华为交换机SEP双半环设计方案及配置详细步骤

最新推荐文章于 2024-07-24 17:03:30 发布

Eda_月白秋心

最新推荐文章于 2024-07-24 17:03:30 发布

阅读量1.1k

点赞数 1

文章标签：华为网络

本文链接：https://blog.csdn.net/m0_46129105/article/details/125550606

版权

华为交换机SEP双半环设计方案及配置步骤

SEP双半环设计方案拓扑图

在这里插入图片描述

SEP双半环设计方案思路

1.客户的业务vlan 10是2层流量，6台交换机组成的链路为2层链路，为了防环，设计两个sep半环，

sep 1半环:-MSW1-eth-trunk2链路-MSW2-
sep 2半环:-MSW2-eth-trunk3链路-MSW2-

2.端口角色：

MSW1：
eth-trunk1为sep环1的无邻居主边缘端口，
eth-trunk4为sep环2的无邻居主边缘端口；
MSW2:
eth-trunk1为sep环1的无邻居副边缘端口，
eth-trunk4为sep环2的无邻居副边缘端口；

sep环1中阻塞MSW2的eth-trunk1口，sep环2中阻塞MSW2的eth-trunk4口；sep环1环2均配置延迟抢占；

3.为了产生自环，MSW1和MSW2的之间互连的eth-trunk2和eth-trunk3链路，只有一条互连链路需要放通业务vlan10，另一条不需要放通；

4.正常情况下二层流量走CSW1-eth-trunk1 of MSW1-eth-trunk4 of MSW1-NSW1；当有链路中断的时候，阻塞端口就会放开，这里会出现一个情况，即当MSW1-MSW2之间互连的两根链路中有一根出现故障时(比如eth-trunk3链路)，MSW2的eth-trunk4口会放开，这时会出现一个新的环，路径为MSW1-NSM1-NSW2-MSW2-eth-trunk2链路-MSW1,这时候为了进一步破环，需要在MSW2 eth-trunk4上配置环回口检测机制和MAC地址漂移惩罚机制，当端口检测到有环路和地址漂移时，让eth-trunk4口继续down,来进一步破环，同理，MSW2的eth-trunk4口也需要配置配置环回口检测机制和MAC地址漂移惩罚机制；

华为交换机MSW1,MSW2配置详细步骤

MSW1配置

//关闭该vlan10的MAC地址学习功能,避免mac学习过程中导致的流量中断
#
vlan 10
 mac-address learning disable
#
 
//配置stp保护实例
#
stp region-configuration
 region-name Huawei
 protected-instance all
 active region-configuration
#
 
//配置stp半环，抢占延迟为300秒，sep环1阻断Eth-trunk1口，sep环2阻断Eth-trunk4口
#
sep segment 1
 control-vlan 4092
 block port sysname MSW2 interface Eth-Trunk1
 preempt delay 300
 protected-instance 0 to 4094
sep segment 2
 control-vlan 4090                        
 block port sysname MSW2 interface Eth-Trunk4
 preempt delay 300
 protected-instance 0 to 4094
#
 
//Eth-trunk1口放通sep环1，并为无邻居主边缘端口,并且disable stp
#
interface Eth-Trunk1
 description ***Connected_to_CSW1***
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10  4092
 stp disable
 sep segment 1 edge no-neighbor primary
 mode lacp
#
 
//Eth-trunk2口放通sep环1，，并且disable stp
#
interface Eth-Trunk2
 description ***connected_to_MSW2_eth-trunk2***
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 4092
 stp disable
 sep segment 1  mode lacp
#
 
//Eth-trunk3口放通sep环2，并且disable stp,不需要放通vlan10
#
interface Eth-Trunk3
 description ***connected_to_MSW2_eth-trunk3***
 port link-type trunk
 port trunk allow-pass vlan 4090
 stp disable
 sep segment 2
 mode lacp
#
 
//Eth-trunk4口放通sep环2，并为无邻居主边缘端口，并且disable stp
#
interface Eth-Trunk4
 description ***To_NSW1***
 port link-type trunk
 port trunk pvid vlan 4094
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 4094
 stp disable
 sep segment 2 edge no-neighbor primary
 mode lacp
#

MSW2配置

//配置接口的环回检测报文发送周期为1秒
#
loopback-detect packet-interval 1
#
//配置VLAN 10的MAC漂移检测安全级别为高，即MAC地址发生3次迁移后，系统认为发生了MAC地址漂移
#
mac-address flapping detection vlan 10 security-level high
#
//配置由于发生了MAC地址漂移而导致变为error-down的端口延迟300秒后自动变为up状态 
#
error-down auto-recovery cause mac-address-flapping interval 300
#
 
 
//关闭该vlan10的MAC地址学习功能,避免mac学习过程中导致的流量中断
#
vlan 10
 mac-address learning disable
#
 
//配置stp保护实例
#
stp region-configuration
 region-name Huawei
 protected-instance all
 active region-configuration
#
 
//配置stp半环
#
sep segment 1                             
 control-vlan 4092
 protected-instance 0 to 4094
sep segment 2
 control-vlan 4090
 protected-instance 0 to 4094
#
 
 
//Eth-trunk1口放通sep环1，并为无邻居副边缘端口，并且disable stp,并且配置环回口检测和MAC地址漂移惩罚来进一步防环
#
interface Eth-Trunk1
 description ***Connect_to_CSW2***
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 4092
 loopback-detect recovery-time 300
 loopback-detect packet vlan 10
 loopback-detect enable
 loopback-detect action block
 stp disable
 sep segment 1 edge no-neighbor secondary
 mode lacp
 mac-address flapping action error-down
#
 
//Eth-trunk2口放通sep环1，并且disable stp
#
interface Eth-Trunk2
 description ***connected_to_MSW1_eth-trunk2***
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 4092
 stp disable
 sep segment 1
 mode lacp
#
 
//Eth-trunk3口放通sep环2，并且disable stp,不需要放通vlan10
#
interface Eth-Trunk3
 description ***connected_to_MSW1_eth-trunk3***
 port link-type trunk
 port trunk allow-pass vlan 4090
 stp disable
 sep segment 2
 mode lacp
#
 
//Eth-trunk4口放通sep环2，并为无邻居副边缘端口，并且disable stp，并且配置环回口检测和MAC地址漂移惩罚来进一步防环
#
interface Eth-Trunk4
 description ***connected_to_NSW2***
 port link-type trunk
 port trunk pvid vlan 4094
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 10 4090
 loopback-detect recovery-time 300
 loopback-detect packet vlan 10
 loopback-detect enable
 loopback-detect action block
 stp disable
 sep segment 2 edge no-neighbor secondary
 mode lacp
 mac-address flapping action error-down
 trust dscp
#

Eda_月白秋心

关注

1
点赞
踩
4

收藏

觉得还不错? 一键收藏
0
评论
华为交换机SEP双半环设计方案及配置详细步骤

1.客户的业务vlan 10是2层流量，6台交换机组成的链路为2层链路，为了防环，设计两个sep半环，sep 1半环:-MSW1-eth-trunk2链路-MSW2-sep 2半环:-MSW2-eth-trunk3链路-MSW2-2.端口角色：MSW1：eth-trunk1为sep环1的无邻居主边缘端口，eth-trunk4为sep环2的无邻居主边缘端口；MSW2:eth-trunk1为sep环1的无邻居副边缘端口，eth-trunk4为sep环2的无邻居副边缘端口；sep环1中阻塞MSW2的e
复制链接

扫一扫