Inhaltszusammenfassung zur Seite Nr. 1
Network Resiliency Solutions
x900 Advanced Gigabit Layer 3+ Expandable Switches
Tested Solution: VCStack + Link Aggregation
Prior to the advent of the Virtual Chassis Stacking (VCStack) solution, high availability in enterprise networks was achieved by
provisioning redundant links (with STP) and redundant routers (with VRRP). In normal operation, bandwidth and routing power would
sit idle in the network.
Allied Telesis now provides a truly resilient network. In normal operation, all bandwidth an
Inhaltszusammenfassung zur Seite Nr. 2
| VCStack + Link aggregation NETWORK RESILIENCY SOLUTIONS Customers benefits Customer requirements met with the VCStack + Link Aggregation resiliency solution: ■ A resilient solution without using Spanning Tree ■ A simpler replacement for VRRP and/or other legacy redundancy protocols ■ Simpler network management - the virtual chassis is managed as a single unit. The dedicated stacking link is backed up by Server farm a further resiliency link. If the stacking link Link aggregation to the ser
Inhaltszusammenfassung zur Seite Nr. 3
| VCStack + Link aggregation NETWORK RESILIENCY SOLUTIONS x900 Configuration All log messages are sent to a syslog server. Higher-severity log buffered level errors log messages are also buffered on the switch itself log host 192.168.10.11 log host 192.168.10.11 level debugging access-list 1 permit 192.168.10.13 Allow read-only SNMP monitoring from one management snmp-server enable trap auth nsm station snmp-server community public ro 1 snmp-server host 192.168.10.13 version 2c public A resilien
Inhaltszusammenfassung zur Seite Nr. 4
| VCStack + Link aggregation NETWORK RESILIENCY SOLUTIONS interface port2.0.5 switchport switchport mode access switchport access vlan 171 static-channel-group 3 interface port1.0.7 Create link aggregation groups across the VCStack switchport members for resiliency. One for servers, and three for switchport mode access edge switches switchport access vlan 172 static-channel-group 4 interface port2.0.7 switchport switchport mode access switchport access vlan 172 static-channel-group 4 interface v
Inhaltszusammenfassung zur Seite Nr. 5
| VCStack + Link aggregation NETWORK RESILIENCY SOLUTIONS 8600 Configuration To enable secure HTTP management to use certificates, a set system distinguished="cn=switch1, o=alliedtelesis, c=nz" distinguished name is required and system security must enable system security be enabled Storm control is configured to prevent downstream loops set switch port=1-24 bclimit=3000 mclimit=3000 dlflimit=3000 from affecting the inner layers of the network create vlan="edge" vid=171 By default, all ports ar
Inhaltszusammenfassung zur Seite Nr. 6
| VCStack + Link aggregation NETWORK RESILIENCY SOLUTIONS enable ssh server serverkey=1 hostkey=0 expirytime=1 logintimeout=60 Remote management sessions must use SSH and/or add pki certificate="cer_name" location=cer_name.cer trust=true HTTPS set http server security=on sslkey=2 port=443 All log messages are sent to a syslog server. create log output=1 destination=syslog server=192.168.10.11 Higher-severity log messages are also buffered on the secure=yes message=20 switch itself add log outp
Inhaltszusammenfassung zur Seite Nr. 7
| VCStack + Link aggregation NETWORK RESILIENCY SOLUTIONS 8000S Configuration interface range ethernet 1/e(1-24),2/e(1-24) Broadcast and multicast limiting prevent downstream loops port storm-control broadcast enable from affecting the inner layers of the network port storm-control include-multicast exit interface range ethernet 1/e(1-24),2/e(1-24) The client-facing ports are configured as portfast so there spanning-tree portfast is no delay in connectivity when client devices attach. Root span
Inhaltszusammenfassung zur Seite Nr. 8
| VCStack + Link aggregation NETWORK RESILIENCY SOLUTIONS radius-server host 192.168.10.34 auth-port 1812 acct-port 1813 The Radius server is used for authenticating management key testing123-2 sessions and also for authenticating 802.1x clients aaa authentication login default radius local aaa authentication dot1x default radius management access-list mlist deny service telnet Management access is ONLY possible via the core- deny service http connected aggregated link. Access via insecure
Inhaltszusammenfassung zur Seite Nr. 9
| VCStack + Link aggregation NETWORK RESILIENCY SOLUTIONS About Allied Telesis Allied Telesis is a world class leader in delivering IP/Ethernet network solutions to the global market place.We create innovative, standards-based IP networks that seamlessly connect you with voice, video and data services. Enterprise customers can build complete end-to-end networking solutions through a single vendor, with core to edge technologies ranging from powerful 10 Gigabit Layer 3 switches right through to m