3
 eth-trunk 0
#
interface 10GE1/0/4
 eth-trunk 0
#
interface 10GE1/0/5
 eth-trunk 40
#
interface 10GE1/0/6
 eth-trunk 50
#
ip route-static 0.0.0.0 0.0.0.0 10.5.1.3
#
return

VS4的配置文件

#
sysname vs4
#
dfs-group 1
 priority 120
 source ip 10.3.1.2
 m-lag up-delay 30
#
vlan batch 30 210 300
#
stp v-stp enable
stp mode rstp
#
interface Vlanif30
 ip address 10.6.1.2 255.255.255.0
 vrrp vrid 1 virtual-ip 10.6.1.111
#
interface Vlanif210
 ip address 10.9.1.1 255.255.255.0
#
interface Vlanif300
 ip address 10.11.1.2 255.255.255.0
#
interface MEth0/0/0
 ip address 10.3.1.2 255.255.255.0
#
interface Eth-Trunk0
 mode lacp-static
 peer-link 1
#
interface Eth-Trunk60
 port link-type trunk
 port trunk allow-pass vlan 30
 mode lacp-static
 dfs-group 1 m-lag 2
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0002
#
interface Eth-Trunk70
 port link-type trunk
 port trunk allow-pass vlan 30
 mode lacp-static
 dfs-group 1 m-lag 3
 lacp m-lag priority 10
 lacp m-lag system-id 00e0-fc00-0002
#
interface 10GE1/0/31
 port link-type trunk
 port trunk allow-pass vlan 210
#
interface 10GE1/0/32
 eth-trunk 0
#
interface 10GE1/0/33
 eth-trunk 0
#
interface 10GE1/0/34
 eth-trunk 60
#
interface 10GE1/0/35
 eth-trunk 70
#
ip route-static 10.20.20.0 255.255.255.0 10.6.1.3
#
ospf 1
 area 0.0.0.0
  network 10.3.1.0 0.0.0.255
  network 10.6.1.0 0.0.0.255
  network 10.9.1.0 0.0.0.255
  network 10.11.1.0 0.0.0.255
#
return

SwitchE的配置文件

#
sysname SwitchE
#
vlan batch 200 400
#
interface Vlanif200
 ip address 10.8.1.2 255.255.255.0
#
interface Vlanif400
 ip address 10.12.1.1 255.255.255.0
#
interface 10GE1/0/1
 port link-type trunk
 port trunk allow-pass vlan 200
#
interface 10GE1/0/2
 port link-type trunk
 port trunk allow-pass vlan 400
#
ospf 1
 area 0.0.0.0
  network 10.8.1.0 0.0.0.255
  network 10.12.1.0 0.0.0.255
#
return

SwitchF的配置文件

#
sysname SwitchF
#
vlan batch 210 400
#
interface Vlanif210
 ip address 10.9.1.2 255.255.255.0
#
interface Vlanif400
 ip address 10.12.1.2 255.255.255.0
#
interface 10GE1/0/1
 port link-type trunk
 port trunk allow-pass vlan 210
#
interface 10GE1/0/2
 port link-type trunk
 port trunk allow-pass vlan 400
#
ospf 1
 area 0.0.0.0
  network 10.9.1.0 0.0.0.255
  network 10.12.1.0 0.0.0.255
#
return

阅读(2254) | 评论(0) | 转发(0) |

上一篇：二层网络规划，说说你们现在常用的二层技术

下一篇：VXLAN学习整理

给主人留下些什么吧！~~

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6