User Tools

Site Tools


qnote:huawei

Быстрые заметки по Huawei

Собрать диагностическую информацию

В TAC иногда просять предоставить диагностическую информацию, что бы ее собрать, на коммутаторе надо дать команду “display diagnostic-information some_file_name.txt”.

<sw21>dis diagnostic-information sw21-dis-diag-20200206.txt    
Now saving the diagnostic information to the device
 100% 
Info: The diagnostic information was saved to the device successfully.

Файл с информацией будет на “flash:”, его надо забрать по scp\sftp.

Процесс сбора занимает 3-5 минут, на CE6810 порцессор загружался на +10-15% от обычного уровня.

<sw21>dis cpu 
CPU utilization statistics at 2020-02-06 12:25:53 482 ms
System CPU Using Percentage :  33%
CPU utilization for five seconds: 33%, one minute: 29%, five minutes: 22%.
Max CPU Usage :                39%
Max CPU Usage Stat. Time : 2019-11-08 00:39:05 385 ms
State: Non-overload
Overload threshold:  90%, Overload clear threshold:  75%, Duration:  480s
---------------------------
ServiceName  UseRate   
---------------------------
SYSTEM           20%
CMF              13%
AAA               0%
ARP               0%
DEVICE            0%
DNS               0%
EUM               0%
FEA               0%
FEC               0%
FIBRESM           0%
IFM               0%
IP STACK          0%
LDT               0%

dis diagnostic-information sw21-dis-diag-20200206.txt Now saving the diagnostic information to the device 100% Info: The diagnostic information was saved to the device successfully.

Почистить корзину

Поудалял c flash:/ файлы старого софта, но свободного места не прибавилось.
Закачать новый патч не получается.

sftp-client>get CE6810LI-V200R005SPH010.PAT
Remote file: /opt/soft/huawei/CE6810LI-V200R005SPH010.PAT --->  Local file: CE6810LI-V200R005SPH010.PAT
Downloading the file. Please wait...\
Error: Insufficient disk space.
Error: Failed to download the file.
sftp-client>quit
Bye

Надо почистить корзину

<slv-sw21>reset recycle-bin ?      
  STRING<1-255>  [drive][path][file name]
  /f             Delete all files in the recycle-bin
  flash:         Delete files in the recycle bin on flash: file system
  usb:           Delete files in the recycle bin on usb: file system
  <cr>           

<slv-sw21>reset recycle-bin 
Info: Are you sure to clear flash:/CE6810LI-V200R002SPH016.PAT? [Yes/All/No/Cancel]:y
Info: Clearing file flash:/CE6810LI-V200R002SPH016.PAT...Done.
Info: Are you sure to clear flash:/CE6810LI-V200R002SPH022.PAT? [Yes/All/No/Cancel]:y
Info: Clearing file flash:/CE6810LI-V200R002SPH022.PAT...Done.
Info: Are you sure to clear flash:/CE6810LI-V200R002C50SPC800.cc? [Yes/All/No/Cancel]:y
Info: Clearing file flash:/CE6810LI-V200R002C50SPC800.cc...Done.

Удалить пачку вланов

...
#               
vlan batch 10 134 to 135 138 350 to 360 370 410 420
#            
...
[sw21]undo vlan batch 350 to 360 370 410 420
Warning: The configurations of the VLAN will be deleted. Continue? [Y/N]:y
Info: Operating, please wait for a moment......done.

Восстанавливаем конфиг с внешенй usb

<HUAWEI>dir flash:
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName                     
    0  dr-x              -  Oct 11 2019 14:48:26   $_checkpoint                 
    1  dr-x              -  Jan 23 2019 10:45:28   $_install_mod                
    2  dr-x              -  Nov 03 2018 14:55:23   $_license                    
    3  dr-x              -  Oct 11 2019 14:47:58   $_security_info              
    4  dr-x              -  Oct 11 2019 14:57:10   $_system                     
    5  -rw-    128,772,300  Jan 04 2018 10:21:49   CE6810LI-V200R002C50SPC800.cc
    6  -rw-      1,339,283  Nov 03 2018 14:57:13   CE6810LI-V200R002SPH016.PAT  
    7  -rw-      4,206,539  Sep 19 2019 09:50:14   CE6810LI-V200R002SPH022.PAT  
    8  -rw-    135,653,156  Sep 19 2019 10:35:20   CE6810LI-V200R005C10SPC800.cc
    9  -rw-      2,826,131  Sep 19 2019 10:36:08   CE6810LI-V200R005SPH008.PAT  
   10  drwx              -  Nov 03 2018 14:52:09   POST                         
   11  -rw-             97  Nov 03 2018 14:52:12   collect_diag_info.bat        
   12  -rw-         17,086  Oct 11 2019 14:51:52   device.sys                   
   13  drwx              -  Oct 11 2019 14:57:15   logfile                      
   14  -rw-          2,598  Oct 11 2019 13:42:27   vrpcfg-test.zip              
   15  -rw-            907  Oct 11 2019 14:51:51   vrpcfg.zip                   
   16  -rw-          5,914  Mar 04 2019 17:00:29   ztp_20190304165135.log       
   17  -rw-         13,961  Mar 04 2019 16:58:59   ztp_20190304165135.log.1     
   18  -rw-            824  Mar 04 2019 16:54:19   ztp_20190304165135.log.2     

269,168 KB total (11,028 KB free)
<HUAWEI>co	
<HUAWEI>compare	
<HUAWEI>configuration	
<HUAWEI>dir usb:/
Directory of usb:/

  Idx  Attr     Size(Byte)  Date        Time       FileName                     
    0  -rw-        155,216  Apr 21 2014 20:25:28   AFUDOSU.SMC                  
... 
   13  -rw-          2,588  Oct 11 2019 14:27:10   bup-conf.zip                 


1,951,992 KB total (1,899,400 KB free)

<HUAWEI>copy usb:/bup-conf.zip flash:/vrpcfg.zip 
Error: flash:/vrpcfg.zip is protected.
<HUAWEI>copy usb:/bup-conf.zip flash:/vrpcfg-from-bup.zip  
Info: Are you sure to copy usb:/bup-conf.zip to flash:/vrpcfg-from-bup.zip? [Y/N]:y
100%  complete  
Info: Copying file usb:/bup-conf.zip to flash:/vrpcfg-from-bup.zip...Done.
<HUAWEI>dir flash: 
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName                     
    0  dr-x              -  Oct 11 2019 14:58:00   $_checkpoint                 
    1  dr-x              -  Jan 23 2019 10:45:28   $_install_mod                
    2  dr-x              -  Nov 03 2018 14:55:23   $_license                    
    3  dr-x              -  Oct 11 2019 14:47:58   $_security_info              
    4  dr-x              -  Oct 11 2019 14:57:10   $_system                     
    5  -rw-    128,772,300  Jan 04 2018 10:21:49   CE6810LI-V200R002C50SPC800.cc
    6  -rw-      1,339,283  Nov 03 2018 14:57:13   CE6810LI-V200R002SPH016.PAT  
    7  -rw-      4,206,539  Sep 19 2019 09:50:14   CE6810LI-V200R002SPH022.PAT  
    8  -rw-    135,653,156  Sep 19 2019 10:35:20   CE6810LI-V200R005C10SPC800.cc
    9  -rw-      2,826,131  Sep 19 2019 10:36:08   CE6810LI-V200R005SPH008.PAT  
   10  drwx              -  Nov 03 2018 14:52:09   POST                         
   11  -rw-             97  Nov 03 2018 14:52:12   collect_diag_info.bat        
   12  -rw-         17,086  Oct 11 2019 14:51:52   device.sys                   
   13  drwx              -  Oct 11 2019 14:57:15   logfile                      
   14  -rw-          2,588  Oct 11 2019 14:59:01   vrpcfg-from-bup.zip          
   15  -rw-          2,598  Oct 11 2019 13:42:27   vrpcfg-test.zip              
   16  -rw-            907  Oct 11 2019 14:51:51   vrpcfg.zip                   
   17  -rw-          5,914  Mar 04 2019 17:00:29   ztp_20190304165135.log       
   18  -rw-         13,961  Mar 04 2019 16:58:59   ztp_20190304165135.log.1     
   19  -rw-            824  Mar 04 2019 16:54:19   ztp_20190304165135.log.2     

269,168 KB total (11,020 KB free)
<HUAWEI>

<HUAWEI>dis startup
MainBoard:
  Configured startup system software:        flash:/CE6810LI-V200R005C10SPC800.cc
  Startup system software:                   flash:/CE6810LI-V200R005C10SPC800.cc
  Next startup system software:              flash:/CE6810LI-V200R005C10SPC800.cc
  Startup saved-configuration file:          flash:/vrpcfg.zip
  Next startup saved-configuration file:     flash:/vrpcfg.zip
  Startup paf file:                          default
  Next startup paf file:                     default
  Startup patch package:                     flash:/CE6810LI-V200R005SPH008.PAT
  Next startup patch package:                flash:/CE6810LI-V200R005SPH008.PAT
<HUAWEI>sta	
<HUAWEI>startup co	
<HUAWEI>startup sa  
<HUAWEI>startup saved-configuration fl	
<HUAWEI>startup saved-configuration flash:/v	
<HUAWEI>startup saved-configuration flash:/vrpcfg-	
<HUAWEI>startup saved-configuration flash:/vrpcfg-from-bup.zip
Info: Operating, please wait for a moment......done.
Info: Succeeded in setting the configuration for booting system.
<HUAWEI>dis star	
<HUAWEI>dis startup 
MainBoard:
  Configured startup system software:        flash:/CE6810LI-V200R005C10SPC800.cc
  Startup system software:                   flash:/CE6810LI-V200R005C10SPC800.cc
  Next startup system software:              flash:/CE6810LI-V200R005C10SPC800.cc
  Startup saved-configuration file:          flash:/vrpcfg.zip
  Next startup saved-configuration file:     flash:/vrpcfg-from-bup.zip
  Startup paf file:                          default
  Next startup paf file:                     default
  Startup patch package:                     flash:/CE6810LI-V200R005SPH008.PAT
  Next startup patch package:                flash:/CE6810LI-V200R005SPH008.PAT
<HUAWEI>

<HUAWEI>reboot 
slot 1:
Next startup system software: flash:/CE6810LI-V200R005C10SPC800.cc
Next startup saved-configuration file: flash:/vrpcfg-from-bup.zip
Next startup paf file: default
Next startup patch package: flash:/CE6810LI-V200R005SPH008.PAT
Warning: The current configuration will be saved to the next startup saved-configuration file. Continue? [Y/N]:n
Warning: The system will reboot. Continue? [Y/N]:y

*************************************************************
*  Copyright (C) <2012-2018> Huawei Technologies Co., Ltd.  *
*************************************************************

CloudEngine BIOS Version: 433  (Oct 11 2018 - 20:19:17)
Board Name ..................................... CE6810-48S4Q-LI
SDRAM Memory Initializing ...................... BEGIN
SDRAM Memory Size .............................. 2 Gbytes
SDRAM Memory Initializing ...................... DONE 

Press CTRL+T for full memory test .............. skip


Starting ... 

Press CTRL+B to enter BIOS menu or CTRL+E to boot DFX: 0 
Boot Disk: flash
Startup File: CE6810LI-V200R005C10SPC800.cc
Try Times: 1
             
Check system software ........................................ DONE
Check APPDB .................................................. DONE
Set next bootfile ............................................ DONE
Load system software ......................................... DONE
Create file system ........................................... DONE
 
Now starting VRP ........

Configured switch mode ....................................... AUTO-NEGOTIATION
Current switch mode .......................................... STACK
Press CTRL+Y to modify the switch mode ....................... skip

Initializing stack ........................................... DONE
Stack member ID .............................................. 1
Stack domain ID .............................................. INVALID
Stack priority ............................................... 100
Default MAC .................................................. 48-57-02-cc-ae-f0
Competing with other devices in the stack .................... DONE
Stack role ................................................... MASTER

User interface con0 is available


Please Press ENTER.


Password:
Info: The max number of VTY users is 5, the number of current VTY users online is 0, and total number of terminal users online is 1.
      The current login time is 2019-10-11 18:07:05+03:00.
<sw21>

<sw21>dis startup 
MainBoard:
  Configured startup system software:        flash:/CE6810LI-V200R005C10SPC800.cc
  Startup system software:                   flash:/CE6810LI-V200R005C10SPC800.cc
  Next startup system software:              flash:/CE6810LI-V200R005C10SPC800.cc
  Startup saved-configuration file:          flash:/vrpcfg-from-bup.zip
  Next startup saved-configuration file:     flash:/vrpcfg-from-bup.zip
  Startup paf file:                          default
  Next startup paf file:                     default
  Startup patch package:                     flash:/CE6810LI-V200R005SPH008.PAT
  Next startup patch package:                flash:/CE6810LI-V200R005SPH008.PAT
	
<slv-sw21>dir flash:
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName                     
    0  dr-x              -  Oct 11 2019 18:07:30   $_checkpoint                 
    1  dr-x              -  Jan 23 2019 13:45:28   $_install_mod                
    2  dr-x              -  Nov 03 2018 17:55:23   $_license                    
    3  dr-x              -  Oct 11 2019 18:07:01   $_security_info              
    4  dr-x              -  Oct 11 2019 18:07:01   $_system                     
    5  -rw-    128,772,300  Jan 04 2018 13:21:49   CE6810LI-V200R002C50SPC800.cc
    6  -rw-      1,339,283  Nov 03 2018 17:57:13   CE6810LI-V200R002SPH016.PAT  
    7  -rw-      4,206,539  Sep 19 2019 12:50:14   CE6810LI-V200R002SPH022.PAT  
    8  -rw-    135,653,156  Sep 19 2019 13:35:20   CE6810LI-V200R005C10SPC800.cc
    9  -rw-      2,826,131  Sep 19 2019 13:36:08   CE6810LI-V200R005SPH008.PAT  
   10  drwx              -  Nov 03 2018 17:52:09   POST                         
   11  -rw-             97  Nov 03 2018 17:52:12   collect_diag_info.bat        
   12  -rw-         17,086  Oct 11 2019 18:01:33   device.sys                   
   13  drwx              -  Oct 11 2019 17:57:15   logfile                      
   14  -rw-          2,588  Oct 11 2019 17:59:01   vrpcfg-from-bup.zip          
   15  -rw-          2,598  Oct 11 2019 16:42:27   vrpcfg-test.zip              
   16  -rw-            907  Oct 11 2019 17:51:51   vrpcfg.zip                   
   17  -rw-          5,914  Mar 04 2019 20:00:29   ztp_20190304165135.log       
   18  -rw-         13,961  Mar 04 2019 19:58:59   ztp_20190304165135.log.1     
   19  -rw-            824  Mar 04 2019 19:54:19   ztp_20190304165135.log.2     

269,168 KB total (11,020 KB free)
<slv-sw21>save
Warning: The current configuration will be written to the device. Continue? [Y/N]:y
Now saving the current configuration to the slot 1 .
Info: Save the configuration successfully.
<sw21>dir flash:
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName                     
    0  dr-x              -  Oct 11 2019 18:07:30   $_checkpoint                 
    1  dr-x              -  Jan 23 2019 13:45:28   $_install_mod                
    2  dr-x              -  Nov 03 2018 17:55:23   $_license                    
    3  dr-x              -  Oct 11 2019 18:07:01   $_security_info              
    4  dr-x              -  Oct 11 2019 18:07:01   $_system                     
    5  -rw-    128,772,300  Jan 04 2018 13:21:49   CE6810LI-V200R002C50SPC800.cc
    6  -rw-      1,339,283  Nov 03 2018 17:57:13   CE6810LI-V200R002SPH016.PAT  
    7  -rw-      4,206,539  Sep 19 2019 12:50:14   CE6810LI-V200R002SPH022.PAT  
    8  -rw-    135,653,156  Sep 19 2019 13:35:20   CE6810LI-V200R005C10SPC800.cc
    9  -rw-      2,826,131  Sep 19 2019 13:36:08   CE6810LI-V200R005SPH008.PAT  
   10  drwx              -  Nov 03 2018 17:52:09   POST                         
   11  -rw-             97  Nov 03 2018 17:52:12   collect_diag_info.bat        
   12  -rw-         17,510  Oct 11 2019 18:08:08   device.sys                   
   13  drwx              -  Oct 11 2019 17:57:15   logfile                      
   14  -rw-          2,612  Oct 11 2019 18:08:08   vrpcfg-from-bup.zip          
   15  -rw-          2,598  Oct 11 2019 16:42:27   vrpcfg-test.zip              
   16  -rw-            907  Oct 11 2019 17:51:51   vrpcfg.zip                   
   17  -rw-          5,914  Mar 04 2019 20:00:29   ztp_20190304165135.log       
   18  -rw-         13,961  Mar 04 2019 19:58:59   ztp_20190304165135.log.1     
   19  -rw-            824  Mar 04 2019 19:54:19   ztp_20190304165135.log.2     

269,168 KB total (11,016 KB free)
<sw21>   


<sw21>dir flash:
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName                     
    0  dr-x              -  Oct 11 2019 18:07:30   $_checkpoint                 
    1  dr-x              -  Jan 23 2019 13:45:28   $_install_mod                
    2  dr-x              -  Nov 03 2018 17:55:23   $_license                    
    3  dr-x              -  Oct 11 2019 18:07:01   $_security_info              
    4  dr-x              -  Oct 11 2019 18:07:01   $_system                     
    5  -rw-    128,772,300  Jan 04 2018 13:21:49   CE6810LI-V200R002C50SPC800.cc
    6  -rw-      1,339,283  Nov 03 2018 17:57:13   CE6810LI-V200R002SPH016.PAT  
    7  -rw-      4,206,539  Sep 19 2019 12:50:14   CE6810LI-V200R002SPH022.PAT  
    8  -rw-    135,653,156  Sep 19 2019 13:35:20   CE6810LI-V200R005C10SPC800.cc
    9  -rw-      2,826,131  Sep 19 2019 13:36:08   CE6810LI-V200R005SPH008.PAT  
   10  drwx              -  Nov 03 2018 17:52:09   POST                         
   11  -rw-             97  Nov 03 2018 17:52:12   collect_diag_info.bat        
   12  -rw-         17,510  Oct 11 2019 18:18:10   device.sys                   
   13  drwx              -  Oct 11 2019 17:57:15   logfile                      
   14  -rw-          2,615  Oct 11 2019 18:18:10   vrpcfg-from-bup.zip          
   15  -rw-          2,598  Oct 11 2019 16:42:27   vrpcfg-test.zip              
   16  -rw-            907  Oct 11 2019 17:51:51   vrpcfg.zip                   
   17  -rw-          5,914  Mar 04 2019 20:00:29   ztp_20190304165135.log       
   18  -rw-         13,961  Mar 04 2019 19:58:59   ztp_20190304165135.log.1     
   19  -rw-            824  Mar 04 2019 19:54:19   ztp_20190304165135.log.2     

269,168 KB total (11,020 KB free)
<sw21>save ?
  STRING<5-64>  The name of specific file(*.cfg, *.zip, *.dat)
  flash:        Device name
  logfile       Save logfile
  usb:          Device name
  <cr>          

<sw21>save vrpcfg.zip
Warning: Are you sure to save the configuration to flash:/vrpcfg.zip? [Y/N]:y
Warning: flash:/vrpcfg.zip exists,overwrite? [Y/N]:y
Now saving the current configuration to the slot 1 
Info: Save the configuration successfully.

<sw21>dir flash:
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName                     
    0  dr-x              -  Oct 11 2019 18:07:30   $_checkpoint                 
    1  dr-x              -  Jan 23 2019 13:45:28   $_install_mod                
    2  dr-x              -  Nov 03 2018 17:55:23   $_license                    
    3  dr-x              -  Oct 11 2019 18:07:01   $_security_info              
    4  dr-x              -  Oct 11 2019 18:07:01   $_system                     
    5  -rw-    128,772,300  Jan 04 2018 13:21:49   CE6810LI-V200R002C50SPC800.cc
    6  -rw-      1,339,283  Nov 03 2018 17:57:13   CE6810LI-V200R002SPH016.PAT  
    7  -rw-      4,206,539  Sep 19 2019 12:50:14   CE6810LI-V200R002SPH022.PAT  
    8  -rw-    135,653,156  Sep 19 2019 13:35:20   CE6810LI-V200R005C10SPC800.cc
    9  -rw-      2,826,131  Sep 19 2019 13:36:08   CE6810LI-V200R005SPH008.PAT  
   10  drwx              -  Nov 03 2018 17:52:09   POST                         
   11  -rw-             97  Nov 03 2018 17:52:12   collect_diag_info.bat        
   12  -rw-         17,510  Oct 11 2019 18:18:37   device.sys                   
   13  drwx              -  Oct 11 2019 17:57:15   logfile                      
   14  -rw-          2,615  Oct 11 2019 18:18:10   vrpcfg-from-bup.zip          
   15  -rw-          2,598  Oct 11 2019 16:42:27   vrpcfg-test.zip              
   16  -rw-          2,598  Oct 11 2019 18:18:37   vrpcfg.zip                   
   17  -rw-          5,914  Mar 04 2019 20:00:29   ztp_20190304165135.log       
   18  -rw-         13,961  Mar 04 2019 19:58:59   ztp_20190304165135.log.1     
   19  -rw-            824  Mar 04 2019 19:54:19   ztp_20190304165135.log.2     

269,168 KB total (11,020 KB free)

<sw21>dis startup
MainBoard:
  Configured startup system software:        flash:/CE6810LI-V200R005C10SPC800.cc
  Startup system software:                   flash:/CE6810LI-V200R005C10SPC800.cc
  Next startup system software:              flash:/CE6810LI-V200R005C10SPC800.cc
  Startup saved-configuration file:          flash:/vrpcfg-from-bup.zip
  Next startup saved-configuration file:     flash:/vrpcfg-from-bup.zip
  Startup paf file:                          default
  Next startup paf file:                     default
  Startup patch package:                     flash:/CE6810LI-V200R005SPH008.PAT
  Next startup patch package:                flash:/CE6810LI-V200R005SPH008.PAT

<sw21>startup saved-configuration vrpcfg.zip 
Info: Operating, please wait for a moment......done.
Info: Succeeded in setting the configuration for booting system.

<sw21>dis startup
MainBoard:
  Configured startup system software:        flash:/CE6810LI-V200R005C10SPC800.cc
  Startup system software:                   flash:/CE6810LI-V200R005C10SPC800.cc
  Next startup system software:              flash:/CE6810LI-V200R005C10SPC800.cc
  Startup saved-configuration file:          flash:/vrpcfg-from-bup.zip
  Next startup saved-configuration file:     flash:/vrpcfg.zip
  Startup paf file:                          default
  Next startup paf file:                     default
  Startup patch package:                     flash:/CE6810LI-V200R005SPH008.PAT
  Next startup patch package:                flash:/CE6810LI-V200R005SPH008.PAT

<sw21>reboot 
slot 1:
Next startup system software: flash:/CE6810LI-V200R005C10SPC800.cc
Next startup saved-configuration file: flash:/vrpcfg.zip
Next startup paf file: default
Next startup patch package: flash:/CE6810LI-V200R005SPH008.PAT
Warning: The system will reboot. Continue? [Y/N]:y


Сбросить конфигурацию

<sw21>reset saved-configuration 
Warning: The action will delete the saved configuration on the device.
The configuration will be erased to reconfigure.Continue? [Y/N]:y
Warning: Now the configuration on the device is being deleted.
.
Info: Succeeded in clearing the configuration on the device.

<sw21>dis startup
MainBoard:
  Configured startup system software:        flash:/CE6810LI-V200R005C10SPC800.cc
  Startup system software:                   flash:/CE6810LI-V200R005C10SPC800.cc
  Next startup system software:              flash:/CE6810LI-V200R005C10SPC800.cc
  Startup saved-configuration file:          NULL
  Next startup saved-configuration file:     NULL
  Startup paf file:                          default
  Next startup paf file:                     default
  Startup patch package:                     flash:/CE6810LI-V200R005SPH008.PAT
  Next startup patch package:                flash:/CE6810LI-V200R005SPH008.PAT


<sw21>reboot 
slot 1:
Next startup system software: flash:/CE6810LI-V200R005C10SPC800.cc
Next startup saved-configuration file: NULL
Next startup paf file: default
Next startup patch package: flash:/CE6810LI-V200R005SPH008.PAT
Warning: The current configuration will be saved to the next startup saved-configuration file. Continue? [Y/N]:n
Warning: The system will reboot. Continue? [Y/N]:y


*************************************************************
*  Copyright (C) <2012-2018> Huawei Technologies Co., Ltd.  *
*************************************************************

CloudEngine BIOS Version: 433  (Oct 11 2018 - 20:19:17)
Board Name ..................................... CE6810-48S4Q-LI
SDRAM Memory Initializing ...................... BEGIN
SDRAM Memory Size .............................. 2 Gbytes
SDRAM Memory Initializing ...................... DONE 

Press CTRL+T for full memory test .............. skip


Starting ... 

Press CTRL+B to enter BIOS menu or CTRL+E to boot DFX: 0 
Boot Disk: flash
Startup File: CE6810LI-V200R005C10SPC800.cc
Try Times: 1

Check system software ........................................ DONE
Check APPDB .................................................. DONE
Set next bootfile ............................................ DONE
Load system software ......................................... DONE
Create file system ........................................... DONE
 
Now starting VRP ........

Configured switch mode ....................................... AUTO-NEGOTIATION
Current switch mode .......................................... AUTO-NEGOTIATION
Configured uplink port ....................................... 4*40GE
Press CTRL+Y to modify the switch mode ....................... skip

Initializing auto-negotiation ................................ DONE
Completing auto-negotiation................................... DONE
Switch mode auto-negotiation result........................... TIMEOUT
Current switch mode   ........................................ STACK

Initializing stack ........................................... DONE
Stack member ID .............................................. 1
Stack domain ID .............................................. INVALID
Stack priority ............................................... 100
Default MAC .................................................. 48-57-02-cc-ae-f0
Competing with other devices in the stack .................... DONE
Stack role ................................................... MASTER

Info: System is initializing, please wait.........


User interface con0 is available


Please Press ENTER.

An initial password is required for the first login via the console.
Continue to set it? [Y/N]: n
Warning: There is a risk on the user-interface which you login through. Please change the configuration of the user-interface as soon as possible.

Info: The max number of VTY users is 5, the number of current VTY users online is 0, and total number of terminal users online is 1.
      The current login time is 2019-10-11 14:49:20.
<HUAWEI>


Скопировать текущую startup конфигурацию на внешнюю флешку

<sw21>copy flash:/vrpcfg.zip usb:/bup-conf.zip
Info: Are you sure to copy flash:/vrpcfg.zip to usb:/bup-conf.zip? [Y/N]:y
100%  complete  
Info: Copying file flash:/vrpcfg.zip to usb:/bup-conf.zip...Done.

<sw21>dir usb:
Directory of usb:/

  Idx  Attr     Size(Byte)  Date        Time       FileName                     
    0  -rw-        155,216  Apr 21 2014 23:25:28   AFUDOSU.SMC                  
...
   13  -rw-          2,588  Oct 11 2019 17:27:11   bup-conf.zip                 
...

1,951,992 KB total (1,899,400 KB free)

Удалить файл с usb

<sw21>delete usb:/bup.zip
Info: Are you sure to delete usb:/bup.zip? [Y/N]:y
Info: Deleting file usb:/bup.zip...Done.

Отключить stp и зафильтровать bpdu на интерфейсах ce6800

Ограничение количества маков на интерфейсах ce6800

В коммутаторах ce6810 размер мак таблицы составляет 128K.
Если возможности ограничивать количество мак адресов на физических интерфейсах, lag интерфейсах или в vlan.

При достижении определенного лимита мак адресов можно дропать пакеты (action discard) с “новыми” мак адресами или пропустить пакет (action forward), но не записывать его мак в таблицу мак-адресов. Соответственно обратный трафик пойдет как unknown-unicast.

Разрешить 1000 мак адресов на физическом порту.
Пакет с 1001 маком дропнуть и сделать запись в лог.

[~sw21-10GE1/0/13]mac-address limit action discard alarm enable maximum 1000

Для физических интерфейсов дефольное действие это дропунть пакет, для vlan дефолтное действие это пропустить пакет.

Информация о CPU/RAM/TEMP/FAN/PSU на ce6800

Общая информация выводится в рамках команды “display health”.

MTU на интерфейсах ce6800

UPDATE

Команда “jumboframe enable” принимает два значения.

In V100R005C10 and later versions, run the jumboframe enable value1 [ value2 ] command in the interface view to configure the maximum length of a jumbo frame value1 and the threshold of a non-jumbo frame value2. The switch forwards a frame whose length ranges from value1 to value2 (excluding value2) as a jumbo frame and discards a frame whose length is greater than value1. The switch forwards a frame whose length is less than or equal to value2 as a normal frame and does not count it as a jumbo frame.

Первое значение (value1) задает максимальный размер фрейма который может пройти через интфрейс.
А второе значение (value2) задает размер “обычного” фрейма.
Второе значение нужно, что бы более красиво распределять пакеты по счетчикам интерфесов.
Пакеты размером до value2 попадают в счетчик обычных пакетов.
Пакеты размером от value2 до value1 попадают в счетчик джамбо пакетов.

/UPDATE

Если посмотреть на интерфейсы, то на них по дефолтку разрешены jumbo-frames, дефолтное значение 9216.
Так же можно задать размер пакетов которые надо считать как обычные пакеты, дефолтное значение 1518.

[sw21-10GE1/0/1]dis interface 10GE 1/0/1 
10GE1/0/1 current state : DOWN (ifindex: 5)
Line protocol current state : DOWN 
Description: 
Switch Port, PVID :    1, TPID : 8100(Hex), The Maximum Frame Length is 9216
...

[sw21-10GE1/0/1]jumboframe enable ?
  INTEGER<1518-12288>  Maximum frame size. The default value is 9216

[slv-sw21-10GE1/0/1]jumboframe enable 9216 ?
  INTEGER<1518-9216>  Non-jumbo frame size threshod. The default value is 1518
  <cr>                


При этом, если посмотреть на mtu по snmp, то на интфрейсах на которых нет линка, значение mtu будет 1518, а на которых есть линк будет значение 1500.

...
IF-MIB::ifDescr.4 = STRING: MEth0/0/0
IF-MIB::ifDescr.5 = STRING: 10GE1/0/1
IF-MIB::ifDescr.6 = STRING: 10GE1/0/2
...
IF-MIB::ifDescr.19 = STRING: 10GE1/0/15
IF-MIB::ifDescr.20 = STRING: 10GE1/0/16
IF-MIB::ifDescr.21 = STRING: 10GE1/0/17
...
IF-MIB::ifOperStatus.4 = INTEGER: up(1)
IF-MIB::ifOperStatus.5 = INTEGER: down(2)
IF-MIB::ifOperStatus.6 = INTEGER: down(2)
...
IF-MIB::ifOperStatus.19 = INTEGER: down(2)
IF-MIB::ifOperStatus.20 = INTEGER: up(1)
IF-MIB::ifOperStatus.21 = INTEGER: down(2)
...
# snmpwalk -c xxx -v 2c x.x.x.x IF-MIB::ifMtu.5
IF-MIB::ifMtu.5 = INTEGER: 1518
# snmpwalk -c xxx -v 2c x.x.x.x IF-MIB::ifMtu.20
IF-MIB::ifMtu.20 = INTEGER: 1500

Изменение настроек на “jumboframe enable” не влияет на то, что отдает коммутатор по snmp.
Коммутатор по snmp, в mtu, показывает именно второе “информационное” значение команды “jumboframe enable”.
Для физических интфейсов на эти значения можно не смотреть.

[slv-sw21-10GE1/0/1]jumboframe enable ?
  INTEGER<1518-12288>  Maximum frame size. The default value is 9216

[slv-sw21-10GE1/0/1]jumboframe enable 9216 ?
  INTEGER<1518-9216>  Non-jumbo frame size threshod. The default value is 1518
  <cr>                

[slv-sw21-10GE1/0/1]jumboframe enable 9216 2000
...
# snmpwalk -c xxx -v 2c x.x.x.x IF-MIB::ifMtu.5
IF-MIB::ifMtu.5 = INTEGER: 2000

MLAG на ce6800

Смена ip адресов на DAD линках

MLAG-пару коммутаторов надо было переводить из песочницы в боевое окружение.
Надо было поменять vlan и ip адреса на Meth интерфейсах и в настройках dfs-group.
В документации описания такого процесса нет, но при этом известно, что коммутаторы через PL договариваются, в том числе и о адресах DAD линков.
Пожтому адреса решил не менять на живую, а сначала положить все порты на слейв ноде, тем самым изолировав ноды друг от друга, и только после этого менять адреса.

Распределение ролей коммутаторов в нормальном состоянии:

  • sw21 - мастер
  • sw22 - слейв

Последовательность действий коротко:

  1. Положить MLAG порты на sw22.
  2. Положить Meth порт c sw22.
  3. Зайти на sw22 через консоль и положить PL порты.
  4. На sw22 поменять адрес у meth0 интерфейса и в настройках dfs-group.
  5. Перенести sw21/meth0 в другой vlan, поднять порт meth0 и проверить, что можно зайти по ssh.
  6. Положить meth порт c sw21.
  7. Зайти на sw21 через консоль и поменять адрес у meth0 интерфейса и в настройках dfs-group.
  8. Поднять PL порты.
  9. Поднять meth порт c sw21.
  10. Поднять MLAG порты на sw22.

Последовательность действия подробнее.

Последовательность действия подробнее.

Кладем MLAG порты на sw22
Кладем порт 10GE1/0/16 на sw22.
Делаем в режиме “system-view immediatly”.

[sw22-10GE1/0/16]shutdown 
#25/active/linkDown/Major/occurredTime:2019-09-18 17:08:21/-/-/alarmID:0x08520003/CID=0x807a0404:The interface status changes. (ifName=Eth-Trunk16, AdminStatus=UP, OperStatus=DOWN, Reason=The conditions for the activation of the interface are not met, mainIfname=Eth-Trunk16)

#26/active/linkDown/Major/occurredTime:2019-09-18 17:08:21/-/-/alarmID:0x08520003/CID=0x807a0404:The interface status changes. (ifName=10GE1/0/16, AdminStatus=DOWN, OperStatus=DOWN, Reason=The interface is shut down, mainIfname=Eth-Trunk16)

[sw22-10GE1/0/16]
Sep 18 2019 17:08:21 sw22 %%01IFNET/2/linkDown_active(l):CID=0x807a0404-alarmID=0x08520003;The interface status changes. (ifName=Eth-Trunk16, AdminStatus=UP, OperStatus=DOWN, Reason=The conditions for the activation of the interface are not met, mainIfname=Eth-Trunk16)

Sep 18 2019 17:08:21 sw22 %%01IFNET/2/linkDown_active(l):CID=0x807a0404-alarmID=0x08520003;The interface status changes. (ifName=10GE1/0/16, AdminStatus=DOWN, OperStatus=DOWN, Reason=The interface is shut down, mainIfname=Eth-Trunk16)

#27/active/hwLacpTotalLinkLoss/Major/occurredTime:2019-09-18 17:08:22/-/-/alarmID:0x09360001/CID=0x807a0404:Link bandwidth lost totally. (TrunkIndex=2, TrunkIfIndex=60, TrunkId=16, TrunkName=Eth-Trunk16, Reason=No link is selected.)

#28/active/hwLacpNegotiateFailed/Major/occurredTime:2019-09-18 17:08:22/-/-/alarmID:0x09360000/CID=0x807a0404:The member of LAG negotiation failed. (TrunkIndex=2, PortIfIndex=20, TrunkId=16, TrunkName=Eth-Trunk16, PortName=10GE1/0/16, Reason=A link fault occurred or negotiation information synchronization failed.)

Sep 18 2019 17:08:22 sw22 %%01LACP/4/LACP_STATE_DOWN(l):CID=0x80480432;The LACP state is down. (PortName=10GE1/0/16, TrunkName=Eth-Trunk16, LastReceivePacketTime=[2019-09-18 17:08:05:720], Reason=The interface went down physically or flapped to down. Please check the interface's status, duplex mode, bandwidth, and so on.)

Sep 18 2019 17:08:22 sw22 %%01LACP/2/hwLacpTotalLinkLoss_active(l):CID=0x807a0404-alarmID=0x09360001;Link bandwidth lost totally. (TrunkIndex=2, TrunkIfIndex=60, TrunkId=16, TrunkName=Eth-Trunk16, Reason=No link is selected.)

Sep 18 2019 17:08:22 sw22 %%01LACP/2/hwLacpNegotiateFailed_active(l):CID=0x807a0404-alarmID=0x09360000;The member of LAG negotiation failed. (TrunkIndex=2, PortIfIndex=20, TrunkId=16, TrunkName=Eth-Trunk16, PortName=10GE1/0/16, Reason=A link fault occurred or negotiation information synchronization failed.)

Состояние MLAG со стороны sw21, все ок.

<sw21>dis dfs-group 1 m-lag        
*                : Local node
Heart beat state : OK
Node 1 *                            
  Dfs-Group ID   : 1
  Priority       : 150
  Address        : ip address 10.70.70.32 vpn-instance VRF-DAD-1
  State          : Master
  Causation      : - 
  System ID      : 4857-02cc-aef1 
  SysName        : sw21 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI
Node 2                            
  Dfs-Group ID   : 1
  Priority       : 120
  Address        : ip address 10.70.70.33 vpn-instance VRF-DAD-1
  State          : Backup
  Causation      : - 
  System ID      : 4857-02cc-aea1 
  SysName        : sw22 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI
<sw21>

Состояниени MLAG портов, со стороны sw22 (node 2) порт лежит, все ок.

<sw21>dis dfs-group 1 node 1 m-lag 
* - Local node

M-Lag ID     : 16
Interface    : Eth-Trunk 16
Port State   : Up
Status       : active(*)-inactive

<sw21>dis dfs-group 1 node 2 m-lag 
* - Local node

M-Lag ID     : 16
Interface    : Eth-Trunk 16
Port State   : Down
Status       : inactive-active(*)

Кладем Meth порт с sw22
Логи со стороны sw22.

[sw22]
#30/active/linkDown/Major/occurredTime:2019-09-18 17:14:28/-/-/alarmID:0x08520003/CID=0x807a0404:The interface status changes. (ifName=MEth0/0/0, AdminStatus=UP, OperStatus=DOWN, Reason=Interface physical link is down, mainIfname=MEth0/0/0)

Sep 18 2019 17:14:28 sw22 %%01IFNET/2/linkDown_active(l):CID=0x807a0404-alarmID=0x08520003;The interface status changes. (ifName=MEth0/0/0, AdminStatus=UP, OperStatus=DOWN, Reason=Interface physical link is down, mainIfname=MEth0/0/0)

#29/active/L3V_TRAP_VRF_DOWN/Major/occurredTime:2019-09-18 17:14:28/-/-/alarmID:0x09110000/CID=0x806f2717:The interface bound to the VPN instance went Down. (VpnInstanceName=VRF-DAD-1, IfName=MEth0/0/0, IfCurRowStatus=2, VRFOperationStatus=2)

Sep 18 2019 17:14:28 sw22 %%01L3VPN/2/L3V_TRAP_VRF_DOWN_active(l):CID=0x806f2717-alarmID=0x09110000;The interface bound to the VPN instance went Down. (VpnInstanceName=VRF-DAD-1, IfName=MEth0/0/0, IfCurRowStatus=2, VRFOperationStatus=2)

#31/active/hwMLagHeartLost/Warning/occurredTime:2019-09-18 17:14:42/-/-/alarmID:0x0ae52002/CID=0x81de271c:The DFS dual-active detection message is lost. Check the source address configuration or link configuration of the local or remote switch.

Sep 18 2019 17:14:42 sw22 %%01ETRUNK/4/hwMLagHeartLost_active(l):CID=0x81de271c-alarmID=0x0ae52002;The DFS dual-active detection message is lost. Check the source address configuration or link configuration of the local or remote switch.

Кладем PL порты на sw22
Кладем порт 40GE1/0/3 на sw22. В песочнице был один PL порт.
Делаем в режиме “system-view immediatly”.

[sw22-40GE1/0/3]shutdown 
Sep 18 2019 17:20:07 sw22 %%01LACP/4/LACP_STATE_DOWN(l):CID=0x80480432;The LACP state is down. (PortName=40GE1/0/3, TrunkName=Eth-Trunk0, LastReceivePacketTime=[2019-09-18 17:19:55:745], Reason=The interface went down physically or flapped to down. Please check the interface's status, duplex mode, bandwidth, and so on.)

[sw22-40GE1/0/3]
#32/active/linkDown/Major/occurredTime:2019-09-18 17:20:07/-/-/alarmID:0x08520003/CID=0x807a0404:The interface status changes. (ifName=Eth-Trunk0, AdminStatus=UP, OperStatus=DOWN, Reason=The conditions for the activation of the interface are not met, mainIfname=Eth-Trunk0)

#33/active/linkDown/Major/occurredTime:2019-09-18 17:20:07/-/-/alarmID:0x08520003/CID=0x807a0404:The interface status changes. (ifName=40GE1/0/3, AdminStatus=DOWN, OperStatus=DOWN, Reason=The interface is shut down, mainIfname=Eth-Trunk0)

#34/active/linkDown/Major/occurredTime:2019-09-18 17:20:07/-/-/alarmID:0x08520003/CID=0x807a0404:The interface status changes. (ifName=Vlanif350, AdminStatus=UP, OperStatus=DOWN, Reason=Interface physical link is down, mainIfname=Vlanif350)

#35/active/linkDown/Major/occurredTime:2019-09-18 17:20:07/-/-/alarmID:0x08520003/CID=0x807a0404:The interface status changes. (ifName=Vlanif360, AdminStatus=UP, OperStatus=DOWN, Reason=Interface physical link is down, mainIfname=Vlanif360)

#36/active/linkDown/Major/occurredTime:2019-09-18 17:20:07/-/-/alarmID:0x08520003/CID=0x807a0404:The interface status changes. (ifName=Vlanif370, AdminStatus=UP, OperStatus=DOWN, Reason=Interface physical link is down, mainIfname=Vlanif370)

Sep 18 2019 17:20:07 sw22 %%01IFNET/2/linkDown_active(l):CID=0x807a0404-alarmID=0x08520003;The interface status changes. (ifName=Eth-Trunk0, AdminStatus=UP, OperStatus=DOWN, Reason=The conditions for the activation of the interface are not met, mainIfname=Eth-Trunk0)

Sep 18 2019 17:20:07 sw22 %%01IFNET/2/linkDown_active(l):CID=0x807a0404-alarmID=0x08520003;The interface status changes. (ifName=40GE1/0/3, AdminStatus=DOWN, OperStatus=DOWN, Reason=The interface is shut down, mainIfname=Eth-Trunk0)

Sep 18 2019 17:20:07 sw22 %%01IFNET/2/linkDown_active(l):CID=0x807a0404-alarmID=0x08520003;The interface status changes. (ifName=Vlanif350, AdminStatus=UP, OperStatus=DOWN, Reason=Interface physical link is down, mainIfname=Vlanif350)

Sep 18 2019 17:20:07 sw22 %%01IFNET/2/linkDown_active(l):CID=0x807a0404-alarmID=0x08520003;The interface status changes. (ifName=Vlanif360, AdminStatus=UP, OperStatus=DOWN, Reason=Interface physical link is down, mainIfname=Vlanif360)

Sep 18 2019 17:20:07 sw22 %%01IFNET/2/linkDown_active(l):CID=0x807a0404-alarmID=0x08520003;The interface status changes. (ifName=Vlanif370, AdminStatus=UP, OperStatus=DOWN, Reason=Interface physical link is down, mainIfname=Vlanif370)

#37/active/hwLacpTotalLinkLoss/Major/occurredTime:2019-09-18 17:20:08/-/-/alarmID:0x09360001/CID=0x807a0404:Link bandwidth lost totally. (TrunkIndex=0, TrunkIfIndex=58, TrunkId=0, TrunkName=Eth-Trunk0, Reason=No link is selected.)

#38/active/hwLacpNegotiateFailed/Major/occurredTime:2019-09-18 17:20:08/-/-/alarmID:0x09360000/CID=0x807a0404:The member of LAG negotiation failed. (TrunkIndex=0, PortIfIndex=55, TrunkId=0, TrunkName=Eth-Trunk0, PortName=40GE1/0/3, Reason=A link fault occurred or negotiation information synchronization failed.)

Sep 18 2019 17:20:08 sw22 %%01LACP/2/hwLacpTotalLinkLoss_active(l):CID=0x807a0404-alarmID=0x09360001;Link bandwidth lost totally. (TrunkIndex=0, TrunkIfIndex=58, TrunkId=0, TrunkName=Eth-Trunk0, Reason=No link is selected.)

Sep 18 2019 17:20:08 sw22 %%01LACP/2/hwLacpNegotiateFailed_active(l):CID=0x807a0404-alarmID=0x09360000;The member of LAG negotiation failed. (TrunkIndex=0, PortIfIndex=55, TrunkId=0, TrunkName=Eth-Trunk0, PortName=40GE1/0/3, Reason=A link fault occurred or negotiation information synchronization failed.)

Физическая связь между коммутаторами отсутствует.
Оба коммутатора стали мастерами и оба себя считают нодой 1.
В выводе отсутствуе информация о ноде 2.

Вывод на sw21.

<sw21>dis dfs-group 1 m-lag 
*                : Local node
Heart beat state : Lost
Node 1 *                            
  Dfs-Group ID   : 1
  Priority       : 150
  Address        : ip address 10.70.70.32 vpn-instance VRF-DAD-1
  State          : Master
  Causation      : PEERLINKDOWN 
  System ID      : 4857-02cc-aef1 
  SysName        : sw21 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI

<sw21>dis dfs-group 1 node 1 m-lag 
* - Local node

M-Lag ID     : 16
Interface    : Eth-Trunk 16
Port State   : Up
Status       : active(*)-inactive

<sw21>dis dfs-group 1 node 2 m-lag 
<sw21>

Вывод на sw22.

[sw22]dis dfs-group 1 m-lag 
*                : Local node
Heart beat state : Lost
Node 1 *                            
  Dfs-Group ID   : 1
  Priority       : 120
  Address        : ip address 10.70.70.33 vpn-instance VRF-DAD-1
  State          : Master
  Causation      : PEERLINKDOWN 
  System ID      : 4857-02cc-aea1 
  SysName        : sw22 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI

[sw22]dis dfs-group 1 node 2 m-lag 
[sw22]dis dfs-group 1 node 1 m-lag 
* - Local node

M-Lag ID     : 16
Interface    : Eth-Trunk 16
Port State   : Down
Status       : inactive(*)-inactive

[sw22]

Меняем ip адрес на sw22.
Делаем в режиме “system-view”.

[~sw22]interface MEth 0/0/0 
[~sw22-MEth0/0/0]undo ip address 10.70.70.33 255.255.255.0 
[*sw22-MEth0/0/0]ip address 10.20.35.142 24
[*sw22-MEth0/0/0]quit

[*sw22]dfs-group 1 
[*sw22-dfs-group-1]undo source ip 
[*sw22-dfs-group-1]source ip 10.20.35.142 vp
[*sw22-dfs-group-1]source ip 10.20.35.142 vpn-instance VRF-DAD-1
[*sw22-dfs-group-1]

[*sw22]dis configuration candidate 
interface MEth 0/0/0
 undo ip address 10.70.70.33 255.255.255.0
 ip address 10.20.35.142 24
dfs-group 1
 undo source ip
 source ip 10.20.35.142 vpn-instance VRF-DAD-1
[*sw22]

Коммитим и смотрим состоние MLAG, адрес поменялся, на sw21 в это время все работало.

<sw22>dis dfs-group 1 m-lag 
*                : Local node
Heart beat state : Lost
Node 1 *                            
  Dfs-Group ID   : 1
  Priority       : 120
  Address        : ip address 10.20.35.142 vpn-instance VRF-DAD-1
  State          : Master
  Causation      : PEERLINKDOWN 
  System ID      : 4857-02cc-aea1 
  SysName        : sw22 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI
<sw22>

Поднимаем Meth интерфес для sw22. С коммутатора сразу пошел бродкаси трафик.

@r13:~$ monitor interfaces ethernet eth3 traffic 
Capturing traffic on eth3 ...
  0.000000 48:57:02:cc:ae:a0 -> ff:ff:ff:ff:ff:ff ARP Gratuitous ARP for 10.20.35.142 (Request)
  0.000005 48:57:02:cc:ae:a0 -> ff:ff:ff:ff:ff:ff ARP Gratuitous ARP for 10.20.35.142 (Request)
  1.003293 48:57:02:cc:ae:a0 -> ff:ff:ff:ff:ff:ff ARP Gratuitous ARP for 10.20.35.142 (Request)
  1.003297 48:57:02:cc:ae:a0 -> ff:ff:ff:ff:ff:ff ARP Gratuitous ARP for 10.20.35.142 (Request)
  2.004187 48:57:02:cc:ae:a0 -> ff:ff:ff:ff:ff:ff ARP Gratuitous ARP for 10.20.35.142 (Request)
  2.004191 48:57:02:cc:ae:a0 -> ff:ff:ff:ff:ff:ff ARP Gratuitous ARP for 10.20.35.142 (Request)
@r13:~$ monitor interfaces ethernet eth3 traffic detail 
Capturing traffic on eth3 ...
Frame 1 (66 bytes on wire, 66 bytes captured)
    Arrival Time: Sep 18, 2019 12:36:53.388903000
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 66 bytes
    Capture Length: 66 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:arp]
Ethernet II, Src: 48:57:02:cc:ae:a0 (48:57:02:cc:ae:a0), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
    Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
    Source: 48:57:02:cc:ae:a0 (48:57:02:cc:ae:a0)
        Address: 48:57:02:cc:ae:a0 (48:57:02:cc:ae:a0)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: ARP (0x0806)
    Trailer: 0000000000000000000000000000000000000000
    Frame check sequence: 0x00000000 [incorrect, should be 0x69fad3f5]
Address Resolution Protocol (request/gratuitous ARP)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    [Is gratuitous: True]
    Sender MAC address: 48:57:02:cc:ae:a0 (48:57:02:cc:ae:a0)
    Sender IP address: 10.20.35.142 (10.20.35.142)
    Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
    Target IP address: 10.20.35.142 (10.20.35.142)

Frame 2 (66 bytes on wire, 66 bytes captured)
    Arrival Time: Sep 18, 2019 12:36:53.388907000
    [Time delta from previous captured frame: 0.000004000 seconds]
    [Time delta from previous displayed frame: 0.000004000 seconds]
    [Time since reference or first frame: 0.000004000 seconds]
    Frame Number: 2
    Frame Length: 66 bytes
    Capture Length: 66 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:arp]
Ethernet II, Src: 48:57:02:cc:ae:a0 (48:57:02:cc:ae:a0), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
    Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
    Source: 48:57:02:cc:ae:a0 (48:57:02:cc:ae:a0)
        Address: 48:57:02:cc:ae:a0 (48:57:02:cc:ae:a0)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: ARP (0x0806)
    Trailer: 0000000000000000000000000000000000000000
    Frame check sequence: 0x00000000 [incorrect, should be 0x69fad3f5]
Address Resolution Protocol (request/gratuitous ARP)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    [Is gratuitous: True]
    Sender MAC address: 48:57:02:cc:ae:a0 (48:57:02:cc:ae:a0)
    Sender IP address: 10.20.35.142 (10.20.35.142)
    Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
    Target IP address: 10.20.35.142 (10.20.35.142)

^CFrame 3 (66 bytes on wire, 66 bytes captured)
    Arrival Time: Sep 18, 2019 12:36:54.391372000
    [Time delta from previous captured frame: 1.002465000 seconds]
    [Time delta from previous displayed frame: 1.002465000 seconds]
    [Time since reference or first frame: 1.002469000 seconds]
    Frame Number: 3
    Frame Length: 66 bytes
    Capture Length: 66 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:arp]
Ethernet II, Src: 48:57:02:cc:ae:a0 (48:57:02:cc:ae:a0), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
    Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
    Source: 48:57:02:cc:ae:a0 (48:57:02:cc:ae:a0)
        Address: 48:57:02:cc:ae:a0 (48:57:02:cc:ae:a0)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: ARP (0x0806)
    Trailer: 0000000000000000000000000000000000000000
    Frame check sequence: 0x00000000 [incorrect, should be 0x69fad3f5]
Address Resolution Protocol (request/gratuitous ARP)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    [Is gratuitous: True]
    Sender MAC address: 48:57:02:cc:ae:a0 (48:57:02:cc:ae:a0)
    Sender IP address: 10.20.35.142 (10.20.35.142)
    Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
    Target IP address: 10.20.35.142 (10.20.35.142)

Кладем порт на mgmt порт на sw21 и меняем адреса

[~sw21]     
#14/active/linkDown/Major/occurredTime:2019-09-18 13:07:00+03:00/-/-/alarmID:0x08520003/CID=0x807a0404:The interface status changes. (ifName=MEth0/0/0, AdminStatus=UP, OperStatus=DOWN, Reason=Interface physical link is down, mainIfname=MEth0/0/0)

Sep 18 2019 13:07:00+03:00 sw21 %%01IFNET/2/linkDown_active(l):CID=0x807a0404-alarmID=0x08520003;The interface status changes. (ifName=MEth0/0/0, AdminStatus=UP, OperStatus=DOWN, Reason=Interface physical link is down, mainIfname=MEth0/0/0)

#15/active/L3V_TRAP_VRF_DOWN/Major/occurredTime:2019-09-18 13:07:00+03:00/-/-/alarmID:0x09110000/CID=0x806f2717:The interface bound to the VPN instance went Down. (VpnInstanceName=VRF-DAD-1, IfName=MEth0/0/0, IfCurRowStatus=2, VRFOperationStatus=2)

Sep 18 2019 13:07:00+03:00 sw21 %%01L3VPN/2/L3V_TRAP_VRF_DOWN_active(l):CID=0x806f2717-alarmID=0x09110000;The interface bound to the VPN instance went Down. (VpnInstanceName=VRF-DAD-1, IfName=MEth0/0/0, IfCurRowStatus=2, VRFOperationStatus=2)

<sw21>dis dfs-group 1 m-lag 
*                : Local node
Heart beat state : Lost
Node 1 *                            
  Dfs-Group ID   : 1
  Priority       : 150
  Address        : ip address 10.70.70.32 vpn-instance VRF-DAD-1
  State          : Master
  Causation      : PEERLINKDOWN 
  System ID      : 4857-02cc-aef1 
  SysName        : sw21 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI
<sw21>

[*sw21]dis configuration candidate 
dfs-group 1
 undo source ip
 source ip 10.20.35.141 vpn-instance VRF-DAD-1
interface MEth 0/0/0
 ip address 10.20.35.141 24

...
commit
...

<sw21>dis dfs-group 1 m-lag 
*                : Local node
Heart beat state : Lost
Node 1 *                            
  Dfs-Group ID   : 1
  Priority       : 150
  Address        : ip address 10.20.35.141 vpn-instance VRF-DAD-1
  State          : Master
  Causation      : PEERLINKDOWN 
  System ID      : 4857-02cc-aef1 
  SysName        : sw21 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI

Поднимаем PL порты

<sw21>dis dfs-group 1 m-lag 
*                : Local node
Heart beat state : Lost
Node 1 *                            
  Dfs-Group ID   : 1
  Priority       : 150
  Address        : ip address 10.20.35.141 vpn-instance VRF-DAD-1
  State          : Master
  Causation      : TIMEOUT 
  System ID      : 4857-02cc-aef1 
  SysName        : sw21 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI

#10/cleared/hwLocalFaultAlarm/Minor/occurredTime:2019-09-18 12:17:00+03:00/clearTime:2019-09-18 13:14:24+03:00/clearType:service_resume/alarmID:0x081320c6/CID=0x80fc0101:The local fault alarm has resumed.(IfIndex=55, IfName=40GE1/0/3)

Sep 18 2019 13:14:24+03:00 sw21 %%01DEVM/3/hwLocalFaultAlarm_clear(l):CID=0x80fc0101-alarmID=0x081320c6-clearType=service_resume;The local fault alarm has resumed.(IfIndex=55, IfName=40GE1/0/3)

#9/cleared/linkDown/Major/occurredTime:2019-09-18 12:17:00+03:00/clearTime:2019-09-18 13:14:24+03:00/clearType:service_resume/alarmID:0x08520003/CID=0x807a0404:The interface status changes. (ifName=Eth-Trunk0, AdminStatus=UP, OperStatus=UP, Reason=Interface physical link is up, mainIfname=Eth-Trunk0)

#11/cleared/linkDown/Major/occurredTime:2019-09-18 12:17:00+03:00/clearTime:2019-09-18 13:14:24+03:00/clearType:service_resume/alarmID:0x08520003/CID=0x807a0404:The interface status changes. (ifName=40GE1/0/3, AdminStatus=UP, OperStatus=UP, Reason=Interface physical link is up, mainIfname=Eth-Trunk0)

Sep 18 2019 13:14:24+03:00 sw21 %%01IFNET/2/linkDown_clear(l):CID=0x807a0404-alarmID=0x08520003-clearType=service_resume;The interface status changes. (ifName=Eth-Trunk0, AdminStatus=UP, OperStatus=UP, Reason=Interface physical link is up, mainIfname=Eth-Trunk0)

Sep 18 2019 13:14:24+03:00 sw21 %%01IFNET/2/linkDown_clear(l):CID=0x807a0404-alarmID=0x08520003-clearType=service_resume;The interface status changes. (ifName=40GE1/0/3, AdminStatus=UP, OperStatus=UP, Reason=Interface physical link is up, mainIfname=Eth-Trunk0)

#12/cleared/hwLacpNegotiateFailed/Major/occurredTime:2019-09-18 12:17:00+03:00/clearTime:2019-09-18 13:14:25+03:00/clearType:service_resume/alarmID:0x09360000/CID=0x807a0404:Link negotiation failure is resumed. (TrunkIndex=0, PortIfIndex=55, TrunkId=0, TrunkName=Eth-Trunk0, PortName=40GE1/0/3, Reason=The link fault was rectified and negotiation information was synchronized.)

#13/cleared/hwLacpTotalLinkLoss/Major/occurredTime:2019-09-18 12:17:01+03:00/clearTime:2019-09-18 13:14:25+03:00/clearType:service_resume/alarmID:0x09360001/CID=0x807a0404:Link bandwidth lost totally is resumed. (TrunkIndex=0, TrunkIfIndex=58, TrunkId=0, TrunkName=Eth-Trunk0, Reason=Link is selected.)

Sep 18 2019 13:14:25+03:00 sw21 %%01LACP/2/hwLacpNegotiateFailed_clear(l):CID=0x807a0404-alarmID=0x09360000-clearType=service_resume;Link negotiation failure is resumed. (TrunkIndex=0, PortIfIndex=55, TrunkId=0, TrunkName=Eth-Trunk0, PortName=40GE1/0/3, Reason=The link fault was rectified and negotiation information was synchronized.)

Sep 18 2019 13:14:25+03:00 sw21 %%01LACP/2/hwLacpTotalLinkLoss_clear(l):CID=0x807a0404-alarmID=0x09360001-clearType=service_resume;Link bandwidth lost totally is resumed. (TrunkIndex=0, TrunkIfIndex=58, TrunkId=0, TrunkName=Eth-Trunk0, Reason=Link is selected.)

<sw21>dis dfs-group 1 m-lag 
*                : Local node
Heart beat state : Lost
Node 1 *                            
  Dfs-Group ID   : 1
  Priority       : 150
  Address        : ip address 10.20.35.141 vpn-instance VRF-DAD-1
  State          : Master
  Causation      : - 
  System ID      : 4857-02cc-aef1 
  SysName        : sw21 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI
Node 2                            
  Dfs-Group ID   : 1
  Priority       : 120
  Address        : ip address 10.20.35.142 vpn-instance VRF-DAD-1
  State          : Backup
  Causation      : - 
  System ID      : 4857-02cc-aea1 
  SysName        : sw22 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI
<sw21>

<sw21>dis dfs-group 1 node 1 m-lag 
* - Local node

M-Lag ID     : 16
Interface    : Eth-Trunk 16
Port State   : Up
Status       : active(*)-inactive

<sw21>dis dfs-group 1 node 2 m-lag 
* - Local node

M-Lag ID     : 16
Interface    : Eth-Trunk 16
Port State   : Down
Status       : inactive-active(*)

Поднимаем mgmt порт sw21.
Поднялся DAD линк.

<sw21>
#8/cleared/hwMLagHeartLost/Warning/occurredTime:2019-09-18 12:11:34+03:00/clearTime:2019-09-18 13:29:08+03:00/clearType:service_resume/alarmID:0x0ae52002/CID=0x81de271c:DFS dual-active detection message forwarding is resumed.

Sep 18 2019 13:29:08+03:00 sw21 %%01ETRUNK/4/hwMLagHeartLost_clear(l):CID=0x81de271c-alarmID=0x0ae52002-clearType=service_resume;DFS dual-active detection message forwarding is resumed.

#14/cleared/linkDown/Major/occurredTime:2019-09-18 13:07:00+03:00/clearTime:2019-09-18 13:29:06+03:00/clearType:service_resume/alarmID:0x08520003/CID=0x807a0404:The interface status changes. (ifName=MEth0/0/0, AdminStatus=UP, OperStatus=UP, Reason=Interface physical link is up, mainIfname=MEth0/0/0)

Sep 18 2019 13:29:06+03:00 sw21 %%01IFNET/2/linkDown_clear(l):CID=0x807a0404-alarmID=0x08520003-clearType=service_resume;The interface status changes. (ifName=MEth0/0/0, AdminStatus=UP, OperStatus=UP, Reason=Interface physical link is up, mainIfname=MEth0/0/0)

#15/cleared/L3V_TRAP_VRF_DOWN/Major/occurredTime:2019-09-18 13:07:00+03:00/clearTime:2019-09-18 13:29:06+03:00/clearType:service_resume/alarmID:0x09110000/CID=0x806f2717:The interface bound to the VPN instance went Up. (VpnInstanceName=VRF-DAD-1, IfName=MEth0/0/0, IfCurRowStatus=1, VRFOperationStatus=1)

Sep 18 2019 13:29:06+03:00 sw21 %%01L3VPN/2/L3V_TRAP_VRF_DOWN_clear(l):CID=0x806f2717-alarmID=0x09110000-clearType=service_resume;The interface bound to the VPN instance went Up. (VpnInstanceName=VRF-DAD-1, IfName=MEth0/0/0, IfCurRowStatus=1, VRFOperationStatus=1)


<sw21>dis dfs-group 1 m-lag 
*                : Local node
Heart beat state : OK
Node 1 *                            
  Dfs-Group ID   : 1
  Priority       : 150
  Address        : ip address 10.20.35.141 vpn-instance VRF-DAD-1
  State          : Master
  Causation      : - 
  System ID      : 4857-02cc-aef1 
  SysName        : sw21 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI
Node 2                            
  Dfs-Group ID   : 1
  Priority       : 120
  Address        : ip address 10.20.35.142 vpn-instance VRF-DAD-1
  State          : Backup
  Causation      : - 
  System ID      : 4857-02cc-aea1 
  SysName        : sw22 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI

Мастер свитч начал слать свои ARP.

@r13:~$ monitor interfaces ethernet eth3 traffic        
Capturing traffic on eth3 ...
  0.000000 48:57:02:cc:ae:f0 -> ff:ff:ff:ff:ff:ff ARP Gratuitous ARP for 10.20.35.141 (Request)
  0.000004 48:57:02:cc:ae:f0 -> ff:ff:ff:ff:ff:ff ARP Gratuitous ARP for 10.20.35.141 (Request)
  1.006338 48:57:02:cc:ae:f0 -> ff:ff:ff:ff:ff:ff ARP Gratuitous ARP for 10.20.35.141 (Request)
  1.006342 48:57:02:cc:ae:f0 -> ff:ff:ff:ff:ff:ff ARP Gratuitous ARP for 10.20.35.141 (Request)
  2.005912 48:57:02:cc:ae:f0 -> ff:ff:ff:ff:ff:ff ARP Gratuitous ARP for 10.20.35.141 (Request)
  2.005917 48:57:02:cc:ae:f0 -> ff:ff:ff:ff:ff:ff ARP Gratuitous ARP for 10.20.35.141 (Request)
@r13:~$ monitor interfaces ethernet eth3 traffic detail 
Capturing traffic on eth3 ...
Frame 1 (66 bytes on wire, 66 bytes captured)
    Arrival Time: Sep 18, 2019 13:30:45.005576000
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 66 bytes
    Capture Length: 66 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:arp]
Ethernet II, Src: 48:57:02:cc:ae:f0 (48:57:02:cc:ae:f0), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
    Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
    Source: 48:57:02:cc:ae:f0 (48:57:02:cc:ae:f0)
        Address: 48:57:02:cc:ae:f0 (48:57:02:cc:ae:f0)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: ARP (0x0806)
    Trailer: 0000000000000000000000000000000000000000
    Frame check sequence: 0x00000000 [incorrect, should be 0xed2877af]
Address Resolution Protocol (request/gratuitous ARP)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    [Is gratuitous: True]
    Sender MAC address: 48:57:02:cc:ae:f0 (48:57:02:cc:ae:f0)
    Sender IP address: 10.20.35.141 (10.20.35.141)
    Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
    Target IP address: 10.20.35.141 (10.20.35.141)

Frame 2 (66 bytes on wire, 66 bytes captured)
    Arrival Time: Sep 18, 2019 13:30:45.005580000
    [Time delta from previous captured frame: 0.000004000 seconds]
    [Time delta from previous displayed frame: 0.000004000 seconds]
    [Time since reference or first frame: 0.000004000 seconds]
    Frame Number: 2
    Frame Length: 66 bytes
    Capture Length: 66 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:arp]
Ethernet II, Src: 48:57:02:cc:ae:f0 (48:57:02:cc:ae:f0), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
    Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
    Source: 48:57:02:cc:ae:f0 (48:57:02:cc:ae:f0)
        Address: 48:57:02:cc:ae:f0 (48:57:02:cc:ae:f0)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: ARP (0x0806)
    Trailer: 0000000000000000000000000000000000000000
    Frame check sequence: 0x00000000 [incorrect, should be 0xed2877af]
Address Resolution Protocol (request/gratuitous ARP)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    [Is gratuitous: True]
    Sender MAC address: 48:57:02:cc:ae:f0 (48:57:02:cc:ae:f0)
    Sender IP address: 10.20.35.141 (10.20.35.141)
    Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
    Target IP address: 10.20.35.141 (10.20.35.141)

Поднимаем MLAG порты на sw22. Все хорошо, все поднялос.

<sw22>dis dfs-group 1 m-lag 
*                : Local node
Heart beat state : OK
Node 2 *                            
  Dfs-Group ID   : 1
  Priority       : 120
  Address        : ip address 10.20.35.142 vpn-instance VRF-DAD-1
  State          : Backup
  Causation      : - 
  System ID      : 4857-02cc-aea1 
  SysName        : sw22 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI
Node 1                            
  Dfs-Group ID   : 1
  Priority       : 150
  Address        : ip address 10.20.35.141 vpn-instance VRF-DAD-1
  State          : Master
  Causation      : - 
  System ID      : 4857-02cc-aef1 
  SysName        : sw21 
  Version        : V200R002C50SPC800 
  Device Type    : CE6810LI

<sw22>dis dfs-group 1 node 1 m-lag 
* - Local node

M-Lag ID     : 16
Interface    : Eth-Trunk 16
Port State   : Up
Status       : active-active(*)

<sw22>dis dfs-group 1 node 2 m-lag 
* - Local node

M-Lag ID     : 16
Interface    : Eth-Trunk 16
Port State   : Up
Status       : active(*)-active


Последовательность добавления\удаления vlan на MLAG портах

Реация MLAG-пары на добавление влана завит от того, на какой ноде делаются изменения - мастер или слейв.
Трафик через новый влан пойдет только в тот момент, когда влан будет добавлен в порт на мастер ноде.
При этом не имеет значения, есть ли новый влан на порту на слейв ноде.

Соответственно, лучше делать в такой последовательности:

  • Добавляем влан сначала слейв ноде, потом на мастер ноде.
    В этом случае трафик начнет ходить на обоих нодах одновременно.
  • Удаляем влан сначала на мастер ноде, потом на слейв.
    В этом случае трафик перестанет ходить на обоих нодах одновременно.
    Если влан сначала удалить на слейв ноде, то трафик продолжит ходить через мастре ноду.

Базовая настройка коммутатора серии ce6800

Заход на коммутаторе через консоль

Скорость порта - 9600 8N1.

Пароль на консоль.

<sw21>system-view 
Enter system view, return user view with return command.
[~sw21]user-interface con 0
[~sw21-ui-console0]authentication-mode password
[~sw21-ui-console0]set authentication password 
Please configure the login password (8-16)
Enter Password: bla-bla

Настройка интерфейса meth0

Коммутаторы планируется использовать в MLAG кластере.
DAD линк будет работать через meth порты, DAD порты рекомендуется засунуть в отдельный VRF.

Создаем отдельный VRF.

[sw21]ip vpn-instance VRF-DAD-1 
[sw21-vpn-instance-VRF-DAD-1]ipv4-family

Привязываем meth интерфейс к VRF, при этом сбросится все настройки ip которые были раньше настроены на интерфейсе.

[sw21]interface MEth 0/0/0 
[sw21-MEth0/0/0]ip binding vpn-instance VRF-DAD-1
[sw21-MEth0/0/0]ip address 10.22.33.32 255.255.255.0

Заход на коммутатор через ssh

Заводим локального пользователя который на коммутатор будет заходить через ssh.
Коммутатор утомил своими требования к сложности пароля, их отключаем.
Длину пароля ставим не меньше чем 8, дальше на свой вкус усложняем.

[sw21]aaa
[sw21-aaa]undo local-user policy security-enhance
[sw21-aaa]local-user policy password min-len 8
[sw21-aaa]local-user test password irreversible-cipher bla-bla-bla
Info: A new user is added.
[sw21-aaa]local-user test service-type ssh
[sw21-aaa]local-user test level 3

Включаем ssh сервер на коммутаторе и разрешаем новому пользователю заходить через ssh.

[sw21]stelnet ipv4 server enable
[sw21]ssh authorization-type default aaa
[sw21]ssh server ip-block disable
[sw21]ssh user test service-type stelnet
[sw21]ssh user test authentication-type password

Пишем acl для прикрытия ssh.
Отдельно пишем правило для захода со стороны vrf VRF-DAD-1.

[sw21]acl number 2001
[sw21-acl4-basic-2001]description ssh-access
[sw21-acl4-basic-2001]rule 10 permit source 10.200.100.0 0.0.0.255
[sw21-acl4-basic-2001]rule 110 permit vpn-instance VRF-DAD-1 source 10.200.100.0 0.0.0.255

Настраиваем vty.

[sw21]user-interface vty 0 4
[sw21-ui-vty0-4]authentication-mode aaa
[sw21-ui-vty0-4]protocol inbound ssh
[sw21-ui-vty0-4]acl 2001 inbound

Проверяем, что можем зайти по ssh.

Отключаем ненужные сервисы

Отключаем telnet.

[sw21]telnet server disable 
[sw21]telnet ipv6 server disable

Отключаем ipv6 ssh сервер.

[~sw21]undo stelnet ipv6 server enable 
Warning: The operation will stop the STelnet server. Do you want to continue? [Y/N]:y
Info: Succeeded in closing the STelnet server.

Отключаем zero touch provisioning.

<sw21>set ztp disable 
Info:System will never execute the process of ztp and svf.

Остальное важное по дефолту отключено.

Настройка ntp клиента

Отключаем ntp сервер на самих коммутаторах.
Настраиваем с каких ntp серверов брать время.
Задаем тайм-зону.

[sw21]ntp server disable
[sw21]ntp ipv6 server disable
[sw21]ntp unicast-server 10.1.2.3 source-interface MEth0/0/0
[sw21]ntp unicast-server 10.4.5.6 source-interface MEth0/0/0 preferred
[sw21]clock timezone MSK add 03:00:00

Настройка snmp

Создаем acl, в котором прописываем откуда можно обратиться по snmp к коммутатору.
Отключаем проверку сложности snmp community.
Задаем community и версию snmp.

[sw21]acl number 2000 
[sw21-acl4-basic-2000]description snmp-access
[sw21-acl4-basic-2000]rule 10 permit source 10.1.2.3 0.0.0.0
[sw21-acl4-basic-2000]quit

[sw21]snmp-agent community complexity-check disable 
Warning: Does not recommend to disable complexity check. A simple community name may result in security threats. 

[sw21]snmp-agent community read bla-bla-bla acl 2000

[sw21]snmp-agent sys-info version v1 v2c
[sw21]snmp-agent sys-info version v3 disable

Работа с конфигурацией на коммутаторах серии ce6800

Режимы конфигурации

Есть два режима внесения изменений в конфигурацию:

  1. system-view - изменения конфигурации применяются через commit (a-la junos).
  2. system-view immediately - изменения конфигурации применяются сразу.

Приглашение в режиме конфигурации:

  1. system-view:
    • [~sw21] - тильда, в конфигурации нет никаких не внесенный изменений.
    • [*sw21] - звездочка, в конфигурации есть изменения, но их еще не применили.
  2. system-view immediately - [sw21], никаких спец. символов

Далее рассматриваем режим “system-view”.

Просмотр изменений конфигурации

Посмотреть последовательность команд, которые были даны в ходе настройки.

[*sw21]dis configuration candidate       
http
undo http
interface 10GE 1/0/30
 description TEST-DESCR

Посмотреть всю конфигурацию с внесенными, но еще не примененными изменениями. В junos это просто “show”.

[*sw21]dis configuration candidate merge

Посмотреть какие изменения планируются внести в конфигурацию. В junos - “show | compare”.

[*sw21]dis configuration changes 
Building configuration
Warning: The current configuration is not the same as the next startup configuration file. There are several differences as follow:
  #
+ telnet server disable
  #
  interface 10GE1/0/25
+  device transceiver 1000BASE-X
  #
  interface 10GE1/0/27
+  device transceiver 10GBASE-FIBER
  #
  interface 10GE1/0/29
+  device transceiver 10GBASE-FIBER
  #
  interface 10GE1/0/40
+  device transceiver 10GBASE-COPPER
  #
  interface 10GE1/0/48
+  device transceiver 10GBASE-COPPER
  #
  interface 40GE1/0/3
+  device transceiver 40GBASE-COPPER
  #
  interface 40GE1/0/4
+  device transceiver 40GBASE-COPPER
  #             
- stelnet ipv6 server enable
  #
[*sw21]

Сбросить все внесенные, но еще не примененные изменения. В junos просто “rollback”.

[*sw21]clear configuration candidate 
[~sw21]
Применить изменения и сохранить конфигурацию
[*sw21]commit 
[~sw21]quit
<sw21>save
Warning: The current configuration will be written to the device. Continue? [Y/N]:y
Now saving the current configuration to the slot 1 .
Info: Save the configuration successfully.
<sw21>

Коммиты

К коммиту можно дать комментарий, который будет виден в verbose списке коммитов, или повесить ярлык, который будет виден в обычном списке сделанных коммитов.
Так же коммит можно применить на время и после откатить изменения (junos - “commit confirmed 3”).

[*slv-sw21]commit ?
  description  Specifies the description of configuration commit
  label        Specifies the label name of checkpoint
  trial        Trial configurations
  <cr>         

Комментарий к коммиту может содержать пробелы.

[*sw21]commit description TEST_COMMIT DESCRIPTION ?
  TEXT<1-60>                              <cr>
[*sw21]commit description TEST_COMMIT DESCRIPTION 
[~sw21]

Ярлык пишется в одно слово.

[*sw21]commit label ?          
  STRING<1-256>  Commit label which should not be '-' or start with a number 

[*sw21]commit label TEST_COMMIT LABEL 
                                    ^
Error: Too many parameters found at '^' position.
[*sw21]commit label TEST_COMMIT_LABEL 
[~sw21]

Посмотреть список сделанных коммитов.

[~sw21]dis configuration commit list 
-----------------------------------------------------------------------------------------------------------------------------------
No.  CommitId     Label                                                            User            TimeStamp                       
-----------------------------------------------------------------------------------------------------------------------------------
1    1000000208   TEST_COMMIT_LABEL                                                eks             2019-09-16 11:12:33+03:00       
2    1000000207   -                                                                eks             2019-09-16 11:07:27+03:00       
3    1000000206   -                                                                eks             2019-09-16 11:01:03+03:00       
...

[~sw21]dis configuration commit list verbose 
1) CommitId: 1000000208
        Label: TEST_COMMIT_LABEL
        User: eks                  
        User-Intf: VTY 0
        Type: CLI                    
        TimeStamp: 2019-09-16 11:12:33+03:00
        Description: 

2) CommitId: 1000000207
        Label: -
        User: eks                  
        User-Intf: VTY 0
        Type: CLI                    
        TimeStamp: 2019-09-16 11:07:27+03:00
        Description: TEST_COMMIT DESCRIPTION

...

Сравнение коммитов

Посмотреть историю изменений можно сравнением текущей конфигурации с ранее сделанными коммитами.
Коммит для сравнения можно выбирать по его ID (CommitId) или по номеру (No.).

Сравнить текущую конфигурацию с последний коммитом.

[~sw21-test]dis configuration commit changes last 1
Building configuration
  #
- sysname sw21
  #
+ sysname sw21-test
  #
[~slv-sw21-test]

Сравнить текущую конфигурацию с каким конкретным коммитом.

[~sw21-test]dis configuration commit changes since 1000000187
Building configuration
  #
- sysname slv-sw21
  #
- ntp server disable
  #
- ntp ipv6 server disable
  #
+ sysname sw21-test
  #
+ dfs-group 1
+  priority 150
+  source ip 10.22.33.32 vpn-instance VRF-DAD-1
  #
+ vlan batch 350 to 360 370
...

Откат изменений

Коммит, до которого надо откатиться, можно определить по номеру (No.), СommitId или по ранее присвоенному ярлыку.

<slv-sw21-test>rollback configuration ?
  last  Rollback to the configuration before the recent configuration commits
  to    Rollback to the configuration after the specified commit label

last - откатиться по номеру (No.) коммита.

[~slv-sw21-test]quit
<slv-sw21-test>rollback ?
  configuration  Committed configuration

<slv-sw21-test>rollback conf
<slv-sw21-test>rollback configuration ?
  last  Rollback to the configuration before the recent configuration commits
  to    Rollback to the configuration after the specified commit label

<slv-sw21-test>rollback configuration la
<slv-sw21-test>rollback configuration last ?
  1   CommitId 1000000208 created by eks at 2019-09-16 11:12:33+03:00
  2   CommitId 1000000207 created by eks at 2019-09-16 11:07:27+03:00
      (Description: TEST_COMMIT DESCRIPTION)
  3   CommitId 1000000206 created by eks at 2019-09-16 11:01:03+03:00
...
<slv-sw21-test>rollback configuration last 1
Warning: This operation will revert configuration changes to the previous status. Continue? [Y/N]:y
Loading rollback changes
Committing
Check rollback result
Configuration rollback succeeded.
Please use 'display configuration commit changes last 1' to view the changes.
<slv-sw21>

to - откатиться по СommitId или ярлыку коммита коммита.

<slv-sw21>rollback configuration to ?
  commit-id  Rollback configuration to specific commit ID
  file       Configuration file
  label      Specifies the label of checkpoint

<slv-sw21>rollback configuration to label ?
  TEST_COMMIT_LABEL  Label created by eks at 2019-09-16 11:12:33+03:00

<slv-sw21>rollback configuration to commit-id ?
  1000000130  CommitId created by - at 2019-03-04 20:00:28+03:00
  1000000131  CommitId created by - at 2019-03-20 01:04:09+03:00
  1000000132  CommitId created by  at 2019-03-20 01:39:48+03:00
..
Автоматически откат изменений

Есть возможность применить конфигурацию на время и, если что-то пошло не так, откатить ее. Делается это командой “commit trial”.
По дефолту автоматический откат произойдет через 600 секунд, можно указать свое время.

[*sw21]commit trial 180       
Info: The system enters the trial configuration mode.
The system will revert to previous configuration if the trial configuration is not confirmed in 180 seconds. 

При необходимости, можно раньше времени откатиться руками - “abort trial”.

[~sw21-test]dis configuration trial status 
Trial status: ACTIVE
Trial time left (sec): 152
[~sw21-test]abort trial 
Warning: The trial configuration will be rolled back. Continue? [Y/N]:y
Info: The trial configuration rollback succeeded.
[~sw21]

Что бы окончательно применить триальные изменения, необходимо в рамках текущей ssh\консольной сессии еще раз дать команду “commit”.

[~sw21-test]dis configuration trial status 
Trial status: ACTIVE
Trial time left (sec): 152
[~sw21-test]commit 
Warning: The trial configuration will be confirmed. Continue? [Y/N]:y
[~sw21-test]

Если после триального коммита выкинуло из ssh сессии и получилось еще раз зайти по ssh или через консоль, то уже нельзя будет руками откатиться или применить триальные изменения, будет ругаться. Надо будет ждать пока истечет время триала.

Повторно логин и попытка закоммитить или руками выключить триал.

[*sw22-bottom]dis configuration trial status 
Trial status: INACTIVE
Trial time left (sec): 0

[*sw22-bottom]commit 
Error: The system is in trial configuration mode. Please try later.

[*sw22-bottom]abort trial                 
Warning: The trial configuration will be rolled back. Continue? [Y/N]:y
Error: The current session is not in trial state.

Попытка зайти по ssh с адреск которого нет в acl

[root@noc21 network-scripts]# ssh username@10.22.33.32
username10.22.33.32's password: 
shell request failed on channel 0

Посмотреть серийный номер коммутатора

Серийный номер указан в поле BarCode.

Серия s5300

<s5328>display elabel
...
[Board Properties]
BoardType=CX77XC
BarCode=21023516101234567890
Item=02351300
Description=Quidway S5328C-EI,CX7Z128CM,S5328C-EI Mainframe(24 10/100/1000Base-T,Chassis,Dual Slots of power,Without Flexible Card and Power Module)
Manufactured=2012-10-07
VendorName=Huawei
IssueNumber=00
CLEICode=                                

BOM=                                    

Серия ce6800

<sw21>display device elabel 


[Slot_1]
/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0


[Board Properties]
BoardType=CE6810-LI-B00
BarCode=2xxxxxxxxxxxxxxxxxxxxxx
Item=02350AQB
Description=Basic Configuration,CloudEngine 6800,CE6810-LI-B00,CE6810-48S4Q-LI Switch(2*600W AC Power Module,2*FAN Box,Port side exhaust)
Manufactured=2018-11-03
VendorName=Huawei
IssueNumber=00
CLEICode=
BOM=


[Port_10GE1/0/1]
/$[ArchivesInfo Version]
/$ArchivesInfoVersion=

или

<sw21>display sn 
Slot 1:
Equipment SN(ESN): 2xxxxxxxxxxxxxxxxxxxxxx
License ESN: 2xxxxxxxxxxxxxxxxxxxxxxxx
----------------------------------------------------------------------------
Slot       Sub    Type               SN                       P/N           
----------------------------------------------------------------------------
1          -      CE6810-48S4Q-LI    2xxxxxxxxxxx     02350AQB      
           FAN1   FAN-40EA-F         2xxxxxxxxxxx     02355421      
           FAN2   FAN-40EA-F         2xxxxxxxxxxx     02355421      
           PWR1   PAC-600WA-F        2xxxxxxxxxxx     02310PMJ      
           PWR2   PAC-600WA-F        2xxxxxxxxxxx     02310PMJ      
----------------------------------------------------------------------------

DRAFT

* - Local node

<slv-sw21>dis dfs-group 1 node 1 m-lag 
* - Local node

M-Lag ID     : 16
Interface    : Eth-Trunk 16
Port State   : Up
Status       : active(*)-inactive

M-Lag ID     : 100
Interface    : Eth-Trunk 100
Port State   : Down
Status       : inactive(*)-inactive

<slv-sw21>dis dfs-group 1 node 2 m-lag  
* - Local node

M-Lag ID     : 16
Interface    : Eth-Trunk 16
Port State   : Down
Status       : inactive-active(*)

M-Lag ID     : 100
Interface    : Eth-Trunk 100
Port State   : Down
Status       : inactive-inactive(*)

Полезные ссылки

qnote/huawei.txt · Last modified: 2021/08/12 08:35 (external edit)

Page Tools