在Catalyst 2层交换机和2948G-L3/4908G-L3交换机之间的EtherChannel和Trunking配置示例
目录
简介
本文描述Catalyst 2950和Catalyst 2948G-L3交换机之间的以太网信道设置和802.1q 中继。根据用于接口或端口形成以太网信道的速度,以太网信道被称为快速以太网信道(FEC)或吉比特以太网信道 (GEC)。
注意:Catalyst 2950交换机仅支持802.1Q中继,不支持交换机间链路协议(ISL)中继。Catalyst 2948G-L3和Catalyst 4908G-L3交换机共用同一个软件镜像,因此用于本文的Catalyst 2948G-L3配置也适用于Catalyst 4908G-L3交换机。
在此配置示例中,Catalyst 2950交换机上的2个快速以太网接口,被捆绑到配有Catalyst 2948G-L3交换机的2个快速以太网接口的FEC。FEC、GEC、端口通道和通道组在本文档中指EtherChannel。
开始使用前
规则
有关文档规则的详细信息,请参阅 Cisco 技术提示规则。
先决条件
本文描述交换机提供的示例配置和相关show命令输出。关于各别的交换机的详细资料和特定警告或者指南,参见以下文件:
-
Catalyst 2950交换机配置EtherChannel
-
Catalyst 2950交换机配置VLAN中继
使用的组件
本文档中的信息基于以下软件和硬件版本。
-
运行Cisco IOS®软件12.0(14)W5(20)的Catalyst 2948G-L3交换机
-
运行Cisco IOS软件12.1(12c)EA1的Catalyst 2950交换机
本文档中的信息都是基于特定实验室环境中的设备创建的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您是在真实网络上操作,请确保您在使用任何命令前已经了解其潜在影响。
背景理论
从配置角度看,Catalyst 2948G-L3交换机是路由器。它使用Cisco IOS命令行,默认情况下,所有接口都是路由接口。
默认情况下,Catalyst 2948G-L3交换机不扩展VLAN。因为所有接口是路由接口,所以每个接口必须属于不同的网络或子网。如果您希望两个或多个接口属于相同子网,在这些接口上需要配置桥接。
Catalyst 2948G-L3交换机不支持其他Catalyst交换机上发现的协商协议,例如VLAN中继协议(VTP)、动态中继协议(DTP)和端口侵略协议(PAgP)。 我们建议这些协议在连接到Catalyst 2948G-L3交换机的Catalyst 2950接口上是关闭的。
在Catalyst 2948G-L3交换机上,在中继上的本地VLAN收的所有数据流在软件中被路由。这意味着流量被发送到CPU。当很大量数据流在此VLAN上发送时,会引起Catalyst 2948G-L3交换机上的高CPU负荷,并对网络性能具有负面影响。建议创建假的VLAN (例如VLAN 99),这种VLAN可以用作中继线的本地VLAN。所有用户数据流在其他VLAN中发送并在硬件中路由,从而实现更好的性能。
配置
本部分提供有关如何配置本文档所述功能的信息。
注:要查找有关本文档中使用的命令的其他信息,请使用命令查找工具(仅注册客户)。
创建端口信道
当配置以太网信道时,建议您通过遵从下面的步骤创建一条端口信道。这将避免在配置过程中生成树协议(STP)可能出现的问题。如果一端在另一边配置为信道之前配置为信道,会出现STP循环。因此,交换机可以将环路中涉及的接口置于Errordisabled状态。以下步骤是此特定配置方案的指导原则。
在Catalyst 2948G-L3交换机上:
-
配置将在端口信道中的接口在管理 shut down模式。
-
创建端口通道(通道组)。 端口信道运载不同的VLAN,因此为中继上存在的每个VLAN创建一个子接口。在802.1q中继线上,中继线上传输的所有信息包都被加上标签,但本地VLAN上数据流除外。因此,您需要通过在末端放置关键字"本地"来区分与本地VLAN相应的子接口。如前所述,最好使用没有用户数据流的虚拟VLAN。
-
默认情况下,Catalyst 2948G-L3交换机具有所有路由端口。2948G-L3中的能够与2950上不同VLAN连接的端口,您必须执行桥接。属于同一VLAN(网络或子网)的接口(和子接口)必须配置为属于同一网桥组。要在这些不同的网桥组之间路由,必须启用集成路由和桥接(IRB)。
在Catalyst 2950交换机上:
-
配置将属于中继线信道的接口,并确定DTP处于关闭状态。这是通过在物理接口上发出switchport nonegotiate命令来完成的。在VLAN数据库中配置假的VLAN (本例中的VLAN 99),该VLAN在中继线中将用作本地VLAN。除非另有说明,否则802.1Q中继上的本征VLAN是VLAN 1。您需要在两个接口上指定将VLAN 99用作本征VLAN。这是通过在物理接口上发出switchport trunk native vlan 99 命令来完成的。
-
创建端口信道并且是确保设置信道模式至打开状态(这就关闭了PAgP)。
-
通过发出no shut命令,重新启用以前在Catalyst 2948G-L3交换机上禁用的接口。
网络图
本文档使用下图所示的网络设置。
配置
本文档使用如下所示的配置。
| Catalyst 2948G-L3 |
|---|
2948G-L3#show run !--- The following configuration shows how to configure Catalyst 2948G-L3 !--- for bridging and connect to a Catalyst 2950 with 802.1Q trunking !--- over EtherChannel. For configuring interVLAN-routing on Catalyst !--- 2948G-L3, refer to Catalyst 2948G-L3 Sample Configurations. Building configuration... Current configuration: ! ! version 12.0 no service pad service timestamps debug uptime service timestamps log datetime no service password-encryption ! hostname 2948G-L3 ! ! ip subnet-zero ! !--- Enable IRB when routing between different !--- bridge groups is needed. bridge irb ! !--- Configure a logical interface for the EtherChannel. interface Port-channel1 no ip address no ip directed-broadcast hold-queue 300 in ! !--- Create a subinterface for each VLAN on the port channel. ! interface Port-channel1.1 !--- Specify the encapsulation and VLAN number. encapsulation dot1Q 1 no ip redirects no ip directed-broadcast !--- Add the subinterface to the appropriate bridge group. !--- All the interfaces (and subinterfaces) that belong to the !--- same VLAN (network or subnet) should be configured to fall !--- in the same bridge group. bridge-group 1 ! !--- Configure a subinterface for the second VLAN. !--- This procedure must be repeated for every VLAN. ! interface Port-channel1.2 encapsulation dot1Q 2 no ip redirects no ip directed-broadcast bridge-group 2 ! !--- Configure a subinterface for the native VLAN. ! interface Port-channel1.99 encapsulation dot1Q 99 native no ip redirects no ip directed-broadcast !--- Note in this case you do not put any bridge group !--- statements under this subinterface. A dummy VLAN has been chosen !--- as the native VLAN on which you do not put any traffic, !--- so there is no need to have this routed. ! interface FastEthernet1 no ip address no ip directed-broadcast !--- Configure the port to channel 1. channel-group 1 ! interface FastEthernet2 no ip address no ip directed-broadcast !--- Configure the port to channel 1. channel-group 1 ! interface FastEthernet3 no ip address no ip directed-broadcast !--- The device connected on this interface belongs !--- to the same subnet (VLAN 1) as subinterface 1 on !--- the port channel, so this interface has to be added to !--- bridge-group 1. bridge-group 1 ! !--- If there are any other interfaces that belong to !--- the same VLAN (subnet), they all have to be added to !--- the respective bridge group. ( .... Output is suppressed) ! ! ! a routed interface for bridge-group 1 interface BVI1 ip address 1.1.1.1 255.255.255.0 no ip directed-broadcast no ip route-cache cef ! ! a routed interface for bridge-group 2 interface BVI2 ip address 2.2.2.1 255.255.255.0 no ip directed-broadcast no ip route-cache cef ! ip classless ! ! bridge 1 protocol ieee command enables bridging using the IEEE 802.1d spanning-tree bridge 1 protocol ieee ! The bridge 1 route ip command specifies that IP will be routed bridge 1 route ip ! bridge 2 protocol ieee command enables bridging using the IEEE 802.1d spanning-tree bridge 2 protocol ieee ! bridge 2 route ip command specifies that IP will be routed bridge 2 route ip ! line con 0 transport input none line aux 0 line vty 0 4 login ! end |
| Catalyst 2950 |
|---|
5-2950-24##show run Building configuration... Current configuration : 1986 bytes ! version 12.1 no service single-slot-reload-enable no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 5-2950-24# ! ! ! !--- VLAN 2 is created for this lab set up, !--- and VLAN 1 is created by default. vlan 2 ip subnet-zero !--- For information on VTP, refer to !--- Understanding and Configuring VLAN Trunk Protocol (VTP) vtp domain cisco vtp mode transparent ! spanning-tree extend system-id ! !--- A logical port-channel interface is automatically created !--- when ports are grouped into a channel group. ! interface Port-channel1 !--- The switchport trunk native vlan 99 command is !--- issued on the Fast Ethernet interface. switchport trunk native vlan 99 !--- The switchport mode trunk command is !--- issued on the Fast Ethernet interface. switchport mode trunk !-- The switchport nonegotiate command is !--- issued on the Fast Ethernet interface. switchport nonegotiate no ip address flowcontrol send off ! interface FastEthernet0/1 !--- Configure the port to be in trunking mode. switchport mode trunk !--- Configure a dummy VLAN as the native VLAN. !--- For this example, VLAN 99 is used. switchport trunk native vlan 99 !--- Disable the DTP negotiation on this interface !--- (the Catalyst 2948G-L3 switch does not support these frames). switchport nonegotiate no ip address !--- Configure the port to channel without PAgP. channel-group 1 mode on ! interface FastEthernet0/2 !--- Configure the port to be in trunking mode. switchport mode trunk !--- Configure a dummy VLAN as the native VLAN. !--- For this example, VLAN 99 is used. switchport trunk native vlan 99 !--- Disable the DTP negotiation on this interface !--- (the Catalyst 2948G-L3 switch does not support these frames). switchport nonegotiate no ip address !--- Configure the port to channel without PAgP. channel-group 1 mode on ! interface FastEthernet0/3 !--- The PC2 on this interface belongs to VLAN 2. switchport access vlan 2 switchport mode access no ip address !--- On the userports, enable portfast to increase !--- the STP convergence time. spanning-tree portfast ! ( .... Output is suppressed) ! interface Vlan1 ip address 1.1.1.2 255.255.255.0 no ip route-cache ! ip http server ! ! line con 0 line vty 5 15 ! end |
验证
此部分提供您能使用确认您的配置正常工作的信息。
命令输出解释程序工具(仅限注册用户)支持某些 show 命令,使用此工具可以查看对 show 命令输出的分析。
用于 Catalyst 2950 的 show 命令
以下show命令验证了用于Catalyst 2950 交换机的配置。(如下面的输出所示)。
5-2950-24##show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24, Gi0/1, Gi0/2
2 VLAN0002 active Fa0/3
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
5-2950-24##show interfaces port-channel 1 trunk
Port Mode Encapsulation Status Native vlan
Po1 on 802.1q trunking 99
Port Vlans allowed on trunk
Po1 1-4094
Port Vlans allowed and active in management domain
Po1 1-2
Port Vlans in spanning tree forwarding state and not pruned
Po1 1-2
5-2950-24##show interface port-channel 1
Port-channel1 is up, line protocol is up
Hardware is EtherChannel, address is 0005.7428.0e02 (bia 0005.7428.0e02)
MTU 1500 bytes, BW 200000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Full-duplex, 100Mb/s
input flow-control is off, output flow-control is off
Members in this channel: Fa0/1 Fa0/2
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 25000 bits/sec, 39 packets/sec
5 minute output rate 39000 bits/sec, 59 packets/sec
11609 packets input, 955786 bytes, 0 no buffer
Received 11590 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 11583 multicast, 0 pause input
0 input packets with dribble condition detected
17396 packets output, 1442093 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
5-2950-24##show interface port-channel 1 switchport
Name: Po1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 99 (Inactive)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Protected: false
Voice VLAN: none (Inactive)
Appliance trust: none
5-2950-24##show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
5-2948G-L3 Fas 0/1 144 R T Cat2948G Port-channe1
5-2948G-L3 Fas 0/2 178 R T Cat2948G Fas 2
5-2948G-L3 Fas 0/1 178 R T Cat2948G Fas 1
PC2#ping 1.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
用于 Catalyst 2948G-L3 的 show 命令
以下show命令验证了用于Catalyst 2948-L3 交换机的配置。(如下面的输出所示)。
5-2948G-L3#show interfaces port-channel 1
Port-channel1 is up, line protocol is up
Hardware is FEChannel, address is 0001.43ff.1407 (bia 0000.0000.0000)
MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
Half-duplex, Unknown Speed, Media type unknown
ARP type: ARPA, ARP Timeout 04:00:00
No. of active members in this channel: 2
Member 0 : FastEthernet1
Member 1 : FastEthernet2
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/300, 0 drops
5 minute input rate 2000 bits/sec, 4 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec
27033 packets input, 2083710 bytes, 0 no buffer
Received 6194 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 watchdog, 0 multicast
0 input packets with dribble condition detected
12808 packets output, 1945983 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
5-2948G-L3#show vlan
Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interfaces: GigabitEthernet49
GigabitEthernet50.1
Port-channel1.1
This is configured as native Vlan for the following interface(s) :
GigabitEthernet49
GigabitEthernet50
Protocols Configured: Address: Received: Transmitted:
IP 10.10.10.1 0 0
Bridging Bridge Group 1 3418 5
Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interfaces: GigabitEthernet50.2
Port-channel1.2
Protocols Configured: Address: Received: Transmitted:
IP 20.20.20.1 0 0
Bridging Bridge Group 2 3952 9
Virtual LAN ID: 21 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interface: GigabitEthernet49.1
Protocols Configured: Address: Received: Transmitted:
Virtual LAN ID: 99 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interface: Port-channel1.99
This is configured as native Vlan for the following interface(s) :
Port-channel1
Protocols Configured: Address: Received: Transmitted:
5-2948G-L3#show spanning-tree
Bridge group 1 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 0001.43ff.1409
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
bridge aging time 300
Port 6 (FastEthernet3) of Bridge group 1 is forwarding
Port path cost 19, Port priority 128
Designated root has priority 32768, address 0001.43ff.1409
Designated bridge has priority 32768, address 0001.43ff.1409
Designated port is 6, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 4107, received 2
Port 58 (Port-channel1.1 DOT1Q) of Bridge group 1 is forwarding
Port path cost 12, Port priority 128
Designated root has priority 32768, address 0001.43ff.1409
Designated bridge has priority 32768, address 0001.43ff.1409
Designated port is 58, path cost 0
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 5240, received 502
Bridge group 2 is executing the IEEE compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 0000.0c00.d08c
Configured hello time 2, max age 20, forward delay 15
Current root has priority 0, address 0010.0db1.804f
Root port is 59 (Port-channel1.2), cost of root path is 50
Topology change flag not set, detected flag not set
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
bridge aging time 300
Port 59 (Port-channel1.2 DOT1Q) of Bridge group 2 is forwarding
Port path cost 12, Port priority 128
Designated root has priority 0, address 0010.0db1.804f
Designated bridge has priority 32770, address 0005.7428.0e00
Designated port is 65, path cost 38
Timers: message age 3, forward delay 0, hold 0
BPDU: sent 1790, received 3964
PC1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
故障排除
目前没有针对此配置的故障排除信息。
反馈