SecPath F5000-M想要配置链路聚合,求产品文档和配置案例
SecPath F5000-M想要配置链路聚合,求产品文档和配置案例
(0)
目 录
(0)
可以参考官网配置案例:02-以太网链路聚合配置-新华三集团-H3C
通过将Device A与Device B之间的链路进行聚合,有利于设备间通信链路的相互备份和增加通信带宽。
图1-4 二层静态聚合配置组网图
Device B的配置与Device A相似,下面仅以Device A为例。
(1) 配置以太网接口的工作模式
# 使接口GigabitEthernet1/0/1至GigabitEthernet1/0/4工作在二层模式下。
<DeviceA> system-view
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/4
[DeviceA-if-range] port link-mode bridge
[DeviceA-if-range] quit
(2) 配置VLAN
# 创建VLAN 10,并将端口GigabitEthernet1/0/4加入到VLAN 10中。
[DeviceA] vlan 10
[DeviceA-vlan10] port gigabitethernet 1/0/4
[DeviceA-vlan10] quit
(3) 配置二层静态聚合
# 创建二层聚合接口1为Trunk端口,并允许VLAN 1和10的报文通过。
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 1 10
[DeviceA-Bridge-Aggregation1] quit
# 将端口GigabitEthernet1/0/1至GigabitEthernet1/0/3加入到聚合组1中。
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
(4) 配置以太网接口的链路类型
# 配置GigabitEthernet1/0/1至GigabitEthernet1/0/3为Trunk端口,并允许VLAN 1和VLAN 10的报文通过。
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[DeviceA-if-range] port link-type trunk
[DeviceA-if-range] port trunk permit vlan 1 10
[DeviceA-if-range] quit
(5) 配置接口加入安全域
# 请根据组网图中规划的信息,将接口加入对应的安全域,具体配置步骤如下。
[DeviceA] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/4 vlan 10
[Device-security-zone-Trust] quit
[DeviceA] security-zone name untrust
[Device-security-zone-Untrust] import interface bridge-aggregation 1 vlan 1 10
[Device-security-zone-Untrust] quit
(6) 配置安全策略
配置安全策略放行trust与untrust安全域之间的流量,用于设备之间的互通。
# 配置名称为trust-untrust的安全策略,使trust的安全域到untrust的安全域的报文可通。
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name trust-untrust
[DeviceA-security-policy-ip-0-trust-untrust] action pass
[DeviceA-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceA-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceA-security-policy-ip-0-trust-untrust] quit
[DeviceA-security-policy-ip] quit
# 配置名称为untrust-trust的安全策略,使untrust的安全域到trust的安全域的报文可通。
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name untrust-trust
[DeviceA-security-policy-ip-1-untrust-trust] action pass
[DeviceA-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceA-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceA-security-policy-ip-1-untrust-trust] quit
[DeviceA-security-policy-ip] quit
# 查看Device A上所有聚合组的详细信息。
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1
GE1/0/2 S 32768 1
GE1/0/3 S 32768 1
以上信息表明,聚合组1为负载分担类型的二层静态聚合组,包含有三个选中端口。
通过将Device A与Device B之间的链路进行聚合,有利于设备间通信链路的相互备份和增加通信带宽。
图1-5 二层动态聚合配置组网图
Device B的配置与Device A相似,下面仅以Device A为例。
(1) 配置以太网接口的工作模式
# 使接口GigabitEthernet1/0/1至GigabitEthernet1/0/4工作在二层模式下。
<DeviceA> system-view
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/4
[DeviceA-if-range] port link-mode bridge
[DeviceA-if-range] quit
(2) 配置VLAN
# 创建VLAN 10,并将端口GigabitEthernet1/0/4加入到VLAN 10中。
[DeviceA] vlan 10
[DeviceA-vlan10] port gigabitethernet 1/0/4
[DeviceA-vlan10] quit
(3) 配置二层动态聚合
# 创建二层聚合接口1为Trunk端口,允许VLAN 1和10的报文通过,并配置该接口为动态聚合模式。
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 1 10
[DeviceA-Bridge-Aggregation1] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation1] quit
# 将端口GigabitEthernet1/0/1至GigabitEthernet1/0/3加入到聚合组1中。
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
(4) 配置以太网接口的链路类型
# 配置GigabitEthernet1/0/1至GigabitEthernet1/0/3为Trunk端口,并允许VLAN 1和VLAN 10的报文通过。
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[DeviceA-if-range] port link-type trunk
[DeviceA-if-range] port trunk permit vlan 1 10
[DeviceA-if-range] quit
(5) 配置接口加入安全域
# 请根据组网图中规划的信息,将接口加入对应的安全域,具体配置步骤如下。
[DeviceA] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/4 vlan 10
[Device-security-zone-Trust] quit
[DeviceA] security-zone name untrust
[Device-security-zone-Untrust] import interface bridge-aggregation 1 vlan 1 10
[Device-security-zone-Untrust] quit
(6) 配置安全策略
配置安全策略放行trust与untrust安全域之间的流量,用于设备之间的互通。
# 配置名称为trust-untrust的安全策略,使trust的安全域到untrust的安全域的报文可通。
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name trust-untrust
[DeviceA-security-policy-ip-0-trust-untrust] action pass
[DeviceA-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceA-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceA-security-policy-ip-0-trust-untrust] quit
[DeviceA-security-policy-ip] quit
# 配置名称为untrust-trust的安全策略,使untrust的安全域到trust的安全域的报文可通。
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name untrust-trust
[DeviceA-security-policy-ip-1-untrust-trust] action pass
[DeviceA-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceA-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceA-security-policy-ip-1-untrust-trust] quit
[DeviceA-security-policy-ip] quit
# 查看Device A上所有聚合组的详细信息。
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Creation Mode: Manual
Aggregation Mode: Dynamic
Loadsharing Type: Shar
System ID: 0x8000, 000f-e267-6c6a
Local:
Port Status Priority Oper-Key Flag
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1 {ACDEF}
GE1/0/2 S 32768 1 {ACDEF}
GE1/0/3 S 32768 1 {ACDEF}
Remote:
Actor Partner Priority Oper-Key SystemID Flag
--------------------------------------------------------------------------------
GE1/0/1 1 32768 1 0x8000, 000f-e267-57ad {ACDEF}
GE1/0/2 2 32768 1 0x8000, 000f-e267-57ad {ACDEF}
GE1/0/3 3 32768 1 0x8000, 000f-e267-57ad {ACDEF}
以上信息表明,聚合组1为负载分担类型的二层动态聚合组,包含有三个选中端口。
通过将Device A与Device B之间的链路进行聚合,有利于设备间通信链路的相互备份和增加通信带宽。通过在不同聚合组内配置不同的负载分担方式,来实现数据流量在各成员端口间的负载分担。
二层聚合负载分担配置组网图
Device B的配置与Device A相似,下面仅以Device A为例。
(1) 配置以太网接口的工作模式
# 使接口GigabitEthernet1/0/1至GigabitEthernet1/0/5工作在二层模式下。
<DeviceA> system-view
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/5
[DeviceA-if-range] port link-mode bridge
[DeviceA-if-range] quit
(2) 配置VLAN
# 创建VLAN 10,并将端口GigabitEthernet1/0/5加入到VLAN 10中。
[DeviceA] vlan 10
[DeviceA-vlan10] port gigabitethernet 1/0/5
[DeviceA-vlan10] quit
(3) 配置二层聚合组
# 创建二层聚合接口1为Trunk端口,允许VLAN 1和10的报文通过,并配置该接口对应的聚合组内按照源MAC地址进行聚合负载分担。
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 1 10
[DeviceA-Bridge-Aggregation1] link-aggregation load-sharing mode source-mac
[DeviceA-Bridge-Aggregation1] quit
# 将端口GigabitEthernet1/0/1至GigabitEthernet1/0/2加入到聚合组1中。
[DeviceA] interface range GigabitEthernet1/0/1 to GigabitEthernet1/0/2
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
# 创建二层聚合接口2为Trunk端口,允许VLAN 1和10的报文通过,并配置该接口对应的聚合组内按照目的MAC地址进行聚合负载分担。
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan 1 10
[DeviceA-Bridge-Aggregation1] link-aggregation load-sharing mode destination-mac
[DeviceA-Bridge-Aggregation1] quit
# 将端口GigabitEthernet1/0/3至GigabitEthernet1/0/4加入到聚合组2中。
[DeviceA] interface range gigabitethernet 1/0/3to gigabitethernet 1/0/4
[DeviceA-if-range] port link-aggregation group 2
[DeviceA-if-range] quit
(4) 配置以太网接口的链路类型
# 配置GigabitEthernet1/0/1至GigabitEthernet1/0/4为Trunk端口,并允许VLAN 1和VLAN 10的报文通过。
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/4
[DeviceA-if-range] port link-type trunk
[DeviceA-if-range] port trunk permit vlan 1 10
[DeviceA-if-range] quit
(5) 配置接口加入安全域
# 请根据组网图中规划的信息,将接口加入对应的安全域,具体配置步骤如下。
[DeviceA] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/5 vlan 10
[Device-security-zone-Trust] quit
[DeviceA] security-zone name untrust
[Device-security-zone-Untrust] import interface bridge-aggregation 1 vlan 1 10
[Device-security-zone-Untrust] import interface bridge-aggregation 2 vlan 1 10
[Device-security-zone-Untrust] quit
(6) 配置安全策略
配置安全策略放行trust与untrust安全域之间的流量,用于设备之间的互通。
# 配置名称为trust-untrust的安全策略,使trust的安全域到untrust的安全域的报文可通。
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name trust-untrust
[DeviceA-security-policy-ip-0-trust-untrust] action pass
[DeviceA-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceA-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceA-security-policy-ip-0-trust-untrust] quit
[DeviceA-security-policy-ip] quit
# 配置名称为untrust-trust的安全策略,使untrust的安全域到trust的安全域的报文可通。
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name untrust-trust
[DeviceA-security-policy-ip-1-untrust-trust] action pass
[DeviceA-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceA-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceA-security-policy-ip-1-untrust-trust] quit
[DeviceA-security-policy-ip] quit
# 查看Device A上所有聚合组的详细信息。
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1
GE1/0/2 S 32768 1
Aggregate Interface: Bridge-Aggregation2
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/3 S 32768 2
GE1/0/4 S 32768 2
以上信息表明,聚合组1和聚合组2都是负载分担类型的二层静态聚合组,各包含有两个选中端口。
# 查看Device A上所有聚合接口所对应聚合组内采用的聚合负载分担类型。
[DeviceA] display link-aggregation load-sharing mode interface
Bridge-Aggregation1 Load-Sharing Mode:
source-mac address
Bridge-Aggregation2 Load-Sharing Mode:
destination-mac address
以上信息表明,二层聚合组1按照报文的源MAC地址进行聚合负载分担,二层聚合组2按照报文的目的MAC地址进行聚合负载分担。
通过将Device A与Device B之间的链路进行聚合,有利于设备间通信链路的相互备份和增加通信带宽。
图1-6 三层静态聚合配置组网图
Device B的配置与Device A相似,下面仅以Device A为例。
(1) 配置三层静态聚合
# 创建三层聚合接口1,并为该接口配置IP地址和子网掩码。
<DeviceA> system-view
[DeviceA] interface route-aggregation 1
[DeviceA-Route-Aggregation1] ip address 192.168.2.1 24
[DeviceA-Route-Aggregation1] quit
# 将端口GigabitEthernet1/0/1至GigabitEthernet1/0/3加入到聚合组1中。
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
(2) 配置接口信息
# 配置GigabitEthernet1/0/4的IP地址为192.168.1.2/24。
[DeviceA] interface gigabitethernet 1/0/4
[DeviceA-GigabitEthernet1/0/4] ip address 192.168.1.2 24
[DeviceA-GigabitEthernet1/0/4] quit
(3) 配置静态路由
# 请根据组网图中规划的信息,配置静态路由,本举例假设到达PC B的下一跳IP地址为192.168.2.2/24,PC B的IP地址为192.168.3.1/24,实际使用中请以具体组网情况为准,具体配置步骤如下。
[DeviceA] ip route-static 192.168.3.1 24 192.168.2.2
(4) 配置接口加入安全域
# 请根据组网图中规划的信息,将接口加入对应的安全域,具体配置步骤如下。
[DeviceA] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/4
[Device-security-zone-Trust] quit
[DeviceA] security-zone name untrust
[Device-security-zone-Untrust] import interface route-aggregation 1
[Device-security-zone-Untrust] quit
(5) 配置安全策略
配置安全策略放行PC A与PC B之间的流量。
# 配置名称为trust-untrust的安全策略,使trust的安全域到untrust的安全域的报文可通。
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name trust-untrust
[DeviceA-security-policy-ip-0-trust-untrust] action pass
[DeviceA-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceA-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceA-security-policy-ip-0-trust-untrust] source-ip-subnet 192.168.1.0 24
[DeviceA-security-policy-ip-0-trust-untrust] destination-ip-subnet 192.168.3.0 24
[DeviceA-security-policy-ip-0-trust-untrust] quit
[DeviceA-security-policy-ip] quit
# 配置名称为untrust-trust的安全策略,使untrust的安全域到trust的安全域的报文可通。
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name untrust-trust
[DeviceA-security-policy-ip-1-untrust-trust] action pass
[DeviceA-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceA-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceA-security-policy-ip-1-untrust-trust] source-ip-subnet 192.168.3.0 24
[DeviceA-security-policy-ip-1-untrust-trust] destination-ip-subnet 192.168.1.0 24
[DeviceA-security-policy-ip-1-untrust-trust] quit
[DeviceA-security-policy-ip] quit
# 查看Device A上所有聚合组的详细信息。
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1
GE1/0/2 S 32768 1
GE1/0/3 S 32768 1
以上信息表明,聚合组1为负载分担类型的三层静态聚合组,包含有三个选中端口。
通过将Device A与Device B之间的链路进行聚合,有利于设备间通信链路的相互备份和增加通信带宽。
图1-7 三层动态聚合配置组网图
Device B的配置与Device A相似,下面仅以Device A为例。
(1) 配置三层动态聚合
# 创建三层聚合接口1,为该接口配置IP地址和子网掩码,并配置该接口为动态聚合模式。
<DeviceA> system-view
[DeviceA] interface route-aggregation 1
[DeviceA-Route-Aggregation1] ip address 192.168.2.1 24
[DeviceA-Route-Aggregation1] link-aggregation mode dynamic
[DeviceA-Route-Aggregation1] quit
# 将端口GigabitEthernet1/0/1至GigabitEthernet1/0/3加入到聚合组1中。
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
(2) 配置接口信息
# 配置GigabitEthernet1/0/4的IP地址为192.168.1.2/24。
[DeviceA] interface gigabitethernet 1/0/4
[DeviceA-GigabitEthernet1/0/4] ip address 192.168.1.2 24
[DeviceA-GigabitEthernet1/0/4] quit
# 请根据组网图中规划的信息,配置静态路由,本举例假设到达PC B的下一跳IP地址为192.168.2.2/24,PC B的IP地址为192.168.3.1/24,实际使用中请以具体组网情况为准,具体配置步骤如下。
[DeviceA] ip route-static 192.168.3.1 24 192.168.2.2
(3) 配置接口加入安全域
# 请根据组网图中规划的信息,将接口加入对应的安全域,具体配置步骤如下。
[DeviceA] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/4
[Device-security-zone-Trust] quit
[DeviceA] security-zone name untrust
[Device-security-zone-Untrust] import interface route-aggregation 1
[Device-security-zone-Untrust] quit
(4) 配置安全策略
配置安全策略放行PC A与PC B之间的流量。
# 配置名称为trust-untrust的安全策略,使trust的安全域到untrust的安全域的报文可通。
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name trust-untrust
[DeviceA-security-policy-ip-0-trust-untrust] action pass
[DeviceA-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceA-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceA-security-policy-ip-0-trust-untrust] source-ip-subnet 192.168.1.0 24
[DeviceA-security-policy-ip-0-trust-untrust] destination-ip-subnet 192.168.3.0 24
[DeviceA-security-policy-ip-0-trust-untrust] quit
[DeviceA-security-policy-ip] quit
# 配置名称为untrust-trust的安全策略,使untrust的安全域到trust的安全域的报文可通。
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name untrust-trust
[DeviceA-security-policy-ip-1-untrust-trust] action pass
[DeviceA-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceA-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceA-security-policy-ip-1-untrust-trust] source-ip-subnet 192.168.3.0 24
[DeviceA-security-policy-ip-1-untrust-trust] destination-ip-subnet 192.168.1.0 24
[DeviceA-security-policy-ip-1-untrust-trust] quit
[DeviceA-security-policy-ip] quit
# 查看Device A上所有聚合组的详细信息。
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Creation Mode: Manual
Aggregation Mode: Dynamic
Loadsharing Type: Shar
System ID: 0x8000, 000f-e267-6c6a
Local:
Port Status Priority Oper-Key Flag
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1 {ACDEF}
GE1/0/2 S 32768 1 {ACDEF}
GE1/0/3 S 32768 1 {ACDEF}
Remote:
Actor Partner Priority Oper-Key SystemID Flag
--------------------------------------------------------------------------------
GE1/0/1 1 32768 1 0x8000, 000f-e267-57ad {ACDEF}
GE1/0/2 2 32768 1 0x8000, 000f-e267-57ad {ACDEF}
GE1/0/3 3 32768 1 0x8000, 000f-e267-57ad {ACDEF}
以上信息表明,聚合组1为负载分担类型的三层动态聚合组,包含有三个选中端口。
通过将Device A与Device B之间的链路进行聚合,有利于设备间通信链路的相互备份和增加通信带宽。通过在不同聚合组内配置不同的负载分担方式,来实现数据流量在各成员端口间的负载分担。
三层聚合负载分担配置组网图
Device B的配置与Device A相似,下面仅以Device A为例。
(1) 配置三层聚合组
# 创建三层聚合接口1,配置该接口对应的聚合组内按照源IP地址进行聚合负载分担,并为其配置IP地址和子网掩码。
<DeviceA> system-view
[DeviceA] interface route-aggregation 1
[DeviceA-Route-Aggregation1] link-aggregation load-sharing mode source-ip
[DeviceA-Route-Aggregation1] ip address 192.168.2.1 24
[DeviceA-Route-Aggregation1] quit
# 将端口GigabitEthernet1/0/1至GigabitEthernet1/0/2加入到聚合组1中。
[DeviceA] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/2
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
# 创建三层聚合接口2,配置该接口对应的聚合组内按照目的IP地址进行聚合负载分担,并为其配置IP地址和子网掩码。
[DeviceA] interface route-aggregation 2
[DeviceA-Route-Aggregation2] link-aggregation load-sharing mode destination-ip
[DeviceA-Route-Aggregation2] ip address 192.168.3.1 24
[DeviceA-Route-Aggregation2] quit
# 将端口GigabitEthernet1/0/3至GigabitEthernet1/0/4加入到聚合组2中。
[DeviceA] interface range gigabitethernet 1/0/3 to gigabitethernet 1/0/4
[DeviceA-if-range] port link-aggregation group 2
[DeviceA-if-range] quit
(2) 配置接口信息
# 配置GigabitEthernet1/0/5的IP地址为192.168.1.2/24。
[DeviceA] interface gigabitethernet 1/0/5
[DeviceA-GigabitEthernet1/0/5] ip address 192.168.1.2 24
[DeviceA-GigabitEthernet1/0/5] quit
# 请根据组网图中规划的信息,配置静态路由,本举例假设到达PC B的下一跳IP地址为192.168.2.2/24和192.168.3.2/24,PC B的IP地址为192.168.4.1/24,实际使用中请以具体组网情况为准,具体配置步骤如下。
[DeviceA] ip route-static 192.168.4.1 24 192.168.2.2
[DeviceA] ip route-static 192.168.4.1 24 192.168.3.2
(3) 配置接口加入安全域
# 请根据组网图中规划的信息,将接口加入对应的安全域,具体配置步骤如下。
[DeviceA] security-zone name trust
[Device-security-zone-Trust] import interface gigabitethernet 1/0/5
[Device-security-zone-Trust] quit
[DeviceA] security-zone name untrust
[Device-security-zone-Untrust] import interface route-aggregation 1
[Device-security-zone-Untrust] import interface route-aggregation 2
[Device-security-zone-Untrust] quit
(4) 配置安全策略
配置安全策略放行PC A与PC B之间的流量。
# 配置名称为trust-untrust的安全策略,使trust的安全域到untrust的安全域的报文可通。
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name trust-untrust
[DeviceA-security-policy-ip-0-trust-untrust] action pass
[DeviceA-security-policy-ip-0-trust-untrust] source-zone trust
[DeviceA-security-policy-ip-0-trust-untrust] destination-zone untrust
[DeviceA-security-policy-ip-0-trust-untrust] source-ip-subnet 192.168.1.0 24
[DeviceA-security-policy-ip-0-trust-untrust] destination-ip-subnet 192.168.4.0 24
[DeviceA-security-policy-ip-0-trust-untrust] quit
[DeviceA-security-policy-ip] quit
# 配置名称为untrust-trust的安全策略,使untrust的安全域到trust的安全域的报文可通。
[DeviceA] security-policy ip
[DeviceA-security-policy-ip] rule name untrust-trust
[DeviceA-security-policy-ip-1-untrust-trust] action pass
[DeviceA-security-policy-ip-1-untrust-trust] source-zone untrust
[DeviceA-security-policy-ip-1-untrust-trust] destination-zone trust
[DeviceA-security-policy-ip-1-untrust-trust] source-ip-subnet 192.168.4.0 24
[DeviceA-security-policy-ip-1-untrust-trust] destination-ip-subnet 192.168.1.0 24
[DeviceA-security-policy-ip-1-untrust-trust] quit
[DeviceA-security-policy-ip] quit
# 查看Device A上所有聚合组的详细信息。
[DeviceA] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1
GE1/0/2 S 32768 1
Aggregate Interface: Route-Aggregation2
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/3 S 32768 2
GE1/0/4 S 32768 2
以上信息表明,聚合组1和聚合组2都是负载分担类型的三层静态聚合组,各包含有两个选中端口。
# 查看Device A上所有聚合接口所对应聚合组内采用的聚合负载分担类型。
[DeviceA] display link-aggregation load-sharing mode interface
Route-Aggregation1 Load-Sharing Mode:
source-ip address
Route-Aggregation2 Load-Sharing Mode:
destination-ip address
以上信息表明,三层聚合组1按照报文的源IP地址进行聚合负载分担,三层聚合组2按照报文的目的IP地址进行聚合负载分担。
(0)
暂无评论
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论