LLD - Draft-V1 5

Alcatel-Lucent Enterprise and
Konnect Colombia
SEBIN – Network Transformation
Project
Low Level Design (LLD) Document

SEBIN Data Network – Venezuela
Date: September 2016
REVISION HISTORY TABLE
DEPARTMENT: LOCATION: TYPE:

Professional Services Low Level Design
AUTHOR: OWNER: DOCUMENT No:
Sung Oh and Francisco Mendez 000.000.001
TITLE: FILE NAME:
Low Level Design (LLD) – SEBIN SEBIN-LLD-v1.0
REVISION DESCRIPTION / REASON FOR CHANGE AUTHOR DATE
1.0 Draft Version SO 8/31/2016
1.1 Added section 3 SO 9/1/2016
1.2 Draft Complete SO 9/2/2016
1.3 Updated Diagram and Added Appendix A SO 9/8/2016
and B CFG Samples
1.4 Updated Diagram SO 9/12/2016
1.5 Added Hybrid Configuration SO 9/13/2016
Alcatel-Lucent Enterprise - Proprietary

This document contains proprietary information of
Alcatel-Lucent Enterprise and is not to be disclosed or used except in
accordance with applicable agreements
Copyright © 2009-2010 Alcatel-Lucent Enterprise

Unpublished and Not for Publication
All Rights Reserved
2
Table of Contents
1 INTRODUCTION ......................................................................................... 4
1.1 GOAL .............................................................................................................. 4
1.2 SCOPE.............................................................................................................. 4
2 OVERVIEW .................................................................................................. 5
2.1 DESIGN SUMMARY .............................................................................................. 6
2.2 OMNISWITCH 10K PHYSICAL BUILD ....................................................................... 7
2.3 OMNISWITCH 6860 PHYSICAL BUILD ..................................................................... 7
2.4 L2/L3 INFORMATION .......................................................................................... 7
2.5 PORT CONNECTIVITY ........................................................................................... 9
2.6 NETWORK DIAGRAM .......................................................................................... 11
3 PORT CONFIGURATION ........................................................................... 12
3.1 CORE SWITCHES ............................................................................................... 12
3.2 EDGE SWITCHES ............................................................................................... 12
3.3 HYBRID PORT CONFIGURATION ON EDGE SWITCHES ................................................ 13
4 BASE CONFIGURATION............................................................................ 14
5 OPTIONAL: NETWORK PROFILE (UNP) CONFIGURATION ....................... 17
6 QOS CONFIGURATION ............................................................................ 18
7 VLAN, LINKAGG, IP AND INTERFACE CONFIGURATION ......................... 19
8 NMS CONFIGURATION ............................................................................ 20
9 VIRTUAL CHASSIS (VC) CONFIGURATION/SCRIPT ................................... 21
10 EXCEPTIONS ............................................................................................. 22
10.1 EXCEPTION STATUS ........................................................................................... 22
10.2 DETAILS FOR EACH EXCEPTION ............................................................................ 22
11 AGREEMENT ............................................................................................. 23
12 APPENDIX A: CORE SWITCH CONFIGURATION SAMPLE ......................... 24
13 APPENDIX B: EDGE SWITCH CONFIGURATION SAMPLE ......................... 28
3
1 Introduction
1.1 Goal
This document serves as a low level design (LLD) reference to implement the required
network architecture for the CARACAS SEBIN LAN network consisting of Alcatel-Lucent
Enterprise OmniSwitch 10K and 6860E and non-E’s using Virtual Chassis (VC) and a
traditional star topology design. The new architecture shall conform to the existing SEBIN
design requirements to provide compatible integration to the existing network as well as
enhance availability, secure separation, scalability, simplicity, and performance.
1.2 Scope
The document scope is limited to the network design for the Caracas SEBIN LAN network
building.
The parameter values referred in this document is based out of the project IP Info
spreadsheet.
SEBIN VLAN-SUBNET
LLD.xlsx
4
2 Overview
The Caracas SEBIN LAN network shall be implemented with a redundant OmniSwitch 10K
setup as a virtual chassis at the core and thirteen IDF locations having redundant
OmniSwitch 6860 in a virtual chassis setup of three for user connections and power-over-
Ethernet (PoE). All 6860 connections will be multi-linked to the core using dynamic link
aggregation, a standard IEEE 802.3ad LACP. Local subnets will route at the core switch
and all other routing will take place on the customer supplied Firewalls (this additional FW
configuration will not be provided in this LLD). Additionally, the OmniVista Network
Management System (NMS) will be used to manage and monitor up to 60 nodes including
the 14 below:
Table 1 Switch Information
Location Device System Management IP Vlan ID EMP-VC EMP-CHAS1 EMP-CHAS2

Name
MDF OS10K CORE-SW 10.10.0.254/24 1
OS10K
IDF Basement OS6860E-P48 SW-SOTANO- 10.10.0.1/24 1
OS6860-P48 1
OS6860-P48
IDF1 OS6860E-P48 SW-PICO-1 10.10.0.2/24 1
OS6860-P48
OS6860-P48
IDF3 OS6860E-P48 SW-PICO-3 10.10.0.3/24 1
OS6860-P48
OS6860-P48
IDF4 OS6860E-P48 SW-PICO-4 10.10.0.4/24 1
OS6860-P48
OS6860-P48
IDF5 OS6860E-P48 SW-PICO-5 10.10.0.5/24 1
OS6860-P48
OS6860-P48
IDF6 OS6860E-P48 SW-PICO-6 10.10.0.6/24 1
OS6860-P48
OS6860-P48
IDF7 OS6860E-P48 SW-PICO-7 10.10.0.7/24 1
OS6860-P48
OS6860-P48
IDF8 OS6860E-P48 SW-PICO-8 10.10.0.8/24 1
OS6860-P48
OS6860-P48
IDF9 OS6860E-P48 SW-PICO-9 10.10.0.9/24 1
OS6860-P48
OS6860-P48
IDF10 OS6860E-P48 SW-PICO-10 10.10.0.10/24 1
OS6860-P48
OS6860-P48
IDF11 OS6860E-P48 SW-PICO-11 10.10.0.11/24 1
OS6860-P48
OS6860-P48
IDF12 OS6860E-P48 SW-PICO-12 10.10.0.12/24 1
OS6860-P48
OS6860-P48
5
IDF13 OS6860E-P48 SW-PICO-13 10.10.0.13/24 1
OS6860-P48
OS6860-P48
2.1 Design Summary
The overall site design for SEBIN is a traditional star topology where thirteen IDF location
of (3) 6860 virtual chassis (VC) switches are dual-homed to the core MDF location. The
MDF consist of two OS10K switches setup as the single logical core VC switch for
redundancy. Each IDF will have two 10 Gigabit redundant uplink that connects to the
OS10K-1 and OS10K-2 respectively.
The core VC will have dual-homed connection to the customer provided firewall which will
provide all the routing to the Internet. The connection between the core VC and the
firewall will be four 1 Gigabit links.
Each location will be configured as virtual chassis to simplify the management and to
provide both node level and link level redundancy. The two core switches will be inter-
connected using the two 40 Gigabit ports for VFL connection. All IDF switches will be inter-
connected using the two 20 Gigabit ports per 6860 for VFL connection.
All required VLAN will be configured and tagged on the uplink ports accordingly and all
VLAN router interfaces will be configured at the core VC. Universal Network Profile (UNP)
will be defined on the IDF nodes to determine UNP VLAN assignment based on
classification rules.
6
2.2 OmniSwitch 10K Physical Build
Both OS10K switches will be configured as follows:

 Slot 1 and 2 are designated for the XNI-U16L modules
 Slot 4 is designated for QNI-U4E module
OmniSwitch 10K OmniSwitch 10K
C CFM D C CFM D
A CMM B A CMM B
1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
OS10K-XNI-U16L
OS10K-XNI-U16L
OS10K-XNI-U16L
OS10K-XNI-U16L
OS10K-QNI-U4E
OS10K-QNI-U4E
OS10K-CMM
OS10K-CMM
OS10K-CMM
OS10K-CMM
2
1
OK1 OK1 OK1 OK1
OK2 OK2 OK2 OK2
CONTROL CONTROL CONTROL CONTROL
FABRIC FABRIC FABRIC FABRIC

1
1
TEMP TEMP TEMP TEMP
2
2
1
1
3
3
4
4
CONSOLE CONSOLE CONSOLE CONSOLE
5
5
6
6
2
2
7
7
USB USB USB USB
8
8
8
7
ETHERNET ETHERNET ETHERNET ETHERNET
LINK/ACT LINK/ACT LINK/ACT LINK/ACT

10
10
10
10
9
9
9
9
10
10
10
10
3
3
11
11
11
11
12
12
12
12
13
13
13
13
14
14
14
14
15
15
15
15
4
4
AQM
AQM
AQM
AQM
16
16
16
16
16
15
16
15
16
15
16
15
CLASS 1 LASER PRODUCT

OS10K-CFM
OS10K-CFM
OS10K-CFM
OS10K-CFM
OK1 OK1 OK1 OK1
OK2 OK2 OK2 OK2
WARNING: HAZARDOUS MOVING PARTS WHEN EXPOSED. ONLY WARNING: HAZARDOUS MOVING PARTS WHEN EXPOSED. ONLY
QUALIFIED PERSONNEL SHOULD REMOVE FAN TRAYS QUALIFIED PERSONNEL SHOULD REMOVE FAN TRAYS
! FOR MAINTENANCE. ! FOR MAINTENANCE.
PS1 PS2 PS3 PS4 PS1 PS2 PS3 PS4
2.3 OmniSwitch 6860 Physical Build
The OS6860 switches will be configured as follows for each IDF:

 Chassis ID 1 – OS6860E-P48
 Chassis ID 2 – OS6860-P48
 Chassis ID 3 – OS6860-P48
OK1 VC PS BPS GRN OK2
OS6860E-P48 CLASS 1 LASER PRODUCT VFL/53

60W
USB
USB
Console
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 VFL/54
RS232
OK1 VC PS BPS GRN
OS6860-P48 CLASS 1 LASER PRODUCT VFL/53
USB
USB
Console
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 VFL/54
RS232
OK1 VC PS BPS GRN
USB
USB
Console
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 VFL/54
RS232
2.4 L2/L3 Information
There are several VLANs defined in SEBIN network. Table below list the VLANs that are
said to be used today. Re-evaluate whether all VLANs are required on every node and
change accordingly.
The network switching equipment can be managed in-band or out-of-band (via EMP port).
SEBIN will determine which option to use for management. EMP ports will be also used for
the remote chassis detection (RCD) feature to prevent split brain scenario in case of a VFL
failure.
7
Table 2 VLAN and Subnet
NAME VLAN SUBNET MASK

VLAN-GESTION 1 10.10.0.0 24
VLAN-VOIP 2 10.20.0.0 24
8
VLAN-OUTSIDE-EUDEMON 9 10.30.0.0 24
DATOS-S1 10 10.40.10.0 24
VOZ-SOTANOS-PB 12
DATOS-P1 20 10.40.20.0 24
VOZ-MZ-P1-P2 22
DATOS-P3 30 10.40.30.0 24
VOZ-P3 32
OSTI 40 10.40.40.0 24
VOZ-P4 42
EXPERTICIA 45 10.40.45.0 30
pruebas 47 10.40.47.0 24
DATOS-P5 50 10.40.50.0 24
VOZ-P5 52
DATOS-P6 60 10.40.60.0 24
VOZ-P6 62
DATOS-P7 70 10.40.70.0 24
VOZ-P7 72
DATOS-P8 80 10.40.80.0 24
VOZ-P8 82
DATOS-P9 90 10.40.90.0 24
VOZ-P9 92
DATOS-P10 100 10.40.100.0 24
VOZ-P10 102
DATOS-P11 110 10.40.110.0 24
VOZ-P11 112
DATOS-P12 120 10.40.120.0 24
VOZ-P12 122
DATOS-P13 130 10.40.130.0 24
VOZ-P13 132
GPS 131
DMZ 402 192.168.2.0 24
VLAN-SERVIDORES-DATOS 500 192.168.0.0 24
SERVER_PUBLIC 501 192.168.1.0 24
VLAN_HP_SAN 507 192.168.7.0 30
prueba_bonding 512
8
prueba_aislado 517 192.168.17.0 24
DAI 601 10.61.61.0 24
APC 700 10.80.0.0 24
CONEXIONINTERNET 801 190.202.82.34
820
VLAN-SERVIDORES-CONTROLDEMDIOS 900 172.96.10.0 24
EBI_NEW 1000 10.200.200.14 28
PERIFERICOS_EBI 1001 10.201.201.0 24
2.5 Port Connectivity

The two OS10K switches will be inter-connected using the following ports for the two 40
Gigabit VFL links.
Table 3 OS10K VFL Ports
Chassis/VFL ID Port
1/0 1/4/1
1/1 1/4/3
2/0 2/4/1
2/1 2//4/3
Each IDF locations will inter-connect using the following 20 Gigabit ports on the 6860
switches.
Table 4 OS6860 VFL Ports
Chassis/VFL ID Port
1/0 1/1/53
1/1 1/1/54
2/0 2/1/53
2/1 2/1/54
3/0 3/1/53
3/1 3/1/54
Port assignment mapping are described in the following table.

Table 5 Port Assignment
Port Assignment Mapping
from_port to_port to_port port type Notes

from_10K-1
1/1/1 sotano1 1/1/49 10GIG

1/1/2 piso1 1/1/49 10GIG
1/1/3 piso3 1/1/49 10GIG
9
1/1/4 piso4 1/1/49 10GIG
1/1/5 piso5 1/1/49 10GIG
1/1/6 piso6 1/1/49 10GIG
1/1/7 piso7 1/1/49 10GIG
1/1/8 piso8 1/1/49 10GIG
1/1/16 fgt-internal 1GIG
1/2/1 piso9 1/1/49 10GIG
1/2/2 piso10 1/1/49 10GIG
1/2/3 piso11 1/1/49 10GIG
1/2/4 piso12 1/1/49 10GIG
1/2/5 piso13 1/1/49 10GIG
1/4/1 to_10K2 VFL Link 2/4/1 40GIG
1/4/3 to_10K2 VFL Link 2/4/3 40GIG
1/4/4 to_10K3???
from_port to_port to_port port type Notes

2/1/1 sotano1 2/1/49 10GIG
2/1/2 piso1 2/1/49 10GIG
2/1/3 piso3 2/1/49 10GIG
2/1/4 piso4 2/1/49 10GIG
2/1/5 piso5 2/1/49 10GIG
2/1/6 piso6 2/1/49 10GIG
2/1/7 piso7 2/1/49 10GIG
2/1/8 piso8 2/1/49 10GIG
from_10K-2

2/2/1 piso9 2/1/49 10GIG
2/2/2 piso10 2/1/49 10GIG
2/2/3 piso11 2/1/49 10GIG
2/2/4 piso12 2/1/49 10GIG
2/2/5 piso13 2/1/49 10GIG
2/4/1 to_10K1 VFL Link 1/4/1 40GIG
2/4/3 to_10K1 VFL Link 1/4/3 40GIG
2/4/4 to_10K3???
10
2.6 Network Diagram
Key:
Internet
1 Gigabit Link
10 Gigabit Link ISP-2

ISP-1
40 Gigabit Link
OS10K-2
10.1.1.2
1/4/1
CISCO ASA 5510
1/4/3 CENTRO
DE
DATOS
0/1 0/2
1/4/5
2/4/5
1/1/16 2/1/16
OS6860E-P48
OS6860E-P48 1/1/13 1/1/49
1/1/49 1/1/1 10.1.1.15
10.1.1.3
2/1/13 2/1/49 OS6860-P48

OS6860-P48 2/1/1
2/1/49
OS10K-1 1/4/1 2/4/1 OS10K-2
10.1.1.1 VFL Link 10.1.1.2 OS6860-P48
OS6860-P48 1/4/3 2/4/3
1/1/2 1/1/12
2/1/2 Piso13
Sotano1 2/1/12
1/1/49 1/1/3 1/1/11 1/1/49
OS6860E-P48 2/1/3 2/1/11 OS6860E-P48

2/1/49 10.1.1.14
10.1.1.4 2/1/49
1/1/10 OS6860-P48
OS6860-P48 1/1/4 2/1/5 2/1/9
2/1/6 2/1/7 2/1/8
2/1/10
1/1/5 1/1/9 OS6860-P48
OS6860-P48 2/1/4 1/1/6 1/1/7 1/1/8
1/1/49 Piso12
Piso1
1/1/49
2/1/49
2/1/49
OS6860E-P48 OS6860E-P48
10.1.1.5 10.1.1.13
OS6860-P48 OS6860-P48
OS6860-P48 OS6860-P48
1/1/49
1/1/49 1/1/49
2/1/49 Piso11
Piso3 1/1/49 1/1/49
2/1/49 1/1/49 2/1/49
1/1/49
2/1/49 2/1/49
2/1/49
2/1/49
OS6860E-P48 OS6860E-P48 OS6860E-P48 OS6860E-P48 OS6860E-P48 OS6860E-P48 OS6860E-P48

10.1.1.6 10.1.1.7 10.1.1.8 10.1.1.9 10.1.1.10 10.1.1.11 10.1.1.12
OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48
OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48
Piso4 Piso5 Piso6 Piso7 Piso8 Piso9 Piso10
Figure 1 Network Diagram

3 Port Configuration
3.1 Core Switches

The two OS10K switches will be inter-connected using the following ports for the two 40
Gigabit VFL links as shown in the figure 2. Ports 1/4/1 to 2/4/1 and 1/4/3 to 2/4/3 is
designated as the VFL links.
Ports 1/1/1-8 and 1/2/1-8 are designated southbound connections to the IDFs port
1/1/49 via 10 Gigabit uplink ports. Ports 2/1/1-8 and 2/2/1-8 are designated
southbound connections to the IDFs port 2/1/49 via 10 Gigabit uplinks ports. Reference
the port mapping in table 5 (above) for details. Multi-link connection between the core
switches to each IDF locations using LACP (802.3ad) will be configured.
Ports 1/1/16, 1/2/16, 2/1/16, and 2/2/16 are assigned northbound connections to the
firewall devices via 1 Gigabit uplink ports.
OmniSwitch 10K OmniSwitch 10K
C CFM D C CFM D
A CMM B A CMM B
1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8
Ports 2/1/1-8 and 2/2/1-8
OS10K-XNI-U16L
OS10K-XNI-U16L
OS10K-XNI-U16L
OS10K-XNI-U16L
OS10K-QNI-U4E
OS10K-QNI-U4E
designated to IDF port 2/1/49
OS10K-CMM
OS10K-CMM
OS10K-CMM
OS10K-CMM
2
1
OK1 OK1 OK1 OK1
OK2 OK2 OK2 OK2
CONTROL CONTROL CONTROL CONTROL
FABRIC FABRIC FABRIC FABRIC

1
1
Ports 1/1/1-8 and 1/2/1-8 1/4/1 TEMP TEMP
2/4/1 TEMP TEMP

2
2
1
1
3
3
4
4
CONSOLE CONSOLE CONSOLE CONSOLE
designated to IDF port 1/1/49

5
5
6
6
2
2
7
7
USB USB USB USB
8
8
8
7
ETHERNET ETHERNET
VFL Links ETHERNET ETHERNET
LINK/ACT LINK/ACT LINK/ACT LINK/ACT

10
10
10
10
9
9
1/4/3
9
9
10
10
10
10
Ports 1/1/16 and 1/2/16 2/4/3
3
3
11
11
11
11
12
12
12
12
13
13
13
13
designated to FW ports Ports 2/1/16 and 2/2/16
14
14
14
14
15
15
15
15
4
4
AQM
AQM
AQM
AQM
16
16
16
16
designated to FW ports
16
15
16
15
16
15
16
15

OS10K-CFM
OS10K-CFM
OS10K-CFM
OS10K-CFM
OK1 OK1 OK1 OK1
OK2 OK2 OK2 OK2
PS1 PS2 PS3 PS4 PS1 PS2 PS3 PS4
Figure 2 OS10K Cores
3.2 Edge Switches

Each IDF will have a VC of 3 OS6860 switches. Each OS6860 will have 2x 20 Gigabit
virtual fabric links (VFL) to inter-connect the switches. The VC switches will have two
northbound connections to the core via 10 Gigabit uplink ports and configured as a LAG.
Optional management out-of-band network will be configured via EMP port.
To_10K-1
To_10K-2
OK1 VC PS BPS GRN OK2
OS6860E-P48 CLASS 1 LASER PRODUCT VFL/53

60W
USB
1/1/53
USB
Console
RS232
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
1/1/54
VFL/54
OK1 VC PS BPS GRN
USB
2/1/53 VFL Link
USB
Console
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
2/1/54
VFL/54
RS232
OK1 VC PS BPS GRN
USB
3/1/53
USB
Console
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
3/1/54
VFL/54
RS232
Figure 3 OS6860 Edge
3.3 Hybrid Port Configuration on Edge Switches

Hybrid ports are addressed by using the Universal Network Profile (UNP) feature of the
Alcatel-Lucent Enterprise AOS software. All user ports will be configured to belong to the
default data subnet VLAN and dynamically map to the voice VLAN if the classification rule
of the UNP is matched. The classification rule in the example is a MAC rule but other rule
types are also available.
Basic components for configuring UNP are as follows:
1. Define the UNP Edge Profile
unp edge-profile DEFAULT
unp edge-profile VLAN-VOIP
2. Define the UNP VLAN Mapping
unp vlan-mapping edge-profile DEFAULT vlan 10
unp vlan-mapping edge-profile VLAN-VOIP vlan 2
3. Define the UNP Classification Rule
unp classification mac-address-range 00:04:f2:00:00:00 00:04:f2:ff:ff:ff edge-
profile VLAN-VOIP
4. Configure the user ports for UNP
unp port 1/1/1 port-type edge
unp port 1/1/1 classification enable
unp port 1/1/1 default-edge-profile DEFAULT
13
4 Base Configuration
The following sample configuration illustrates the basic switch configuration.
system timezone EST

system daylight-savings-time
session timeout cli 60
session timeout ssh 60
session timeout ftp 60
session timeout http 60
system name "switchname"
system location "enterlocation"
session prompt default "CORE-SW->"
system contact "IT Network MGMT Ext. xxxx"
session cli banner /working/pre-banner.txt
session ftp banner /working/pre-banner.txt 
session http banner /working/pre-banner.txt
! Prelogin banner before the login is detailed in file
! /flash/switch/pre_banner.txt
!
ip domain-name aa.bb.cc.dd 
ip domain-lookup 
ip name-server xx.xx.xx.xx
!
ntp server xx.xx.xx.xx
ntp client admin-state enable
!
! trap port link should be used on switch to switch ports
! may also use on server host ports
! User ports should remain disabled
interfaces port 1/1/1-8 link-trap enable
!
! AUTHENTICATION SECTION
! change user password requirements
user password-size 12 
user password-policy min-digit 1 
user password-policy min-nonalpha 1 
user password-policy min-uppercase 1 
user password-policy min-lowerercase 1 
user password-policy cannot-contain-username
! Change admin password.

! Will not be used as long as connection to authentication server is available.
user admin password ########
! Optional: If using AAA server, define it here
14
! aaa authentication.
aaa tacacs+-server tacacs host xx.xx.xx.xx key "%secret%"
! Turn off what is not used.
no aaa authentication telnet
no aaa authentication ftp
aaa authentication http tacacs local
aaa authentication console tacacs local
aaa authentication ssh tacacs local
aaa authentication snmp local
! SWITCH SECURITY SECTION

! disable tcp ports for telnet, ftp, http
ip service telnet admin-state disable
ip service ftp admin-state disable
! ACL to protect switch

policy action accept disposition accept
policy action deny disposition deny
policy service http protocol 6 destination ip-port 80
policy service https destination tcp port 443
policy service ssh destination tcp port 22
policy service sflow destination udp port 6343
policy service snmp destination udp port 161-162
policy service ftp protocol 6 destination ip-port 20-21
policy service telnet protocol 6 destination ip-port 23
policy service group "access" telnet ftp http https ssh snmp sflow
!network group SwitchAllowed is the networks allowed to access the switch group
policy network group SwitchAllowed xxx.xxx.xxx.xxx mask xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx mask xxx.xxx.xxx.xxx
policy condition SwitchRestrict destination network group Switch service group
access
policy condition SwitchRestrictOK source network group SwitchAllowed
destination network group Switch
policy rule switchRestrictAllow condition SwitchRestrictOK action accept
policy rule switchRestrictDeny condition SwitchRestrict action deny
qos apply
!IPMS
ip multicast admin-state enable
ip multicast querying enable
ipv6 multicast admin-state enable
ipv6 multicast querying enable
! LLDP:
lldp nearest-bridge chassis tlv management port-description enable system-name
enable system-description enable system-capabilities enable
lldp nearest-bridge chassis tlv dot1 vlan-name enable port-vlan enable
lldp nearest-bridge chassis tlv dot3 mac-phy enable
lldp nearest-bridge port 1/1 tlv management management-address enable
!Unidirectional Link Detection UDLD. Used only on uplink switch to switch

ports and only when the other switch has it turned on.
udld enable
udld port 1/1/1-8 enable
15
! SNMP
user private read-write all password %secret% sha+des
snmp station xx.xx.xx.xx private v3 enable

snmp source-ip-preferred “MGMT-IP”
! LOGGING
! Command log will provide a timestamped log file with what username did which
commands.
Command-log enable
swlog remote command-log enable
swlog output socket xx.xx.xx.xx remote command-log
swlog console level info
16
5 Optional: Network Profile (UNP) Configuration
Universal Network Profile (UNP) is a feature that provides network administrators with the
ability to define and apply network access control to specific types of devices. Use default
classification rule to define UNP VLAN assignment. Sample shows using MAC based rule
to move IP Phone sets into the Voice VLAN and IP Address based rule to move to particular
VLANs.
! Create UNP
!
! DA-UNP:
unp edge-profile DATOS-S1
unp vlan-mapping edge-profile DATOS-S1 vlan 10
! Configure UNP Port and enable classification

!
! Define UNP Classification Rule

!
unp classification mac-address-range 00:04:f2:00:00:00 00:04:f2:ff:ff:ff edge-
profile VLAN-VOIP
unp classification ip-address 10.40.10.1 255.255.255.0 edge-profile DATOS-S1
17
6 QOS Configuration
The following sample configuration illustrates the QoS configuration.

Several options exist to deploy QoS in an OmniSwitch.
We have included several examples below to show different methods for applying QoS.
! QOS
! If required to enable VOIP or UNP enabled mobile ports on all user ports.
vlan port mobile #/##-## bpdu ignore enable
!LLDP ASSIGNMENT METHOD

! If required, create VOIP VLAN with LLDP vlan assignment and tag to uplink lag
group
!LLDP for phone
vlan ### name "VOIP"
vlan ### mobile-tag enable
lldp network-policy 1 application voice vlan ### l2-priority 5 dscp 43

lldp network-policy 2 application voice-signaling vlan ### l2-priority 3 dscp
26
lldp #/## tlv med capability enable network-policy enable
lldp #/## med network-policy 1
lldp #/## med network-policy 2
vlan ### 802.1q #
!MAC-RANGE ASSIGNMENT METHOD

!If lldp is not an option, mac range can be used to put phones into VLANs.
!Example used for ALU phones below
!IP rule makes sure phones stay in vlan. It uses ip address and mask
vlan ### ip xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
vlan ### mac range 00:80:9f:00:00:00 00:80:9f:ff:ff:ff
!QOS policy rule for VOIP using source VLAN

! use vlan that VOICE is qtagged into
Policy condition VOIPVLAN source vlan ###
Policy action P5 priority 5 802.1p 5 dscp 43
Policy rule VOIP condition VOIPVLAN action P5
18
7 VLAN, Linkagg, IP and Interface Configuration
! Alias uplink ports

interfaces #/#/# alias "uplink to switchname"
interfaces #/#/# alias "uplink to switchname"
! LACP
linkagg lacp agg x size y admin-state enable
linkagg lacp agg x name "switchname"
linkagg lacp agg x actor admin-key x
linkagg lacp agg x partner admin-key x
linkagg lacp port #/#/# actor admin-key x
linkagg lacp port #/#/# actor admin-key x
linkagg lacp port #/#/# partner admin-key x
linkagg lacp port #/#/# partner admin-key x
! VLAN
vlan 10 name "DATOS-S1"
vlan 10 members port x/x (or linkagg x) tagged/untagged
! Create IP Address for management.

ip interface “management” address xxx.xxx.xxx.xxx mask 255.255.255.0 vlan xxx
!
ip static-route 0.0.0.0/0 gateway xxx.xxx.xxx.xxx
! SHUTDOWN unused ports

! option 1
interfaces 1/1 admin-state disable
! option 2
vlan 999 admin-state disable
vlan 999 members port #/# untagged
19
8 NMS Configuration
OmniVista 2500 version 3.5.7 standard config
Adding a switch to OmniVista

General Tab – items to complete
IP Address – Switch Stack/Distribution – IP
Telnet/FTP User Name – username
Telnet/FTP Password – password
SNMP Version – SNMPv3
Shell Window – Prefer SSH
Can Be Seen By
Everyone
SNMP Settings Tab

SNMPv3
SNMPv3 Name - private
Timeout – 5000
Retry Count 3
20
9 Virtual Chassis (VC) Configuration/Script
Chassis_1-> virtual-chassis configured-chassis-id 1

Chassis_1-> virtual-chassis chassis-group 1
Chassis_1-> virtual-chassis vf-link 0 create
Chassis_1-> virtual-chassis vf-link 0 member-port 4/1
Chassis_1-> ip interface local emp address xx.xx.xx.1 mask 255.255.255.0
Chassis_1-> write-memory
Chassis_1-> convert-configuration to vc_dir

Chassis_2-> ip interface local emp address xx.xx.xx.2 mask 255.255.255.0
Chassis_1-> reload from vc_dir no rollback-timeout

VC-> ip interface master emp address 10.255.100.3 mask 255.255.255.0
21
10 Exceptions
10.1 Exception Status

No Date SEBIN Alcatel Status Comments Dates & If exception cleared,
Mm/dd/yy Representative Representative P = Pending Initials sign-off SEBIN
Signature Signature C = Cleared representative
10.2 Details for Each Exception

No Details Status Dates & Initials
22
11 Agreement
The signatures below serve as an acknowledgement that the ALU/Konnect Colombia and SEBIN
are in agreement with this design document and that the project is prepared to move forward.
Alcatel-Lucent Enterprise SEBIN

Konnect Colombia
By: By:
(print name) (print name)
Name: Name:
(signature) (signature)
Title: Sr. Network Architect Title: Manager, Network Design
By: By:
Name: Name:
Title: ALE/Konnect Project Manager Title: SEBIN Project Manager
By: By:
Name: Name:
Title: Title:
By: By:
Name: Name:
Title: Title:
23
12 Appendix A: Core Switch Configuration Sample
This is an example of setting up the VC statically.

Chassis_1-> virtual-chassis vf-link 1 member-port 1/4/1
Chassis_1-> ip interface local emp address xx.xx.xx.xx mask 255.255.255.0

Chassis_2-> ip interface local emp address xx.xx.xx.xx mask 255.255.255.0

10K-1
!========================================!
! File: /flash/working/vcsetup.cfg !
!========================================!
! Virtual Chassis Manager:
virtual-chassis chassis-id 1 configured-chassis-id 1
virtual-chassis vf-link-mode static
virtual-chassis chassis-id 1 vf-link 1 create
virtual-chassis chassis-id 1 vf-link 1 member-port 1/4/1
virtual-chassis chassis-id 1 chassis-group 1
virtual-chassis chassis-id 1 configured-chassis-priority 200
10K-2
!========================================!
!========================================!
virtual-chassis vf-link-mode static
24
virtual-chassis chassis-id 2 vf-link 1 create
!========================================!
! VC 10K SET EMP ADDRESS !
!========================================!
VC-> ip interface master emp address xx.xx.xx.xx mask 255.255.255.0
!========================================!
! Create the VLANs !
!========================================!
vlan 1 admin-state enable
vlan X admin-state enable - This is automatic once a VLAN is created.
vlan 1 name "VLAN-GESTION"
vlan 2 name "VLAN-VOIP"
vlan 9 name "VLAN-OUTSIDE-EUDEMON"
vlan 20 name "DATOS-P2"
vlan 131 name "GPS"
vlan 200 name "VLAN-CCTV"
vlan 201 name "CCTV-S1"
vlan 202 name "CCTV-P1"
vlan 204 name ""
vlan 211 name "PUERTO-HIBRIDO-VOIP-DATOS"
vlan 300 name "EBI-CA-CI-DI"
vlan 500 name "VLAN-SERVIDOREs-DATOS"
vlan 501 name "SERVER_PUBLIC"
vlan 507 name "VLAN_HP_SAN"
vlan 512 name "prueba_bondingC"
vlan 601 name "DAI"
vlan 700 name "APC"
25
vlan 900 name "control_medios"
vlan 1000 name "EBI_NEW"
VLAN 1001 name "PERIFERICOS_EBI"
!========================================!
! Create the IP Interfaces !
!========================================!
ip interface "VLAN-1" address 10.10.0.xx mask 255.255.255.0 vlan 1 ifindex 1

ip interface "VLAN-X" address xx.xx.xx.xx mask 255.255.255.0 vlan X ifindex 3
!========================================!
! Create the Link Aggregation !
!========================================!
=====LinkAgg to Sotano1
linkagg lacp agg 1 size 2 admin-state enable
linkagg lacp agg 1 name "to_Sotano1"
linkagg lacp agg 1 actor admin-key 1
linkagg lacp port 1/1/1 actor admin-key 1
vlan 1 members linkagg 1 untagged
vlan 2 members linkagg 1 tagged
vlan X members linkagg 1 tagged (Add for each VLAN to the linkagg 1)
=====LinkAgg to Pico 1
linkagg lacp agg 2 name "to_Pico1"
=====LinkAgg to Pico X
linkagg lacp agg X size 2 admin-state enable
linkagg lacp agg X name "to_Pico X"
linkagg lacp agg X actor admin-key X
linkagg lacp port 1/1/X actor admin-key X
linkagg lacp port 2/1/X actor admin-key X
vlan 1 members linkagg X untagged
vlan 2 members linkagg X tagged
vlan X members linkagg X tagged (Add for each VLAN to the linkagg X)
26
!========================================!
! Add the static route to FW !
!========================================!
ip static-route 0.0.0.0/0 gateway xx.xx.xx.xx metric 1
27
13 Appendix B: Edge Switch Configuration Sample
Use the automatic configuration of virtual chassis method as your first option. This requires that the
6860 switch is either brand new or that there are no vcsetup.cfg and vcboot.cfg present on the
switch.
Steps of Automatic Virtual Chassis Creation (Reference Switch Management Guide AOS Release 8
for more details).
1. Connect each chassis to the next in a ring configuration using the dedicated VFL ports.
2. Power on each chassis.
3. The VFL ports will be automatically detected and configured.
4. The chassis with the lowest MAC address will become the Master and be configured with
chassis-id 1.
5. All other chassis will become Slave chassis and be assigned a unique chassis-id.
VCSETUP Configuration file output:
Unit 1: 6860E-P48
!========================================!
!========================================!
virtual-chassis vf-link-mode auto
virtual-chassis auto-vf-link-port 1/1/53
! IP:
ip interface local chassis-id 1 emp address xx.xx.xx.xx mask 255.255.255.0
Unit 2: 6860-P48
!========================================!
!========================================!
! IP:
Unit 3: 6860-P48
!========================================!
28
!========================================!
! IP:
After the three 6860 are in a VC, the boot file will be configured with the following and is
in a filename called vcboot.cfg. The main configuration are described in the configuration
file. Highlighted in yellow references where additional parameters will be added per
design.
VCBOOT Configuration file output:

!========================================!
! File: /flash/working/vcboot.cfg !
!========================================!
! Chassis:
system name "PISO X"
! Configuration:
configuration error-file-limit 2
! Capability Manager:
hash-control extended
! Multi-Chassis:
! Virtual Flow Control:
! LFP
! Interface:
! Port_Manager:
! Link Aggregate:
linkagg lacp agg 1 name "to_10K"
! VLAN:
vlan X admin-state enable - This is automatic once a VLAN is created.
vlan 1 name "VLAN-GESTION"
vlan 2 name "VLAN-VOIP"
vlan 9 name "VLAN-OUTSIDE-EUDEMON"
29
vlan 131 name "GPS"
vlan 200 name "VLAN-CCTV"
vlan 201 name "CCTV-S1"
vlan 204 name ""
vlan 211 name "PUERTO-HIBRIDO-VOIP-DATOS"
vlan 300 name "EBI-CA-CI-DI"
vlan 500 name "VLAN-SERVIDOREs-DATOS"
vlan 501 name "SERVER_PUBLIC"
vlan 507 name "VLAN_HP_SAN"
vlan 512 name "prueba_bondingC"
vlan 601 name "DAI"
vlan 700 name "APC"
vlan 900 name "control_medios"
vlan 1000 name "EBI_NEW"
VLAN 1001 name "PERIFERICOS_EBI"
! Spanning Tree:
spantree vlan 1 admin-state enable
spantree vlan 2 admin-state enable
spantree vlan X admin-state enable
! Bridging:
! Port Mirroring:
! Port Mapping:
! IP:
ip service port 123 admin-state enable
ip interface master emp address xx.xx.xx.xx mask 255.255.255.0
ip interface "VLAN-X" address xx.xx.xx.xx mask 255.255.255.0 vlan X ifindex 3
30
! IPv6:
! IPSec:
! IPMS:
! AAA:
aaa authentication default "local"
aaa authentication console "local"
! NTP:
ntp server xx.xx.xx.xx minpoll 4 prefer
ntp client admin-state enable
! QOS:
! Policy Manager:
! VLAN Stacking:
! ERP:
! MVRP:
! LLDP:
! UDLD:
! Server Load Balance:
! High Availability Vlan:
! Session Manager:
session cli timeout 65535
session http timeout 15
session prompt default "SW-PISO-X ->"
command-log enable
! Web:
! Trap Manager:
snmp station xx.xx.xx.xx 162 "snmpuserv3" v3 enable
! Health Monitor:
! System Service:
ip name-server xx.xx.xx.xx
ip domain-lookup
system timezone CST
! SNMP:
snmp security no-security
snmp community-map mode enable
snmp community-map "publc" user "snmpuser" enable (If you need to use SNMPv2)
! BFD:
! IP Route Manager:
ip static-route 0.0.0.0/0 gateway xx.xx.xx.xx metric 1
! VRRP:
ip load vrrp
31
! UDP Relay:
ip helper address xx.xx.xx.xx
! RIP:
! OSPF:
! IP Multicast:
! DVMRP:
! IPMR:
! RIPng:
! OSPF3:
! BGP:
! ISIS:
! Netsec:
! Module:
! LAN Power:
lanpower slot 1/1 service start
! RDP:
! DA-UNP:
! Configure UNP Port and enable classification

!
32
33
34
! Define UNP Classification Rule

!
unp classification mac-address-range 00:04:f2:00:00:00 00:04:f2:ff:ff:ff edge-profile
VLAN-VOIP
! DHL:
! Ethernet-OAM:
! SAA:
! SPB-ISIS:
! SVCMGR:
! LDP:
! EVB:
! APP-FINGERPRINT:
! FCOE:
! QMR
! OPENFLOW:
! Dynamic auto-fabric
! SIP Snooping
! DHCP Server:
! DPI:
35
! DHCPv6 Relay:
! DHCPv6 Server:
! QIP Message Service:
! QIP Active Lease Service:
! Virtual Chassis Split Protection:
! DHCP Snooping:
! APP-MONITORING:
! Loopback Detection:
36

LLD - Draft-V1 5

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

LLD - Draft-V1 5

Загружено:

Авторское право:

Доступные форматы

Alcatel-Lucent Enterprise and

Low Level Design (LLD) Document

DEPARTMENT: LOCATION: TYPE:

Alcatel-Lucent Enterprise - Proprietary

Copyright © 2009-2010 Alcatel-Lucent Enterprise

Table 1 Switch Information

Location Device System Management IP Vlan ID EMP-VC EMP-CHAS1 EMP-CHAS2

2.1 Design Summary

Both OS10K switches will be configured as follows:

OmniSwitch 10K OmniSwitch 10K

OK2 OK2 OK2 OK2

CONTROL CONTROL CONTROL CONTROL

FABRIC FABRIC FABRIC FABRIC

LINK/ACT LINK/ACT LINK/ACT LINK/ACT

CLASS 1 LASER PRODUCT

CLASS 1 LASER PRODUCT

CLASS 1 LASER PRODUCT

CLASS 1 LASER PRODUCT

CLASS 1 LASER PRODUCT

OK2 OK2 OK2 OK2

PS1 PS2 PS3 PS4 PS1 PS2 PS3 PS4

2.3 OmniSwitch 6860 Physical Build

The OS6860 switches will be configured as follows for each IDF:

OS6860E-P48 CLASS 1 LASER PRODUCT VFL/53

OK1 VC PS BPS GRN

OS6860-P48 CLASS 1 LASER PRODUCT VFL/53

OK1 VC PS BPS GRN

OS6860-P48 CLASS 1 LASER PRODUCT VFL/53

2.4 L2/L3 Information

NAME VLAN SUBNET MASK

2.5 Port Connectivity

Port assignment mapping are described in the following table.

Port Assignment Mapping

from_port to_port to_port port type Notes

1/1/1 sotano1 1/1/49 10GIG

from_port to_port to_port port type Notes

2/1/16 fgt-internal 1GIG

10 Gigabit Link ISP-2

2/1/13 2/1/49 OS6860-P48

1/1/49 1/1/3 1/1/11 1/1/49

OS6860E-P48 2/1/3 2/1/11 OS6860E-P48

OS6860E-P48 OS6860E-P48 OS6860E-P48 OS6860E-P48 OS6860E-P48 OS6860E-P48 OS6860E-P48

OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48

OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48 OS6860-P48

Piso4 Piso5 Piso6 Piso7 Piso8 Piso9 Piso10

Figure 1 Network Diagram

3.1 Core Switches

OmniSwitch 10K OmniSwitch 10K

OK2 OK2 OK2 OK2

CONTROL CONTROL CONTROL CONTROL

FABRIC FABRIC FABRIC FABRIC

2/4/1 TEMP TEMP

designated to IDF port 1/1/49

LINK/ACT LINK/ACT LINK/ACT LINK/ACT

CLASS 1 LASER PRODUCT

CLASS 1 LASER PRODUCT

CLASS 1 LASER PRODUCT

CLASS 1 LASER PRODUCT

CLASS 1 LASER PRODUCT

OK2 OK2 OK2 OK2

PS1 PS2 PS3 PS4 PS1 PS2 PS3 PS4

Figure 2 OS10K Cores

3.2 Edge Switches