Example for Configuring VCMP to Implement Centralized VLAN Management
Networking Requirements
As shown in Figure 1, the enterprise branch network is a Layer 2 network. The AGG is the aggregation switch, ACC1 to ACC3 are access switches, and ACC1 is connected to visitors. As the enterprise branch scale increases, the network administrator needs to configure and maintain too much VLAN information. The workload is heavy and configuration errors can easily occur. The administrator requires that the VLAN configuration and maintenance workload be reduced and rights of visitors connected to the branch network be limited. VLANs on ACC1 are required to be configured and maintained independently.
Configuration Roadmap
VCMP can be deployed on the enterprise branch network by configuring the AGG as the VCMP server, ACC2 and ACC3 as VCMP clients, and ACC1 as a VCMP silent switch. In this way, the network administrator only needs to modify VLAN information on the AGG. The AGG sends the modified VLAN information to ACC1, ACC2, and ACC3 on the enterprise branch network. ACC2 and ACC3 synchronize VLAN information with the AGG, whereas ACC1 does not. VCMP reduces the workload on modifying the same VLAN information on multiple switches and allows the independent VLAN configuration on ACC1.
To relieve the network administrator from setting the link type, configure LNP to automatically negotiate the link type.
The configuration roadmap is as follows:
- Configure LNP to automatically negotiate the link type, which simplifies use configurations.
- Specify VCMP roles for switches to determine the VCMP management scope, administrative switch, and managed switches.
- Set VCMP parameters such as the authentication password and device ID on the VCMP server and clients to ensure secure communication and identity identification between the VCMP server and clients.
- Enable VCMP.
Procedure
- Configure LNP to automatically negotiate the link type.
By default, LNP is enabled globally and on all interfaces. That is, the link type of the interfaces will be automatically negotiated through LNP.
You can run the display lnp summary command to check whether LNP is enabled globally and on an interface (Global LNP and link-type(C) fields) and check the link type of the interface (link-type(N)).If LNP is not enabled globally or on an interface, perform the following operations:
# Enable global LNP. The configurations of ACC1, ACC2, and ACC3 are similar to the configuration of the AGG, and are not mentioned here.
<HUAWEI> system-view [HUAWEI] sysname AGG [AGG] undo lnp disable
# Enable LNP on interfaces. The configurations of ACC1, ACC2, and ACC3 are similar to the configuration of the AGG, and are not mentioned here.
[AGG] interface GigabitEthernet 0/0/1 [AGG-GigabitEthernet0/0/1] undo port negotiation disable [AGG-GigabitEthernet0/0/1] port link-type negotiation-desirable [AGG-GigabitEthernet0/0/1] quit [AGG] interface GigabitEthernet 0/0/2 [AGG-GigabitEthernet0/0/2] undo port negotiation disable [AGG-GigabitEthernet0/0/2] port link-type negotiation-desirable [AGG-GigabitEthernet0/0/2] quit [AGG] interface GigabitEthernet 0/0/3 [AGG-GigabitEthernet0/0/3] undo port negotiation disable [AGG-GigabitEthernet0/0/3] port link-type negotiation-desirable [AGG-GigabitEthernet0/0/3] quit
- If LNP is enabled globally and on an interface but the link type of the interface connecting switches is Access, run the port link-type { trunk | hybrid } command to specify the link type of the interface so that VCMP can work properly.
- Specify VCMP roles for switches.
# Configure the AGG as the VCMP server.
[AGG] vcmp role server
# Configure ACC1 as a VCMP silent switch.
[ACC1] vcmp role silent
# Configure ACC2 as a VCMP client.
[ACC2] vcmp role client
# Configure ACC3 as a VCMP client.
[ACC3] vcmp role client
- Set VCMP parameters on the VCMP server and clients.
# On the AGG, configure the VCMP domain, device ID, and authentication password.
[AGG] vcmp domain vd1 [AGG] vcmp device-id server [AGG] vcmp authentication sha2-256 password Hello
# On ACC2, configure the VCMP domain and authentication password.
[ACC2] vcmp domain vd1 [ACC2] vcmp authentication sha2-256 password Hello
# On ACC3, configure the VCMP domain and authentication password.
[ACC3] vcmp domain vd1 [ACC3] vcmp authentication sha2-256 password Hello
- Enable VCMP.By default, VCMP is enabled on interfaces. To prevent VCMP packets from affecting the PC, disable VCMP on the client interface connected to the PC.
[ACC2] interface GigabitEthernet 0/0/2 [ACC2-GigabitEthernet0/0/2] vcmp disable [ACC2-GigabitEthernet0/0/2] quit
[ACC3] interface GigabitEthernet 0/0/2 [ACC3-GigabitEthernet0/0/2] vcmp disable [ACC3-GigabitEthernet0/0/2] quit
- Verify the configuration.
After the configurations are complete, run the display vcmp status command to view the VCMP configuration, including the VCMP domain name, VCMP role, device ID, configuration revision number, and VCMP domain authentication password.
The display on the AGG is used as an example.
[AGG] display vcmp status VCMP information: Domain : vd1 Role : Server Server ID : server Configuration Revision : 0x239c0000 Password : ******
On the AGG, run the vlan vlan-id command to create VLAN 10, and run the display vlan summary command on ACC1, ACC2, and ACC3 respectively to view VLAN information. The command output shows that ACC2 and ACC3 have synchronized VLAN information with that on the AGG, whereas ACC1 has not.
[AGG] vlan 10 [AGG-vlan10] quit
[AGG] display vlan summary Static VLAN: Total 2 static VLAN. 1 10 Dynamic VLAN: Total 0 dynamic VLAN. Reserved VLAN: Total 0 reserved VLAN.[ACC1] display vlan summary Static VLAN: Total 1 static VLAN. 1 Dynamic VLAN: Total 0 dynamic VLAN. Reserved VLAN: Total 0 reserved VLAN.
[ACC2] display vlan summary Static VLAN: Total 2 static VLAN. 1 10 Dynamic VLAN: Total 0 dynamic VLAN. Reserved VLAN: Total 0 reserved VLAN.[ACC3] display vlan summary Static VLAN: Total 2 static VLAN. 1 10 Dynamic VLAN: Total 0 dynamic VLAN. Reserved VLAN: Total 0 reserved VLAN.
Configuration Files
AGG configuration file
# sysname AGG # vcmp role server vcmp domain vd1 vcmp device-id server vcmp authentication sha2-256 password %^%#6dD+>}ffA7*[j2#]0%%GfN#;I}#.lQ2Yfb2b1y"0%^%# # vlan batch 10 # return
ACC1 configuration file
# sysname ACC1 # vcmp role silent # return
ACC2 configuration file
# sysname ACC2 # vcmp domain vd1 vcmp authentication sha2-256 password %^%#6dD+>}ffA7*[j2#]0%%GfN#;I}#.lQ2Yfb2b1y"0%^%# # vlan batch 10 # interface GigabitEthernet0/0/2 vcmp disable # return
ACC3 configuration file
# sysname ACC3 # vcmp domain vd1 vcmp authentication sha2-256 password %^%#6dD+>}ffA7*[j2#]0%%GfN#;I}#.lQ2Yfb2b1y"0%^%# # vlan batch 10 # interface GigabitEthernet0/0/2 vcmp disable # return