H3C - Error: The device is not in the current IRF

reset to default

[H3C] reset saved-config

<H3C> reboot

zero-ize the rsa keys (not cleared with factory reset)

[A5120] public-key local destroy

Make sure that the switch is renumbered as 1

A5120

[A5120] undo irf member 2 renumber

[A5120] undo irf member 2 irf-port 1

[A5120] undo irf member 2 irf-port 2

<A5120> reboot

After switch reboots

[A5120] irf member 1 renumber 1

A4800

[4800G]dis irf conf

MemberID NewID IRF-Port1 IRF-Port2

*4 4 1 2

--------------------------------------------------------

* indicates the device is the master.

+ indicates the device through which the user logs in.

Undo irf member 4 renumber

Undo irf member 4 irf-port 1

Undo irf member 4 irf-port 2

[4800G]dis irf conf

MemberID NewID IRF-Port1 IRF-Port2

*4 1 disable disable

--------------------------------------------------------

* indicates the device is the master.

+ indicates the device through which the user logs in. Save

Reboot

Symptom:

Error: The device is not in the current IRF

Cause:

If a device has been previously configured with an incorrect member ID or does not match the stack

member ID, the new device will not synchronize with the existing stack.

H3C - Boot ROM and Firmware upgrade

Boot switch and reset to default (Erase the configuration)
[H3C] reset saved-config
[H3C] reboot
 
Add minimal configuration to allow tftp from a directly connected network port
interface Vlan-interface1
 ip address 1.1.1.1 255.255.255.0
 undo shut
#
interface GigabitEthernet1/0/1
 port link-type access
 undo shut
 
Set laptop NIC to 1.1.1.10 and startup tftp server

Copy the boot rom to the switch
<H3C>tftp 1.1.1.10 get S5120EI-BTM-203.btm
 
Update the bootrom
<H3C-A5120>bootrom update file S5120EI-BTM-203.btm slot 1
(This MUST be done on every unit within an IRF clusterand/or line card!)
 
Backup old image or maintain a valid copy
<H3C>tftp 10.210.7.150 put s5120ei-cmw520-r2202p06.bin
 
Delete old image before copying over new one
<H3C>delete /unreserved s5120ei-cmw520-r2202p06.bin
WARNING!!  Until you copy the new image to the switch and the boot-loader file (see below), do not reboot the switch as it may become unusable.
 
Copy software image to the switch
<H3C-A5120>tftp 10.210.7.150 get S5120EI-CMW520-R2208-S168.bin
OR
<H3C-A7500>tftp 10.210.7.150 get S7500E-CMW520-R6616P05.app
 
Tell the unit to load the new image at next boot
<H3C-A5120>boot-loader file s5120ei-cmw520-r2208-s168.bin slot all main
 
Verify that the image is in main flash
<H3C>display boot-loader
 
Save the running config
<H3C>save (save it as name startup.cfg)
 
Set startup.cfg to be the configuration that is booted on startup
<H3C>startup saved-configuration startup.cfg main
 
Verify which file is the startup config file
<H3C>display startup
 
Backup the config just in case
<H3C>tftp 1.1.1.10 put startup.cfg startup.cfg
 
Reboot
<H3C> reboot
 

H3C - IRF Installation Steps

Overview:

·         Set member ids

·         Reboot switches to make member IDs active

·         Connect physical ports with cables or fibers

·         Power the switches on and bind physical IRF ports to logical ports

·         Save the current configurations

·         Activate IRF port configurations

·         Switches that are non-master switches reboot automatically

·         An IRF virtual device is established automatically

Complete the following tasks to configure an IRF virtual device:

Task                                                                   Remarks

Disconnect the physical IRF ports of devices                       Required 

Update firmware to the latest                                           Optional

Specifying a domain ID for an IRF virtual device                Optional

Changing the IRF member ID of a switch                           Required

Configuring IRF ports                                                      Required

Specifying a priority for a member switch                         Optional

Configuring a description for a member switch                  Optional

Specifying the preservation time of bridge MAC address    Optional

Enabling automatic boot file updating                              Optional

Setting the IRF link down report delay                               Optional 

Connect the physical IRF ports of devices and make sure that the physical IRF ports are interconnected (a ring connection is recommended).

Steps
Upgrade switches to the latest approved code set. 

If chassis based, set to IRF mode

[H3C] chassis convert mode irf

Differentiate IRF virtual devices by assign a domain ID
[H3C]irf domain <ID>
(Use different IDs from stack to stack and IDF to IDF)
Note: The extended LACP packets sent by member switches carry the IRF domain information to distinguish different IRF virtual devices.

Assign Primary Switch IRF member number

[H3C]irf member 1 renumber 1
(reboot after this command - For a 7500, must be member 1 and 3)

Assign Primary Switch IRF Priority

[H3C]irf member 1 priority 32

Note: Priority of switches is recommended as follows: (Convention only)
   Member 1 = 32,            Member 2= 30
   Member 3 = 28             Member 4 = 26
   Member 5 = 24             Member 6 = 22

Assign Secondary Switch Member number

[H3C]irf member 1 renumber 2
(reboot after this command)

Assign secondary switch Priority number
[H3C]irf member 2 primary 30

Assign Third Switch Member number
[H3C]irf member 1 renumber 3
(reboot after this command)

Assign third switch Priority number
[H3C]irf member 3 primary 28

Preserve the Masters MAC address for 6 minutes before replacement with alternates MAC
[H3C]irf mac-address persistent timer

Enable boot file auto upgrade for an IRF device (automatically updates added switch to IRF)
[H3C]irf auto-update enable
Note: To save time, update the added switches firmware before adding it to IRF.

Shutdown irf links
[H3C]int tenx/x shut

Build IRF ports
[H3C]irf-port 1/1, port group interface tex/x mode enh
(Be sure to shutdown the port BEFORE creating IRF. There should also be two irf ports per switch x/1 and x/2.  Save config!)

Unshut IRF ports
[H3C]int tex/x undo shut

Save Configuration (required)
<H3C> save

Cable connections

Activate IRF port detection (Required on most switches)
<H3C-#1>irf-port-configuration active
<H3C-#2>irf-port-configuration active
<H3C-#3>irf-port-configuration active

IRF Installation Quick Steps

Set IRF on each switch in the stack

Disconnect all IRF cables (required)

Differentiate IRF virtual devices by assign a domain ID (optional)
<H3C>irf domain (Use different IDs from stack to stack and IDF to IDF)

Assign Primary Switch IRF member number (required)
<H3C>irf member 1 renumber 1 (reboot after this command)

Assign Primary Switch IRF Priority (optional)
<H3C>irf member 1 priority 32
Priority recommended priority as follows:
Member 1 = 32       Member 2= 30              Member 3 = 28

Assign Secondary Switch Member number (required)
<H3C>irf member 1 renumber 2 (reboot after this command)

Assign secondary switch Priority number (optional)
<H3C>irf member 2 primary 30

Assign Third Switch Member number (required)
<H3C>irf member 1 renumber 3 (reboot after this command)

Assign third switch Priority number (optional)
<H3C>irf member 3 primary 28

Preserve Masters MAC addr for 6 minutes (optional)
<H3C>irf mac-address persistent timer

Enable boot file auto upgrade for an IRF device (optional)
<H3C>irf auto-update enable (automatically updates added switch to IRF)
Note: To save time, update the added switches firmware before adding it to IRF.

Shutdown irf links (required)
<H3C>interface interface Ten1/1/1 shut
<H3C>interface interface Ten1/1/2 shut

<H3C>interface interface Ten2/1/1 shut
<H3C>interface interface Ten2/1/2 shut

<H3C>interface interface Ten3/1/1 shut
<H3C>interface interface Ten3/1/2 shut

Build IRF ports (required)
<H3C>irf-port 1/1, port group interface Ten1/1/1 mode normal
<H3C>irf-port 1/2, port group interface Ten1/1/2 mode normal

<H3C>irf-port 2/1, port group interface Ten2/1/1 mode normal
<H3C>irf-port 2/2, port group interface Ten2/1/2 mode normal

<H3C>irf-port 3/1, port group interface Ten3/1/1 mode normal
<H3C>irf-port 3/2, port group interface Ten3/1/2 mode normal

Unshut IRF ports (required)
<H3C>interface interface Ten1/1/1 undo shut
<H3C>interface interface Ten1/1/2 undo shut

<H3C>interface interface Ten2/1/1 undo shut
<H3C>interface interface Ten2/1/2 undo shut

<H3C>interface interface Ten3/1/1 undo shut
<H3C>interface interface Ten3/1/2 undo shut

Save Configuration (required)
<H3C> save

Cable connections

Activate IRF port detection (Required on most switches)
<H3C-#1>irf-port-configuration active
<H3C-#2>irf-port-configuration active
<H3C-#3>irf-port-configuration active

H3C - MSTP interoperability with PVST+

If you want PVST to interoperate with MSTP, you need to the Cisco to interoperate with an ieee 802.1 standard BPDU packet and not the proprietary PVST packet.  The only way to have the Cisco 6500 running PVST+ to send standard 802.1 packets is to ensure that the native vlan is equal to 1.

The other possibility is to do nothing and have each pass-through their bpdu packets which are unknown in the other environment.   To make your life easier, have only one connection between both environments.

Also, standardize the STP port costs in both platforms.

On the HP-A switches:
[H3C] stp pathcost-standard dot1t

On Cisco:
(config)# spanning-tree pathcost method long

Also consider other link protection methods such as loop detect and DHCP snooping.

stp instance 0 priority 4096 (on core only)

stp pathcost-standard dot1t

stp enable

stp region-configuration

region-name HP

revision-level 1

active region-configuration

loopback-detection enable

loopback-detection multi-port-mode enable

poe legacy enable pse 4

int g1/0/1

  undo enable snmp trap updown

  undo enable log updown

  loopback-detection enable

  loopback-detection action shutdown

  storm-constrain broadcast pps 300 50

  storm-constrain control block

  poe enable

  dhcp-snooping

  dhcp enable

on uplink ports – NOT in interface bridge-aggregate

dhcp-snooping trust

Better yet, just use IRF.  With IRF just turn on STP as a port protection method. No need for instances as LACP cross switch gives dual active links.  

Management clusters are prone to human errors as it is easier to change something on the
wrong port.   Much better a private address per device.  IRF is the way to go.  It offers:

·         dual uplinks (one from each switch) with LACP
·         redundancy
·         no failover time
·         fully used aggregates.

H3C - Hybrid Ports; VoIP ports

We use hybrid ports where we need more than one untagged vlan on a port.  It is also used for VOIP user ports as a best practice.   

You need to configure VoIP ports as hybrid ports.  On H3C switches, the voice VLAN uses automatic mode by default.  In this mode, the switch identifies IP phones by their source MAC addresses OUI field of the phone’s untagged frames.  The switch matches these Organizational Unique Identifiers (OUIs) to its stored list.  The list already includes those for Cisco, Avaya, 3Com, Siemens, and Polycom phones.  You can also add OUI addresses for other vendors.  If the device finds a match, it automatically assigns the port to the voice VLAN, applies ACL rules to the port, and assigns the port the correct QoS priority.  You can also configure the switch’s voice VLAN aging time, which determines how long the port is considered part of the VLAN without receiving frames on the device.  For further information refer to the Access volume and Voice VLAN chapters of the HP A-Series switch documentation.

When setting up hybrid ports, set a vlan other than vlan 1 as the interface ip port and remove vlan 1 from all hybrid ports.  On your trunk ports to core set up as pvid to your new management vlan number and remove vlan 1 as pvid. For user Voip/PC ports set up as hybrid with the user data vlan as pvid and voip vlan as tagged.   Set all other ports as access ports with a single untagged vlan.

Access ports

[HP]port-group manual client1
[HP-port-group-manual-client1] group-member Gi 1/0/1 to Gi 1/0/24
[HP-port-group-manual-client1] port link-type access
[HP-port-group-manual-client1] port access vlan 200

Voice ports
[HP]port-group manual pc-phone-1
[HP-port-group-manual-pc-phone-1]group-member Gi 1/0/25 to Gi 1/0/46
[HP-port-group-manual-pc-phone-1]port link-type hybrid
[HP-port-group-manual-pc-phone-1]port hybrid vlan 200 untagged
[HP-port-group-manual-pc-phone-1]port hybrid vlan 100 tagged
[HP-port-group-manual-pc-phone-1]port hybrid pvid vlan 200
[HP-port-group-manual-pc-phone-1]undo port hybrid vlan 1
[HP-port-group-manual-pc-phone-1]voice vlan 100 enable

H3C - What is “management-vlan” on Comware switches?

What I have found talks about “clustering”.   In comparison, HPN E-Series switches uses “management-vlan” just to isolate ssh/telnet connections to the vlan designated.  Cluster management on the A-Series switches isnt really used much.  It is mostly used to save pulic ip addresses.  

From one of the manuals on www.h3c.com

Cluster Management Definition

A cluster is a group of network devices. Cluster management is to implement management of large numbers of distributed network devices. Cluster management offers the following advantages:

·         Saving public IP address resource

·         Simplifying configuration and management tasks. By configuring a public IP address on one device, you can configure and manage a group of devices without the trouble of logging in to each device separately.

·         Providing topology discovery and display function, which is useful for network monitoring and debugging

·         Allowing simultaneous software upgrading and parameter configuration on multiple devices, free of topology and distance limitations

Management clusters are prone to human errors as it is easier to change something on the wrong port.   Much better a private address per device.  IRF is the way to go.  It offers:

·         dual uplinks (one from each switch) with LACP

·         redundancy

·         no failover time

·         fully used aggregates.

H3C - STP, RSTP and MSTP

Step 1 – Enable STP
Step 2 – Configure the MSTP Region on all switches
Step 3 - Configure the Root and secondary root in all MSTP instances
Step 4 - Configure the Edge-Ports (Access) and Non-Edge Ports (Uplinks)
Step 5 - Stabilize MSTP region with BPDU Protection, Root Guard, and Loop Protection

Step 1 - Enable spanning-tree – Default mode is MSTP

[SW1]stp enable


Step 2 - Configure MSTP Region parameters
Apply same MSTP Configuration on ALL switches of an MSTP Region

[SW1]stp region-configuration

[SW1-mst-region] region-name test
[SW1-mst-region] revision-level 1
[SW1-mst-region]instance 1 vlan 1 to 999

[SW1-mst-region]instance 2 vlan 1000 to 1999

Apply changes on switch

[SW1-mst-region]active region-configuration

Display Region information

[SW1-mst-region]display stp region-configuration

OperconfigurationFormat selector :0

Region name :test

Revision level :1

Instance Vlans Mapped: 0 2000 to 40941

                       1 to 9992 1000 to 199913

Step 3 - Define Root & Secondary Root of MSTP Instances

On Aggregation or Core switches of MSTP Region:

[Core1]stp instance 1 root primary

[Core1]stp instance 2 root secondary

[Core2]stp instance 1 root secondary
[Core2]stp instance 2 root primary

Define Root and secondary Root of Instance 0

[Core1]stp instance 0 root primary

[Core2]stp instance 0 root secondary

• Priority in instance 0 (CIST) is used in Common Spanning-Tree Root election.
• CST is used between MSTP regions or in Interoperability with Cisco PVST

Verify MSTP instance configuration

[Core1]display stp inst 1

-------[MSTI 1 Global Info]-------

MSTI Bridge ID :0.001c-c5bc-2b11
MSTI RegRoot/IRPC :0.001c-c5bc-2b11 / 0
MSTI RootPortId:0.0
MSTI Root Type :PRIMARY root
Master Bridge :0.001c-c5bc-2b11
Cost to Master :0
TC received :4

[Core1]display stp inst 2

-------[MSTI 2 Global Info]-------

MSTI Bridge ID :4096.001c-c4bc-2bcc
MSTI RegRoot/IRPC :4096.001c-c4bc-2bcc / 0
MSTI RootPortId:0.2
MSTI Root Type :SECONDARY root
Master Bridge :0.001c-c5bc-2b11
Cost to Master :20000
TC received :0

Switching Status of STP ports in all instances

[SW1]display stp brief

MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 ALTE DISCARDING NONE
0 GigabitEthernet1/0/2 ROOT FORWARDING NONE
1 GigabitEthernet1/0/1 ALTE DISCARDING NONE
1 GigabitEthernet1/0/2 ROOT FORWARDING NONE
2 GigabitEthernet1/0/1 ROOT FORWARDING NONE
2 GigabitEthernet1/0/2 ALTE DISCARDING NONE

Step 4 - Define Edge and Non Edge ports

• All ports are non-edge ports by default.
• End-Nodes connect to Edge Ports (= Port Fast)
• Switch Uplinks are configured as Non-Edge

[SW]port-group manual edge-1
[SW-port-group-manual-edge-1]group-member Gi1/0/1 to Gi1/0/40
[SW-port-group-manual-edge-1]port link-type access
[SW-port-group-manual-edge-1]port access vlan 200
[SW-port-group-manual-edge-1]stp edged-port enable
[SW-port-group-manual-edge-1]quit

Step 5 - Enhance STP

Stabilize MSTP region with BPDU Protection, Root Guard, and Loop Protection

Prevent insertion of a new Root

[Core1]interface GigabitEthernet2/0/1
[Core1-GigabitEthernet2/0/1]stp root-protection

Prevent insertion of switches on Edge ports:

[Edge1]stp bpdu-protection

Prevent Loop created by cabling error on Edge ports:

[Edge1] interface gigabitethernet1/0/1
[Edge1-GigabitEthernet1/0/1] stp loop-protection

MSTP configuration on Cisco switch

Cisco1(config)# spanning-treemode mst

Cisco1(config)# spanning-tree mst  configuration
Cisco1(config-mst)# name test
Cisco1(config-mst)# revision 1
Cisco1(config-mst)# instance 1 vlan 1-999
Cisco1(config-mst)# instance 2 vlan 1000-1999
Cisco1(config)# spanning-tree mst 0-1 root primary
Cisco1(config)# spanning-tree mst 2 root secondary