How to Configure M-LAG on Omada Switches

Contenu

Introduction

Exigences

Configuration

Configuration pour le système M-LAG gérant uniquement le transfert de couche 2

Configuration pour le système M-LAG gérant le transfert de couche 3

Vérification

Conclusion

assurance qualité

Articles connexes

Introduction

M-LAG, abréviation de Multi-Chassis Link Aggregation Group, également connu sous le nom de MC-LAG, est un mécanisme conçu pour obtenir un LAG sur plusieurs appareils.

Lors de l'utilisation d'un M-LAG, les deux équipements impliqués fonctionnent logiquement comme une seule entité pour la transmission du trafic. En termes de prévention des boucles et de redondance des équipements, ce système offre des effets comparables à l'empilement, permettant à la fois la redondance des liaisons grâce au regroupement et la redondance contre les pannes ponctuelles d'équipements. Cependant, il diffère sensiblement de l'empilement : dans un système d'empilement, toutes les commandes des unités sont fusionnées en une seule unité maître, tandis que dans un système M-LAG, l'alimentation des deux équipements reste indépendante, empêchant ainsi qu'une panne ponctuelle n'impacte l'ensemble du système.

De plus, l'empilement entraîne souvent des pertes de paquets prolongées dues aux mises à niveau (nécessitant une mise à niveau globale du système) ou aux remplacements. En revanche, M-LAG permet une commutation individuelle du trafic sur les deux équipements, suivie de mises à niveau ou de remplacements séquentiels, garantissant ainsi la continuité des activités tout au long du processus. Les équipements réseau des campus exigeant des normes plus strictes, avec des exigences de plus en plus strictes en matière de temps d'interruption d'activité et de fiabilité du réseau, M-LAG est essentiel pour fournir des capacités de virtualisation efficaces et fiables.

Avant de passer à la configuration détaillée de M-LAG, les termes clés suivants et leurs définitions doivent être introduits et compris à l'avance :

• Dispositif homologue : Les deux commutateurs exploitant le même M-LAG sont appelés dispositifs homologues. Contrairement à l'empilement, en fonctionnement normal, les deux commutateurs ont le même rôle, sans distinction significative entre « maître » et « membre » ; c'est pourquoi on les appelle dispositifs homologues.
• Domaine M-LAG : Le domaine de M-LAG, comprenant le système doublement actif formé par deux commutateurs homologues et le lien transmettant des messages de négociation ou de contrôle entre eux.
• Peer-Link : le lien direct reliant deux commutateurs homologues M-LAG au sein du domaine M-LAG, responsable de l'échange d'informations de contrôle M-LAG, de la synchronisation des entrées de table et de la transmission d'une partie du trafic de service transféré.
• DAD (abréviation de Dual-Active Detection) est un mécanisme conçu pour identifier et atténuer les scénarios de « double activité », où les deux périphériques homologues M-LAG fonctionnent par erreur comme actifs en raison d'une défaillance de la liaison homologue ou de la synchronisation. En cas de défaillance de la liaison homologue, les deux homologues ne peuvent plus se synchroniser. Le système M-LAG se divise ; cela peut entraîner un chaos sur le réseau si les deux homologues continuent de fonctionner sans se synchroniser. DAD permet de détecter si le commutateur homologue M-LAG est toujours actif après la division (ou « brain-splitting ») et d'arrêter l'une des opérations M-LAG de l'homologue afin de maintenir la fluidité du trafic dans le domaine M-LAG.
• DAD-Link: The direct link connecting two M-LAG peer switches to perform DAD. It is a pure IP-based detection, so the ports involving DAD-link will act as routed ports.
• M-LAG Member Port: The ports on M-LAG peer devices connect to clients and form the LAG between clients and M-LAG peer devices.
• Orphan Port: The ports or LAGs that are not configured as M-LAG member ports. Connecting to an orphan port will not join the traffic to the M-LAG system, and the redundancy cannot be ensured.
• Dual-Homed Access: The connecting method where the client device connects to both M-LAG peer devices within the M-LAG domain and forms an LAG across the peer devices.
• Single-Homed Access: The connecting method where the client device connects to only one M-LAG peer device within the M-LAG domain and does not form an LAG across peer devices. The redundancy of single-homed devices cannot be ensured.

Please note that in M-LAG deployments, the peer-link primarily facilitates the synchronization of dynamic table entries, such as MAC address tables and ARP tables, as well as other runtime state information, to ensure consistent traffic forwarding and loop prevention across the M-LAG peer devices. However, M-LAG does not automatically synchronize configurations between the peers. Therefore, to achieve operational consistency for M-LAG-related features, identical configurations must be manually applied to both M-LAG peer devices. Note that this requirement applies only to specific M-LAG-relevant settings—such as peer-link interfaces, LAG or LACP parameters, global and port IGMP snooping status, and redundancy protocols. It’s not the entire switch configuration, which allows for the independent management of unrelated features on each device.

Requirements

• Omada S6500/S7500 Switches

Configuration

In the following section, we provide a simple example of M-LAG configuration on Omada Pro L3 switches. The configuration will be provided based on two scenarios:

The first scenario is that the M-LAG system will not handle Layer 3 forwarding or IP forwarding, only providing Layer 2 forwarding and redundancy.

The second scenario is that the M-LAG system will handle Layer 3 forwarding, providing both Layer 2 and Layer 3 redundancy.

Configuration for M-LAG System Handling Layer 2 Forwarding Only

The topology for this scenario goes like this:

In this scenario, we have VLAN 1 for management, so every device have IP address on interface VLAN 1 for management, but for service VLAN running traffic which is VLAN 2, only the PC and router have interface with IP addresses in this VLAN, all the switches in between, including the M-LAG system don’t need interface in VLAN 2 as they are only handling layer 2 forwarding. All the IP addresses in this example will be configured statically; alternatively, you can use DHCP as needed.

Briefly, we need to connect the devices, configure the VLAN, interfaces, and IP addresses, enable M-LAG on peer devices, configure peer-link, DAD-link, and member ports, as well as the LAGs between M-LAG peer devices and other devices. Additionally, we need to configure VLAN status on all ports and LAGs.

Step 1. Power up all devices, but don’t connect the cables yet, as the LAGs, Peer-Link, and DAD-Link are not yet configured. Connecting all the wires may cause conflicts and chaos in the topology.

Step 2. Configure the IP address of interface VLAN 1 on all switches. Take the S6500-24GP4XF as an example; the IP address will be 192.168.0.101. Commands as follows:

interface vlan 1
ip address 192.168.0.101 255.255.255.0
exit

This will configure the IP address of interface VLAN 1 statically and return to the global config view. For all other switches, configure accordingly. You can also configure the IP address allocation mode to use DHCP.

Step 3. Create VLAN 2 and interface VLAN 2 on the gateway, then configure the IP address. Additionally, configure VLAN 2 as tagged on the port connecting to the switches.

Step 4. Create VLAN 2 on all switches and configure the port VLAN status. As the LAGs are not yet configured, we only need to configure the port VLAN for ports that do not involve LAG. Among the ports, for ports connecting to endpoint devices like PCs and APs, add them untagged into VLAN 2; for ports connecting between switches and the gateway, add them tagged into VLAN 2.
In the example topology, we need to add port 1 of SG3218XP-M2 as untagged into VLAN 2 and add port 1 of SG3210X-M2 as tagged into VLAN 2. Commands as follows:
For all switches:

vlan 2
exit

This will create VLAN 2 on all switches.

For SG3218XP-M2:

interface two-gigabitEthernet 1/0/1switchport general allowed vlan 2 untagged
no switchport general allowed vlan 1
switchport pvid 2
exit

This will make port 1 on SG3218XP-M2 the access port of VLAN 2, so all endpoint devices connected will send traffic in VLAN 2.

For SG3210X-M2:

interface two-gigabitEthernet 1/0/1
switchport general allowed vlan 2 tagged
exit

Step 5. Enable M-LAG on both peer switches, configure the peer-link and DAD-link. For the peer-link, only the uplink ports running at the highest port speed could be used, which means the media used to act as the peer-link must match the highest speed of the uplink ports. For example, if the uplink ports are 10G SFP+ ports, a 1G DAC cannot be used to form the peer link. You can also configure multiple links as peer links by setting multiple ports as peer-link ports. For the DAD-link, as we mentioned earlier, it is a purely IP-based link, and the ports on both sides will act as routed ports. Therefore, we need to specify the peer and source IP addresses when configuring the DAD-link. Please note that when enabling M-LAG, a domain ID must be configured. The domain ID set on M-LAG peer devices must be the same; otherwise, the M-LAG cannot be established. Commands as follows:
On S6500-24GP4XF:

mlag enable 1
mlag domain 1
interface 1/0/25-26
dad interface 1/0/1
dad param peer-ip-address 192.168.10.2 src-ip-address 192.168.10.1
dad enable
exit

On S6500-24G4XF:

mlag enable 1
mlag domain 1
interface 1/0/25-26
dad interface 1/0/1
dad param peer-ip-address 192.168.10.1 src-ip-address 192.168.10.2
dad enable
exit

We have now finished configuring peer-link and DAD-link, and connected all the cables according to the topology.

Step 6. Create all LAGs needed on the switches and add them to VLAN 2. Since the LAGs are connecting between the switches, we need to tag them into VLAN 2. As M-LAG is creating LAG across devices, we will configure LAG separately on both M-LAG peer switches. The ports within the LAG with the same LAG ID will be considered the same LAG across devices and will work together to connect to other devices. These LAGs will be configured as M-LAG member ports, and the traffic entering from M-LAG member ports will be forwarded according to M-LAG rules. Commands as follows:
For SG3218XP-M2:

interface range two-gigabitEthernet 1/0/9,1/0/11
channel-group 1 mode passive
exit
interface port-channel 1
switchport general allowed vlan 2 tagged
exit

For SG3210X-M2:

interface range two-gigabitEthernet 1/0/7-8
channel-group 1 mode passive
exit
interface port-channel 1
switchport general allowed vlan 2 tagged
exit

For S6500-24GP4XF:

interface gigabitEthernet 1/0/5
channel-group 1 mode active
exit
interface gigabitEthernet 1/0/9
channel-group 2 mode active
exit
interface port-channel 1
switchport general allowed vlan 2 tagged
mlag
exit
interface port-channel 2
switchport general allowed vlan 2 tagged
mlag
exit

For S6500-24G4XF:

interface gigabitEthernet 1/0/5
channel-group 1 mode active
exit
interface gigabitEthernet 1/0/9
channel-group 2 mode active
exit
interface port-channel 1
switchport general allowed vlan 2 tagged
mlag
exit
interface port-channel 2
switchport general allowed vlan 2 tagged
mlag
exit
Currently, all the LAGs have been configured, and all the cables can be connected according to the example topology.

Up to this point, we have completed the configuration for the M-LAG system, which handles only Layer 2 forwarding, according to the example topology.

Configuration for M-LAG System Handling Layer 3 Forwarding

The topology for this scenario goes like this:

In this scenario, we have VLAN 1 for management, so every device have IP address on interface VLAN 1 for management, but for service VLAN running traffic, we separate them into two parts as the M-LAG system will handle layer 3 forwarding, for the downlink part of M-LAG system, use VLAN 2 as service VLAN, for the uplink part, use VLAN 3 as service VLAN.

For both M-LAG peer devices, they need to have interfaces in VLANs 1, 2, and 3 for both management and Layer 3 forwarding between the uplink and downlink. For other switches, as they don’t need to handle Layer 3 forwarding, only the VLAN 1 interface for management is required. All the IP addresses in this example will be configured statically; alternatively, you can use DHCP as needed.

Briefly, we need to connect the devices, configure the VLAN, interfaces, and IP addresses, enable M-LAG on peer devices, configure peer-link, DAD-link, and member ports, as well as the LAGs between peer devices and other devices. Additionally, we need to configure VLAN status on all ports and LAGs.

Step 1. Power up all devices, but don’t connect the cables yet, as the LAGs, Peer-Link, and DAD-Link are not yet configured. Connecting all the wires may cause conflicts and chaos in the topology.

Step 2. Configure the IP address of interface VLAN 1 on all switches, then configure VLANs 2 and 3 on both M-LAG peer devices. Take the S6500-24GP4XF as an example; the IP address will be 192.168.0.101. Commands as follows:

interface vlan 1
ip address 192.168.0.101 255.255.255.0
exit

This will configure the IP address of interface VLAN 1 statically and return to the global config view. For all other switches, configure accordingly. You can also configure the IP address allocation mode as DHCP. For other switches, configure accordingly for different IP addresses.

Step 3. Create VLAN 3 and interface VLAN 3 on the gateway, and configure the IP address. Also, configure VLAN 3 as tagged on the port connecting to the switches. Additionally, the gateway lacks information about the VLAN 2 network. To communicate, we also need to configure a static route on the gateway, with the following details: destination 192.168.2.0/24, next hop 192.168.3.101, and interface VLAN 3.

Step 4. Create VLANs 2 and 3 on the switches, then configure the IP addresses of the VLAN interfaces according to the example topology and set the port VLAN status. For this example topology, create VLAN 2 on SG3218XP-M2 and VLAN 3 on SG3210X-M2. Additionally, create both VLAN 2 and VLAN 3 on S6500-24GP4XF and S6500-24G4XF.

As the LAGs are not yet configured, we only need to configure the port VLAN for ports that do not involve LAG. For ports connecting to endpoint devices, such as PCs and APs, add them untagged to the VLAN. For ports connecting between switches and the gateway, add them to the VLAN.
In the example topology, we need to add port 1 of SG3218XP-M2 as untagged into VLAN 2 and add port 1 of SG3210X-M2 as tagged into VLAN 3. Commands as follows:

For SG3218XP-M2:

vlan 2
exit
interface two-gigabitEthernet 1/0/1
switchport general allowed vlan 2 untagged
no switchport general allowed vlan 1
switchport pvid 2
exit

This will make port 1 on SG3218XP-M2 the access port of VLAN 2, so all endpoint devices connected will send traffic in VLAN 2.
For SG3210X-M2:

vlan 3
exit
interface two-gigabitEthernet 1/0/1
switchport general allowed vlan 3 tagged
exit

For S6500-24GP4XF:

vlan 2-3
exit
interface vlan 2
ip address 192.168.2.101 255.255.255.0
exit
interface vlan 3
ip address 192.168.3.101 255.255.255.0
exit

For S6500-24G4XF:

vlan 2-3
exit
interface vlan 2
ip address 192.168.2.101 255.255.255.0
exit
interface vlan 3
ip address 192.168.3.101 255.255.255.0
exit

Note: As the M-LAG system handles layer 3 forwarding via interfaces VLAN 2 and 3, they will act as one device during forwarding. Therefore, the IP addresses for interfaces VLAN 2 and 3 on both M-LAG peer devices should be the same, providing layer 3 redundancy similar to VRRP.

Step 5. Enable M-LAG on both peer devices, configure the peer-link and DAD-link. For the peer-link, only the uplink ports running at the highest port speed could be used, which means the media used to act as the peer-link must match the highest speed of the uplink ports. For example, if the uplink ports are 10G SFP+ ports, a 1G DAC cannot be used to form the peer link. You can also configure multiple links as peer links by setting multiple ports as peer-link ports. For the DAD-link, as we mentioned earlier, it is a purely IP-based link, and the ports on both sides will act as routed ports. Therefore, we need to specify the peer and source IP addresses when configuring the DAD-link. Please note that when enabling M-LAG, a domain ID must be configured. The domain ID set on M-LAG peer devices must be the same; otherwise, the M-LAG cannot be established. Commands as follows:
On S6500-24GP4XF:

mlag enable 1
mlag domain 1
interface 1/0/25-26
dad interface 1/0/1
dad param peer-ip-address 192.168.10.2 src-ip-address 192.168.10.1
dad enable
exit

On S6500-24G4XF:

mlag enable 1
mlag domain 1
interface 1/0/25-26
dad interface 1/0/1
dad param peer-ip-address 192.168.10.1 src-ip-address 192.168.10.2
dad enable
exit

We have now finished configuring peer-link and DAD-link, and connected all the cables according to the topology.

Step 6. Create all LAGs needed on the switches and add them to VLAN 2 or 3. Since the LAGs are connecting between the switches, we need to tag them in the VLANs. As M-LAG is creating LAG across devices, we will configure LAG separately on both peer switches, the ports within the LAG with same LAG ID will be counted as the same LAG across device and work together to connect to other devices, these LAGs will be configured as M-LAG member ports, the traffic entering from M-LAG member ports will be forwarded according to M-LAG rules. Commands as follows:
For SG3218XP-M2:

interface range two-gigabitEthernet 1/0/9,1/0/11
channel-group 1 mode passive
exit
interface port-channel 1
switchport general allowed vlan 2 tagged
exit

For SG3210X-M2:

interface range two-gigabitEthernet 1/0/7-8
channel-group 1 mode passive
exit
interface port-channel 1
switchport general allowed vlan 3 tagged
exit

For S6500-24GP4XF:

interface gigabitEthernet 1/0/5
channel-group 1 mode active
exit
interface gigabitEthernet 1/0/9
channel-group 2 mode active
exit
interface port-channel 1
switchport general allowed vlan 2 tagged
mlag
exit
interface port-channel 2
switchport general allowed vlan 3 tagged
mlag
exit

For S6500-24G4XF:

interface gigabitEthernet 1/0/5
channel-group 1 mode active
exit
interface gigabitEthernet 1/0/9
channel-group 2 mode active
exit
interface port-channel 1
switchport general allowed vlan 2 tagged
mlag
exit
interface port-channel 2
switchport general allowed vlan 3 tagged
mlag
exit

Currently, all the LAGs have been configured, and all the cables can be connected according to the example topology.

Up to this point, we have completed the configuration for the M-LAG system handling Layer 3 forwarding according to the example topology.

Verification

After finishing the configuration, we could verify the link connection via ping from the PC to the gateway:

To verify if the M-LAG is working normally, use the command “show mlag info” to check the peer devices in this M-LAG system and peer-link status:

Use the command “show mlag members-info” to check the member ports' status of this M-LAG system:

Use the command “show mlag dual-active” to check the DAD status of this M-LAG system:

Make an extended ping from the PC to the gateway. During the ping, perform the following actions one at a time to emulate device or link failure in operation, and the ping should not be interrupted or only 1-2 packet loss, showing both the resiliency and redundancy brought by M-LAG, which is better than stacking:

• Unplug one cable within a LAG
• Unplug the peer-link
• Unplug the DAD-link
• Shutdown one of the M-LAG peer devices
• Upgrade one of the M-LAG peer devices

Conclusion

Here, we provide an introduction to M-LAG and offer a simple example of M-LAG configuration on Omada Pro L3 switches in two scenarios.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

QA

Q1: What should I do if the terminal keeps printing a warning about an inconsistent configuration between M-LAG peer devices?

A1: As introduced, M-LAG peer devices will only synchronize table entries via the peer link; the configuration will not be automatically synced, so we must manually perform the same configuration on both M-LAG peer devices. When the configuration related to M-LAG differs on both sides, warnings will be printed. In this situation, use the command “show mlag config-consistency-check” to display all inconsistent configurations between the M-LAG peer devices. If all configurations are the same, the result of the consistency check will be displayed as passed.

Veuillez noter que la commande « mlag config-consistency-check mode strict/loose » définit le mode de vérification de la cohérence de la configuration M-LAG sur « strict » ou « loose ». Si le mode est défini sur « strict », après détection d'incohérences dans les configurations clés de M-LAG, les ports membres de M-LAG sont automatiquement fermés afin d'éviter tout désordre lors du transfert. Si le mode est défini sur « loose », seuls des avertissements sont affichés et les ports membres de M-LAG restent actifs.