SA与Cisco 端口聚合配置案例
这些日子在一个用户那边部署的时候碰到Cisco交换机和SA端口汇聚,折腾了一番才找到了解决方法,拿出来跟大家一起分享,以免后续碰到类似的问题时别在浪费时间了。
拓扑
消防宣传片拓扑比较简单,如下图所示。
Cisco交换机上配置
interface Port-channel1
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/1
switchport access vlan 10
switchport mode access
channel-group 1 mode on
!
interface GigabitEthernet1/0/2
switchport access vlan 10
switchport mode access
channel-group 1 mode on
!
interface Vlan10
ip address 192.168.2.2 255.255.255.0
!
SA上面的配置
interface aggregate1
zone "trust"
ip address 192.168.2.1 255.255.255.0
manage ping
拱手让人 manage https
exit
interface ethernet0/9
aggregate aggregate1
exit
interface ethernet0/10
aggregate aggregate1
exit
测试结果:
两边互相ping对方地址,任意一条线路断开都不会丢包
Cisco交换机上的测试
Switch#
01:19:17: %SYS-5-CONFIG_I: Configured from console by consoleping
Protocol [ip]:
Target IP address:
% Bad IP address
Switch#ping 192.168.2.1
Type escape quence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 conds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#ping 192.168.2.1
Type escape quence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 conds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
Switch#
01:19:36: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/2, changed state to down
01:19:37: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/2, changed state to downping 192.168.2.1
Type escape quence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 conds:
!
!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#ping 192.168.2.1
Type escape quence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 conds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#
01:19:52: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/2, changed state to up
01:19:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/2, changed state to up
01:19:57: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
01:19:58: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
Switch#ping 192.168.2.1
Type escape quence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 conds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
Switch#ping 192.168.2.1
Type escape quence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 conds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#ping 192.168.2.1
Type escape quence to abort.东史郎日记
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 conds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#
小说重生文01:20:16: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up
01:20:17: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to up
Switch#ping 192.168.2.1
Type escape quence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 conds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#
上帝的英文
SA上的测试
sa# ping 192.168.2.2
Sending ICMP packets to 192.168.2.2
Seq ttl time(ms)
1 255 0.492
2 255 0.471
3 255 0.477
4 255 0.465
5 255 0.478
6 255 0.476
7 255 0.467
8 255 0.488
9 255 0.475
10 255 0.488
11 255 0.475
12 255 0.498
13 255 0.493
14 255 0.471
15 255 1.22
16 255 0.478
17 255 0.468
18 255 0.466
19 255 0.486
20 255 1.62
21 255 0.488
22 255 0.481
23 255 0.465
24 255 0.472
25 255 0.462
26 255 0.463
27 255 0.486
28 255 0.491
29 255 0.485
statistics:
29 packets nt, 29 received, 0% packet loss, time 28000ms
rtt min/avg/max/mdev = 0.462/0.543/1.625/0.246 ms
sa# 2007-08-27 21:51:21, CRIT@NET: interface ethernet0/10 turn to physical down
2007-08-27 21:51:31, CRIT@NET: interface ethernet0/10 turn to physical up
2007-08-27 21:51:34, CRIT@NET: interface ethernet0/9 turn to physical down
2007-08-27 21:51:42, CRIT@NET: interface ethernet0/9 turn to physical up
做梦生男孩原理分析
1、Cisco交换机的端口汇聚功能支持三种协议——pagp、lacp和端口强制(不带任何协议),其中pagp是Cisco专有协议,lacp和端口强制是802.3ad标准中的东东。
2、咱们的SA上只支持802.3ad标准中的端口强制方式。
3、当SA和Juniper、华为交换机、华三交换机、Fortinet端口汇聚互联时,对端的配置都需要配置成端口强制方式才能实现连通。
BTW:由于SA采用的交换芯片功能限制的原因,我们的SA最多支持4个物理端口汇聚。
其他信息
在Cisco交换机上把另外一接口GigabitEthernet1/0/3加入到channel-group 1时。
interface GigabitEthernet1/0/3
switchport access vlan 10
switchport mode access
channel-protocol lacp
Switch(config-if)# channel-group 1 mode on
双鱼座女人Command rejected (Channel protocol mismatch for interface Gi1/0/3 in group 1): the interface can not be added to the channel group
Switch(config-if)# channel-group 1 mode ?
active Enable LACP unconditionally ―――LACP的主动模式
auto Enable PAgP only if a PAgP device is detected ―――PAgP的自动模式
desirable Enable PAgP unconditionally ―――PAgP的强制模式
on Enable Etherchannel only ―――无协议的强制模式(我们需要的)
passive Enable LACP only if a LACP device is detected ―――LACP的被动模式
Switch(config-if)# channel-group 1 mode active
Command rejected (Channel protocol mismatch for interface Gi1/0/3 in group 1): the interface can not be added to the channel group
Switch(config-if)#no channel-protocol lacp
Switch(config-if)#channel-group 1 mode on
Switch(config-if)#channel-protocol lacp
Command rejected (the interface Gi1/0/3 is ): is already part of a channel with a different t
ype of protocol enabled
当GigabitEthernet1/0/1与GigabitEthernet1/0/2都配置成:
channel-protocol lacp
channel-group 1 mode active
也能加入Port-channel1与SA互联时,会经常出现GigabitEthernet1/0/1与GigabitEthernet1/0/2有flapping的提示。
有关Port-channel的相关信息可以用命令:
Show Ethernet-channel summary
Show Ethernet-channel detail (可看到Port-channel非常详细的信息,Cisco的信息很全)
Show Ethernet-channel ***多英文
