.
First, I would highly recommend you have a view of my earlier post that summarizes the various (platform independent) optimizations you can implement on an iSCSI fabric. These could be configured upfront, or tried re-actively in case you have any performance or packet loss issues. the post can be found here https://hasanmansur.com/2012/10/14/switch-fabric-setup-for-equalogic-iscsi-powerconnect-switches/
This post is the first installment of a 2 part series, and gives a sample configuration for a scenario where stacked 8024 switches have to be deployed as a dedicated iSCSI fabric. A second post that discusses the deployment of these switches in a LAGged (Non-stacked) configuration can be found here: https://hasanmansur.com/2012/10/25/powerconnect-8024-sample-iscsi-configuration-lagged-non-stacked/
thus, topology-wise,
-
- This is a stack of 2 switches.
- A single VLAN, assigned ID 30, will be used as the iSCSI VLAN. no other VLANs shall be hosted on this stack.
- The management is through dedicated OOB port.
- It will connect to servers’ iSCSI NICS (not teamed), and to the Equalogic Storage boxes.
- If the switch needs uplinking to the core, e.g. where iSCSI has to be routed via Core for replication, the LAG/Port Channel between the 8024 stack and the Core will need to ensure the following:
-
-
- Same LAG mode on both ends (e.g. LACP)
- VLAN list opened on each side matches. In the depicted scenario, since there is only one VLAN needing transporting across, there is no need for trunk mode; thus access mode has been used. but where trunk mode is used, ensure the VLAN list matches, and there is no mismatch on native VLAN config.
- for iSCSI, ensure Jumbo frames are configured appropriately on both ends. some switches only allow global configuration for MTU, not on a per-interface basis. Also, the max MTU value itself differs. therefore, find out before hand what these would be for the model of switch on the other end.
- if you see broken STP topologies, i intend to cover the fix for that in a separate post.
-
here goes: 
.
| Ensure Firmware version same on switches to be stacked. | |||
| show version | |||
| show switch stack-ports | |||
| Stack | > | en | show switch |
| console# | config | ||
| console(config)# | stack | Unlike other models, 8024 uses front ports for stacking.Front ports default to ethernet mode. This must be changed to stacking mode through these commands, on each switch individually. After applying the stack-port int stack command, the configured mode will change, but the running mode of the port shall persist, until the stack is reloaded. After reload, the switches will come up as one stack. |
|
| console(config-stack)# | stack-port tengigabitethernet 1/0/xx stack | ||
| console(config-stack)# | stack-port tengigabitethernet 1/0/xx stack | ||
| console(config-stack)# | stack-port tengigabitethernet 1/0/xx stack | ||
| console(config-stack)# | stack-port tengigabitethernet 1/0/xx stack | ||
| console(config-stack)# | exi | ||
| console(config)# | exi | ||
| console# | copy run start | ||
| console# | y | ||
| console# | reload | ||
| console> | en | ||
| console# | config | ||
| console(config)# | username root password xxxxx privilege 15 | ||
| Telnet | console(config)# | line telnet | To prompt for user/pass, no prompt for entering enable mode. |
| console(config-telnet)# | enable authentication default | ||
| console(config-telnet)# | exi | ||
| show crypto key mypubkey | |||
| SSH | console(config)# | crypto key generate dsa | if SSH needs to be enabled. |
| console(config)# | crypto key generate rsa | ||
| console(config)# | ip ssh server | ||
| console(config)# | line ssh | ||
| console(config-ssh)# | enable authentication default | To prompt for user/pass, no prompt for entering enable mode. | |
| console(config-ssh)# | exi | ||
| console(config)# | ip telnet server disable | if you want to only keep ssh access, and disable telnet | |
| HTTPS | |||
| console(config)# | crypto certificate 1 generate | if HTTPS needs to be enabled. | |
| console(config-crypto-cert)# | key-generate | ||
| console(config-crypto-cert)# | exi | ||
| console(config)# | ip http secure-certificate 1 | ||
| console(config)# | ip http secure-server | ||
| console(config)# | no ip http server | if you want to disable http access | |
| OOB | |||
| console(config)# | interface out-of-band | show ip int out-of-band | |
| console(config-int)# | ip address x.x.x.x 255.255.255.0 y.y.y.y | where y is the next hop gateway for OOB Management | |
| console(config-int)# | exi | ||
| VLAN | |||
| console(config)# | vlan database | Only a single VLAN being created here, making this a dedicated fabric for iSCSI | |
| console(config-vlan)# | vlan 30 | ||
| console(config-vlan)# | exit | ||
| console(config)# | vlan 30 | ||
| console(config-vlan60) | name “iSCSI VLAN” | ||
| console(config-vlan60) | exi | ||
| console(config)# | interface vlan 30 | A Layer 3 VLAN interface is not needed on isolated fabrics. If one is needed, this section can be used. | |
| console(config-if-vlan30)# | ip address x.x.x.x 255.255.255.0 | ||
| console(config-if-vlan30)# | exit | ||
| console(config)# | ip default-gateway y.y.y.y | if in-band management access to this interface is needed from outside the subnet. | |
| Server Ports | console(config)# | interface range tengigabitethernet 1/0/x-xx,te2/0/x-xx | |
| console(config-if)# | description “Server Ports – Not Teamed” | ||
| console(config-if)# | switchport mode access | ||
| console(config-if)# | switchport access vlan 30 | ||
| console(config-if)# | spanning-tree portfast | ||
| console(config-if)# | spanning-tree tcnguard | ||
| console(config-if)# | mtu 9216 | ||
| console(config-if)# | exi | ||
| EQL – Storage Ports | console(config)# | interface range tengigabitethernet 1/0/x-xx,te2/0/x-xx | |
| console(config-if)# | description “EQL ports – STP disabled” | ||
| console(config-if)# | switchport mode access | ||
| console(config-if)# | switchport access vlan 30 | ||
| console(config-if)# | spanning-tree disable | ||
| console(config-if)# | mtu 9216 | ||
| console(config-if)# | no storm-control unicast | (disabled by default already) | |
| console(config-if)# | exi | ||
| ISL – LAG (for uplinking to Core) | console(config)# | interface range tengigabitethernet 1/0/xx,te2/0/xx | If the stack has to uplink to Core, for e.g. to replicate through the Core to another site. (This makes it a non-isolated fabric) |
| console(config-if)# | channel-group 1 mode active | ||
| console(config-if)# | description “Member PoCH 1 – InterSwitch LAG to xyz” | Active depicts LACP being used. Ensure the Core ports are also configured for LACP | |
| console(config-if)# | exi | ||
| console(config)# | interface port-channel 1 | ||
| console(config-if)# | switchport mode access | Ensure Core ports are also configured for appropriate VLANs to be transferred. | |
| console(config-if)# | switchport access vlan 30 | ||
| console(config-if)# | mtu 9216 | ||
| console(config-if)# | description “InterSwitch LAG – mode LACP” | ||
| console(config-if)# | exi | ||
| console# | copy run start |
Hasan Mansur 