Performing dual-link stacking on the USG6380

34

Performing dual-link stacking on the USG6000 by load balancing

Other related questions:
Methods used to perform dual-screen tests
Visit the FusionCloud forum at http://support.huawei.com/huaweiconnect/enterprise/forum-893.html and search for 'dual-screen' cases in the forum.

Configuration of dual-link uplink backup
AR routers have two uplinks. If the two links both use the PPPoE dial-up method, the route backup method can be used to back up the two links. For example, the AR router has two dial-up interfaces: Dialer 1 and Dialer 2, and the active link and backup link can be determined by configuring the priority of static routes. On field networks, when the PPPoE dial-up or authentication fails, or the IP address cannot be obtained, the router may need to automatically switch over to the backup route. However, the backup route takes over the active route only when the state of the Dialer1 interface changes to Down. In addition, a Dialer interface is a virtual logical interface, whose state is Snoofing Up. Therefore, the state of the Dialer1 interface cannot change to Down even if the PPPoE dial-up fails. A configuration scheme is described as follows to resolve this problem: [Huawei] acl 3000 //Create the ACL list for NAT. [Huawei-acl-adv-3000] rule permit ip //The list can be accessed by all users in general. The access can also be limited based on actual requirements. [Huawei-acl-adv-3000] quit [Huawei] interface dialer 1 //Create the virtual dial-up interface. [Huawei-Dialer1] link-protocol ppp [Huawei-Dialer1] ppp chap user 123456 //Username authenticated by CHAP [Huawei-Dialer1] ppp chap password cipher huawei@123 //Password authenticated by CHAP [Huawei-Dialer1] ppp pap local-user 123456 password cipher huawei@123 //Username and password authenticated by PAP [Huawei-Dialer1] ip address ppp-negotiate //Obtain the IP address by PPP negotiation. [Huawei-Dialer1] dialer user user1 [Huawei-Dialer1] dialer bundle 1 //Set the number of the Dialer bundle to 1. [Huawei-Dialer1] dialer number 1 autodial //This command is added to ensure that the state of the Dialer interface changes to Down when the PPPoE dial-up fails. [Huawei-Dialer1] dialer-group 1 [Huawei-Dialer1] nat outbound 3000 //NAT conversion list [Huawei-Dialer1] quit [Huawei] dialer-rule [Huawei-dialer-rule] dialer-rule 1 ip permit [Huawei-dialer-rule] quit [Huawei] interface gigabitethernet 0/0/0 //Enter the view of the interface connecting to the operator. [Huawei-GigabitEthernet0/0/0] pppoe-client dial-bundle-number 1 //Enable the PPPoE Client function and bind the PPPoE client to the created Dialer interface. [Huawei-GigabitEthernet0/0/0] quit [Huawei] ip route-static 0.0.0.0 0.0.0.0 dialer 1 preference 60 //Create the default route which directs to the Dialer1 interface, which indicates that when the active link is normal, the route to the external networks through the Dialer1 interface is used with higher priority. [Huawei] ip route-static 0.0.0.0 0.0.0.0 dialer 2 preference 100 //When the active link is abnormal and the dial-up fails, the active link automatically switches over to the backup link which connects to the external networks through the Dialer2 interface.

Connect the S series switches to servers by using link aggregation
To connect a standalone or a stacked S series switch (except the S1700) to a server with dual or multiple network adapters, first configure link aggregation on interfaces of the switch. For example, to connect the S5700 to a server with dual network adapters, create an Eth-Trunk between two interfaces on the S5700 and then connect the S5700 to the server using two network cables. You can connect a switch to a server with dual network adapters in the following modes: 1. round robin (link aggregation must be configured on the switch). Characteristics: (1) All the links work in load balancing state and packets are transmitted on a per-packet basis to each link in round robin mode. If you ping the address 10.1.1.1 from the server, packets are transmitted on two network adapters of the server. (2) This mode improves bandwidth and supports error tolerance. If one link fails, traffic is switched to the other normal link. 2. active-backup (This mode can be applied without configuration on the switch). Characteristics: One port works in active state and another port works in backup state. All traffic is transmitted on the active link and there is no traffic on the backup link. If the active port goes Down, the backup port changes to the active state. 3. 802.3ad (link aggregation in LACP mode needs to be configured on the switch). 4. adaptive load balancing (no configuration is required on the switch). In this mode, you do not need to configure the switch because the two network adapters that are bound using bonding technology use different MAC addresses.

What precautions should I take when the WLAN dual-link backup solution is deployed
When configuring dual-link backup, set the same heartbeat interval on the active and standby ACs. Additionally, the ACs cannot be used as service gateways, their service configurations must be consistent, and they must use different IP address pools.

Configuring SSL VPN in dual-link access scenarios on the firewall
For an exclusive virtual gateway, you can configure two virtual gateway addresses on a virtual gateway. A maximum of three IP addresses are allowed. For a shared virtual gateway, you can configure only one virtual gateway address on a virtual gateway. During dual-link access, you need to configure a virtual gateway for each link.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top