素材来源:华为数据中心交换机配置指南
一边学习一边整理试验笔记,并与大家分享,侵权即删,谢谢支持!
附上汇总贴:玩转华为数据中心交换机系列 | 汇总_COCOgsta的博客-CSDN博客
组网需求
如图1所示,某数据中心的两个分支布局在不同的地理位置,分支1和分支2位于相同的网段。为了可以规划自己的私网VLAN ID,采用了QinQ方式传输,即Switch2发往ISP网络的报文带有两层Tag。但是由于这两层VLAN ID与ISP网络提供的VLAN Tag不一致,分支报文无法通过ISP网络,从而导致分支无法正常通信,现需要实现分支1和分支2互通。
配置思路
采用如下的思路配置2 to 2的VLAN Mapping:
- 将连接分支1的Swith1的下行接口划分到VLAN10,将连接分支2的Swith6的下行接口划分到VLAN30。
- 在Switch2和Switch5上配置QinQ,使发往ISP网络的报文带有两层Tag。
- 在ISP网络的边缘设备Switch3、Switch4上部署2 to 2的VLAN Mapping功能,将报文的内、外层VLAN ID映射为ISP允许通过的VLAN ID,实现分支的业务互通。
操作步骤
- 将Switch1、Switch6的下行口划分到指定VLAN,上行口允许VLAN通过
# 配置Switch1。
<HUAWEI> system-view
[~HUAWEI] sysname Switch1
[*HUAWEI] commit
[~Switch1] vlan 10
[*Switch1-vlan10] quit
[*Switch1] interface 10ge 1/0/1
[*Switch1-10GE1/0/1] port default vlan 10
[*Switch1-10GE1/0/1] quit
[*Switch1] interface 10ge 1/0/2
[*Switch1-10GE1/0/2] port link-type trunk
[*Switch1-10GE1/0/2] port trunk allow-pass vlan 10
[*Switch1-10GE1/0/2] quit
[*Switch1] commit
# 配置Switch6。
<HUAWEI> system-view
[~HUAWEI] sysname Switch6
[*HUAWEI] commit
[~Switch6] vlan 30
[*Switch6-vlan30] quit
[*Switch6] interface 10ge 1/0/1
[*Switch6-10GE1/0/1] port default vlan 30
[*Switch6-10GE1/0/1] quit
[*Switch6] interface 10ge 1/0/2
[*Switch6-10GE1/0/2] port link-type trunk
[*Switch6-10GE1/0/2] port trunk allow-pass vlan 30
[*Switch6-10GE1/0/2] quit
[*Switch6] commit
- 在Switch2和Switch5上配置QinQ,使发往ISP网络的报文带有两层Tag
# 在Switch2上配置接口10GE1/0/1的类型为QinQ,10GE1/0/1的外层Tag为VLAN20。
<HUAWEI> system-view
[~HUAWEI] sysname Switch2
[*HUAWEI] commit
[~Switch2] vlan 20
[*Switch2-vlan20] quit
[*Switch2] interface 10ge 1/0/1
[*Switch2-10GE1/0/1] port link-type dot1q-tunnel
[*Switch2-10GE1/0/1] port default vlan 20
[*Switch2-10GE1/0/1] quit
[*Switch2] interface 10ge 1/0/2
[*Switch2-10GE1/0/2] port link-type trunk
[*Switch2-10GE1/0/2] port trunk allow-pass vlan 20
[*Switch2-10GE1/0/2] quit
[*Switch2] commit
# 在Switch5上配置接口10GE1/0/1的类型为QinQ,10GE1/0/1的外层Tag为VLAN40。
<HUAWEI> system-view
[~HUAWEI] sysname Switch5
[*HUAWEI] commit
[~Switch5] vlan 40
[*Switch5-vlan40] quit
[*Switch5] interface 10ge 1/0/1
[*Switch5-10GE1/0/1] port link-type dot1q-tunnel
[*Switch5-10GE1/0/1] port default vlan 40
[*Switch5-10GE1/0/1] quit
[*Switch5] interface 10ge 1/0/2
[*Switch5-10GE1/0/2] port link-type trunk
[*Switch5-10GE1/0/2] port trunk allow-pass vlan 40
[*Switch5-10GE1/0/2] quit
[*Switch5] commit
- 在Switch3和Switch4上配置VLAN Mapping
# 配置Switch3。
<HUAWEI> system-view
[~HUAWEI] sysname Switch3
[*HUAWEI] commit
[~Switch3] vlan batch 50
[*Switch3] interface 10ge 1/0/1
[*Switch3-10GE1/0/1] port link-type trunk
[*Switch3-10GE1/0/1] port trunk allow-pass vlan 50
[*Switch3-10GE1/0/1] port vlan-mapping vlan 20 inner-vlan 10 map-vlan 50 map-inner-vlan 60
[*Switch3-10GE1/0/1] quit
[*Switch3] interface 10ge 1/0/2
[*Switch3-10GE1/0/2] port link-type trunk
[*Switch3-10GE1/0/2] port trunk allow-pass vlan 50
[*Switch3-10GE1/0/2] quit
[*Switch3] commit
# 配置Switch4。
<HUAWEI> system-view
[~HUAWEI] sysname Switch4
[*HUAWEI] commit
[~Switch4] vlan batch 50
[*Switch4] interface 10ge 1/0/1
[*Switch4-10GE1/0/1] port link-type trunk
[*Switch4-10GE1/0/1] port trunk allow-pass vlan 50
[*Switch4-10GE1/0/1] port vlan-mapping vlan 40 inner-vlan 30 map-vlan 50 map-inner-vlan 60
[*Switch4-10GE1/0/1] quit
[*Switch4] interface 10ge 1/0/2
[*Switch4-10GE1/0/2] port link-type trunk
[*Switch4-10GE1/0/2] port trunk allow-pass vlan 50
[*Switch4-10GE1/0/2] quit
[*Switch4] commit
- 验证配置结果
将分支1的Server1和分支2的Server2配置在同一个网段,比如配置分支1的Server1的IP地址为172.16.0.5/16,配置分支2的Server2的IP地址为172.16.0.6/16,分支1和分支2可以互通。以分支1的Server1 ping分支2的Server2的显示为例。
<Server1> ping 172.16.0.6
Pinging 172.16.0.6 with 32 bytes of data:
Reply from 172.16.0.6: bytes=32 time<1ms TTL=128
Reply from 172.16.0.6: bytes=32 time<1ms TTL=128
Reply from 172.16.0.6: bytes=32 time<1ms TTL=128
Reply from 172.16.0.6: bytes=32 time<1ms TTL=128
Ping statistics for 172.16.0.6:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms?
