ADCAMPUS LEAF初始配置（DR2000）

2019年1月14日 2860点热度 2人点赞 0条评论

本配置适用于应用驱动园区 DR2000 ADCAM 7.3(E0506H02)版本

1.指定设备为LEAF设备

vcf-fabric role leaf

1	vcf-fabric role leaf

2.创建VLAN1和VLAN4094,并创建管理地址。VLAN1为管理网段，VLAN4094为SDN下发策略网段。

vlan 1
vlan 4094
int vlan1
ip add xxx.xxx.xxx.xxx

vlan 1

vlan 4094

int vlan1

ip add xxx.xxx.xxx.xxx

3.配置vlan三层虚接口，用于和SPINE互通。此处规划使用vlan4089

vlan 4089
description LEAF互通
int vlan4089
ip add xxx.xxx.xxx.xxx 30

vlan 4089

description LEAF互通

int vlan4089

ip add xxx.xxx.xxx.xxx 30

4.配置LOOKBACK接口，作为router id

int lookback0
ip add xxx.xxx.xxx.xxx 32

1 2	int lookback0 ip add xxx.xxx.xxx.xxx 32

5.配置OSPF

ospf 1 
graceful-restart ietf                                                                                                                    
  area 0.0.0.0                                                                   
 	network xxx.xxx.xxx.xxx 0.0.0.0                                                       
  	network xxx.xxx.xxx.xxx 0.0.0.0

ospf 1

graceful-restart ietf

area 0.0.0.0

network xxx.xxx.xxx.xxx 0.0.0.0

6.配置BGP EVPN

bgp 100
 graceful-restart                                                               
 router-id xxx.xxx.xxx.xxx                                                              
 peer xxx.xxx.xxx.xxx as-number 100                                                     
 peer xxx.xxx.xxx.xxx connect-interface LoopBack0                                                                                                                 
 address-family l2vpn evpn                                                      
   peer xxx.xxx.xxx.xxx enable

bgp 100

graceful-restart

router-id xxx.xxx.xxx.xxx

peer xxx.xxx.xxx.xxx as-number 100

peer xxx.xxx.xxx.xxx connect-interface LoopBack0

address-family l2vpn evpn

peer xxx.xxx.xxx.xxx enable

7.使能L2VPN

l2vpn enable

8.配置vpn-default、VSI vxlan4094、VSI虚接口IP地址以及L3 VNI，并在下行AC口（连接Access设备的接口）上配置服务实例（绑定vsi vxlan4094），用完成控制通道的连通。

#
ip vpn-instance vpn-default
 route-distinguisher 1:1
 vpn-target 1:1 import-extcommunity
 vpn-target 1:1 export-extcommunity
 #
 address-family evpn
  vpn-target 1:1 import-extcommunity
  vpn-target 1:1 export-extcommunity
#                                                                                            
# 配置vsi虚接口4094的IP地址。 
interface Vsi-interface4094
  ip binding vpn-instance vpn-default                                            
  ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
local-proxy-arp enable
#
# 配置三层转发用的vsi接口以及L3 VNI
# ip address unnumbered 命令用来配置本接口借用指定接口的IP地址，当vpn-default下创建安全组时，三层转发指定发送报文的源ip为vsi4094的接口ip
interface Vsi-interface4092
 ip binding vpn-instance vpn-default 
ip address unnumbered interface Vsi-interface 4094 
l3-vni 4092   
# 配置vsi vxlan4094实例
#
vsi vsi4094
 gateway vsi-interface 4094
 vxlan 4094
 evpn encapsulation vxlan
  mac-advertising disable
  route-distinguisher auto
  vpn-target auto export-extcommunity
  vpn-target auto import-extcommunity
 dhcp snooping trust tunnel
#

ip vpn-instance vpn-default

route-distinguisher 1:1

vpn-target 1:1 import-extcommunity

vpn-target 1:1 export-extcommunity

address-family evpn

vpn-target 1:1 import-extcommunity

vpn-target 1:1 export-extcommunity

# 配置vsi虚接口4094的IP地址。

interface Vsi-interface4094

ip binding vpn-instance vpn-default

ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

local-proxy-arp enable

# 配置三层转发用的vsi接口以及L3 VNI

# ip address unnumbered 命令用来配置本接口借用指定接口的IP地址，当vpn-default下创建安全组时，三层转发指定发送报文的源ip为vsi4094的接口ip

interface Vsi-interface4092

ip binding vpn-instance vpn-default

ip address unnumbered interface Vsi-interface 4094

l3-vni 4092

# 配置vsi vxlan4094实例

vsi vsi4094

gateway vsi-interface 4094

vxlan 4094

evpn encapsulation vxlan

mac-advertising disable

route-distinguisher auto

vpn-target auto export-extcommunity

vpn-target auto import-extcommunity

dhcp snooping trust tunnel

8.配置LLDP，用于确定拓扑关系

lldp global enable

1	lldp global enable

9.配置STP

#
 stp instance 0 root secondary
 undo stp vlan 2 to 4094 enable
 stp mode pvst
 stp global enable
#

stp instance 0 root secondary

undo stp vlan 2 to 4094 enable

stp mode pvst

stp global enable

10.配置SNMP、NETCONF

# 配置SNMP，下面的配置为默认配置，SNMP团体字根据实际情况配置
snmp-agent                                                                                                                                                                                                   
snmp-agent community write private                                                                                                 
snmp-agent community read public                                                                                                   
snmp-agent sys-info version all    
snmp-agent packet max-size 4096                                                                                                
#
#NETCONF配置                                                                                                                            
netconf soap http enable                                                                                                           
netconf soap https enable    
#

# 配置SNMP，下面的配置为默认配置，SNMP团体字根据实际情况配置

snmp-agent

snmp-agent community write private

snmp-agent community read public

snmp-agent sys-info version all

snmp-agent packet max-size 4096

#NETCONF配置

netconf soap http enable

netconf soap https enable

11.配置本地用户local-user h3c，为后续Director连接设备时使用。

# Director中的需要设置的NETCONF参数与此处设置的用户名、密码相同
local-user h3c class manage   // h3c为创建的用户名                                                   
 password simple h3c   // h3c为设置的密码
service-type ftp                                                               
 service-type telnet http https ssh                                     
 authorization-attribute user-role network-admin                                
 authorization-attribute user-role network-operator                             
#

# Director中的需要设置的NETCONF参数与此处设置的用户名、密码相同

local-user h3c class manage // h3c为创建的用户名

password simple h3c // h3c为设置的密码

service-type ftp

service-type telnet http https ssh

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

12.配置telnet用户名密码（此处可在初始配置，如具体telnet连通功能可不配置）

# Director中的需要设置的Telent参数与此处设置的用户名、密码相同                                                                              
# 若Director中不设置Telent密码，该处可以不用设置
 telnet server enable                                                           
#
line vty 0 63                                                                   
 authentication-mode scheme                                                     
 user-role network-admin                                                        
 user-role network-operator                                                     
# 设置Telent的用户名、密码为admin、admin                                                                                                                                                          
local-user admin class manage                                                   
 password simple admin
 service-type telnet http https ssh                                             
 authorization-attribute user-role network-admin                                
 authorization-attribute user-role network-operator                             
#

# Director中的需要设置的Telent参数与此处设置的用户名、密码相同

# 若Director中不设置Telent密码，该处可以不用设置

telnet server enable

line vty 0 63

authentication-mode scheme

user-role network-admin

user-role network-operator

# 设置Telent的用户名、密码为admin、admin

local-user admin class manage

password simple admin

service-type telnet http https ssh

authorization-attribute user-role network-admin

authorization-attribute user-role network-operator

13.检查配置

上述配置完成后，分别检查配置成功情况。包括vsi-interface 4092，4094接口up
[s75exs]dis int Vsi-interface brief                                             
Brief information on interfaces in route mode:                                  
Link: ADM - administratively down; Stby - standby                               
Protocol: (s) - spoofing                                                        
Interface            Link Protocol Primary IP      Description                  
Vsi4092              UP   UP       --                                           
Vsi4094              UP   UP       110.0.5.110                                  
                                                                                
[s75exs]dis l2vpn vsi                                                                                                            
Total number of VSIs: 2, 1 up, 1 down, 0 admin down                                                                                 
                                                                                                                                   
VSI Name                        VSI Index       MTU    State                                                                        
4094                            0               1500   Up                                                                           
Auto_L3VNI4092_4092             1             1500   Down   //自动生成

上述配置完成后，分别检查配置成功情况。包括vsi-interface 4092，4094接口up

[s75exs]dis int Vsi-interface brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Primary IP Description

Vsi4092 UP UP --

Vsi4094 UP UP 110.0.5.110

[s75exs]dis l2vpn vsi

Total number of VSIs: 2, 1 up, 1 down, 0 admin down

VSI Name VSI Index MTU State

4094 0 1500 Up

Auto_L3VNI4092_4092 1 1500 Down //自动生成

14.关闭vxlan tunnel的mac地址学习和arp学习

#关闭vxlan tunnel的arp学习                                                                              
vxlan tunnel arp-learning disable                                               
#
# 关闭vxlan tunnel的mac地址学习                                                                              
vxlan tunnel mac-learning disable                                              
#

#关闭vxlan tunnel的arp学习

vxlan tunnel arp-learning disable

# 关闭vxlan tunnel的mac地址学习

vxlan tunnel mac-learning disable

15.开启远端同步arp表项不下驱动功能

#为节约硬件资源，EVPN远端arp同步过来的表项，默认不下驱动硬件，有流量触发的时候才下发
#目前只有S5560设备支持
ip forwarding-conversational-learning
#流量停止，硬件表项老化删除的默认老化时间为60分钟，通过以下命令可以进行设置
[S5560X]ip forwarding-conversational-learning aging ?                           
  INTEGER<60-1440>  Aging time in (minutes)                                     
[S5560X]

#为节约硬件资源，EVPN远端arp同步过来的表项，默认不下驱动硬件，有流量触发的时候才下发

#目前只有S5560设备支持

ip forwarding-conversational-learning

#流量停止，硬件表项老化删除的默认老化时间为60分钟，通过以下命令可以进行设置

[S5560X]ip forwarding-conversational-learning aging ?

INTEGER<60-1440> Aging time in (minutes)

[S5560X]

16.SPINE设备配置

在已经存在的环境中，添加LEAF结点只需要配置BGP100即可。

bgp 100
peer 30.0.0.17 as-number 100
peer 30.0.0.17 connect-interface LoopBack0
address-family l2vpn evpn
peer 30.0.0.17 enable
peer 30.0.0.17 reflect-client

bgp 100

peer 30.0.0.17 as-number 100

peer 30.0.0.17 connect-interface LoopBack0

address-family l2vpn evpn

peer 30.0.0.17 enable

peer 30.0.0.17 reflect-client

17.将LEAF的下行接口配置为TRUNK

18.配置完毕

本作品采用知识共享署名 4.0 国际许可协议进行许可