关于华为二层交换机集群管理配置规范及说明
一、组网说明:
榆社县局S3552G交换机E0/1下挂榆社水利小区3号楼S2016C,3号楼S2016C交换机E0/2下挂水利小区2号楼S2403H,3号楼S2016C交换机E0/3下挂水利小区1号楼S2024C。
二、组网图:
YS_XianJu_S3552GE0/1E0/1YS_ShuiLi_3#Lou_S2016CE0/2E0/3E0/1YS_ShuiLi_1#Lou_S2024CE0/1YS_ShuiLi_2#Lou_S2403H
三、配置步骤
1、 配置管理设备 (由汇聚层人员来配置)
(1)启动设备上的NDP和端口 E0/1 日的NDP 协议: [YS_XianJu_S3552G] ndp enable
YS_XianJu_S3552G] interface ethernet 0/1 [YS_XianJu_S3552G -Ethernet0/1] ndp enable
[YS_XianJu_S3552G -Ethernet0/1] interface ethernet 0/2 [YS_XianJu_S3552G -Ethernet0/2] ndp enable # 配置NDP信息的有效保留时间为 200秒 [YS_XianJu_S3552G] ndp timer aging 200 # 配置NDP报文发送的时间间隔为 70秒 [YS_XianJu_S3552G] ndp timer hello 70
(2)启动设备上的NTDP和端口E0/1 E0/2上的NTDP [YS_XianJu_S3552G] ntdp enable
[YS_XianJu_S3552G] interface ethernet 0/1 YS_XianJu_S3552G -Ethernet0/1] ntdp enable
[YS_XianJu_S3552G -Ethernet0/1] interface ethernet 0/2 [YS_XianJu_S3552G -Ethernet0/2] ntdp enable # 配置拓扑收集范围为 7跳
[YS_XianJu_S3552G] ntdp hop 7
# 配置被收集设备转发拓扑收集请求的延迟时间为150ms [YS_XianJu_S3552G] ntdp timer hop-delay 150
# 配置被收集设备的端口转发拓扑收集请求的延迟时间为 15ms [YS_XianJu_S3552G] ntdp timer port-delay 15 # 配置定时拓扑收集的时间间隔为 3分钟 [YS_XianJu_S3552G] ntdp timer 3 (3)配置管理vlan #创建管理vlan
[YS_XianJu_S3552G]vlan 4051 #将管理vlan4051作为管理vlan
[YS_XianJu_S3552G]management-vlan 4051 #进入以太网端口E0/19
[YS_XianJu_S3552G-Ethernet0/19]
description to_ys_shuili_dishui2_caizhen_xiaoqu port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 45 to 51 3527 4051 (4)启动集群功能
[YS_XianJu_S3552G] cluster enable # 进入集群视图
YS_XianJu_S3552G] cluster [YS_XianJu_S3552G -cluster]
# 配置集群内部使用的 IP地址池 起始地址为 10.0.1.1 有 254个地址 [YS_XianJu_S3552G -cluster] ip-pool 10.0.1.1 255.255.255.0 (5) 配置集群名字 建立集群
[YS_XianJu_S3552G -cluster] build YSYD [YSYD_0.YS_XianJu_S3552G -cluster] (6) 将下挂的两个交换机加入到集群中
[YSYD_0.YS_XianJu_S3552G -cluster] add-member 1 mac-address 00e0-fc01-0011 [YSYD_0.YS_XianJu_S3552G -cluster] add-member 2 mac-address 00e0-fc01-0013 [YSYD_0.YS_XianJu_S3552G -cluster] add-member 3 mac-address 00e0-fc01-0011 # 配置成员设备信息的保留时间为 100秒
[YSYD_0.YS_XianJu_S3552G -cluster] holdtime 100 # 配置握手报文定时发送的时间间隔为 10秒 [YSYD_0.YS_XianJu_S3552G -cluster] timer 10
2、配置成员设备(由接入层维护人员来配置)
以榆社水利小区3号楼S2016C为例 :
# 启动设备上的NDP和端口 Ethernet1/1上的NDP [YS_ShuiLi_3#Lou_S2016C] ndp enable
[YS_ShuiLi_3#Lou_S2016C] interface ethernet 1/1 [YS_ShuiLi_3#Lou_S2016C -Ethernet1/1] ndp enable
# 启动设备上的NTDP和端口Ethernet1/1上的NTDP [YS_ShuiLi_3#Lou_S2016C] ntdp enable
[YS_ShuiLi_3#Lou_S2016C] interface ethernet 1/1 [YS_ShuiLi_3#Lou_S2016C -Ethernet1/1] ntdp enable
#创建vlan 4051 创建管理vlan,根汇聚层交换机管理vlan来确定。 [YS_ShuiLi_3#Lou_S2016C] vlan 4051 #将vlan4051作为管理vlan
[YS_ShuiLi_3#Lou_S2016C] management-vlan 4051
#进入以太网端口E0/1,透传管理vlan 4051 将二层交换机上联口透传管理vlan [YS_ShuiLi_3#Lou_S2016C] interface e0/1
[YS_ShuiLi_3#lou_S2016C-Ethernet0/1]port trunk permit vlan 4051 # 启动集群功能
[YS_ShuiLi_3#Lou_S2016C] cluster enable
四、数据配置举例如下:
1、榆社县局S3552G配置如下:
sysname YS_XianJu_S3552G #
super password level 3 cipher ^#:+/G*8`P,:)&\#
ntdp hop 7
ntdp timer port-delay 15 ntdp timer hop-delay 150 ntdp timer 3 #
radius scheme system server-type huawei
primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain
domain system
radius-scheme system access-limit disable state active
vlan-assignment-mode integer idle-cut disable
self-service-url disable
messenger time disable
domain default enable system #
local-server nas-ip 127.0.0.1 key huawei
local-user sxhuawei
password cipher (W_]UELR9IaNK<;9B9.`)Q!! service-type telnet level 1 #
Specify deadloop monitor #
temperature-limit 0 20 80 #
ndp timer hello 70 ndp timer aging 200 #
management-vlan 4051 #
acl number 3998
rule 0 deny ip destination 10.0.1.0 0.0.0.255 rule 1 permit ip source 10.0.1.0 0.0.0.255 acl number 3999
rule 0 deny ip source 10.0.1.0 0.0.0.255
rule 1 permit ip destination 10.0.1.0 0.0.0.255 #
vlan 1 #
vlan 27 #
vlan 28 #
vlan 29 #
vlan 30 #
vlan 31 #
vlan 32 #
vlan 33 #
vlan 34 #
vlan 35 #
vlan 36 #
vlan 37 #
vlan 38 #
vlan 39 #
vlan 40 #
vlan 41 #
vlan 42 #
vlan 43 #
vlan 44 #
vlan 45 #
vlan 46 #
vlan 47
# vlan 48 #
vlan 49 #
vlan 50 #
vlan 51 #
vlan 52 #
vlan 53 #
vlan 1672
description to_ys_taichanggaosu(yulin) #
vlan 1711 #
vlan 2101 #
vlan 2103 #
vlan 2104
# vlan 2105
multicast-vlan enable #
vlan 3524 #
vlan 3526 #
vlan 3527 #
vlan 3528 #
vlan 3529 #
vlan 3530 #
vlan 3532 #
vlan 3534 #
vlan 3535 #
vlan 3536
# vlan 3537 #
vlan 4051 #
interface Vlan-interface4051
ip address 221.131.31.130 255.255.255.240 #
interface Aux0/0 #
interface Ethernet0/1 shutdown #
interface Ethernet0/2
description to_ys_taichanggaosu(yulin) broadcast-suppression 5 port access vlan 1672 #
interface Ethernet0/3
description to_ys_donghuixiaoxue broadcast-suppression 5
port access vlan 3526 #
interface Ethernet0/4 description to_ys_tudijusushe broadcast-suppression 5 port access vlan 3528 #
interface Ethernet0/5
description to_ys_nonghangsushe broadcast-suppression 5 port access vlan 3529 #
interface Ethernet0/6
description to_ys_dishuiyixiaoqu broadcast-suppression 5 port access vlan 3530 #
interface Ethernet0/7
description to_ys_lianjiazhuang broadcast-suppression 5 port access vlan 1711 #
interface Ethernet0/8
description to_ys_dongshengyingyeting port link-type trunk undo port trunk permit vlan 1
port trunk permit vlan 2103 to 2105 3532 #
interface Ethernet0/9
description to_ys_xianweidanxiaowenhuazhan broadcast-suppression 5 port access vlan 3534 #
interface Ethernet0/10
description to_ys_youzhenxiaoqu broadcast-suppression 5 port access vlan 3535 #
interface Ethernet0/11
description to_ys_jiaokejuwenhuazhan broadcast-suppression 5 port access vlan 3536 #
interface Ethernet0/12
description to_ys_jishengfuyouyuan broadcast-suppression 5 port access vlan 3537
# interface Ethernet0/13
description to_ys_xiangzhenjuxiaoqu port link-type trunk
undo port trunk permit vlan 1 port trunk permit vlan 31 to 33 #
interface Ethernet0/14
description to_ys_mingzhenjuxiaoqu port link-type trunk
undo port trunk permit vlan 1 port trunk permit vlan 34 to 35 #
interface Ethernet0/15
description to_ys_renhangxiaoqu port link-type trunk
undo port trunk permit vlan 1 port trunk permit vlan 36 #
interface Ethernet0/16
description to_ys_huagongxiaoqu port link-type trunk
undo port trunk permit vlan 1 port trunk permit vlan 27 to 30 #
interface Ethernet0/17
description to_ys_gongan,liangshijuxiaoqu port link-type trunk
undo port trunk permit vlan 1 port trunk permit vlan 37 to 40 #
interface Ethernet0/18
description to_ys_gongan,yizhongxuexiaoqu port link-type trunk
undo port trunk permit vlan 1 port trunk permit vlan 41 to 44 #
interface Ethernet0/19
description to_ys_shuili_dishui2_caizhen_xiaoqu port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 45 to 51 3527 4051 #
interface Ethernet0/20
description to_ys_guoshuixiaoqu
port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 52 to 53 #
interface Ethernet0/21
description to_ys_yingchunyingyeting port link-type trunk
undo port trunk permit vlan 1 port trunk permit vlan 2101 3524 #
interface Ethernet0/22 shutdown #
interface Ethernet0/23 shutdown #
interface Ethernet0/24 shutdown #
interface Ethernet0/25 shutdown #
interface Ethernet0/26
shutdown #
interface Ethernet0/27 shutdown #
interface Ethernet0/28 shutdown #
interface Ethernet0/29 shutdown #
interface Ethernet0/30 shutdown #
interface Ethernet0/31 shutdown #
interface Ethernet0/32 shutdown #
interface Ethernet0/33 shutdown
# interface Ethernet0/34 shutdown #
interface Ethernet0/35 shutdown #
interface Ethernet0/36 shutdown #
interface Ethernet0/37 shutdown #
interface Ethernet0/38 shutdown #
interface Ethernet0/39 shutdown #
interface Ethernet0/40 shutdown #
interface Ethernet0/41 shutdown #
interface Ethernet0/42 shutdown #
interface Ethernet0/43 shutdown #
interface Ethernet0/44 shutdown #
interface Ethernet0/45 shutdown #
interface Ethernet0/46 shutdown
#
interface Ethernet0/47 shutdown #
interface Ethernet0/48
shutdown #
interface GigabitEthernet1/1
description to_YS_S6506R_G4/0/12 duplex full speed 1000
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 27 to 53 1672 1711 2101 2103 to 2105 3524 3526 to 3530 3532 3534 to 3537 4051 #
interface GigabitEthernet1/2 shutdown #
interface GigabitEthernet1/3 shutdown #
interface GigabitEthernet1/4 shutdown #
interface NULL0 #
cluster
ip-pool 10.0.1.1 255.255.255.0 build YSYD holdtime 100 #
[YSYD_0.YS_XianJu_S3552G -cluster] add-member 1 mac-address 00e0-fc01-0011 [YSYD_0.YS_XianJu_S3552G -cluster] add-member 2 mac-address 00e0-fc01-0013 [YSYD_0.YS_XianJu_S3552G -cluster] add-member 3 mac-address 00e0-fc01-0011 #
ip route-static 0.0.0.0 0.0.0.0 221.131.31.129 preference 60 #
snmp-agent
snmp-agent local-engineid 800007DB000FE215D6606877 snmp-agent community read jzyd snmp-agent community read public snmp-agent community write sxjzyd snmp-agent community write private
snmp-agent community read public@cm0 snmp-agent community write private@cm0 snmp-agent sys-info location BeiJing China snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 211.142.42.68 params securityname jzyd
snmp-agent target-host trap address udp-domain 211.142.42.69 params securityname jzyd
snmp-agent trap enable standard
snmp-agent trap enable configuration snmp-agent trap enable vrrp
snmp-agent trap enable bgp snmp-agent trap source Vlan-interface4051 #
ntp-service unicast-server 211.138.98.2 ntp-service unicast-server 211.138.98.1 #
user-interface aux 0
authentication-mode scheme user-interface vty 0 4
authentication-mode scheme #
Return
2、榆社水利小区3号楼S2016C配置如下:
sysname YS_ShuiLi_3#Lou_S2016C 对交换机进行命名 #
super password level 3 cipher ^#:+/G*8`P,:)&\#
info-center loghost 10.0.1.1 #
management-vlan 4051 修改集群管理vlan(根据汇聚层交换机管理vlan确定) #
queue-scheduler wrr 1 2 4 8 #
vlan 1 #
vlan 45
port-isolate enable 小区交换机端口隔离配置 #
vlan 46 #
vlan 47 #
vlan 48 #
vlan 49
# vlan 50 #
vlan 51 #
vlan 3527 #
vlan 4051 增加交换机集群管理vlan号(根据汇聚层交换机管理vlan确定) #
interface Vlan-interface4051 #
interface Aux0/0 #
interface Ethernet0/1
description to_YS_XianJu_S3552G_E0/19 (描述该交换机的上联交换机及端口) port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 45 to 51 3527 4051 (上联口透传集群管理vlan号) port-isolate uplink-port vlan 45 (上联口配置本交换机端口隔离vlan) #
interface Ethernet0/2
description to_ YS_ShuiLi_2#Lou_S2403H_E0/1 (对交换机联端口进行描述) port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 46 4051 (透传集群管理VLAN) interface Ethernet0/3
description to_ YS_ShuiLi_1#Lou_S2024C_E0/1 (对交换机联端口进行描述) port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 47 4051 (透传集群管理VLAN) interface Ethernet0/4
broadcast-suppression 5 (对ACCESS端口进行广播抑制) port access vlan 45 #
interface Ethernet0/5 broadcast-suppression 5 port access vlan 45 #
interface Ethernet0/6
broadcast-suppression 5 port access vlan 45 #
interface Ethernet0/7 broadcast-suppression 5 port access vlan 45 #
interface Ethernet0/8
broadcast-suppression 5 port access vlan 45 #
interface Ethernet0/9 broadcast-suppression 5 port access vlan 45 #
interface Ethernet0/10 broadcast-suppression 5 port access vlan 45 #
interface Ethernet0/11 broadcast-suppression 5 port access vlan 45 #
interface Ethernet0/12 broadcast-suppression 5 port access vlan 45 #
interface Ethernet0/13 broadcast-suppression 5 port access vlan 45
# interface Ethernet0/14 broadcast-suppression 5 port access vlan 45 #
interface Ethernet0/15 broadcast-suppression 5 port access vlan 45 #
interface Ethernet0/16 broadcast-suppression 5 port access vlan 45 #
interface NULL0
#
snmp-agent
snmp-agent local-engineid 800007DB000FE237E4CB6877 snmp-agent community read public@cm1 snmp-agent community write private@cm1 snmp-agent sys-info location BeiJing China snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 10.0.1.1 params securityname cluster
snmp-agent trap enable standard
snmp-agent trap enable configuration
snmp-agent trap source Vlan-interface4051 #
user-interface aux 0
authentication-mode password
set authentication password cipher N`C55QK<`=/Q=^Q`MAF4<1!! #
Return
3、榆社水利1号楼S2024C交换机配置如下:
sysname YS_ShuiLi_1#Lou_S2024C 对交换机进行命名 #
super password level 3 cipher ^#:+/G*8`P,:)&\#
info-center loghost 10.0.1.1 #
management-vlan 4051 修改集群管理vlan(根据汇聚层交换机管理vlan确定) #
queue-scheduler wrr 1 2 4 8 #
vlan 1 #
vlan 47
port-isolate enable 小区交换机端口隔离配置 #
vlan 4051 增加交换机集群管理vlan号(根据汇聚层交换机管理vlan确定) #
interface Vlan-interface4051 #
interface Aux0/0 #
interface Ethernet0/1
description to_ YS_ShuiLi_3#Lou_S2016C_E0/3 (描述该交换机的上联交换机及端口) port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 47 4051 (上联口透传集群管理vlan号) port-isolate uplink-port vlan 47 (上联口配置本交换机端口隔离vlan) #
interface Ethernet0/2 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/3 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/4
broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/5 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/6 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/7 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/8
broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/9 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/10 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/11 broadcast-suppression 5
ACCESS端口进行广播抑制) (对 port access vlan 47 #
interface Ethernet0/12 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/13 broadcast-suppression 5 port access vlan 47
# interface Ethernet0/14 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/15 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/16 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/17 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/18 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/19 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/20 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/21 broadcast-suppression 5 port access vlan 47
# interface Ethernet0/22 broadcast-suppression 5
port access vlan 47 #
interface Ethernet0/23 broadcast-suppression 5 port access vlan 47 #
interface Ethernet0/24 broadcast-suppression 5 port access vlan 47 #
interface NULL0 #
cluster
administrator-address 000f-e22e-0f80 name huawei #
snmp-agent
snmp-agent local-engineid 800007DB00E0FC2D944E6877 snmp-agent community read public@cm3 snmp-agent community write private@cm3
snmp-agent sys-info contact HuaWei BeiJing China snmp-agent sys-info location BeiJing China snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 10.10.0.1 params securityname cluster
snmp-agent trap enable standard #
user-interface aux 0
authentication-mode password
set authentication password cipher N`C55QK<`=/Q=^Q`MAF4<1!! #
Return
4、水利小区2号S2403H配置如下:
< YSYD_3.YS_ShuiLi_2#Lou_S2403H >dis cu #
sysname YS_ShuiLi_2#Lou_S2403H 对交换机进行命名 #
radius scheme system server-type huawei
primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domain
domain system
radius-scheme system access-limit disable state active idle-cut disable
self-service-url disable messenger time disable
domain default enable system #
local-server nas-ip 127.0.0.1 key huawei #
info-center loghost 10.10.0.1 #
management-vlan 4051 修改集群管理vlan(根据汇聚层交换机管理vlan确定) #
interface Aux0/0 #
vlan 1 #
vlan 46
port-isolate enable 小区交换机端口隔离配置 #
vlan 4051 增加交换机集群管理vlan号(根据汇聚层交换机管理vlan确定) #
interface Vlan-interface4051 #
interface Ethernet0/1 description to_ YS_ShuiLi_3#Lou_S2016C_E0/3 (描述该交换机的上联交换机及端口) port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 46 4051 (上联口透传集群管理vlan号) port-isolate uplink-port vlan 46 (上联口配置本交换机端口隔离vlan) #
interface Ethernet0/2
broadcast-suppression 5 (对ACCESS端口进行广播抑制) port access vlan 46 #
interface Ethernet0/3 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/4
broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/5 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/6 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/7 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/8
broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/9 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/10 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/11 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/12 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/13 broadcast-suppression 5 port access vlan 46
# interface Ethernet0/14 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/15
broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/16 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/17 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/18 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/19 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/20 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/21 broadcast-suppression 5 port access vlan 46
# interface Ethernet0/22 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/23 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/24 broadcast-suppression 5 port access vlan 46 #
interface Ethernet0/25 broadcast-suppression 5 port access vlan 46 #
interface NULL0
#
cluster
administrator-address 000f-e22e-0f80 name YSYD #
snmp-agent
snmp-agent local-engineid 800007DB00E0FC2D944E6877 snmp-agent community read public@cm3 snmp-agent community write private@cm3
snmp-agent sys-info contact HuaWei BeiJing China snmp-agent sys-info location BeiJing China snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 10.10.0.1 params securityname cluster
snmp-agent trap enable standard #
user-interface aux 0 user-interface vty 0 4 #
Return
五、二层交换机管理说明:
由于本次二层交换机集群管理的时间紧迫性,为了以后更好的维护,配置一定要规范,具体规范内容在配置举例中说明,并用红色字体标明,有什么不对的地方及时提出。
1、 交换机命名一定要规范,要不在集群网管上不能区分是哪
个小区哪个楼的交换机,不便于网管查看和管理。 2、 交换机TRUNK 端口不要进行广播抑制配置,如有要去掉。 3、 如有交换机是老版本的如S2403H的,如果不支持
management-vlan命令的要进行BOOTROM 和APP软件升级或者更换交换机。
4、 将小区交换机的拓朴结构一定要搞清楚,尤其是上联端口
及光猫、网线、尾纤一定要粘贴标签,为以后更好的维护
提供便利。
5、 对一些不需要认证的在核心机房R2811路由器上下挂的小
区交换机也要进行集群管理。
6、 对交换机的端口一定要隔离,这样可以对病毒等的传播进
行抑制。
7、 对access端口增加广播抑制配置,即broadcast 5的配置。 8、 对一些小区不是华为交换机的一定要更换成华为交换机并
对其进行数据配置及集群管理。
9、 将二层交换机集群管理信息表小区交换机MAC地址、软件
版本、型号详细填写,为方便以后更好的维护建立维护档案。
10、 如小区交换机损坏需要更换时一定要通知汇聚层维护人
员,因为集群管理是通过MAC地址来管理的,以便更新配置及资料档案。
CMNET网络华为二层交换机集管理方案
一、 背景:
山西移动CMNET网络从2002年开始建设,经历了从无到有,从小到大,建成了采用高性能路由器和交换机组建的可以同时提供语音、视频、数据、宽带等多种业务的综合互联网络。经过多次扩容改造,目前CMNET网络已覆盖到各地市、县、乡、行政村,用户量的稳步增加,基本满足了市场对业务开展的需求。
二、 现状
随着CMNET业务的不断拓展和用户的不断增加,用户对网络的稳定性提出更高的要求。地市CMNET网管只对地市核心节点设备、县核心节点设备、乡镇节点汇聚层交换机进行实时监控,对用户接入层(二层)交换机未能做到监控,只有用户上报故障后接入层维护人员才去检查二层交换机是否出了故障。这样 ,就做不到对故障的主动发现,维护人员永远处于被动,容易引起用户的不满和投诉。 三、 问题
由于接入层直接面对用户,用户量大,拓朴结构复杂,是网管 监控的盲区,只能听接入层维护人员汇报结果。为了提高CMNET网络的维护质量和维护效果,经过数据维护人员的测试和实践,通过华为三层交换机集群管理到下挂的华为二层交换机,通过网管实时监控来对CMNET接入层交换机进行实时监控。这样对就可以主动发现问题,及时知道故障的点,使接入层维护人员处理障定位准备,提高故障处理的及时性。 四、 方案
由于二层交换机集群管理的必要性,各级维护人员分工如下: 接入层维护人员:
11、 交换机命名一定要规范,要不在集群网管上不能区分是哪个小区哪个楼的交换机,不便于网管查看和管理。
12、 交换机TRUNK 端口不要进行广播抑制配置,如有要去掉。 如有交换机是软件版本比较低,如果不支持management-vlan命令
的要进行BOOTROM 和APP软件升级或者更换交换机。 13、 将小区交换机的拓朴结构一定要搞清楚,尤其是上联端口及光猫、网线、尾纤一定要粘贴标签,为以后更好的维护提供便利。
14、 对交换机的端口一定要隔离,这样可以对病毒等的传播进行抑制。
15、 对access端口增加广播抑制配置,即broadcast 5的配置。 16、 对一些小区不是华为交换机的一定要更换成华为交换机并对其进行数据配置及集群管理。
17、 将二层交换机集群管理信息表小区交换机MAC地址、软件版本、型号等详细记录,为方便以后更好的维护建立维护档案。 18、 如小区交换机损坏需要更换时一定要通知汇聚层维护人员,因为集群管理是通过MAC地址来管理的,以便更新配置及资料档案 。
19、 接入层对接入用户端口进行详细描述,这样就可以更好为用户故障的定位,更加准确、快捷的处理用户故障。 汇聚层维护人员:
1、 负责配合完成二层交换机集群管理的数据制作。 2、 负责实现集群管理到的二层交换机通过CMNET网管来进行实时监控。 移动维护主管:
1、 负责完成二层交换机集群管理的整体协调工作。
2、 负责协调各厂家完成网管服务器软件、硬件的升级,以及网管软件的升级等,为二层交换机集群管理的运行搭建一个良好的软、硬件平台。
3、 负责完成制定二层交换机集群管理的整体规划及实现步
骤。
五、 效果
二层交换机集群管理通过在晋中市榆社、太谷两县的实践来看,能达到故障先知性、定位的准确性,使接入层维护人员处理故障更加准确、快捷,提高用户的满意度,使CMNET网络的更加稳定、安全、正常运营。
2008年6月18日
关于华为二层交换机集群管理配置规范及说明
