The following section describes a simple configuration example to configure Fabric Attach (FA) at the edge of a Fabric Connect network. This is a typical deployment at its simplest level and is powerful because of its use in conjunction with a Fabric Connect core.
Configuring FA primarily consists of configuring the FA Server. The FA Server in turn discovers neighboring FA component devices (like the FA Proxies and FA Clients) using FA TLVs within the LLDP PDUs.
In the following deployment, the switch at the edge of the Fabric Connect cloud is configured as the FA Server. On this switch, FA is enabled globally and at the interface (port) level. Another switch, functioning as the FA Proxy connects to the FA enabled port (1/3) on the FA Server. User A is an end user device that needs to send and receive data traffic from User B (another end user device) across the network.
Configure SPBM and IS-IS on the edge and core switches. For more information, see Configuring minimum SPBM and IS-IS parameters.
Configure the edge switch (BEB) as the FA Server:
enable
configure terminal
fa enable
interface GigabitEthernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}
fa enable
Note
Enabling FA automatically enables message authentication. Also, the authentication key is set to the default value and appears encrypted on the output.
Note
Enabling FA on a port not only enables tagging but also disables spanning tree on that port.
Verify global and interface level FA configuration:
show fa
show fa agent
show fa interface
show fa elements
show fa assignment
To verify I-SID-to-VLAN assignments on a specific port, enter:
show fa assignment {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}
show i-sid elan
SPBM and IS-IS configuration on the core and edge switches:
SPBM configuration:
Switch:1>en Switch:1#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch:1(config)#spbm Switch:1(config)#spbm ethertype 0x8100
IS-IS SPBM configuration:
Switch:1(config)#router isis Switch:1(config)#spbm 1 Switch:1(config-isis)#spbm 1 nick-name 1.00.01 Switch:1(config-isis)#spbm 1 b-vid 41-42 primary 41 Switch:1(config-isis)#spbm 1 ip enable
IS-IS router configuration:
Switch:1(config-isis)#router isis Switch:1(config-isis)#sys-name BEB-Switch Switch:1(config-isis)#ip-source-address 3.3.3.3 Switch:1(config-isis)#is-type l1 Switch:1(config-isis)#system-id 0001.0001.0001 Switch:1(config-isis)#manual-area c0.2000.000.00 Switch:1(config-isis)#exit
Interface (port-level) configuration
Switch:1(config)#interface GigabitEthernet 1/2 Switch:1(config-if)#no shutdown Switch:1(config-if)#isis Switch:1(config-if)#isis spbm 1 Switch:1(config-if)#isis enable Switch:1(config-isis)#exit Switch(config)#vlan create 41 type spbm-vlan Switch(config)#vlan create 42 type spbm-vlan Switch(config)#router isis enable Switch(config)#show isis spbm
Configuration of the edge switch as the FA Server.
Enable FA globally.
Switch:1(config)#fa enable Switch:1(config)#show fa ========================================================= Fabric Attach Configuration ========================================================= FA Service : enabled FA Element Type : server FA Assignment Timeout : 240 FA Discovery Timeout : 240 FA Provision Mode : spbm
Enable FA on the port.
Enabling FA automatically enables message authentication. The authentication key is configured with the default value, which appears in encrypted format in the output.
Switch:1(config)#int gigabitEthernet 1/3 Switch:1(config-if)#fa enable Switch:1(config-if)#show fa interface port 1/3 ============================================================= Fabric Attach Interfaces ============================================================= INTERFACE SERVER MGMT MGMT MSG AUTH MSG AUTH STATUS ISID CVID STATUS KEY ------------------------------------------------------------- Port1/3 enabled 0 0 enabled **** ------------------------------------------------------------- 1 out of 1 Total Num of fabric attach interfaces displayed -------------------------------------------------------------
Switch:1(config-if)#exit Switch:1(config)#exit
Verify that the FA Proxy is discovered by the FA Server.
Switch:1(config)#show fa elements ================================================================================ Fabric Attach Discovery Elements ================================================================================ MGMT ELEM ASGN PORT TYPE VLAN STATE SYSTEM ID AUTH AUTH -------------------------------------------------------------------------------- 1/3 proxy 2 T / S 10:cd:ae:09:40:00:20:00:00:01 AP AP ================================================================================ Fabric Attach Authentication Detail ================================================================================ ELEM OPER ASGN OPER PORT AUTH STATUS AUTH STATUS -------------------------------------------------------------------------------- 1/3 successAuth successAuth State Legend: (Tagging/AutoConfig) T= Tagged, U= Untagged, D= Disabled, S= Spbm, V= Vlan, I= Invalid Auth Legend: AP= Authentication Pass, AF= Authentication Fail, NA= Not Authenticated, N= None -------------------------------------------------------------------------------- 2 out of 2 Total Num of fabric attach discovery elements displayed
Verify the FA I-SID-to-VLAN assignment. An active state indicates that the FA (ELAN) I-SID is successfully created with endpoint of type Switched UNI. By default, this I-SID is created for Layer 2.
Switch:1#show fa assignment ======================================================================== Fabric Attach Assignment Map ======================================================================== Interface I-SID Vlan State Origin ------------------------------------------------------------------------ 1/3 44 2 active proxy ------------------------------------------------------------------------ 1 out of 1 Total Num of fabric attach assignment mappings displayed ------------------------------------------------------------------------
For Layer 3 support, you must configure a platform VLAN. The platform VLAN can have the same value as that of the C-VID or it can have a different value.
In this example, the platform VLAN has the same value as the C-VID.
Switch:1(config)#vlan create 2 type port-mstprstp 0 Switch:1(config)#vlan i-sid 2 44
Switch:1#show i-sid elan ====================================================================== Isid Info ====================================================================== ISID ISID PORT MLT ORIGIN ISID ID TYPE VLANID INTERFACES INTERFACES NAME ---------------------------------------------------------------------- 44 ELAN 2 c2:1/3 DISC_LOCAL ISID-44 c: customer vid u: untagged-traffic All 1 out of 1 Total Num of Elan i-sids displayed
Verify neighbor discovery on the FA Proxy switch:
Note that the edge switch (BEB) is discovered as the FA Server by the FA Proxy.
Switch:2(config)#show fa agent Fabric Attach Service Status: Enabled Fabric Attach Element Type: Proxy Fabric Attach Zero Touch Status: Enabled Fabric Attach Auto Provision Setting: Proxy Fabric Attach Provision Mode: SPBM Fabric Attach Client Proxy Status: Enabled Fabric Attach Standalone Proxy Status: Disabled Fabric Attach Agent Timeout: 50 seconds Fabric Attach Extended Logging Status: Enabled Fabric Attach Primary Server Id: aa:bb:cc:dd:ee:11:30:01:00:01 (SPBM) Fabric Attach Primary Server Descr:BEB-Switch (6.0.0.0_GA)
Switch:2(config)#show fa elements Unit/ Element Element Element Port Type Subtype VLAN Auth System ID ------- ------- -------------------- ------- ---- ----------------------------- 1/3 Server Server (Auth) 0 AP aa:bb:cc:dd:ee:11:30:01:00:01
Switch:2(config)#show fa i-sid I-SID VLAN Source Status ------- ---- ------------ ------- 44 2 Proxy Active