ADCAMPUS LEAF初始配置(DR2000)

本配置适用于应用驱动园区 DR2000 ADCAM 7.3(E0506H02)版本

1.指定设备为LEAF设备

vcf-fabric role leaf

2.创建VLAN1和VLAN4094,并创建管理地址。VLAN1为管理网段,VLAN4094为SDN下发策略网段。

vlan 1
vlan 4094
int vlan1
ip add xxx.xxx.xxx.xxx

3.配置vlan三层虚接口,用于和SPINE互通。此处规划使用vlan4089

vlan 4089
description LEAF互通
int vlan4089
ip add xxx.xxx.xxx.xxx 30

4.配置LOOKBACK接口,作为router id

int lookback0
ip add xxx.xxx.xxx.xxx 32

5.配置OSPF

ospf 1 
graceful-restart ietf                                                                                                                    
  area 0.0.0.0                                                                   
 	network xxx.xxx.xxx.xxx 0.0.0.0                                                       
  	network xxx.xxx.xxx.xxx 0.0.0.0

6.配置BGP EVPN

bgp 100
 graceful-restart                                                               
 router-id xxx.xxx.xxx.xxx                                                              
 peer xxx.xxx.xxx.xxx as-number 100                                                     
 peer xxx.xxx.xxx.xxx connect-interface LoopBack0                                                                                                                 
 address-family l2vpn evpn                                                      
   peer xxx.xxx.xxx.xxx enable

7.使能L2VPN

l2vpn enable

8.配置vpn-default、VSI vxlan4094、VSI虚接口IP地址以及L3 VNI,并在下行AC口(连接Access设备的接口)上配置服务实例(绑定vsi vxlan4094),用完成控制通道的连通。

#
ip vpn-instance vpn-default
 route-distinguisher 1:1
 vpn-target 1:1 import-extcommunity
 vpn-target 1:1 export-extcommunity
 #
 address-family evpn
  vpn-target 1:1 import-extcommunity
  vpn-target 1:1 export-extcommunity
#                                                                                            
# 配置vsi虚接口4094的IP地址。 
interface Vsi-interface4094
  ip binding vpn-instance vpn-default                                            
  ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
local-proxy-arp enable
#
# 配置三层转发用的vsi接口以及L3 VNI
# ip address unnumbered 命令用来配置本接口借用指定接口的IP地址,当vpn-default下创建安全组时,三层转发指定发送报文的源ip为vsi4094的接口ip
interface Vsi-interface4092
 ip binding vpn-instance vpn-default 
ip address unnumbered interface Vsi-interface 4094 
l3-vni 4092   
# 配置vsi vxlan4094实例
#
vsi vsi4094
 gateway vsi-interface 4094
 vxlan 4094
 evpn encapsulation vxlan
  mac-advertising disable
  route-distinguisher auto
  vpn-target auto export-extcommunity
  vpn-target auto import-extcommunity
 dhcp snooping trust tunnel
#

8.配置LLDP,用于确定拓扑关系

lldp global enable 

9.配置STP

#
 stp instance 0 root secondary
 undo stp vlan 2 to 4094 enable
 stp mode pvst
 stp global enable
#

10.配置SNMP、NETCONF

# 配置SNMP,下面的配置为默认配置,SNMP团体字根据实际情况配置
snmp-agent                                                                                                                                                                                                   
snmp-agent community write private                                                                                                 
snmp-agent community read public                                                                                                   
snmp-agent sys-info version all    
snmp-agent packet max-size 4096                                                                                                
#
#NETCONF配置                                                                                                                            
netconf soap http enable                                                                                                           
netconf soap https enable    
#                                

11.配置本地用户local-user h3c,为后续Director连接设备时使用。

# Director中的需要设置的NETCONF参数与此处设置的用户名、密码相同
local-user h3c class manage   // h3c为创建的用户名                                                   
 password simple h3c   // h3c为设置的密码
service-type ftp                                                               
 service-type telnet http https ssh                                     
 authorization-attribute user-role network-admin                                
 authorization-attribute user-role network-operator                             
# 

12.配置telnet用户名密码(此处可在初始配置,如具体telnet连通功能可不配置)

# Director中的需要设置的Telent参数与此处设置的用户名、密码相同                                                                              
# 若Director中不设置Telent密码,该处可以不用设置
 telnet server enable                                                           
#
line vty 0 63                                                                   
 authentication-mode scheme                                                     
 user-role network-admin                                                        
 user-role network-operator                                                     
# 设置Telent的用户名、密码为admin、admin                                                                                                                                                          
local-user admin class manage                                                   
 password simple admin
 service-type telnet http https ssh                                             
 authorization-attribute user-role network-admin                                
 authorization-attribute user-role network-operator                             
#                     

13.检查配置

上述配置完成后,分别检查配置成功情况。包括vsi-interface 4092,4094接口up
[s75exs]dis int Vsi-interface brief                                             
Brief information on interfaces in route mode:                                  
Link: ADM - administratively down; Stby - standby                               
Protocol: (s) - spoofing                                                        
Interface            Link Protocol Primary IP      Description                  
Vsi4092              UP   UP       --                                           
Vsi4094              UP   UP       110.0.5.110                                  
                                                                                
[s75exs]dis l2vpn vsi                                                                                                            
Total number of VSIs: 2, 1 up, 1 down, 0 admin down                                                                                 
                                                                                                                                   
VSI Name                        VSI Index       MTU    State                                                                        
4094                            0               1500   Up                                                                           
Auto_L3VNI4092_4092             1             1500   Down   //自动生成

14.关闭vxlan tunnel的mac地址学习和arp学习

#关闭vxlan tunnel的arp学习                                                                              
vxlan tunnel arp-learning disable                                               
#
# 关闭vxlan tunnel的mac地址学习                                                                              
vxlan tunnel mac-learning disable                                              
#

15.开启远端同步arp表项不下驱动功能

#为节约硬件资源,EVPN远端arp同步过来的表项,默认不下驱动硬件,有流量触发的时候才下发
#目前只有S5560设备支持
ip forwarding-conversational-learning
#流量停止,硬件表项老化删除的默认老化时间为60分钟,通过以下命令可以进行设置
[S5560X]ip forwarding-conversational-learning aging ?                           
  INTEGER<60-1440>  Aging time in (minutes)                                     
[S5560X]

16.SPINE设备配置

在已经存在的环境中,添加LEAF结点只需要配置BGP100即可。

bgp 100
peer 30.0.0.17 as-number 100
peer 30.0.0.17 connect-interface LoopBack0
address-family l2vpn evpn
peer 30.0.0.17 enable
peer 30.0.0.17 reflect-client

17.将LEAF的下行接口配置为TRUNK

18.配置完毕

点赞