MCLAG-堆叠组网与第三方设备进行跨交换机聚合测试

本测试基于上一个章节“FortiLink MCLAG-堆叠组网2 Tier配置举例”进行配置

拓扑图:


Cisco SW1 的Port-Channel 10 为三层接口,IP地址为192.168.10.101,我们在Core-FSW1和Core-FSW2跨交换机配置一个BOND10的聚合接口与其对接,将其划分到VLAN10里面。
Cisco SW2 的Port-Channel 20 为三层接口,IP地址为192.168.20.101,我们在Access-FSW1和Access-FSW2跨交换机配置一个BOND20的聚合接口与其对接,将其划分到VLAN20里面。

Cisco SW1的聚合配置:
!
interface Port-channel10
no switchport
ip address 192.168.10.101 255.255.255.0
!
!
interface GigabitEthernet0/3
no switchport
no ip address
channel-group 10 mode active
!
interface GigabitEthernet0/4
no switchport
no ip address
channel-group 10 mode active
!
Cisco SW2的聚合配置:
!
interface Port-channel20
no switchport
ip address 192.168.20.101 255.255.255.0
!
interface GigabitEthernet0/4
no switchport
no ip address
channel-group 10 mode active
!
interface GigabitEthernet0/5
no switchport
no ip address
channel-group 20 mode active
!

配置FortiGate的FortiLink侧配置与Cisco SW1和SW2对接的跨交换机聚合的BOND10和BOND20:
配置基于Core-FSW1和Core-FSW2跨交换机对接的BOND10,并将其划为Access VLAN10:



查看命令行配置:
FGT101E_Master_379 # execute ssh admin@169.254.1.4
Core-FSW1 # config switch trunk
Core-FSW1 (trunk) #
Core-FSW1 (trunk) # show
config switch trunk
    edit "D243Z17000085-0"
        set mode lacp-active
        set auto-isl 1
        set mclag-icl enable
            set members "port17" "port18"            
    next
    edit "__FoRtI1LiNk0__"
        set mode lacp-active
        set mclag enable
            set members "port23" "port24"            
    next
    edit "mclag-tier2"
        set mode lacp-active
        set auto-isl 1
        set mclag enable
            set members "port21" "port22"            
    next
    edit "BOND10"
        set mode lacp-active
        set mclag enable
            set members "port8"            
    next
end

Core-FSW1 (trunk) # end
Core-FSW1 # exit
Auto backup config ...
Connection to 169.254.1.4 closed.
FGT101E_Master_379 # execute ssh admin@169.254.1.3
Core-FSW2 # config switch trunk
Core-FSW2 (trunk) # show
config switch trunk
    edit "D24T418000339-0"
        set mode lacp-active
        set auto-isl 1
        set mclag-icl enable
            set members "port17" "port18"            
    next
    edit "__FoRtI1LiNk0__"
        set mode lacp-active
        set mclag enable
            set members "port23" "port24"            
    next
    edit "mclag-tier2"
        set mode lacp-active
        set auto-isl 1
        set mclag enable
            set members "port21" "port22"            
    next
    edit "BOND10"
        set mode lacp-active
        set mclag enable
            set members "port8"            
    next
end
Core-FSW2 (trunk) # end
Core-FSW2 # exit
Auto backup config ...
Connection to 169.254.1.3 closed.
FGT101E_Master_379 #
 
跨交换机的聚合接口BOND10配置完成!

在思科交换机CISCO-SW1上查看聚合状态和业务测试:
CISCO-SW1#show interfaces port-channel 10 etherchannel
Port-channel10   (Primary aggregator)

Age of the Port-channel   = 0d:07h:23m:12s
Logical slot/port   = 2/10          Number of ports = 2
HotStandBy port = null
Passive port list   = Gi0/3 Gi0/4
Port state          = Port-channel L3-Ag Ag-Inuse
Protocol            =   LACP
Port security       = Disabled

Ports in the Port-channel:

Index   Load   Port     EC state        No of bits
------+------+------+------------------+-----------
  0     00     Gi0/3    Active             0
  0     00     Gi0/4    Active             0

Time since last port bundled:    0d:00h:05m:10s    Gi0/4
Time since last port Un-bundled: 0d:00h:22m:57s    Gi0/4
CISCO-SW1#
CISCO-SW1#show interfaces port-channel 10             
Port-channel10 is up, line protocol is up (connected)
  Hardware is EtherChannel, address is 001b.8f35.3ecd (bia 001b.8f35.3ecd)
  Internet address is 192.168.10.101/24
  MTU 9000 bytes, BW 2000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, link type is auto, media type is unknown
  input flow-control is off, output flow-control is unsupported
  Members in this channel: Gi0/3 Gi0/4
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:02:24, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 6000 bits/sec, 2 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     83494 packets input, 32643884 bytes, 0 no buffer
     Received 83368 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 59238 multicast, 0 pause input
     0 input packets with dribble condition detected
     2719 packets output, 346340 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
CISCO-SW1#
CISCO-SW1#ping 192.168.10.1 repeat  100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/2/9 ms
CISCO-SW1#

配置基于Access-FSW1和Access-FSW2跨交换机对接的BOND20,并将其划为Access VLAN20:


FGT101E_Master_379 # execute ssh admin@169.254.1.2
Access-FSW1 # config switch trunk
Access-FSW1 (trunk) # show
config switch trunk
    edit "_FlInK1_MLAG0_"
        set mode lacp-active
        set auto-isl 1
        set mclag enable
            set members "port47" "port48"            
    next
    edit "8DP3W16000060-0"
        set mode lacp-active
        set auto-isl 1
        set mclag-icl enable
            set members "port45" "port46"            
    next
    edit "BOND20"
        set mode lacp-active
        set mclag enable
            set members "port8"            
    next
end
Access-FSW1 (trunk) # end
Access-FSW1 # exit
Auto backup config ...
Connection to 169.254.1.2 closed.
FGT101E_Master_379 # execute ssh admin@169.254.1.5
Access-FSW2 # config switch trunk
Access-FSW2 (trunk) # show
config switch trunk
    edit "_FlInK1_MLAG0_"
        set mode lacp-active
        set auto-isl 1
        set mclag enable
            set members "port48" "port47"            
    next
    edit "8DP3W16000061-0"
        set mode lacp-active
        set auto-isl 1
        set mclag-icl enable
            set members "port45" "port46"            
    next
    edit "BOND20"
        set mode lacp-active
        set mclag enable
            set members "port8"            
    next
end
Access-FSW2 (trunk) # end
Access-FSW2 # exit
Connection to 169.254.1.5 closed.
FGT101E_Master_379 # 
跨交换机的聚合接口BOND20配置完成!

在思科交换机CISCO-SW2上查看聚合状态和业务测试:
CISCO-SW2#show interfaces port-channel 20 etherchannel
Port-channel20  (Primary aggregator)

Age of the Port-channel  = 0d:07h:30m:49s
Logical slot/port  = 2/20          Number of ports = 2
HotStandBy port = null
Passive port list  = Gi0/5 Gi0/6
Port state          = Port-channel L3-Ag Ag-Inuse
Protocol            =  LACP
Port security      = Disabled

Ports in the Port-channel:

Index  Load  Port    EC state        No of bits
------+------+------+------------------+-----------
  0    00    Gi0/5    Active            0
  0    00    Gi0/6    Active            0

Time since last port bundled:    0d:00h:02m:58s    Gi0/5
Time since last port Un-bundled: 0d:07h:30m:49s    Gi0/6

CISCO-SW2#show interfaces port-channel 20             
Port-channel20 is up, line protocol is up (connected)
  Hardware is EtherChannel, address is 001b.8f35.3ece (bia 001b.8f35.3ece)
  Internet address is 192.168.20.101/24
  MTU 9000 bytes, BW 2000000 Kbit/sec, DLY 10 usec,
    reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, link type is auto, media type is unknown
  input flow-control is off, output flow-control is unsupported
  Members in this channel: Gi0/5 Gi0/6
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:01, output 00:03:38, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 10000 bits/sec, 2 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
    58930 packets input, 30038394 bytes, 0 no buffer
    Received 58923 broadcasts (0 IP multicasts)
    0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 watchdog, 32626 multicast, 0 pause input
    0 input packets with dribble condition detected
    1449 packets output, 185112 bytes, 0 underruns
    0 output errors, 0 collisions, 4 interface resets
    0 unknown protocol drops
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier, 0 pause output
    0 output buffer failures, 0 output buffers swapped out

CISCO-SW2#ping 192.168.20.1 repeat  100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/2/9 ms


跨交换机聚合注意:
1.只能是堆叠交换机才可以跨交换机聚合,不同的堆叠交换机组,不支持配置为聚合接口。
2.如果是与FortiSwith对接,则是自动MCLAG聚合。
3.如果是和第三方设备对接,比如交换机、路由器、友商防火墙、服务器等等对接的话,推荐使用LACP Active方式动态聚合。