Mô hình Mục đích Cấu hình vPC trên NX01 và NX02 Mặt LAN cần cấu hình LACP trên sw LAN Mặt WAN cần cấu hình LACP trên Fortigate Ping từ VPC lên Fortinet thông NX01 Tạo VPC domain vpc domain 1 peer swit[.]
Mơ hình: Mục đích: Cấu hình vPC NX01 NX02: - Mặt LAN cần cấu hình LACP sw_LAN - Mặt WAN cần cấu hình LACP Fortigate - Ping từ VPC lên Fortinet thông NX01: Tạo VPC domain: vpc domain peer-switch peer-keepalive destination 1.1.1.2 peer-gateway ip arp synchronize Cấu hình keep-alive link: interface mgmt0 ip address 1.1.1.1/24 Peer link: interface Ethernet1/1 switchport mode trunk channel-group 12 mode active interface Ethernet1/2 switchport mode trunk channel-group 12 mode active interface port-channel12 switchport mode trunk spanning-tree port type network vpc peer-link Cấu hình mặt LAN: interface Ethernet1/3 switchport mode trunk switchport trunk allowed vlan 100 channel-group 13 mode active interface port-channel13 switchport mode trunk switchport trunk allowed vlan 100 vpc 13 Cấu hình mặt WAN: interface Ethernet1/4 switchport mode trunk switchport trunk allowed vlan 200 channel-group 14 mode active interface port-channel14 switchport mode trunk switchport trunk allowed vlan 200 vpc 14 Tạo interface làm gateway cho PC LAN: interface Vlan100 no shutdown ip address 192.168.1.10/24 vrrp priority 110 address 192.168.1.1 no shutdown Tạo interface giao tiếp với FGT: interface Vlan200 no shutdown ip address 10.1.2.10/24 vrrp priority 110 address 10.1.2.1 no shutdown NX02: Tạo VPC domain: vpc domain peer-switch peer-keepalive destination 1.1.1.1 peer-gateway ip arp synchronize Cấu hình keep-alive link: interface mgmt0 ip address 1.1.1.2/24 Peer link: interface Ethernet1/1 switchport mode trunk channel-group 12 mode active interface Ethernet1/2 switchport mode trunk channel-group 12 mode active interface port-channel12 switchport mode trunk spanning-tree port type network vpc peer-link Cấu hình mặt LAN: interface Ethernet1/3 switchport mode trunk switchport trunk allowed vlan 100 channel-group 13 mode active interface port-channel13 switchport mode trunk switchport trunk allowed vlan 100 vpc 13 Cấu hình mặt WAN: interface Ethernet1/4 switchport mode trunk switchport trunk allowed vlan 200 channel-group 14 mode active interface port-channel14 switchport mode trunk switchport trunk allowed vlan 200 vpc 14 Tạo interface làm gateway cho PC LAN: interface Vlan100 no shutdown ip address 192.168.1.20/24 vrrp priority 99 address 192.168.1.1 no shutdown Tạo interface giao tiếp với FGT: interface vlan200 no shutdown ip address 10.1.2.20/24 vrrp priority 99 address 10.1.2.1 no shutdown Lệnh check: show vpc thấy UP/UP IOS SW LAN: interface Port-channel1 switchport trunk allowed vlan 100 switchport trunk encapsulation dot1q switchport mode trunk end interface Ethernet0/1 switchport trunk allowed vlan 100 switchport trunk encapsulation dot1q switchport mode trunk channel-group mode active end interface Ethernet0/0 switchport trunk allowed vlan 100 switchport trunk encapsulation dot1q switchport mode trunk channel-group mode active FGT: Tạo LACP interface: Tạo int vlan 200 dựa LACP vừa tạo: Kết này: Tạo static route dải LAN: (có thể thay 0.0.0.0 thành 192.168.0.0/16) Ping thử từ VPC lên FGT: