Channel bonding enables two or more network interfaces to act as one, simultaneously increasing the bandwidth and providing redundancy.
In our example we use the bonding mode 4 (802.3ad).
IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.
Prerequisites:
- Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
- A switch that supports IEEE 802.3ad Dynamic link aggregation. Most switches will require some type of configuration to enable 2.3ad mode.
- Overview
To get information of your available network interfaces like IP Address, MAC Address, use the following command as shown below.
[root@node1 ~]# ip addr
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp3s0f0: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
3: enp3s0f1: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:**:**:**:26:f4 brd ff:ff:ff:ff:ff:ff
4: enp4s0f0: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:**:**:**:26:f7 brd ff:ff:ff:ff:ff:ff
5: enp4s0f1: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
link/ether 00:**:**:**:26:f6 brd ff:ff:ff:ff:ff:ff
6: enp6s0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 68:**:**:**:f4:21 brd ff:ff:ff:ff:ff:ff
inet 10.0.6.30/26 brd 10.0.6.63 scope global enp6s0
valid_lft forever preferred_lft forever
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp3s0f0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
3: enp3s0f1:
link/ether 00:**:**:**:26:f4 brd ff:ff:ff:ff:ff:ff
4: enp4s0f0:
link/ether 00:**:**:**:26:f7 brd ff:ff:ff:ff:ff:ff
5: enp4s0f1:
link/ether 00:**:**:**:26:f6 brd ff:ff:ff:ff:ff:ff
6: enp6s0:
link/ether 68:**:**:**:f4:21 brd ff:ff:ff:ff:ff:ff
inet 10.0.6.30/26 brd 10.0.6.63 scope global enp6s0
valid_lft forever preferred_lft forever
One of our network interfaces is used as a management interface.
In our example is this interface enp6s0.
We will bond the other four network interfaces as one logical interface :
In our example is this interface enp6s0.
We will bond the other four network interfaces as one logical interface :
- ifcfg-enp3s0f0
- ifcfg-enp3s0f1
- ifcfg-enp4s0f0
- ifcfg-enp4s0f1
- Disable NetworkManager
[root@node1 ~]# systemctl stop NetworkManager
[root@node1 ~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
[root@node1 ~]# systemctl is-enabled NetworkManager
disabled
[root@node1 ~]# systemctl status NetworkManager
Active: inactive (dead) since *** 20**-12-21 16:12:06 CET; 18s ago
Docs: man:NetworkManager(8)
Main PID: 684 (code=exited, status=0/SUCCESS)
[root@node1 ~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
[root@node1 ~]# systemctl is-enabled NetworkManager
disabled
[root@node1 ~]# systemctl status NetworkManager
- NetworkManager.service - Network Manager
Active: inactive (dead) since *** 20**-12-21 16:12:06 CET; 18s ago
Docs: man:NetworkManager(8)
Main PID: 684 (code=exited, status=0/SUCCESS)
- Network management interface
Interface configuration files are found in the /etc/sysconfig/network-scripts/ directory and have names of the form ifcfg-X where X is replaced by the name of the interface. In our example is the configuration file of our management interface ifcfg-enp6s0.
We ensure that the NM_CONTROLLED configuration key exist and set to no and the ONBOOT configuration key is set to yes.
We ensure that the NM_CONTROLLED configuration key exist and set to no and the ONBOOT configuration key is set to yes.
Let's create a BASH script.
[root@node1 ~]# cd /opt
[root@node1 opt]# vi management.sh
# Copy below lines into the file management.sh
#!/usr/bin/bash
#
# Variables
MGM_INTERFACE=enp6s0
# Add or change config parameter NM_CONTROLLED
grep -q '^NM_CONTROLLED' /etc/sysconfig/network-scripts/ifcfg-${MGM_INTERFACE} &&sed -i 's|^\(NM_CONTROLLED=\).*|\1no|' /etc/sysconfig/network-scripts/ifcfg-${MGM_INTERFACE} || echo 'NM_CONTROLLED=no' >> /etc/sysconfig/network-scripts/ifcfg-${MGM_INTERFACE}
# Add or change config parameter ONBOOT
grep -q '^ONBOOT' /etc/sysconfig/network-scripts/ifcfg-${MGM_INTERFACE} && sed -i 's|^\(ONBOOT=\).*|\1yes|' /etc/sysconfig/network-scripts/ifcfg-${MGM_INTERFACE} || echo 'ONBOOT=yes' >> /etc/sysconfig/network-scripts/ifcfg-${MGM_INTERFACE}
[root@node1 opt]# vi management.sh
# Copy below lines into the file management.sh
#!/usr/bin/bash
#
# Variables
MGM_INTERFACE=enp6s0
# Add or change config parameter NM_CONTROLLED
grep -q '^NM_CONTROLLED' /etc/sysconfig/network-scripts/ifcfg-${MGM_INTERFACE} &&sed -i 's|^\(NM_CONTROLLED=\).*|\1no|' /etc/sysconfig/network-scripts/ifcfg-${MGM_INTERFACE} || echo 'NM_CONTROLLED=no' >> /etc/sysconfig/network-scripts/ifcfg-${MGM_INTERFACE}
# Add or change config parameter ONBOOT
grep -q '^ONBOOT' /etc/sysconfig/network-scripts/ifcfg-${MGM_INTERFACE} && sed -i 's|^\(ONBOOT=\).*|\1yes|' /etc/sysconfig/network-scripts/ifcfg-${MGM_INTERFACE} || echo 'ONBOOT=yes' >> /etc/sysconfig/network-scripts/ifcfg-${MGM_INTERFACE}
Let's run our BASH script.
[root@node1 opt]# sh management.sh
This action ensures that the standard network service will take control of the interfaces and automatically activate them on boot.
Ensure that the network service is restarted using the systemctl command.
[root@node1 opt]# systemctl restart network.service
[root@node1 opt]# systemctl status network.service
Active: active (exited) since *** 20**-12-21 16:34:49 CET; 3min 41s ago
Docs: man:systemd-sysv-generator(8)
Process: 2753 ExecStop=/etc/rc.d/init.d/network stop (code=exited, status=0/SUCCESS)
Process: 3178 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=0/SUCCESS)
Dec 21 16:34:40 node1.server.lab systemd[1]: Starting LSB: Bring up/down networking...
Dec 21 16:34:40 node1.server.lab network[3178]: Bringing up loopback interface: [ OK ]
Dec 21 16:34:49 node1.server.lab network[3178]: Bringing up interface enp6s0: [ OK ]
Dec 21 16:34:49 node1.server.lab systemd[1]: Started LSB: Bring up/down networking.
[root@node1 opt]# systemctl status network.service
- network.service - LSB: Bring up/down networking
Active: active (exited) since *** 20**-12-21 16:34:49 CET; 3min 41s ago
Docs: man:systemd-sysv-generator(8)
Process: 2753 ExecStop=/etc/rc.d/init.d/network stop (code=exited, status=0/SUCCESS)
Process: 3178 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=0/SUCCESS)
Dec 21 16:34:40 node1.server.lab systemd[1]: Starting LSB: Bring up/down networking...
Dec 21 16:34:40 node1.server.lab network[3178]: Bringing up loopback interface: [ OK ]
Dec 21 16:34:49 node1.server.lab network[3178]: Bringing up interface enp6s0: [ OK ]
Dec 21 16:34:49 node1.server.lab systemd[1]: Started LSB: Bring up/down networking.
Ensure that the network service is enabled using the systemctl command.
[root@node1 opt]# systemctl is-enabled network.service
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network --level=5
enabled
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network --level=5
enabled
- Configure the Linux host for LACP bonding
4.1 Overview
4.2 Physical interfaces to bond
The following parameters are required on all interface configuration files of the interfaces we want to bond as one logical link.
| DEVICE=enpX | # Name of interface |
| BOOTPROTO=none | # No boot-time protocol should be used |
| ONBOOT=yes | # This device should be activated at boot-time |
| MASTER=bond0 | # Channel bonding interface to which the Ethernet interface is linked |
| SLAVE=yes | # This device is controlled by the channel bonding interface specified in the MASTER directive |
| USERCTL=no | # Non-root users are not allowed to control this device |
| NM_CONTROLLED=no | # NetworkManager is not permitted to configure this device |
We’ll bond the following four network interfaces:
- ifcfg-enp3s0f0
- ifcfg-enp3s0f1
- ifcfg-enp4s0f0
- ifcfg-enp4s0f1
Let's check if our interface configuration files exist.
[root@node1 opt]# ls -al /etc/sysconfig/network-scripts/ifcfg-*
-rw-r--r--. 1 root root 281 Dec 20 13:17 /etc/sysconfig/network-scripts/ifcfg-ifcfg-enp3s0f0
-rw-r--r--. 1 root root 281 Dec 20 13:17 /etc/sysconfig/network-scripts/ifcfg-ifcfg-enp3s0f1
-rw-r--r--. 1 root root 281 Dec 20 13:17 /etc/sysconfig/network-scripts/ifcfg-ifcfg-enp4s0f0
-rw-r--r--. 1 root root 281 Dec 20 13:17 /etc/sysconfig/network-scripts/ifcfg-ifcfg-enp4s0f1
-rw-r--r--. 1 root root 315 Dec 20 13:17 /etc/sysconfig/network-scripts/ifcfg-ifcfg-enp6s0
-rw-r--r--. 1 root root 254 Sep 12 12:47 /etc/sysconfig/network-scripts/ifcfg-ifcfg-lo
-rw-r--r--. 1 root root 281 Dec 20 13:17 /etc/sysconfig/network-scripts/ifcfg-ifcfg-enp3s0f0
-rw-r--r--. 1 root root 281 Dec 20 13:17 /etc/sysconfig/network-scripts/ifcfg-ifcfg-enp3s0f1
-rw-r--r--. 1 root root 281 Dec 20 13:17 /etc/sysconfig/network-scripts/ifcfg-ifcfg-enp4s0f0
-rw-r--r--. 1 root root 281 Dec 20 13:17 /etc/sysconfig/network-scripts/ifcfg-ifcfg-enp4s0f1
-rw-r--r--. 1 root root 315 Dec 20 13:17 /etc/sysconfig/network-scripts/ifcfg-ifcfg-enp6s0
-rw-r--r--. 1 root root 254 Sep 12 12:47 /etc/sysconfig/network-scripts/ifcfg-ifcfg-lo
Let's create a BASH script.
[root@node1 opt]# vi physical.sh
# Copy below lines into the file physical.sh
#!/usr/bin/bash
#
# Loop through all configuration files under the directory '/etc/sysconfig/network-scripts/'
# that contains the string 'ifcfg-enp3' or 'ifcfg-enp4' as filename.
for FILE in $(\find /etc/sysconfig/network-scripts/ -type f -name "ifcfg-enp[3|4]*"); do
# Foreach FILE we have, remove the string ifcfg- and everything before that string.
DEVNAME=$(echo $FILE | sed 's/.*ifcfg-//g' );
# Add or change config parameters
grep -q '^DEVICE' $FILE && sed -i 's|^\(DEVICE=\).*|\1'"${DEVNAME}"'|' $FILE || echo 'DEVICE=$DEVNAME' >> $FILE;
grep -q '^BOOTPROTO' $FILE && sed -i 's|^\(BOOTPROTO=\).*|\1none|' $FILE || echo 'BOOTPROTO=none' >> $FILE;
grep -q '^ONBOOT' $FILE && sed -i 's|^\(ONBOOT=\).*|\1yes|' $FILE || echo 'ONBOOT=yes' >> $FILE;
grep -q '^MASTER' $FILE && sed -i 's|^\(MASTER=\).*|\1bond0|' $FILE || echo 'MASTER=bond0' >> $FILE;
grep -q '^SLAVE' $FILE && sed -i 's|^\(SLAVE=\).*|\1yes|' $FILE || echo 'SLAVE=yes' >> $FILE;
grep -q '^USERCTL' $FILE && sed -i 's|^\(USERCTL=\).*|\1no|' $FILE || echo 'USERCTL=no' >> $FILE;
grep -q '^NM_CONTROLLED' $FILE && sed -i 's|^\(NM_CONTROLLED=\).*|\1no|' $FILE || echo 'NM_CONTROLLED=no' >> $FILE;
# If config parameter exist,
# then change config parameter(s)
grep -q '^DEFROUTE' $FILE && sed -i 's|^\(DEFROUTE=\).*|\1no|' $FILE;
grep -q '^PEERDNS' $FILE && sed -i 's|^\(PEERDNS=\).*|\1no|' $FILE;
grep -q '^PEERROUTES' $FILE && sed -i 's|^\(PEERROUTES=\).*|\1no|' $FILE;
grep -q '^IPV4_FAILURE_FATAL' $FILE && sed -i 's|^\(IPV4_FAILURE_FATAL=\).*|\1no|' $FILE;
grep -q '^IPV6INIT' $FILE && sed -i 's|^\(IPV6INIT=\).*|\1no|' $FILE;
grep -q '^IPV6_FAILURE_FATAL' $FILE && sed -i 's|^\(IPV6_FAILURE_FATAL=\).*|\1no|' $FILE;
done
# Copy below lines into the file physical.sh
#!/usr/bin/bash
#
# Loop through all configuration files under the directory '/etc/sysconfig/network-scripts/'
# that contains the string 'ifcfg-enp3' or 'ifcfg-enp4' as filename.
for FILE in $(\find /etc/sysconfig/network-scripts/ -type f -name "ifcfg-enp[3|4]*"); do
# Foreach FILE we have, remove the string ifcfg- and everything before that string.
DEVNAME=$(echo $FILE | sed 's/.*ifcfg-//g' );
# Add or change config parameters
grep -q '^DEVICE' $FILE && sed -i 's|^\(DEVICE=\).*|\1'"${DEVNAME}"'|' $FILE || echo 'DEVICE=$DEVNAME' >> $FILE;
grep -q '^BOOTPROTO' $FILE && sed -i 's|^\(BOOTPROTO=\).*|\1none|' $FILE || echo 'BOOTPROTO=none' >> $FILE;
grep -q '^ONBOOT' $FILE && sed -i 's|^\(ONBOOT=\).*|\1yes|' $FILE || echo 'ONBOOT=yes' >> $FILE;
grep -q '^MASTER' $FILE && sed -i 's|^\(MASTER=\).*|\1bond0|' $FILE || echo 'MASTER=bond0' >> $FILE;
grep -q '^SLAVE' $FILE && sed -i 's|^\(SLAVE=\).*|\1yes|' $FILE || echo 'SLAVE=yes' >> $FILE;
grep -q '^USERCTL' $FILE && sed -i 's|^\(USERCTL=\).*|\1no|' $FILE || echo 'USERCTL=no' >> $FILE;
grep -q '^NM_CONTROLLED' $FILE && sed -i 's|^\(NM_CONTROLLED=\).*|\1no|' $FILE || echo 'NM_CONTROLLED=no' >> $FILE;
# If config parameter exist,
# then change config parameter(s)
grep -q '^DEFROUTE' $FILE && sed -i 's|^\(DEFROUTE=\).*|\1no|' $FILE;
grep -q '^PEERDNS' $FILE && sed -i 's|^\(PEERDNS=\).*|\1no|' $FILE;
grep -q '^PEERROUTES' $FILE && sed -i 's|^\(PEERROUTES=\).*|\1no|' $FILE;
grep -q '^IPV4_FAILURE_FATAL' $FILE && sed -i 's|^\(IPV4_FAILURE_FATAL=\).*|\1no|' $FILE;
grep -q '^IPV6INIT' $FILE && sed -i 's|^\(IPV6INIT=\).*|\1no|' $FILE;
grep -q '^IPV6_FAILURE_FATAL' $FILE && sed -i 's|^\(IPV6_FAILURE_FATAL=\).*|\1no|' $FILE;
done
Let's run our BASH script.
[root@node1 opt]# sh physical.sh
4.3 Configure the logical interface
To create a channel bonding interface, create a file in the /etc/sysconfig/network-scripts/ directory called ifcfg-bondN, replacing N with the number for the interface, such as 0.
The contents of the file can be based on a configuration file for whatever type of interface is getting bonded, such as an Ethernet interface. The essential differences are that the DEVICE directive is bondN, replacing N with the number for the interface, and TYPE=Bond. In addition, set BONDING_MASTER=yes.
The following parameters are required for our logical interface.
The contents of the file can be based on a configuration file for whatever type of interface is getting bonded, such as an Ethernet interface. The essential differences are that the DEVICE directive is bondN, replacing N with the number for the interface, and TYPE=Bond. In addition, set BONDING_MASTER=yes.
The following parameters are required for our logical interface.
| DEVICE=bond0 | # Name of the physical device |
| BOOTPROTO=none | # No boot-time protocol should be used |
| ONBOOT=yes | # This device should be activated at boot-time |
| USERCTL=no | # Non-root users are not allowed to control this device |
| NM_CONTROLLED=no | # NetworkManager is not permitted to configure this device |
| NAME=bond0 | # |
| TYPE=Bond | # Type of interface |
| BONDING_MASTER=yes | # Indicates that the device is a bonding master device |
| BONDING_OPTS=”mode=802.3ad miimon=100 lacp_rate=1 xmit_hash_policy=layer2+3 updelay=200 downdelay=200” | # Bonding parameters |
| # miimon= Specifies (in milliseconds) how often MII link monitoring occurs. This is useful if high availability is required because MII is used to verify that the NIC is active. | |
| # mode= Specifies one of four policies allowed for the bonding module | |
| # lacp_rate= Specifies the rate at which link partners should transmit LACPDU packets in 802.3ad mode. Possible values are: | |
| (*) slow or 0 — Default setting. This specifies that partners should transmit LACPDUs every 30 seconds. | |
| (*) fast or 1 — Specifies that partners should transmit LACPDUs every 1 second. | |
| # xmit_hash_policy= Selects the transmit hash policy used for slave selection in balance-xor and 802.3ad modes | |
| # updelay= Specifies (in milliseconds) how long to wait before enabling a link. | |
| # downdelay= Specifies (in milliseconds) how long to wait after link failure before disabling the link. |
Let's create a BASH script.
[root@node1 opt]# vi logical.sh
# Copy below lines into the file logical.sh
#!/usr/bin/bash
#
#Variables
FILE="/etc/sysconfig/network-scripts/ifcfg-bond0"
# Remove the string ifcfg- and everything before that string.
DEVNAME=$(echo $FILE | sed 's/.*ifcfg-//g' );
# Add or change config parameters
grep -q '^DEVICE' $FILE && sed -i 's|^\(DEVICE=\).*|\1'"${DEVNAME}"'|' $FILE || echo 'DEVICE='${DEVNAME} >> $FILE;
grep -q '^BOOTPROTO' $FILE && sed -i 's|^\(BOOTPROTO=\).*|\1none|' $FILE || echo 'BOOTPROTO=none' >> $FILE;
grep -q '^ONBOOT' $FILE && sed -i 's|^\(ONBOOT=\).*|\1yes|' $FILE || echo 'ONBOOT=yes' >> $FILE;
grep -q '^USERCTL' $FILE && sed -i 's|^\(USERCTL=\).*|\1no|' $FILE || echo 'USERCTL=no' >> $FILE;
grep -q '^NM_CONTROLLED' $FILE && sed -i 's|^\(NM_CONTROLLED=\).*|\1no|' $FILE || echo 'NM_CONTROLLED=no' >> $FILE;
grep -q '^NAME' $FILE && sed -i 's|^\(NAME=\).*|\1'"${DEVNAME}"'|' $FILE || echo 'NAME='${DEVNAME} >> $FILE;
grep -q '^TYPE' $FILE && sed -i 's|^\(TYPE=\).*|\1Bond|' $FILE || echo 'TYPE=Bond' >> $FILE;
grep -q '^BONDING_MASTER' $FILE && sed -i 's|^\(BONDING_MASTER=\).*|\1yes|' $FILE || echo 'BONDING_MASTER=yes' >> $FILE;
grep -q '^BONDING_OPTS' $FILE && sed -i 's|^\(BONDING_OPTS=\).*|\1"mode=802.3ad miimon=100 lacp_rate=1 xmit_hash_policy=layer2+3 updelay=200 downdelay=200"|' $FILE || echo 'BONDING_OPTS="mode=802.3ad miimon=100 lacp_rate=1 xmit_hash_policy=layer2+3 updelay=200 downdelay=200"' >> $FILE;
# Copy below lines into the file logical.sh
#!/usr/bin/bash
#
#Variables
FILE="/etc/sysconfig/network-scripts/ifcfg-bond0"
# Remove the string ifcfg- and everything before that string.
DEVNAME=$(echo $FILE | sed 's/.*ifcfg-//g' );
# Add or change config parameters
grep -q '^DEVICE' $FILE && sed -i 's|^\(DEVICE=\).*|\1'"${DEVNAME}"'|' $FILE || echo 'DEVICE='${DEVNAME} >> $FILE;
grep -q '^BOOTPROTO' $FILE && sed -i 's|^\(BOOTPROTO=\).*|\1none|' $FILE || echo 'BOOTPROTO=none' >> $FILE;
grep -q '^ONBOOT' $FILE && sed -i 's|^\(ONBOOT=\).*|\1yes|' $FILE || echo 'ONBOOT=yes' >> $FILE;
grep -q '^USERCTL' $FILE && sed -i 's|^\(USERCTL=\).*|\1no|' $FILE || echo 'USERCTL=no' >> $FILE;
grep -q '^NM_CONTROLLED' $FILE && sed -i 's|^\(NM_CONTROLLED=\).*|\1no|' $FILE || echo 'NM_CONTROLLED=no' >> $FILE;
grep -q '^NAME' $FILE && sed -i 's|^\(NAME=\).*|\1'"${DEVNAME}"'|' $FILE || echo 'NAME='${DEVNAME} >> $FILE;
grep -q '^TYPE' $FILE && sed -i 's|^\(TYPE=\).*|\1Bond|' $FILE || echo 'TYPE=Bond' >> $FILE;
grep -q '^BONDING_MASTER' $FILE && sed -i 's|^\(BONDING_MASTER=\).*|\1yes|' $FILE || echo 'BONDING_MASTER=yes' >> $FILE;
grep -q '^BONDING_OPTS' $FILE && sed -i 's|^\(BONDING_OPTS=\).*|\1"mode=802.3ad miimon=100 lacp_rate=1 xmit_hash_policy=layer2+3 updelay=200 downdelay=200"|' $FILE || echo 'BONDING_OPTS="mode=802.3ad miimon=100 lacp_rate=1 xmit_hash_policy=layer2+3 updelay=200 downdelay=200"' >> $FILE;
Let's run our BASH script.
[root@node1 opt]# sh logical.sh
4.4 Setting up 802.1Q VLAN tagging
In Red Hat Enterprise Linux 7, the 8021q module is loaded by default. If necessary, you can make sure that the module is loaded by issuing the following command as root:
[root@node1 opt]# modprobe --first-time 8021q
To display information about the module, issue the following command:
[root@node1 opt]# modinfo 8021q
filename: /lib/modules/3.10.0-514.2.2.el7.x86_64/kernel/net/8021q/8021q.ko
version: 1.8
license: GPL
alias: rtnl-link-vlan
rhelversion: 7.3
srcversion: 7E3D79395FFBC56AFC109DE
depends: mrp,garp
intree: Y
vermagic: 3.10.0-514.2.2.el7.x86_64 SMP mod_unload modversions
signer: CentOS Linux kernel signing key
sig_key: 54:CE:18:D5:47:AB:70:33:F7:FE:23:16:22:13:74:77:98:1A:31:81
sig_hashalgo: sha256
filename: /lib/modules/3.10.0-514.2.2.el7.x86_64/kernel/net/8021q/8021q.ko
version: 1.8
license: GPL
alias: rtnl-link-vlan
rhelversion: 7.3
srcversion: 7E3D79395FFBC56AFC109DE
depends: mrp,garp
intree: Y
vermagic: 3.10.0-514.2.2.el7.x86_64 SMP mod_unload modversions
signer: CentOS Linux kernel signing key
sig_key: 54:CE:18:D5:47:AB:70:33:F7:FE:23:16:22:13:74:77:98:1A:31:81
sig_hashalgo: sha256
The following parameters are required for each VLAN interface.
| DEVICE=bond0.X | # Name of the physical device |
| BOOTPROTO=none | # No boot-time protocol should be used |
| ONBOOT=yes | # This device should be activated at boot-time |
| USERCTL=no | # Non-root users are not allowed to control this device |
| NM_CONTROLLED=no | # NetworkManager is not permitted to configure this device |
| VLAN=yes | # Tag the interface as a VLAN interface |
| VLAN_ID=X | # Define the VLAN ID value |
| ONPARENT=yes | # To ensure that the VLAN interface does not attempt to come up before the bond is up |
| PHYSDEV=bond0 | # Attach to our logical interface |
| BRIDGE=Y | # Map to bridge interface name |
Let's create a BASH script.
[root@node1 opt]# vi vlans.sh
# Copy below lines into the file vlans.sh
#!/usr/bin/bash
#
declare -a VLAN_ID=(5 6 7 8);
declare -a VLAN_NAME=(internet server wireless lan);
# Variables
FILE="/etc/sysconfig/network-scripts/ifcfg-bond0"
# Remove the string ifcfg- and everything before that string.
DEVNAME=$(echo $FILE | sed 's/.*ifcfg-//g' );
COUNT=0#
# Loop through the array VLAN_ID to get the VLAN values
for VLAN in ${VLAN_ID[*]}; do
grep -q '^DEVICE' "${FILE}.${VLAN}" && sed -i 's|^\(DEVICE=\).*|\1'"${DEVNAME}.${VLAN}"'|' "${FILE}.${VLAN}" || echo 'DEVICE='"${DEVNAME}.${VLAN}" >> "${FILE}.${VLAN}";
grep -q '^BOOTPROTO' "${FILE}.${VLAN}" && sed -i 's|^\(BOOTPROTO=\).*|\1none|' "${FILE}.${VLAN}" || echo 'BOOTPROTO=none' >> "${FILE}.${VLAN}";
grep -q '^ONBOOT' "${FILE}.${VLAN}" && sed -i 's|^\(ONBOOT=\).*|\1yes|' "${FILE}.${VLAN}" || echo 'ONBOOT=yes' >> "${FILE}.${VLAN}";
grep -q '^USERCTL' "${FILE}.${VLAN}" && sed -i 's|^\(USERCTL=\).*|\1no|' "${FILE}.${VLAN}" || echo 'USERCTL=no' >> "${FILE}.${VLAN}";
grep -q '^NM_CONTROLLED' "${FILE}.${VLAN}" && sed -i 's|^\(NM_CONTROLLED=\).*|\1no|' "${FILE}.${VLAN}" || echo 'NM_CONTROLLED=no' >> "${FILE}.${VLAN}";
grep -q '^VLAN' "${FILE}.${VLAN}" && sed -i 's|^\(VLAN=\).*|\1yes|' "${FILE}.${VLAN}" || echo 'VLAN=yes' >> "${FILE}.${VLAN}";
grep -q '^VLAN_ID' "${FILE}.${VLAN}" && sed -i 's|^\(VLAN_ID=\).*|\1'"${VLAN}"'|' "${FILE}.${VLAN}" || echo 'VLAN_ID='"${VLAN}" >> "${FILE}.${VLAN}";
grep -q '^ONPARENT' "${FILE}.${VLAN}" && sed -i 's|^\(ONPARENT=\).*|\1yes|' "${FILE}.${VLAN}" || echo 'ONPARENT=yes' >> "${FILE}.${VLAN}";
grep -q '^PHYSDEV' "${FILE}.${VLAN}" && sed -i 's|^\(PHYSDEV=\).*|\1'"${DEVNAME}"'|' "${FILE}.${VLAN}" || echo 'PHYSDEV='"${DEVNAME}" >> "${FILE}.${VLAN}";
grep -q '^BRIDGE' "${FILE}.${VLAN}" && sed -i 's|^\(BRIDGE=\).*|\1'"${VLAN_NAME[$COUNT]}"'|' "${FILE}.${VLAN}" || echo 'BRIDGE='"${VLAN_NAME[$COUNT]}" >> "${FILE}.${VLAN}";
((COUNT+=1))
done
# Copy below lines into the file vlans.sh
#!/usr/bin/bash
#
declare -a VLAN_ID=(5 6 7 8);
declare -a VLAN_NAME=(internet server wireless lan);
# Variables
FILE="/etc/sysconfig/network-scripts/ifcfg-bond0"
# Remove the string ifcfg- and everything before that string.
DEVNAME=$(echo $FILE | sed 's/.*ifcfg-//g' );
COUNT=0#
# Loop through the array VLAN_ID to get the VLAN values
for VLAN in ${VLAN_ID[*]}; do
grep -q '^DEVICE' "${FILE}.${VLAN}" && sed -i 's|^\(DEVICE=\).*|\1'"${DEVNAME}.${VLAN}"'|' "${FILE}.${VLAN}" || echo 'DEVICE='"${DEVNAME}.${VLAN}" >> "${FILE}.${VLAN}";
grep -q '^BOOTPROTO' "${FILE}.${VLAN}" && sed -i 's|^\(BOOTPROTO=\).*|\1none|' "${FILE}.${VLAN}" || echo 'BOOTPROTO=none' >> "${FILE}.${VLAN}";
grep -q '^ONBOOT' "${FILE}.${VLAN}" && sed -i 's|^\(ONBOOT=\).*|\1yes|' "${FILE}.${VLAN}" || echo 'ONBOOT=yes' >> "${FILE}.${VLAN}";
grep -q '^USERCTL' "${FILE}.${VLAN}" && sed -i 's|^\(USERCTL=\).*|\1no|' "${FILE}.${VLAN}" || echo 'USERCTL=no' >> "${FILE}.${VLAN}";
grep -q '^NM_CONTROLLED' "${FILE}.${VLAN}" && sed -i 's|^\(NM_CONTROLLED=\).*|\1no|' "${FILE}.${VLAN}" || echo 'NM_CONTROLLED=no' >> "${FILE}.${VLAN}";
grep -q '^VLAN' "${FILE}.${VLAN}" && sed -i 's|^\(VLAN=\).*|\1yes|' "${FILE}.${VLAN}" || echo 'VLAN=yes' >> "${FILE}.${VLAN}";
grep -q '^VLAN_ID' "${FILE}.${VLAN}" && sed -i 's|^\(VLAN_ID=\).*|\1'"${VLAN}"'|' "${FILE}.${VLAN}" || echo 'VLAN_ID='"${VLAN}" >> "${FILE}.${VLAN}";
grep -q '^ONPARENT' "${FILE}.${VLAN}" && sed -i 's|^\(ONPARENT=\).*|\1yes|' "${FILE}.${VLAN}" || echo 'ONPARENT=yes' >> "${FILE}.${VLAN}";
grep -q '^PHYSDEV' "${FILE}.${VLAN}" && sed -i 's|^\(PHYSDEV=\).*|\1'"${DEVNAME}"'|' "${FILE}.${VLAN}" || echo 'PHYSDEV='"${DEVNAME}" >> "${FILE}.${VLAN}";
grep -q '^BRIDGE' "${FILE}.${VLAN}" && sed -i 's|^\(BRIDGE=\).*|\1'"${VLAN_NAME[$COUNT]}"'|' "${FILE}.${VLAN}" || echo 'BRIDGE='"${VLAN_NAME[$COUNT]}" >> "${FILE}.${VLAN}";
((COUNT+=1))
done
Let's run our BASH script.
[root@node1 opt]# sh vlans.sh
4.5 Setting up network bridges
A network bridge is a Link Layer device which forwards traffic between networks based on MAC addresses and is therefore also referred to as a Layer 2 device. It makes forwarding decisions based on tables of MAC addresses which it builds by learning what hosts are connected to each network. A software bridge can be used within a Linux host in order to emulate a hardware bridge, for example in virtualization applications for sharing a NIC with one or more virtual NICs.
Install first the package bridge-utils.
Install first the package bridge-utils.
[root@node1 opt]# yum -y install bridge-utils
To create a network bridge, create a file in the /etc/sysconfig/network-scripts/ directory called ifcfg-brN, replacing N with the number for the interface, such as 0.
You probably notice on our previously BASH script that we don’t gonna use the standard naming for bridge interfaces like described earlier. We will create bridge interface names like Internet, Server, Wireless and LAN.
The following parameters are required for each bridge interface.
The following parameters are required for each bridge interface.
| DEVICE=Y | # Name of the physical device |
| BOOTPROTO=none | # No boot-time protocol should be used |
| ONBOOT=yes | # This device should be activated at boot-time |
| USERCTL=no | # Non-root users are not allowed to control this device |
| NM_CONTROLLED=no | # NetworkManager is not permitted to configure this device |
| TYPE=Bridge | # Tag the interface as a BRIDGE interface |
| DELAY=0 | # To prevent the bridge from waiting while it monitors traffic, learns where hosts are located, and builds a table of MAC addresses on which to base its filtering decisions |
Let's create a BASH script.
[root@node1 opt]# vi bridges.sh
# Copy below lines into the file bridges.sh
#!/usr/bin/bash
#
declare -a VLAN_NAME=(internet server wireless lan);
# Variables
FILE="/etc/sysconfig/network-scripts/ifcfg"
for NAME in ${VLAN_NAME[*]}; do
grep -q '^DEVICE' "${FILE}-${NAME}" && sed -i 's|^\(DEVICE=\).*|\1'"${NAME}"'|' "${FILE}-${NAME}" || echo 'DEVICE='"${NAME}" >> "${FILE}-${NAME}";
grep -q '^BOOTPROTO' "${FILE}-${NAME}" && sed -i 's|^\(BOOTPROTO=\).*|\1none|' "${FILE}-${NAME}" || echo 'BOOTPROTO=none' >> "${FILE}-${NAME}";
grep -q '^ONBOOT' "${FILE}-${NAME}" && sed -i 's|^\(ONBOOT=\).*|\1yes|' "${FILE}-${NAME}" || echo 'ONBOOT=yes' >> "${FILE}-${NAME}";
grep -q '^USERCTL' "${FILE}-${NAME}" && sed -i 's|^\(USERCTL=\).*|\1no|' "${FILE}-${NAME}" || echo 'USERCTL=no' >> "${FILE}-${NAME}";
grep -q '^NM_CONTROLLED' "${FILE}-${NAME}" && sed -i 's|^\(NM_CONTROLLED=\).*|\1no|' "${FILE}-${NAME}" || echo 'NM_CONTROLLED=no' >> "${FILE}-${NAME}";
grep -q '^TYPE' "${FILE}-${NAME}" && sed -i 's|^\(TYPE=\).*|\1Bridge|' "${FILE}-${NAME}" || echo 'TYPE=Bridge' >> "${FILE}-${NAME}";
grep -q '^DELAY' "${FILE}-${NAME}" && sed -i 's|^\(DELAY=\).*|\10|' "${FILE}-${NAME}" || 'DELAY=0' >> "${FILE}-${NAME}";
done
# Copy below lines into the file bridges.sh
#!/usr/bin/bash
#
declare -a VLAN_NAME=(internet server wireless lan);
# Variables
FILE="/etc/sysconfig/network-scripts/ifcfg"
for NAME in ${VLAN_NAME[*]}; do
grep -q '^DEVICE' "${FILE}-${NAME}" && sed -i 's|^\(DEVICE=\).*|\1'"${NAME}"'|' "${FILE}-${NAME}" || echo 'DEVICE='"${NAME}" >> "${FILE}-${NAME}";
grep -q '^BOOTPROTO' "${FILE}-${NAME}" && sed -i 's|^\(BOOTPROTO=\).*|\1none|' "${FILE}-${NAME}" || echo 'BOOTPROTO=none' >> "${FILE}-${NAME}";
grep -q '^ONBOOT' "${FILE}-${NAME}" && sed -i 's|^\(ONBOOT=\).*|\1yes|' "${FILE}-${NAME}" || echo 'ONBOOT=yes' >> "${FILE}-${NAME}";
grep -q '^USERCTL' "${FILE}-${NAME}" && sed -i 's|^\(USERCTL=\).*|\1no|' "${FILE}-${NAME}" || echo 'USERCTL=no' >> "${FILE}-${NAME}";
grep -q '^NM_CONTROLLED' "${FILE}-${NAME}" && sed -i 's|^\(NM_CONTROLLED=\).*|\1no|' "${FILE}-${NAME}" || echo 'NM_CONTROLLED=no' >> "${FILE}-${NAME}";
grep -q '^TYPE' "${FILE}-${NAME}" && sed -i 's|^\(TYPE=\).*|\1Bridge|' "${FILE}-${NAME}" || echo 'TYPE=Bridge' >> "${FILE}-${NAME}";
grep -q '^DELAY' "${FILE}-${NAME}" && sed -i 's|^\(DELAY=\).*|\10|' "${FILE}-${NAME}" || 'DELAY=0' >> "${FILE}-${NAME}";
done
Let's run our BASH script.
[root@node1 opt]# sh bridges.sh
4.6 Restart the service
Do a service restart.
[root@node1 opt]# systemctl restart network.service
Check the service status.
[root@node1 opt]# systemctl status network.service
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp3s0f0: mtu 1500 qdisc pfifo_fast master bond0 state DOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
3: enp3s0f1: mtu 1500 qdisc pfifo_fast master bond0 state DOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
4: enp4s0f0: mtu 1500 qdisc pfifo_fast master bond0 state DOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
5: enp4s0f1: mtu 1500 qdisc pfifo_fast master bond0 state DOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
6: enp6s0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 68:**:**:**:f4:21 brd ff:ff:ff:ff:ff:ff
inet 10.0.6.30/26 brd 10.0.6.63 scope global enp6s0
valid_lft forever preferred_lft forever
7: bond0: mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
16: bond0.6@bond0: mtu 1500 qdisc noqueue master server state LOWERLAYERDOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
17: server: mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
18: bond0.7@bond0: mtu 1500 qdisc noqueue master wireless state LOWERLAYERDOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
19: wireless: mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
20: bond0.8@bond0: mtu 1500 qdisc noqueue master lan state LOWERLAYERDOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
21: lan: mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
22: bond0.5@bond0: mtu 1500 qdisc noqueue master internet state LOWERLAYERDOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
23: internet: mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp3s0f0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
3: enp3s0f1:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
4: enp4s0f0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
5: enp4s0f1:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
6: enp6s0:
link/ether 68:**:**:**:f4:21 brd ff:ff:ff:ff:ff:ff
inet 10.0.6.30/26 brd 10.0.6.63 scope global enp6s0
valid_lft forever preferred_lft forever
7: bond0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
16: bond0.6@bond0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
17: server:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
18: bond0.7@bond0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
19: wireless:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
20: bond0.8@bond0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
21: lan:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
22: bond0.5@bond0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
23: internet:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
In our example are our physical, logical, vlan and bridge interfaces down.
The physical interfaces aren’t connected to our switch and even our switch isn't yet configured for LACP.
- Firewall settings
Did you install the package firewalld like described on page CentOS 7 - Initial settings?
If so, check if the our firewall is running using the firewall-cmd command.
If so, check if the our firewall is running using the firewall-cmd command.
[root@node1 opt]# firewall-cmd --state
running
running
Set default zone for connections and interfaces where no zone has been selected.
[root@node1 opt]# firewall-cmd --set-default-zone=public
success
success
Print default zone for connections and interfaces.
[root@node1 opt]# firewall-cmd --get-default-zone
public
public
Print currently active zones altogether with interfaces and sources used in these zones.
[root@node1 opt]# firewall-cmd --get-active-zones
public
interfaces: bond0 enp6s0 internet lan server wireless
public
interfaces: bond0 enp6s0 internet lan server wireless
Move the management interface to the firewall zone dmz.
[root@node1 opt]# firewall-cmd --zone=dmz --change-interface=enp6s0
success
[root@node1 opt]# firewall-cmd --zone=dmz --change-interface=enp6s0 --permanent
success
success
[root@node1 opt]# firewall-cmd --zone=dmz --change-interface=enp6s0 --permanent
success
Reload firewall rules and keep state information. Current permanent configuration will become new runtime configuration, i.e. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration.
[root@node1 opt]# firewall-cmd --reload
success
success
List everything added for or enabled in zone.
[root@node1 opt]# firewall-cmd --list-all --zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: bond0 internet lan server wireless
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
success
[root@node1 opt]# firewall-cmd --list-all --zone=dmz
dmz (active)
target: default
icmp-block-inversion: no
interfaces: enp6s0
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
public (active)
target: default
icmp-block-inversion: no
interfaces: bond0 internet lan server wireless
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
success
[root@node1 opt]# firewall-cmd --list-all --zone=dmz
dmz (active)
target: default
icmp-block-inversion: no
interfaces: enp6s0
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
Remove a service.
[root@node1 opt]# firewall-cmd --zone=public --remove-service=dhcpv6-client
success
[root@node1 opt]# firewall-cmd --zone=public --remove-service=dhcpv6-client --permanent
success
[root@node1 opt]# firewall-cmd --zone=public --remove-service=ssh
success
[root@node1 opt]# firewall-cmd --zone=public --remove-service=ssh --permanent
success
[root@node1 opt]# firewall-cmd --reload
success
[root@node1 opt]# firewall-cmd --list-all --zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: bond0 internet lan server wireless
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
success
success
[root@node1 opt]# firewall-cmd --zone=public --remove-service=dhcpv6-client --permanent
success
[root@node1 opt]# firewall-cmd --zone=public --remove-service=ssh
success
[root@node1 opt]# firewall-cmd --zone=public --remove-service=ssh --permanent
success
[root@node1 opt]# firewall-cmd --reload
success
[root@node1 opt]# firewall-cmd --list-all --zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: bond0 internet lan server wireless
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
success
- Configure our Cisco switch for LACP bonding
6.1 Create VLANs
You can use virtual LANs (VLANs) to divide the network into separate logical areas. VLANs can also be considered as broadcast domains.
VLANs are numbered from 1 to 4094. All configured ports belong to the default VLAN when you first bring up the switch. The default VLAN (VLAN1) uses only default values, and you cannot create, delete, or suspend activity in the default VLAN.
To create a VLAN, perform this task:
VLANs are numbered from 1 to 4094. All configured ports belong to the default VLAN when you first bring up the switch. The default VLAN (VLAN1) uses only default values, and you cannot create, delete, or suspend activity in the default VLAN.
To create a VLAN, perform this task:
switch# configure terminal
switch(config)# vlan 5
switch(config-vlan)# name Internet
switch(config-vlan)# vlan 6
switch(config-vlan)# name Server
switch(config-vlan)# vlan 7
switch(config-vlan)# name Wireless
switch(config-vlan)# vlan 8
switch(config-vlan)# name LAN
switch(config-vlan)# exit
switch(config)# exit
switch#
switch(config)# vlan 5
switch(config-vlan)# name Internet
switch(config-vlan)# vlan 6
switch(config-vlan)# name Server
switch(config-vlan)# vlan 7
switch(config-vlan)# name Wireless
switch(config-vlan)# vlan 8
switch(config-vlan)# name LAN
switch(config-vlan)# exit
switch(config)# exit
switch#
To display VLAN configuration information:
switch# show vlan brief
| VLAN | Name | Status | Ports |
| ----------- | ------------------------------- | ----------- | ----------------------------------------- |
| 1 | default | active | Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6, Gi0/7, Gi0/8 |
| 5 | Internet | active | |
| 6 | Server | active | |
| 7 | Wireless | active | |
| 8 | LAN | active | |
| 1002 | fddi-default | act/unsup | |
| 1003 | token-ring-default | act/unsup | |
| 1004 | fddinet-default | act/unsup | |
| 1005 | frnet-default | act/unsup |
6.2 Reset interfaces
To reset the configuration of an interface back to its default values, use the default command in global configuration mode.
switch# configure terminal
switch(config)# default interface range GigabitEthernet 0/1 - 4
switch(config)# default interface GigabitEthernet 0/7
switch(config)# default interface range GigabitEthernet 0/1 - 4
switch(config)# default interface GigabitEthernet 0/7
Remove the port-channel interface, if exist.
switch(config)# no interface port-channel 1
6.3 Management interface
Configure the interface where your plugged your UTP cable on the management interface of your server Node1.
switch(config)# interface GigabitEthernet 0/7
switch(config-if-range)# description Mgm – Node1
switch(config-if-range)# switchport mode access
switch(config-if-range)# switchport access vlan 6
switch(config-if-range)# switchport port-security maximum 2
switch(config-if-range)# switchport port-security violation restrict
switch(config-if-range)# switchport port-security aging time 1
switch(config-if-range)# switchport port-security aging type inactivity
switch(config-if-range)# switchport port-security
switch(config-if-range)# storm-control broadcast level 20.00
switch(config-if-range)# storm-control unicast level 89.00 67.00
switch(config-if-range)# snmp trap link-status
switch(config-if-range)# spanning-tree portfast
switch(config-if-range)# spanning-tree bpduguard enable
switch(config-if-range)# no shutdown
switch(config-if-range)# exit
switch(config)#
switch(config-if-range)# description Mgm – Node1
switch(config-if-range)# switchport mode access
switch(config-if-range)# switchport access vlan 6
switch(config-if-range)# switchport port-security maximum 2
switch(config-if-range)# switchport port-security violation restrict
switch(config-if-range)# switchport port-security aging time 1
switch(config-if-range)# switchport port-security aging type inactivity
switch(config-if-range)# switchport port-security
switch(config-if-range)# storm-control broadcast level 20.00
switch(config-if-range)# storm-control unicast level 89.00 67.00
switch(config-if-range)# snmp trap link-status
switch(config-if-range)# spanning-tree portfast
switch(config-if-range)# spanning-tree bpduguard enable
switch(config-if-range)# no shutdown
switch(config-if-range)# exit
switch(config)#
6.4 Physical interface to bond
Configure our physical interfaces.
switch(config)# interface range GigabitEthernet 0/1 - 4
switch(config-if-range)# description LACP po1 - Node1
switch(config-if-range)# switchport trunk encapsulation dot1q
switch(config-if-range)# switchport mode trunk
switch(config-if-range)# switchport trunk allowed vlan 5,6,7,8
switch(config-if-range)# spanning-tree portfast trunk
switch(config-if-range)# ip dhcp snooping trust
switch(config-if-range)# channel-group 1 mode active
Creating a port-channel interface Port-channel 1
switch(config-if-range)# exit
switch(config)#
switch(config-if-range)# description LACP po1 - Node1
switch(config-if-range)# switchport trunk encapsulation dot1q
switch(config-if-range)# switchport mode trunk
switch(config-if-range)# switchport trunk allowed vlan 5,6,7,8
switch(config-if-range)# spanning-tree portfast trunk
switch(config-if-range)# ip dhcp snooping trust
switch(config-if-range)# channel-group 1 mode active
Creating a port-channel interface Port-channel 1
switch(config-if-range)# exit
switch(config)#
6.5 Configure our logical interface
Let’s configure our port-channel.
switch(config)# interface port-channel 1
switch(config-if-range)# description srv Node1
switch(config-if-range)# switchport trunk encapsulation dot1q
switch(config-if-range)# switchport mode trunk
switch(config-if-range)# switchport trunk allowed vlan 5,6,7,8
switch(config-if-range)# spanning-tree portfast trunk
switch(config-if-range)# ip dhcp snooping trust
switch(config-if-range)# storm-control broadcast level 40
switch(config-if-range)# storm-control unicast level 89 67
switch(config-if-range)# snmp trap link-status
switch(config-if-range)# no shutdown
switch(config-if-range)# exit
switch(config)# exit
switch# exit
switch(config-if-range)# description srv Node1
switch(config-if-range)# switchport trunk encapsulation dot1q
switch(config-if-range)# switchport mode trunk
switch(config-if-range)# switchport trunk allowed vlan 5,6,7,8
switch(config-if-range)# spanning-tree portfast trunk
switch(config-if-range)# ip dhcp snooping trust
switch(config-if-range)# storm-control broadcast level 40
switch(config-if-range)# storm-control unicast level 89 67
switch(config-if-range)# snmp trap link-status
switch(config-if-range)# no shutdown
switch(config-if-range)# exit
switch(config)# exit
switch# exit
6.6 Check the interfaces
You can view summary or detailed information on the switch ports using the show interfaces status command. To see summary information on all ports on the switch, enter the show interfaces status command with no arguments.
switch# show interface status
| Port | Name | Status | Vlan | Duplex | Speed | Type |
| Gi0/1 | LACP po1 - Node1 | connected | trunk | a-full | a-1000 | 10/100/1000BaseTX |
| Gi0/2 | LACP po1 - Node1 | connected | trunk | a-full | a-1000 | 10/100/1000BaseTX |
| Gi0/3 | LACP po1 - Node1 | connected | trunk | a-full | a-1000 | 10/100/1000BaseTX |
| Gi0/4 | LACP po1 - Node1 | connected | trunk | a-full | a-1000 | 10/100/1000BaseTX |
| Gi0/5 | notconnect | 1 | auto | auto | 10/100/1000BaseTX | |
| Gi0/6 | notconnect | 1 | auto | auto | 10/100/1000BaseTX | |
| Gi0/7 | Mgm - Node1 | connected | 6 | a-full | a-1000 | 10/100/1000BaseTX |
| Gi0/8 | notconnect | 1 | auto | auto | 10/100/1000BaseTX | |
| Po1 | srv Node1 | connected | trunk | a-full |
Display information about all trunk interfaces.
switch# show interface trunk
| Port | Mode | Encapsulation | Status | Native vlan |
| Po1 | on | 802.1q | trunking | 1 |
| Port | Vlans allowed on trunk |
| Po1 | 5-8 |
| Port | Vlans allowed and active in management domain |
| Po1 | 5-8 |
| Port | Vlans in spanning tree forwarding state and not pruned |
| Po1 | 5-8 |
Displays the status of a port-channel interface.
switch# show interface port-channel 1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 6c**.****.0102 (bia 6c**.****.0102)
Description: srv Node1
MTU 1500 bytes, BW 4000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
Members in this channel: Gi0/1 Gi0/2 Gi0/3 Gi0/4
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 22000 bits/sec, 35 packets/sec
152 packets input, 19456 bytes, 0 no buffer
Received 152 broadcasts (152 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 152 multicast, 0 pause input
0 input packets with dribble condition detected
42329 packets output, 3291437 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 6c**.****.0102 (bia 6c**.****.0102)
Description: srv Node1
MTU 1500 bytes, BW 4000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
Members in this channel: Gi0/1 Gi0/2 Gi0/3 Gi0/4
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 22000 bits/sec, 35 packets/sec
152 packets input, 19456 bytes, 0 no buffer
Received 152 broadcasts (152 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 152 multicast, 0 pause input
0 input packets with dribble condition detected
42329 packets output, 3291437 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
To display LACP information, use the show lacp command in privileged EXEC mode.
Displays information about the LACP neighbor.
switch# show lacp 1 neighbor
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 1 neighbors
Partner's information:
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 1 neighbors
Partner's information:
| Port | LACP Flags | Port Priority | Dev ID | Age | Admin key | Oper Key | Port Number | Port State |
| Gi0/1 | FA | 255 | 00**.****.26f5 | 26s | 0x0 | 0x9 | 0x4 | 0x3F |
| Gi0/2 | FA | 255 | 00**.****.26f5 | 26s | 0x0 | 0x9 | 0x1 | 0x3F |
| Gi0/3 | FA | 255 | 00**.****.26f5 | 26s | 0x0 | 0x9 | 0x3 | 0x3F |
| Gi0/4 | FA | 255 | 00**.****.26f5 | 26s | 0x0 | 0x9 | 0x2 | 0x3F |
Displays information about the LACP traffic statistics.
switch# show lacp 1 counters
| Port | LACPDUs Sent | Recv | Marker Sent | Recv | Marker Response Sent | Recv | LACPDUs Pkts Err |
| --------- | --------- | --------- | --------- | --------- | ------------------ | ------------------ | ------------------ |
| Gi0/1 | 1970 | 65 | 0 | 0 | 0 | 0 | 0 |
| Gi0/2 | 1933 | 66 | 0 | 0 | 0 | 0 | 0 |
| Gi0/3 | 1978 | 66 | 0 | 0 | 0 | 0 | 0 |
| Gi0/4 | 1988 | 66 | 0 | 0 | 0 | 0 | 0 |
- Check LACP on the Linux host
Show protocols (IP or Ipv6) address on a device.
[root@node1 ~]# ip addr
1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp3s0f0: mtu 1500 qdisc pfifo_fast master bond0 state UP qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
3: enp3s0f1: mtu 1500 qdisc pfifo_fast master bond0 state UP qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
4: enp4s0f0: mtu 1500 qdisc pfifo_fast master bond0 state UP qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
5: enp4s0f1: mtu 1500 qdisc pfifo_fast master bond0 state UP qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
6: enp6s0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 68:**:**:**:f4:21 brd ff:ff:ff:ff:ff:ff
inet 10.0.6.30/26 brd 10.0.6.63 scope global enp6s0
valid_lft forever preferred_lft forever
7: bond0: mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
24: bond0.6@bond0: mtu 1500 qdisc noqueue master server state UP qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
25: server: mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
26: bond0.7@bond0: mtu 1500 qdisc noqueue master wireless state UP qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
27: wireless: mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
28: bond0.8@bond0: mtu 1500 qdisc noqueue master lan state UP qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
29: LAN: mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
30: bond0.5@bond0: mtu 1500 qdisc noqueue master internet state UP qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
31: internet: mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp3s0f0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
3: enp3s0f1:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
4: enp4s0f0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
5: enp4s0f1:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
6: enp6s0:
link/ether 68:**:**:**:f4:21 brd ff:ff:ff:ff:ff:ff
inet 10.0.6.30/26 brd 10.0.6.63 scope global enp6s0
valid_lft forever preferred_lft forever
7: bond0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
24: bond0.6@bond0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
25: server:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
26: bond0.7@bond0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
27: wireless:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
28: bond0.8@bond0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
29: LAN:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
30: bond0.5@bond0:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
31: internet:
link/ether 00:**:**:**:26:f5 brd ff:ff:ff:ff:ff:ff
Show / manipulate the IP routing table.
[root@node1 ~]# route -n
Kernel IP routing table
Kernel IP routing table
| Destination | Gateway | Genmask | Flags | Metric | Ref | Use | Iface |
| 0.0.0.0 | 10.0.6.1 | 0.0.0.0 | UG | 0 | 0 | 0 | enp6s0 |
| 169.254.0.0 | 0.0.0.0 | 255.255.0.0 | U | 1006 | 0 | 0 | enp6s0 |
| 169.254.0.0 | 0.0.0.0 | 255.255.0.0 | U | 1007 | 0 | 0 | bond0 |
| 169.254.0.0 | 0.0.0.0 | 255.255.0.0 | U | 1017 | 0 | 0 | server |
| 169.254.0.0 | 0.0.0.0 | 255.255.0.0 | U | 1019 | 0 | 0 | wireless |
| 169.254.0.0 | 0.0.0.0 | 255.255.0.0 | U | 1021 | 0 | 0 | LAN |
| 169.254.0.0 | 0.0.0.0 | 255.255.0.0 | U | 1023 | 0 | 0 | internet |
| 10.0.6.0 | 0.0.0.0 | 255.255.255.192 | U | 0 | 0 | 0 | enp6s0 |
Checking the Status of the bonded LACP interface.
[root@node1 ~]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2+3 (2)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 200
Down Delay (ms): 200
802.3ad info
LACP rate: fast
Min links: 0
Aggregator selection policy (ad_select): stable
System priority: 65535
System MAC address: 00:**:**:**:26:f5
Active Aggregator Info:
Aggregator ID: 17
Number of ports: 4
Actor Key: 9
Partner Key: 1
Partner MAC Address: 6c:**:**:**:01:00
Slave Interface: enp3s0f0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:**:**:**:26:f5
Slave queue ID: 0
Aggregator ID: 17
Actor Churn State: monitoring
Partner Churn State: monitoring
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
system priority: 65535
system mac address: 00:**:**:**:26:f5
port key: 9
port priority: 255
port number: 1
port state: 63
details partner lacp pdu:
system priority: 32768
system mac address: 6c:**:**:**:01:00
oper key: 1
port priority: 32768
port number: 259
port state: 61
Slave Interface: enp3s0f1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:**:**:**:26:f4
Slave queue ID: 0
Aggregator ID: 17
Actor Churn State: monitoring
Partner Churn State: monitoring
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
system priority: 65535
system mac address: 00:**:**:**:26:f5
port key: 9
port priority: 255
port number: 2
port state: 63
details partner lacp pdu:
system priority: 32768
system mac address: 6c:**:**:**:01:00
oper key: 1
port priority: 32768
port number: 261
port state: 61
Slave Interface: enp4s0f0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:**:**:**:26:f7
Slave queue ID: 0
Aggregator ID: 17
Actor Churn State: monitoring
Partner Churn State: monitoring
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
system priority: 65535
system mac address: 00:**:**:**:26:f5
port key: 9
port priority: 255
port number: 3
port state: 63
details partner lacp pdu:
system priority: 32768
system mac address: 6c:**:**:**:01:00
oper key: 1
port priority: 32768
port number: 260
port state: 61
Slave Interface: enp4s0f1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:**:**:**:26:f6
Slave queue ID: 0
Aggregator ID: 17
Actor Churn State: monitoring
Partner Churn State: monitoring
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
system priority: 65535
system mac address: 00:**:**:**:26:f5
port key: 9
port priority: 255
port number: 4
port state: 63
details partner lacp pdu:
system priority: 32768
system mac address: 6c:**:**:**:01:00
oper key: 1
port priority: 32768
port number: 258
port state: 61
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2+3 (2)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 200
Down Delay (ms): 200
802.3ad info
LACP rate: fast
Min links: 0
Aggregator selection policy (ad_select): stable
System priority: 65535
System MAC address: 00:**:**:**:26:f5
Active Aggregator Info:
Aggregator ID: 17
Number of ports: 4
Actor Key: 9
Partner Key: 1
Partner MAC Address: 6c:**:**:**:01:00
Slave Interface: enp3s0f0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:**:**:**:26:f5
Slave queue ID: 0
Aggregator ID: 17
Actor Churn State: monitoring
Partner Churn State: monitoring
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
system priority: 65535
system mac address: 00:**:**:**:26:f5
port key: 9
port priority: 255
port number: 1
port state: 63
details partner lacp pdu:
system priority: 32768
system mac address: 6c:**:**:**:01:00
oper key: 1
port priority: 32768
port number: 259
port state: 61
Slave Interface: enp3s0f1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:**:**:**:26:f4
Slave queue ID: 0
Aggregator ID: 17
Actor Churn State: monitoring
Partner Churn State: monitoring
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
system priority: 65535
system mac address: 00:**:**:**:26:f5
port key: 9
port priority: 255
port number: 2
port state: 63
details partner lacp pdu:
system priority: 32768
system mac address: 6c:**:**:**:01:00
oper key: 1
port priority: 32768
port number: 261
port state: 61
Slave Interface: enp4s0f0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:**:**:**:26:f7
Slave queue ID: 0
Aggregator ID: 17
Actor Churn State: monitoring
Partner Churn State: monitoring
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
system priority: 65535
system mac address: 00:**:**:**:26:f5
port key: 9
port priority: 255
port number: 3
port state: 63
details partner lacp pdu:
system priority: 32768
system mac address: 6c:**:**:**:01:00
oper key: 1
port priority: 32768
port number: 260
port state: 61
Slave Interface: enp4s0f1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:**:**:**:26:f6
Slave queue ID: 0
Aggregator ID: 17
Actor Churn State: monitoring
Partner Churn State: monitoring
Actor Churned Count: 0
Partner Churned Count: 0
details actor lacp pdu:
system priority: 65535
system mac address: 00:**:**:**:26:f5
port key: 9
port priority: 255
port number: 4
port state: 63
details partner lacp pdu:
system priority: 32768
system mac address: 6c:**:**:**:01:00
oper key: 1
port priority: 32768
port number: 258
port state: 61
Geen opmerkingen:
Een reactie posten