Thursday, 4 December 2014

VPC - Back-to-Back configuration example


Below is the VPC Back-to-Back  configuration example.




N7K-1:-

Step1:- Enable Feature VPC


N7K-1(config)# feature vpc

Step 2:- Enable Feature LACP


N7K-1(config)# feature lacp



Step 3:- Create VPC domain. Make sure it is same on the VPC peer otherwise VPC will remain in down state.


N7K-1(config-if-range)# vpc domain 100
N7K-1(config-vpc-domain)# peer-keepalive destination 10.1.1.72 --<< Mgmt IP of N7K-2
Note:
 --------:: Management VRF will be used as the default VRF ::--------

We get the below output if domain Id are different on peers switches.


N7K-1(config)# show vpc brief
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 100
Peer status                       : peer link not configured
vPC keep-alive status             : peer is alive, but domain IDs do not match  -----<<<<<<<
Configuration consistency status  : failed
Per-vlan consistency status       : failed
Configuration inconsistency reason: vPC peer-link does not exist
Type-2 consistency status         : failed
Type-2 inconsistency reason       : vPC peer-link does not exist
vPC role                          : none established
Number of vPCs configured         : 0
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Disabled (due to peer configuration)
Auto-recovery status              : Disabled

We get below output when peer switches are reachable via peer keepalive link.

N7K-1(config-vpc-domain)# show vpc brief
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 100
Peer status                       : peer link not configured  --------------<<<<<<<<<<<<<<<<<<<
vPC keep-alive status             : peer is alive  ----------------<<<<<<<<<<<<<<<
Configuration consistency status  : failed
Per-vlan consistency status       : failed
Configuration inconsistency reason: vPC peer-link does not exist  ---<<<<<<<<<
Type-2 consistency status         : failed
Type-2 inconsistency reason       : vPC peer-link does not exist
vPC role                          : none established
Number of vPCs configured         : 0
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Disabled (due to peer configuration)
Auto-recovery status              : Disabled

Step 4:- Create port-channel for vpc peer-link. As soon as VPC PEER-LINK command is configured on
port channel the port type is changed to network and bridge assurance is enabled on the port-channel.

N7K-1(config)# int eth1/1-2
N7K-1(config-if-range)# channel-group 1 mode active
N7K-1(config-if-range)# no shut

N7K-1(config-if-range)# int po1
N7K-1(config-if)# switchport mode trunk
N7K-1(config-if)# vpc peer-link
Please note that spanning tree port type is changed to "network" port type on vPC peer-link.
This will enable spanning tree Bridge Assurance on vPC peer-link provided the STP Bridge Assurance
(which is enabled by default) is not disabled.
N7K-1(config-if)# no shut

Step 5:- Configure port-channel connected to 5Ks. Make sure all the interfaces connected to 5Ks are in same port channel.


N7K-1(config)# int eth1/3-4
N7K-1(config-if-range)# channel-group 10 mode active
N7K-1(config-if-range)# no shut

N7K-1(config-if-range)# int po10
N7K-1(config-if)# switchport mode trunk
N7K-1(config-if)#vpc10

N7K-2:-

Step 6:- Enable vpc and lacp feature


N7K-2(config)# feature vpc
N7K-2(config)# feature lacp

Step7:- Configure VPC Domain and vpc peer-keepalive link.

N7K-2(config-if-range)# vpc domain 100
N7K-2(config-vpc-domain)# peer-keepalive destination 10.1.1.71 --<< Mgmt IP of N7K-1
Note:
 --------:: Management VRF will be used as the default VRF ::--------

Step8:- Configure VPC peer-link

N7K-2(config)# int eth1/1-2
N7K-2(config-if-range)# channel-group 1 mode active
N7K-2(config-if-range)# no shut

N7K-2(config-if-range)# int po1
N7K-2(config-if)# switchport mode trunk
N7K-2(config-if)# vpc peer-link
Please note that spanning tree port type is changed to "network" port type on vPC peer-link.
This will enable spanning tree Bridge Assurance on vPC peer-link provided the STP Bridge Assurance
(which is enabled by default) is not disabled.
N7K-2(config-if)# no shut

Step9:- Configure vpc port-channel connected to N5k

N7K-2(config)# int eth1/3-4
N7K-2(config-if-range)# channel-group 10 mode active
N7K-2(config-if-range)# no shut

N7K-2(config-if-range)# int po10
N7K-2(config-if)# switchport mode trunk
N7K-2(config-if)#vpc10

N5K-1:-

Step 10:- Enable vpc and lacp feature


N5K-1(config)# feature vpc
N5K-1(config)# feature lacp

Step 11:- Configure VPC Domain and vpc peer-keepalive link.

N5K-1(config-if-range)# vpc domain 100
N5K-1(config-vpc-domain)# peer-keepalive destination 10.1.1.52 --<< Mgmt IP of N5K-2
Note:
 --------:: Management VRF will be used as the default VRF ::--------

Step12:- Configure VPC peer-link

N5K-1(config)# int eth1/1-2
N5K-1(config-if-range)# channel-group 1 mode active
N5K-1(config-if-range)# no shut

N5K-1(config-if-range)# int po1
N5K-1(config-if)# switchport mode trunk
N5K-1(config-if)# vpc peer-link
Please note that spanning tree port type is changed to "network" port type on vPC peer-link.
This will enable spanning tree Bridge Assurance on vPC peer-link provided the STP Bridge Assurance
(which is enabled by default) is not disabled.
N5K-1(config-if)# no shut

Step13:- Configure vpc port-channel connected to N7ks and port channel number must be same on both 5K. Make sure port channel number on 7k and 5K should be different.

For example we have chosen po10 on 7K and po20 on 5K.

N5K-1(config)# int eth1/3-4
N5K-1 (config-if-range)# channel-group 20 mode active
N5K-1 (config-if-range)# no shut

N5K-1 (config-if-range)# int po20
N5K-1 (config-if)# switchport mode trunk
N5K-1 (config-if)#vpc 20


N5K-2:-

Step 14:- Enable vpc and lacp feature


N5K-1(config)# feature vpc
N5K-1(config)# feature lacp

Step 15:- Configure VPC Domain and vpc peer-keepalive link.

N5K-1(config-if-range)# vpc domain 100
N5K-1(config-vpc-domain)# peer-keepalive destination 10.1.1.51 --<< Mgmt IP of N5K-1
Note:
 --------:: Management VRF will be used as the default VRF ::--------

Step12:- Configure VPC peer-link

N5K-2(config)# int eth1/1-2
N5K-2(config-if-range)# channel-group 1 mode active
N5K-2(config-if-range)# no shut

N5K-2(config-if-range)# int po1
N5K-2(config-if)# switchport mode trunk
N5K-2(config-if)# vpc peer-link
Please note that spanning tree port type is changed to "network" port type on vPC peer-link.
This will enable spanning tree Bridge Assurance on vPC peer-link provided the STP Bridge Assurance
(which is enabled by default) is not disabled.
N5K-2(config-if)# no shut

Step13:- Configure vpc port-channel connected to N7ks .

N5K-2(config)# int eth1/3-4
N5K-2(config-if-range)# channel-group 20 mode active
N5K-2(config-if-range)# no shut

N5K-2(config-if-range)# int po20
N5K-2(config-if)# switchport mode trunk
N5K-2(config-if)#vpc 20



Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)