Networklearner: December 2014

Sunday 21 December 2014

OSPF configuration example on Nexus switches

Below is the OSPF configuration example on Nexus switches. Here OSPF is enable on the directly connected interface between 7K switches.

N7K-1:-

Step 1:- Enable OSPF feature

N7K-1(config)# feature ospf

Step 2:- Enable OSPF Process

N7K-1(config)# router ospf 10 --<<<< OSPF process ID

N7K-1(config-router)# router-id 10.1.1.1

Step 3:- Enable ospf on particular interface

N7K-12-1(config-router)# int Eth1/1

N7K-2(config-if)#ip address 10.1.1.1 255.255.255.252

N7K-12-1(config-if)# ip router ospf 100 area 0

N7K-2:-

Step 4 :- Enable OSPF feature

N7K-2(config)# feature ospf

Step 5:- Enable OSPF Process

N7K-2(config)# router ospf 100 --<<<< OSPF process ID

N7K-2(config-router)# router-id 10.1.1.2

Step 6:- Enable ospf on particular interface.

N7K-2(config)# int Eth1/1

N7K-2(config-if)#ip address 10.1.1.2 255.255.255.252

N7K-2(config-if)# ip router ospf 100 area 0

Step 7 :- Optional- Below command can be used if we want to disable the neighborship on particular interface.

N7K-1(config)# int Eth1/1

N7K-1(config-if)# ip ospf 100 passive-interface ---< To disable neighborship but still advertise the network

N7K-1(config-if)# ip ospf network point-to-point --<< To change the network type

Verification :-

A. Show ip ospf neighbor

N7K-1# sh ip ospf neighbors

OSPF Process ID 100 VRF default

Total number of neighbors: 1

Neighbor ID Pri State Up Time Address Interface

100.1.1.2 1 FULL/ - 00:00:08 100.1.1.2 Eth1/1

EIGRP configuration example on Nexus 7K switches

Below is the EIGRP configuration example on Nexus switches. Here EIGRP is enable on the directly connected interface between 7K switches.

N7K-1:-

Step1 :- Enable EIGRP feature

N7K-1(config)# feature eigrp

Step2:- Enable EIGRP Process

N7K-1(config)# router eigrp 100

N7K-1(config-router)# router-id 10.1.1.1

Step3:- Enable eigrp on particular interface

N7K-12-1(config-router)# int Eth1/1

N7K-2(config-if)#ip address 10.1.1.1 255.255.255.252

N7K-12-1(config-if)# ip router eigrp 100

N7K-2:-

Step4 :- Enable EIGRP feature

N7K-2(config)# feature eigrp

Step5:- Enable EIGRP Process

N7K-2(config)# router eigrp 100

N7K-2(config-router)# router-id 10.1.1.2

Step6:- Enable EIGRP on particular interface.

N7K-2(config)# int Eth1/1

N7K-2(config-if)#ip address 10.1.1.2 255.255.255.252

N7K-2(config-if)# ip router eigrp 100

Step7 :- Optional- Below command can be used if we want to disable the neighborship on particular interface.

N7K-1(config)# int Eth1/1

N7K-1(config-if)# ip passive-interface eigrp 100 ---< To disable neighborship but Still advertise the network

N7K-1(config-if)# ip eigrp 100 shutdown --<< To disable EIGRP on interface. Both hello packet and advertisement will be stopped.

Verification :-

A.Show ip eigrp neighbor

N7K-1(config-if)# sh ip eigrp neighbors

IP-EIGRP neighbors for process 100 VRF default

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

0 10.1.1.2 Eth1/1 14 00:00:42 9 200 0 3

B.Show ip route

N7K-5-1# sh ip route

IP Route Table for VRF "default"

'*' denotes best ucast next-hop

'**' denotes best mcast next-hop

'[x/y]' denotes [preference/metric]

10.1.1.0/30, ubest/mbest: 1/0, attached

*via 10.1.1.2, Eth1/1, [0/0], 00:20:41, direct

10.1.1.2/32, ubest/mbest: 1/0, attached

*via 10.1.1.2, Eth1/1, [0/0], 00:20:41, local

200.1.1.0/24, ubest/mbest: 1/0

*via 10.1.1.1, Eth1/1, [90/3072], 00:00:09, eigrp-100, internal

Saturday 6 December 2014

Nexus - HSRP Configuration example

Below is the HSRP configuration example.

N7K-1:-

feature hsrp

feature interface-vlan

vlan 100

int eth1/1

switchport mode trunk

no shut

int vlan 100

ip address 100.1.1.2/24

hsrp 100

ip 100.1.1.1

preempt

priority 105

no shut

N7K-2:-

feature hsrp

feature interface-vlan

vlan 100

int eth1/1

switchport mode trunk

no shut

int vlan 100

ip address 100.1.1.3/24

hsrp 100

ip 100.1.1.1

preempt

no shut

Verification:-

1. show hsrp brief

N7K-1#show hsrp brief

P indicates configured to preempt.

Interface Grp Prio P State Active addr Standby addr Group addr

Vlan100 100 105 P Active local 100.1.1.3 100.1.1.1

2. show hsrp interface vlan 100

N7K-1#show hsrp interface vlan 100

Vlan100 - Group 100 (HSRP-V1) (IPv4)

Local state is Active, priority 105 (Cfged 105), may preempt Forwarding threshold(for vPC), lower: 1 upper: 105

Hellotime 3 sec, holdtime 10 sec

Next hello sent in 0.821000 sec(s)

Virtual IP address is 100.1.1.1 (Cfged)

Active router is local

Standby router is 100.1.1.3 , priority 100 expires in 0.411000 sec(s)

Authentication text "cisco"

Virtual mac address is 0000.0c07.ac64 (Default MAC)

1 state changes, last state change 00:04:11

IP redundancy name is hsrp-Vlan100-100 (default)

Friday 5 December 2014

VPC+ configuration example

Below is the VPC+ configuration example.

VPC+ is configured between N5k-1 and N5k-2 where fabric path is configured on the VPC peer-link. We assume that Teaming is properly configured on the server end and hence only switch side configuration is demonstrated here.

N7K-1:-

Install feature-set fabricpath //--<<<< It must be executed in Default or Admin VDC //

feature-set fabricpath

feature lacp

fabricpath switch-id 71 //--<< To configure Static switch-id otherwise it will be dynamically assigned//

vlan 100

mode fabricpath

interface Ethernet1/1

switchport mode fabricpath

interface Ethernet1/3

switchport mode fabricpath

interface Ethernet1/4

switchport mode fabricpath

N7K-2 :-

Install feature-set fabricpath

feature-set fabricpath

feature lacp

fabricpath switch-id 72

vlan 100

mode fabricpath

interface Ethernet1/1

switchport mode fabricpath

interface Ethernet1/3

switchport mode fabricpath

interface Ethernet1/4

switchport mode fabricpath

N5K-1 :-

Install feature-set fabricpath

feature-set fabricpath

feature Lacp

feature vpc

fabricpath switch-id 51

vpc domain 100

peer-keepalive destination 10.1.1.52

fabricpath switch-id 55 //----<<<<<<<<<<<< Must be configured for VPC+ //

vlan 100

mode fabricpath

interface Ethernet1/1

Channel-group 1 mode active

switchport mode fabricpath

interface Ethernet1/2

Channel-group 1 mode active

switchport mode fabricpath

interface port-channel1

switchport mode fabricpath

VPC peer-link

interface Ethernet1/3

switchport mode fabricpath

interface Ethernet1/4

switchport mode fabricpath

interface Ethernet1/5

Channel-group 2000 mode active

switchport mode trunk

int po2000

switchport mode trunk

vpc 2000

no shut

N5K-2 :-

install feature-set fabricpath

feature-set fabricpath

feature lacp

feature vpc

fabricpath switch-id 52

vlan 100

mode fabricpath

vpc domain 100

peer-keepalive destination 10.1.1.51

fabricpath switch-id 55

Note:- If you missed to configure sub switch-id under VPC domain then VPC peer-link will remain down.

interface Ethernet1/1

Channel-group 1 mode active

switchport mode fabricpath

interface Ethernet1/2

Channel-group 1 mode active

switchport mode fabricpath

interface port-channel1

switchport mode fabricpath

VPC peer-link

interface Ethernet1/3

switchport mode fabricpath

interface Ethernet1/4

switchport mode fabricpath

interface Ethernet1/5

Channel-group 2000 mode active

switchport mode trunk

int po2000

switchport mode trunk

vpc 2000

no shut

Verification:-

1. Show fabricpath switch-id

N7K-1# show fabricpath switch-id

FABRICPATH SWITCH-ID TABLE

Legend: '*' - this system

=========================================================================

SWITCH-ID SYSTEM-ID FLAGS STATE STATIC EMULATED

----------+----------------+------------+-----------+--------------------

51 0005.73bd.fabc Primary Confirmed Yes No

52 0005.73bf.337c Primary Confirmed Yes No

55 0005.73bd.fabc Primary Confirmed No Yes

55 0005.73bf.337c Primary Confirmed No Yes

*71 0026.980d.4143 Primary Confirmed Yes No

72 0026.980d.3c43 Primary Confirmed Yes No

2. Show fabricpath isis adjacency

N7K-1# show fabricpath isis adjacency

Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:

System ID SNPA Level State Hold Time Interface

N5K-1 N/A 1 UP 00:00:28 Ethernet1/3

N5K-2 N/A 1 UP 00:00:26 Ethernet1/4

N7K-2 N/A 1 UP 00:00:28 Ethernet1/1

3. Show vpc brief

N5K -2(config-if)# show vpc brief

Legend:

(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 100

vPC+ switch id : 55

Peer status : peer adjacency formed ok

vPC keep-alive status : peer is alive

vPC fabricpath status : peer is reachable through fabricpath---<<<<<<

Configuration consistency status: success

Per-vlan consistency status : success

Type-2 consistency status : success

vPC role : secondary

Number of vPCs configured : 1

Peer Gateway : Disabled

Dual-active excluded VLANs : -

Graceful Consistency Check : Enabled

vPC Peer-link status

---------------------------------------------------------------------

id Port Status Active vlans

-- ---- ------ --------------------------------------------------

1 Po1 up 100

vPC status

---------------------------------------------------------------------------

id Port Status Consistency Reason Active vlans vPC+ Attrib

-- ---------- ------ ----------- ------ ------------ -----------

2000 Po2000 up success success 100 DF: Partial

Thursday 4 December 2014

Single sided VPC configuration Example

Below is the single side VPC configuration example. In the below example 7Ks are configured in VPC so that downstream switch i.e 5K will believe that it is connected to only one upstream switch.

Note:- VPC configuration will only be done on the 7Ks not on the 5K as for 5K it is just a normal port channel.

As we know to create VPC we need two type of connectivity as mentioned below:-

1.VPC peer-link

VPC peer-link can only be configured on the layer-2 port-channel containing Ten-gig links. It cannot be configured on physical interfaces. For complete redundancy we should chose interfaces from different modules and must contain more than one interface.

VPC peer-link command is used to convert the port-channel to peer-link.

2.VPC peer-keepalive link

VPC peer-keepalive link is a L3 interface and it is just a backup to the peer-link but it will not pass any user traffic. Only hello packets are exchange over keepalive link. There is no impact if the peer-keepalive link is down and peer-link is up.

VPC peer-keepalive link can be configured using management interface or any L3 interface in default or any other VRF. Cisco recommends to use a dedicated vrf for peer keepalaive link.

N7K-1:-

Step1:- Enable Feature VPC

N7K-1(config)# feature vpc

Step 2:- Enable Feature LACP

N7K-1(config)# feature lacp

Step 3:- Create VPC domain. Make sure it is same on the VPC peer otherwise VPC will remain in down state.

N7K-1(config-if-range)# vpc domain 100

N7K-1(config-vpc-domain)# peer-keepalive destination 10.1.1.72 --<< Mgmt IP of N7K-2

Note:

--------:: Management VRF will be used as the default VRF ::--------

We get the below output if domain Id are different on peers switches.

N7K-1(config)# show vpc brief

Legend:

(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 100

Peer status : peer link not configured

vPC keep-alive status : peer is alive, but domain IDs do not match -----<<<<<<<<<<<<<<

Configuration consistency status : failed

Per-vlan consistency status : failed

Configuration inconsistency reason: vPC peer-link does not exist

Type-2 consistency status : failed

Type-2 inconsistency reason : vPC peer-link does not exist

vPC role : none established

Number of vPCs configured : 0

Peer Gateway : Disabled

Dual-active excluded VLANs : -

Graceful Consistency Check : Disabled (due to peer configuration)

Auto-recovery status : Disabled

We get below output when peer switches are reachable via peer keepalive link.

N7K-1(config-vpc-domain)# show vpc brief

Legend:

(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 100

Peer status : peer link not configured -<<

vPC keep-alive status : peer is alive -----<<<

Configuration consistency status : failed

Per-vlan consistency status : failed

Configuration inconsistency reason: vPC peer-link does not exist ---<<<<<<<<<

Type-2 consistency status : failed

Type-2 inconsistency reason : vPC peer-link does not exist

vPC role : none established

Number of vPCs configured : 0

Peer Gateway : Disabled

Dual-active excluded VLANs : -

Graceful Consistency Check : Disabled (due to peer configuration)

Auto-recovery status : Disabled

Step 4:- Create port-channel for vpc peer-link. As soon as VPC PEER-LINK command is configured on

port channel the port type is changed to network and bridge assurance is enabled on the port-channel.

N7K-1(config)# int eth1/1-2

N7K-1(config-if-range)# channel-group 1 mode active

N7K-1(config-if-range)# no shut

N7K-1(config-if-range)# int po1

N7K-1(config-if)# switchport mode trunk

N7K-1(config-if)# vpc peer-link

Please note that spanning tree port type is changed to "network" port type on vPC peer-link.

This will enable spanning tree Bridge Assurance on vPC peer-link provided the STP Bridge Assurance

(which is enabled by default) is not disabled.

N7K-1(config-if)# no shut

Step 5:- Configure port-channel connected to 5K.

N7K-1(config)# int eth1/3

N7K-1(config-if-range)# channel-group 10 mode active

N7K-1(config-if-range)# no shut

N7K-1(config-if-range)# int po10

N7K-1(config-if)# switchport mode trunk

N7K-1(config-if)#vpc10

N7K-2:-

Step 6:- Enable vpc and lacp feature

N7K-2(config)# feature vpc

N7K-2(config)# feature lacp

Step7:- Configure VPC Domain and vpc peer-keepalive link.

N7K-2(config-if-range)# vpc domain 100

N7K-2(config-vpc-domain)# peer-keepalive destination 10.1.1.71 --<< Mgmt IP of N7K-1

Note:

--------:: Management VRF will be used as the default VRF ::--------

Step8:- Configure VPC peer-link

N7K-2(config)# int eth1/1-2

N7K-2(config-if-range)# channel-group 1 mode active

N7K-2(config-if-range)# no shut

N7K-2(config-if-range)# int po1

N7K-2(config-if)# switchport mode trunk

N7K-2(config-if)# vpc peer-link

Please note that spanning tree port type is changed to "network" port type on vPC peer-link.

This will enable spanning tree Bridge Assurance on vPC peer-link provided the STP Bridge Assurance

(which is enabled by default) is not disabled.

N7K-2(config-if)# no shut

Step9:- Configure vpc port-channel connected to N5k

N7K-2(config)# int eth1/3

N7K-2(config-if-range)# channel-group 10 mode active

N7K-2(config-if-range)# no shut

N7K-2(config-if-range)# int po10

N7K-2(config-if)# switchport mode trunk

N7K-2(config-if)#vpc10

N5K-1:-

Step10:- Enable LACP feature

N5K-1(config)# feature lacp

Step 11:- Configure port-channel connected to 7Ks.

N7K-2(config)# int eth1/1-2

N7K-2(config-if-range)# channel-group 1 mode active

N7K-2(config-if-range)# no shut

N7K-2(config-if-range)# int po1

N7K-2(config-if)# switchport mode trunk

Note: - There is no need to configure VPC on 5K. As for 5K it just another port channel going to uplink switch.

Verification:-

VPC peering is up when both side peer-link and keepalive links are up as shown below.

N7K-1(config-if)# show vpc brief

Legend:

(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 100

Peer status : peer adjacency formed ok

vPC keep-alive status : peer is alive

Configuration consistency status : success

Per-vlan consistency status : success

Type-2 inconsistency reason : Consistency Check Not Performed

vPC role : primary

Number of vPCs configured : 0

Peer Gateway : Disabled

Dual-active excluded VLANs : -

Graceful Consistency Check : Enabled

Auto-recovery status : Disabled

vPC Peer-link status

---------------------------------------------------------------------

id Port Status Active vlans

-- ---- ------ --------------------------------------------------

1 Po1 up 1

VPC can be verified using show vpc role command. ROLE PRIORITY command under VPC domain can be used to change the VPC role but bouncing of VPC peer link is required to apply the new configured priority.

N7K-1(config-if)# show vpc role

vPC Role status

----------------------------------------------------

vPC role : primary

Dual Active Detection Status : 0

vPC system-mac : 00:23:04:ee:be:64

vPC system-priority : 32667

vPC local system-mac : 00:26:98:0d:3c:c4

vPC local role-priority : 32667

Below command can show the status of the peer-keepalive link and its statistics.

N7K-1(config-if)# show vpc peer-keepalive

vPC keep-alive status : peer is alive

--Peer is alive for : (8525) seconds, (220) msec

--Send status : Success

--Last send at : 2014.12.19 17:55:30 978 ms

--Sent on interface : mgmt0

--Receive status : Success

--Last receive at : 2014.12.19 17:55:30 978 ms

--Received on interface : mgmt0

--Last update from peer : (0) seconds, (139) msec

vPC Keep-alive parameters

--Destination : 10.1.1.72

--Keepalive interval : 1000 msec

--Keepalive timeout : 5 seconds

--Keepalive hold timeout : 3 seconds

--Keepalive vrf : management

--Keepalive udp port : 3200

--Keepalive tos : 192

Below command shows the consistency check between the VPC peers. Peer with Consistency type-1 are not allowed to make pair.

N7K-1(config-if)# show vpc consistency-parameters global

Legend:

Type 1 : vPC will be suspended in case of mismatch

Name Type Local Value Peer Value

------------- ---- ---------------------- -----------------------

STP Mode 1 Rapid-PVST Rapid-PVST

STP Disabled 1 None None

STP MST Region Name 1 "" ""

STP MST Region Revision 1 0 0

STP MST Region Instance to 1

VLAN Mapping

STP Loopguard 1 Disabled Disabled

STP Bridge Assurance 1 Enabled Enabled

STP Port Type, Edge 1 Normal, Disabled, Normal, Disabled,

BPDUFilter, Edge BPDUGuard Disabled Disabled

STP MST Simulate PVST 1 Enabled Enabled

Allowed VLANs - 1 1

Local suspended VLANs - - -

Particular vpc port-channel consistency parameter can also been seen using below command.

N7K.;-1(config-if)# show vpc consistency-parameters interface po10

Legend:

Type 1 : vPC will be suspended in case of mismatch

Name Type Local Value Peer Value

------------- ---- ---------------------- -----------------------

STP Port Type 1 Default Default

STP Port Guard 1 None None

STP MST Simulate PVST 1 Default Default

lag-id 1 [(7f9b, [(7f9b,

0-23-4-ee-be-64, 800a, 0-23-4-ee-be-64, 800a,

0, 0), (8000, 0, 0), (8000,

0-5-73-ca-90-1, 13, 0, 0-5-73-ca-90-1, 13, 0,

0)] 0)]

mode 1 active active

Speed 1 10 Gb/s 10 Gb/s

Duplex 1 full full

Port Mode 1 trunk trunk

Native Vlan 1 1 1

MTU 1 1500 1500

Allowed VLANs - 1-4094 1-4094

Local suspended VLANs - - -