Configuring Many to One Port Associations
To provide transparent switching, you can use the port-association-create and port-association-modify commands to create a pseudo-wire between the master and slave ports. The virtual-wire keyword enables analytics on associated ports and traffic between specified ports based on the bidir or no-bidir tag.
To create port associations between master port and slave ports and enabling link-tracking, use the command:
CLI(network-admin@Spine1) > port-association-create name name-string master-ports port-list slave-ports port-list virtual-wire|no-virtual-wire bidir|no-bidir
port-association-create |
Creates a port association between the master and slave ports. |
name name-string |
Specify the name of the configuration |
master-ports port-list |
Specify the master port number or a list of ports that can act as master ports. |
slave-ports port-list |
Specify the slave port number or a list of ports that can act as salve ports. |
[virtual-wire|no-virtual-wire] |
Specify the virtual-wire keyword to form a virtual-wire port association. This enables analytics on associated ports and traffic between specified ports This keyword is available only when the switch is in VirtualWire mode. |
[bidir|no-bidir] |
Specify the bidir keyword to enable bidirectional port state link tracking, which sets-up virtual-wire vflows between master and slave ports. This keyword is available only when the switch is in VirtualWire mode. |
Other parameters available in the command for standard switch form are: |
|
[policy all-masters|any-master] |
Specifies the port association policy. The default is all-masters. |
[monitor-ports port-list] |
Specify the list of ports that needs to be monitored. |
[enable|no-enable] |
Specify to enable or disable port association in hardware. |
Note: To support analytics data, a few additional system vFlow entries (named System-vflow-x, where x can be S or F or R) are installed with a higher priority than the vFlow entry in order to copy TCP SYN/FIN/RST packets to the management CPU. This ensures that any SYN/FIN/RST packets carried by vFlow can be used for TCP flow analysis.
Note: The difference between many-to-one, one-to-many, and many-to-many port associations are very important in uni-directional mode as the traffic goes only from the master ports to the slave ports in a uni-directional port-association and not the other way around.
For example,
CLI (network-admin@Leaf1) > port-association-create name PA_1 master-ports 1 slave-ports 2,3 virtual-wire
CLI (network-admin@Leaf1) > port-association-create name PA_2 master-ports 2 slave-ports 1,3 virtual-wire
The parameter, monitor-ports, is added to allow for ports that are not tracked by the port-association. Apart from non-tracking of the monitor port, the traffic is sent to the monitor port only and no traffic is allowed from the monitor port to the master or slave port.
This scenario can be used in cases such as sending data to a logging server (connected to a monitor port) between two network path ports (master and slave ports).
CLI (network-admin@Leaf1) > CLI> port-association-create name PA_1 master-ports 1 slave-ports 2 monitor-ports 3 virtual-wire
CLI (network-admin@Leaf1) > CLI> port-association-create name PA_2 master-ports 2 slave-ports 1 monitor-ports 3 virtual-wire
These commands create the same set of port-associations except that when ports 1 or 2 goes down, port 3 is not affected.
Note: The virtual-wire and bidir keywords are available only on VirtualWire switch mode.