Shulou(Shulou.com)06/01 Report--

Project requirements:

Install DellVRTX hardware, connect to the customer's production network, and set up a virtual machine to meet the customer's RODC and P2V requirements.

Phase 1, install the DELLVRTX hardware and complete the following requirements:

1. Dell Enclosure and Blades

-Mountingof Enclosure to rack

-Ensureeach blade server has the components installed

A) 2x CPU

B) 64GB RAM

C) 2 x 300GBSAS

-Ensureenclosure has a total of 15x 900GB SAS hard disk

-Connectall power cables to enclosure

-Systempower up successfully

2. Configurationof Enclosure, Blades, Storage and network switches

-ActivateEnclosure CMC license and configure IP address for CMC

-ConfigureEnclosure 2x switch module

-Connectnetwork cable from enclosure to existing network switches

-Configure2x Blade server with iDRAC license and configure IP address for iDRAC

-ConfigureBlade server with RAID-1 configuration

-ConfigureStorage with 2 arrays

Array 01 900GBx 6 RAID-5

Array 02 900GBx 7 RAIID-5

Global Hot-Spare 900GBx 2

In fact, these are all manual work, including the upper guide rail and the installation of CPU memory, so it is important to note that:

How to map the network card of internal to the corresponding server

How to assign the Array to the corresponding server

How to set up Array in the CMC console

How to set up the Raid card of CMC hardware

How to map the KVM keyboard and mouse DVD to the corresponding server

How to configure iDRAC in CMC

To accomplish this, the first step is to analyze the customer network:

Summary, in fact, for most rich enterprises will choose such a network architecture, the opportunity that all the devices are dual redundant; as long as this connection is completed, most of them can be used, but if it can be optimized, there are plenty of articles to explore.

Question 1, if HSRP is used on the core switch and most people will adopt redundant connections, then spanning-tree will be generated. In this case, if the data flow can better reach the destination through the corresponding switch?

A: first of all, we use such a topology diagram to illustrate (in fact, most companies use this topology)

Analysis 1, we configure vlan10 as the Root of STP in Core1; so that a loop is formed on Core1,Core2 and Edgesw1. At this time, the Fa0/2 port of edgesw1 should be the suppression port, and the data is going up through the corresponding port of FW1 through Gi1/0/1. This is a normal situation. (without network outages and short lines).

If the Link1 is broken, because we set the track feature of HSRP, and because we set the root bridge of the spanning tree of vlan 10, then the spanning tree must be there, but after the Link1 is broken and there is no loop, the spanning tree will not work; then the change of BPDU is issued, and the Fa0/2 will be enabled, then the data traffic will go through the Core2 and go around to the FW1, as shown below:

If the Core1 is completely broken, then the whole left is broken, and all the traffic is going from the right. The reason is that Core1 is broken, stp doesn't work, and the data goes from the core2. At the same time, the HA on the FW will automatically let FW2 as the Active, then the data will be forwarded directly.

If the LAN link between FW1 and Core1 is down (the following parts are all good), then the data will first go from Core1, and then because of the role of HA, FW2 will become Active, then LAN on Core2 will become a data import stream, because the MAC address of LAN becomes FW2 port, so the data will go from Core1 to Core2, and then the corresponding LAN of FW2 will go out.

Therefore, in the enterprise network, this method is the most reasonable. Let's look at the specific configuration commands:

On Core 1 (become the root bridge of vlan, set the priority of HSRP as the primary, track the downlink port):

Interface Vlan10

Ip address10.10.100.253 255.255.255.0

Ip helper-address10.10.1.1

Standby 1 priority150 preempt

Standby 1 ip10.10.100.254

Standby 1 track gi1/0/1

STP configuration:

Spanning-tree mode pvst

Spanning-tree vlan 1 root primary

Interface gi1/0/1

Switch mode trunk

FW1 configuration:

Hostname FW1

Interface eth 0/0

Nameif ouside

Ip address 202.100.1.10 255.255.255.0 standby 102.100.1.20

Interface eth 0/1

Nameif inside

Ip address 10.1.1.10 255.255.255.0 standby 10.1.1.20

Interface eth0/2

No shut

Failover lan unit Primary

Failover lan interface FO eth 0/2

Failover key cisco

Failover interface ip FO 192.168.1.10 255.255.255.0 standby192.168.1.20

Fw2 configuration:

Interface eth0/2

No shut

Failover lan unit secondary

Failover lan interface FO eth0/2

Failover key cisco

Failover interface ip FO 192.168.1.10 255.255.255.0 standby192.168.1.20

Failover

Fw1 configure stateful links:

Interface eth0/3

No shut

Failover link stateful eth 0/3

Failover interface ip stateful 192.168.2.10 255.255.255.0standby 192.168.2.20

No configuration is required on FW2 because the FO link synchronizes the configuration to the

Note that the default trigger condition for ASAFW's failover is when the device goes down and the link goes down. For more information, please see http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/ha_active_standby.html#wp1097144 (query FailoverTriggers content)

See: http://gponsolution.com/hsrp-tuning-example.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.