In NX-OS, the command equivalent to Cisco IOS's ip helper-address for DHCP relay is ip dhcp relay address. Both commands serve the same purpose: forwarding DHCP requests from clients to a DHCP server located on a different subnet.
Showing posts with label Nexus. Show all posts
Showing posts with label Nexus. Show all posts
Tuesday, 10 June 2025
IP Helper address in NXOS
Friday, 24 January 2020
Jumbo frame configuration on Nexus
I have tried
to explain the MTU configuration on the Nexus platform. MTU configuration varies
based on the port type and hardware platform.
1. Layer 3 MTU
Configurations
MTU configuraiton on L3 port is quite straight forward. Configuration is also same on all the platforms. We just need to give the MTU command on the interface configuration mode.
interface vlan 1
mtu 9216
mtu 9216
Configure MTU on a Layer 3 Port
interface ethernet
1/1
no switchport
mtu 9216
no switchport
mtu 9216
2. Layer 2 MTU
Configurations
MTU
configuration on L2 port varies based on the hardware. On some platforms, we
have to modify MTU under network-qos policy whereas on some MTU commands can be
given under interface configuration mode.
2.1 Using QOS policy
On
below hardware, jumbo frames can be configured using QOS policy.
Nexus
3000: Includes Nexus 3048, 3064, 3132Q, 3132Q-X, 3132Q-XL, 3172,
and 3500 Series switches
Nexus 5000: All
Nexus 5000 and 5500 Series switches
Nexus 6000: All
Nexus 6000 Series switches
Configuration: -
policy-map type network-qos jumbo
class type network-qos class-default
mtu 9216
system qos
service-policy type network-qos jumbo
class type network-qos class-default
mtu 9216
system qos
service-policy type network-qos jumbo
2.1 Per-Port MTU Configuration
On
below hardware, jumbo frames can be configured directly under the interface.
Nexus 7000: All
Nexus 7000- and 7700 Series switches
Nexus 9000: All
Nexus 9200 Series switches (includes 92xxx), 9300 Series switches (includes
93xxx), and 9500 Series switches
Nexus(config)#interface
ethernet 1/1
Nexus(config-if)#mtu 9216
Nexus(config-if)#mtu 9216
Sunday, 21 December 2014
OSPF configuration example on Nexus switches
Below is the OSPF configuration example on Nexus
switches. Here OSPF is enable on the directly connected interface between 7K
switches.
N7K-1:-
Step 1:-
Enable OSPF feature
N7K-1(config)# feature ospf
|
Step 2:- Enable OSPF Process
N7K-1(config)# router ospf 10 --<<<<
OSPF process ID
N7K-1(config-router)# router-id 10.1.1.1
|
Step 3:-
Enable ospf on particular
interface
N7K-12-1(config-router)# int Eth1/1
N7K-2(config-if)#ip address 10.1.1.1 255.255.255.252
N7K-12-1(config-if)# ip router ospf 100 area 0
|
N7K-2:-
Step 4 :- Enable OSPF feature
N7K-2(config)# feature ospf
|
Step 5:- Enable OSPF Process
N7K-2(config)# router ospf 100 --<<<<
OSPF process ID
N7K-2(config-router)# router-id 10.1.1.2
|
Step 6:-
Enable ospf on particular
interface.
N7K-2(config)# int Eth1/1
N7K-2(config-if)#ip address 10.1.1.2 255.255.255.252
N7K-2(config-if)# ip router ospf 100 area 0
|
Step 7 :- Optional- Below command can be used if we want
to disable the neighborship on particular interface.
N7K-1(config)# int Eth1/1
N7K-1(config-if)# ip ospf 100 passive-interface ---< To disable neighborship but still
advertise the network
N7K-1(config-if)# ip ospf network point-to-point --<< To change the network type
|
Verification :-
A. Show ip ospf
neighbor
N7K-1# sh ip ospf neighbors
OSPF Process ID
100 VRF default
Total number of
neighbors: 1
Neighbor ID Pri State Up Time Address Interface
100.1.1.2 1 FULL/ - 00:00:08 100.1.1.2 Eth1/1
|
EIGRP configuration example on Nexus 7K switches
Below is the EIGRP configuration example on Nexus switches. Here EIGRP is enable on the directly connected interface between 7K switches.
N7K-1:-
Step1 :- Enable EIGRP feature
|
N7K-1(config)# feature eigrp
|
Step2:- Enable EIGRP Process
|
N7K-1(config)# router eigrp 100
N7K-1(config-router)# router-id 10.1.1.1
|
Step3:-
Enable eigrp on particular
interface
|
N7K-12-1(config-router)# int Eth1/1
N7K-2(config-if)#ip address 10.1.1.1 255.255.255.252
N7K-12-1(config-if)# ip router eigrp 100
|
N7K-2:-
Step4 :- Enable EIGRP feature
|
N7K-2(config)# feature eigrp
|
Step5:- Enable EIGRP Process
|
N7K-2(config)# router eigrp 100
N7K-2(config-router)# router-id 10.1.1.2
|
Step6:-
Enable EIGRP on particular
interface.
|
N7K-2(config)# int Eth1/1
N7K-2(config-if)#ip address 10.1.1.2 255.255.255.252
N7K-2(config-if)# ip router eigrp 100
|
Step7 :- Optional- Below command can be used if we want
to disable the neighborship on particular interface.
|
N7K-1(config)# int Eth1/1
N7K-1(config-if)# ip passive-interface eigrp 100 ---<
To disable neighborship but Still advertise the network
N7K-1(config-if)# ip eigrp 100 shutdown --<< To disable EIGRP on
interface. Both hello packet and advertisement will be stopped.
|
Verification :-
A.Show ip eigrp
neighbor
|
N7K-1(config-if)# sh ip eigrp neighbors
IP-EIGRP neighbors for process 100 VRF default
H Address Interface Hold
Uptime SRTT RTO
Q Seq
(sec) (ms) Cnt Num
0 10.1.1.2 Eth1/1 14
00:00:42 9 200
0 3
|
B.Show ip route
|
N7K-5-1# sh ip route
IP Route Table for VRF
"default"
'*' denotes best ucast
next-hop
'**' denotes best mcast
next-hop
'[x/y]' denotes
[preference/metric]
10.1.1.0/30, ubest/mbest:
1/0, attached
*via 10.1.1.2, Eth1/1, [0/0], 00:20:41,
direct
10.1.1.2/32,
ubest/mbest: 1/0, attached
*via 10.1.1.2, Eth1/1, [0/0], 00:20:41,
local
200.1.1.0/24,
ubest/mbest: 1/0
*via 10.1.1.1, Eth1/1, [90/3072],
00:00:09, eigrp-100, internal
|
Saturday, 6 December 2014
Nexus - HSRP Configuration example
Below is the HSRP configuration example.
Below is the HSRP configuration example.
N7K-1:-
feature hsrp
feature interface-vlan
vlan 100
int eth1/1
switchport mode trunk
no shut
int vlan 100
ip address 100.1.1.2/24
hsrp 100
ip 100.1.1.1
preempt
priority 105
N7K-2:-
feature hsrp
feature interface-vlan
vlan 100
int eth1/1
switchport mode trunk
no shut
int vlan 100
ip address 100.1.1.3/24
hsrp 100
ip 100.1.1.1
preempt
no shut
Verification:-
1. show hsrp
brief
N7K-1#show hsrp brief
P indicates configured to preempt.
|
Interface Grp
Prio P State Active addr Standby addr Group addr
Vlan100 100
105 P Active local 100.1.1.3 100.1.1.1
|
2. show hsrp interface vlan 100
N7K-1#show hsrp interface vlan 100
Vlan100 - Group 100 (HSRP-V1) (IPv4)
Local state is
Active, priority 105 (Cfged 105), may preempt Forwarding
threshold(for vPC), lower: 1 upper: 105
Hellotime 3
sec, holdtime 10 sec
Next hello sent
in 0.821000 sec(s)
Virtual IP
address is 100.1.1.1 (Cfged)
Active router
is local
Standby router
is 100.1.1.3 , priority 100 expires in 0.411000 sec(s)
Authentication
text "cisco"
Virtual mac
address is 0000.0c07.ac64 (Default MAC)
1 state
changes, last state change 00:04:11
IP redundancy
name is hsrp-Vlan100-100 (default)
|
Friday, 5 December 2014
VPC+ configuration example
Below is the VPC+ configuration example.
VPC+ is configured between N5k-1 and N5k-2 where fabric
path is configured on the VPC peer-link. We assume that Teaming is properly
configured on the server end and hence only switch side configuration is
demonstrated here.
N7K-1:-
Install feature-set fabricpath //--<<<< It must be executed in Default or
Admin VDC //
feature-set fabricpath
feature lacp
fabricpath switch-id 71 //--<<
To configure Static switch-id otherwise it will be dynamically assigned//
vlan 100
mode fabricpath
interface Ethernet1/1
switchport mode
fabricpath
interface Ethernet1/3
switchport mode
fabricpath
interface Ethernet1/4
switchport mode
fabricpath
N7K-2 :-
Install feature-set fabricpath
feature-set fabricpath
feature lacp
fabricpath switch-id 72
vlan 100
mode fabricpath
interface Ethernet1/1
switchport mode
fabricpath
interface Ethernet1/3
switchport mode
fabricpath
interface Ethernet1/4
switchport mode
fabricpath
N5K-1 :-
Install feature-set fabricpath
feature-set fabricpath
feature Lacp
feature vpc
fabricpath switch-id 51
vpc domain 100
peer-keepalive
destination 10.1.1.52
fabricpath
switch-id 55 //----<<<<<<<<<<<< Must
be configured for VPC+ //
vlan 100
mode fabricpath
interface Ethernet1/1
Channel-group 1
mode active
switchport mode
fabricpath
interface Ethernet1/2
Channel-group 1
mode active
switchport mode
fabricpath
interface port-channel1
switchport mode
fabricpath
VPC peer-link
interface Ethernet1/3
switchport mode
fabricpath
interface Ethernet1/4
switchport mode
fabricpath
interface Ethernet1/5
Channel-group 2000 mode active
switchport mode trunk
int po2000
switchport mode trunk
vpc 2000
no shut
N5K-2 :-
install feature-set fabricpath
feature-set fabricpath
feature lacp
feature vpc
fabricpath switch-id 52
vlan 100
mode fabricpath
vpc domain 100
peer-keepalive
destination 10.1.1.51
fabricpath
switch-id 55
Note:- If you missed to configure sub switch-id under VPC domain
then VPC peer-link will remain down.
interface Ethernet1/1
Channel-group 1 mode active
switchport mode
fabricpath
interface Ethernet1/2
Channel-group 1 mode active
switchport mode fabricpath
interface port-channel1
switchport mode
fabricpath
VPC peer-link
interface Ethernet1/3
switchport mode fabricpath
interface Ethernet1/4
switchport mode
fabricpath
interface Ethernet1/5
Channel-group 2000
mode active
switchport mode trunk
int po2000
switchport mode trunk
vpc 2000
no shut
Verification:-
1. Show fabricpath
switch-id
|
N7K-1#
show fabricpath switch-id
FABRICPATH SWITCH-ID
TABLE
Legend:
'*' - this system
=========================================================================
SWITCH-ID SYSTEM-ID FLAGS STATE STATIC
EMULATED
----------+----------------+------------+-----------+--------------------
51 0005.73bd.fabc Primary Confirmed Yes
No
52 0005.73bf.337c Primary Confirmed Yes
No
55 0005.73bd.fabc Primary Confirmed No
Yes
55 0005.73bf.337c Primary Confirmed No
Yes
*71 0026.980d.4143 Primary Confirmed Yes
No
72 0026.980d.3c43 Primary Confirmed Yes
No
|
2. Show fabricpath
isis adjacency
|
N7K-1#
show fabricpath isis adjacency
Fabricpath
IS-IS domain: default Fabricpath IS-IS adjacency database:
System
ID SNPA Level State
Hold Time Interface
N5K-1 N/A 1 UP
00:00:28 Ethernet1/3
N5K-2 N/A 1
UP 00:00:26 Ethernet1/4
N7K-2 N/A 1 UP
00:00:28 Ethernet1/1
|
3. Show vpc brief
|
N5K
-2(config-if)# show vpc brief
Legend:
(*) - local vPC is down,
forwarding via vPC peer-link
vPC
domain id : 100
vPC+
switch id : 55
Peer
status : peer
adjacency formed ok
vPC
keep-alive status : peer is
alive
vPC
fabricpath status : peer is
reachable through fabricpath---<<<<<<
Configuration
consistency status: success
Per-vlan
consistency status : success
Type-2
consistency status : success
vPC
role : secondary
Number
of vPCs configured : 1
Peer
Gateway : Disabled
Dual-active
excluded VLANs : -
Graceful
Consistency Check : Enabled
vPC
Peer-link status
---------------------------------------------------------------------
id Port
Status Active vlans
-- ----
------ --------------------------------------------------
1 Po1
up 100
vPC
status
---------------------------------------------------------------------------
id Port Status Consistency Reason Active vlans vPC+ Attrib
-- ---------- ------ ----------- ------ ------------ -----------
2000 Po2000 up
success success 100 DF: Partial
|
Thursday, 4 December 2014
Single sided VPC configuration Example
Below is the single side VPC configuration example. In the below example 7Ks are configured in VPC so that downstream switch i.e 5K will believe that it is connected to only one upstream switch.
Note:- VPC configuration will only be done on the 7Ks not on the 5K as for 5K it is just a normal port channel.
As we know to create VPC we need two type of connectivity as mentioned below:-
1.VPC peer-link
VPC peer-link can only be configured on the layer-2 port-channel containing Ten-gig links. It cannot be configured on physical interfaces. For complete redundancy we should chose interfaces from different modules and must contain more than one interface.
VPC peer-link command is used to convert the port-channel to peer-link.
2.VPC peer-keepalive link
VPC peer-keepalive link is a L3 interface and it is just a backup to the peer-link but it will not pass any user traffic. Only hello packets are exchange over keepalive link. There is no impact if the peer-keepalive link is down and peer-link is up.
VPC peer-keepalive link can be configured using management interface or any L3 interface in default or any other VRF. Cisco recommends to use a dedicated vrf for peer keepalaive link.
N7K-1:-
Step1:-
Enable Feature VPC
N7K-1(config)# feature vpc
|
Step 2:-
Enable Feature LACP
N7K-1(config)# feature lacp
|
Step 3:-
Create VPC domain. Make sure it is same on the VPC peer otherwise VPC will
remain in down state.
N7K-1(config-if-range)# vpc domain 100
N7K-1(config-vpc-domain)# peer-keepalive destination
10.1.1.72 --<<
Mgmt IP of N7K-2
Note:
--------::
Management VRF will be used as the default VRF ::--------
|
We get the below output if domain Id are different on
peers switches.
N7K-1(config)# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 100
Peer status : peer link not
configured
vPC keep-alive status : peer is alive, but domain IDs
do not match -----<<<<<<<<<<<<<<
Configuration consistency status : failed
Per-vlan consistency status : failed
Configuration inconsistency reason: vPC peer-link does
not exist
Type-2 consistency status : failed
Type-2 inconsistency reason : vPC peer-link does not exist
vPC role : none established
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Disabled (due to peer
configuration)
Auto-recovery status : Disabled
|
We get below output when peer switches are reachable via
peer keepalive link.
N7K-1(config-vpc-domain)# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 100
Peer status : peer link not configured -<<
vPC keep-alive status : peer is alive -----<<<
Configuration consistency status : failed
Per-vlan consistency status : failed
Configuration inconsistency reason: vPC peer-link does
not exist ---<<<<<<<<<
Type-2 consistency status : failed
Type-2 inconsistency reason : vPC peer-link does not exist
vPC role : none established
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Disabled (due to peer
configuration)
Auto-recovery status : Disabled
|
Step 4:-
Create port-channel for vpc peer-link. As soon as VPC PEER-LINK command is
configured on
port channel the port type is changed to network and
bridge assurance is enabled on the port-channel.
N7K-1(config)# int eth1/1-2
N7K-1(config-if-range)# channel-group 1 mode active
N7K-1(config-if-range)# no shut
N7K-1(config-if-range)# int po1
N7K-1(config-if)# switchport mode trunk
N7K-1(config-if)# vpc peer-link
Please note that spanning tree port type is changed to
"network" port type on vPC peer-link.
This will enable spanning tree Bridge Assurance on vPC
peer-link provided the STP Bridge Assurance
(which is enabled by default) is not disabled.
N7K-1(config-if)# no shut
|
Step 5:-
Configure port-channel connected to 5K.
N7K-1(config)# int eth1/3
N7K-1(config-if-range)# channel-group 10 mode active
N7K-1(config-if-range)# no shut
N7K-1(config-if-range)# int po10
N7K-1(config-if)# switchport mode trunk
N7K-1(config-if)#vpc10
|
N7K-2:-
Step 6:- Enable
vpc and lacp feature
N7K-2(config)# feature vpc
N7K-2(config)# feature lacp
|
Step7:-
Configure VPC Domain and vpc peer-keepalive link.
N7K-2(config-if-range)# vpc domain 100
N7K-2(config-vpc-domain)# peer-keepalive destination
10.1.1.71 --<<
Mgmt IP of N7K-1
Note:
--------::
Management VRF will be used as the default VRF ::--------
|
Step8:-
Configure VPC peer-link
N7K-2(config)# int eth1/1-2
N7K-2(config-if-range)# channel-group 1 mode active
N7K-2(config-if-range)# no shut
N7K-2(config-if-range)# int po1
N7K-2(config-if)# switchport mode trunk
N7K-2(config-if)# vpc peer-link
Please note that spanning tree port type is changed to
"network" port type on vPC peer-link.
This will enable spanning tree Bridge Assurance on vPC
peer-link provided the STP Bridge Assurance
(which is enabled by default) is not disabled.
N7K-2(config-if)# no shut
|
Step9:-
Configure vpc port-channel connected to N5k
N7K-2(config)# int eth1/3
N7K-2(config-if-range)# channel-group 10 mode active
N7K-2(config-if-range)# no shut
N7K-2(config-if-range)# int po10
N7K-2(config-if)# switchport mode trunk
N7K-2(config-if)#vpc10
|
N5K-1:-
Step10:- Enable
LACP feature
N5K-1(config)# feature lacp
|
Step 11:-
Configure port-channel connected to 7Ks.
N7K-2(config)# int eth1/1-2
N7K-2(config-if-range)# channel-group 1 mode active
N7K-2(config-if-range)# no shut
N7K-2(config-if-range)# int po1
N7K-2(config-if)# switchport mode trunk
|
Note: - There is no need to configure VPC on 5K. As for 5K
it just another port channel going to uplink switch.
Verification:-
VPC peering is up when both side peer-link and keepalive
links are up as shown below.
N7K-1(config-if)# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 100
Peer status : peer adjacency
formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 inconsistency reason : Consistency Check Not Performed
vPC role : primary
Number of vPCs configured : 0
Peer Gateway
: Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------
--------------------------------------------------
1 Po1 up
1
|
VPC can be verified using show vpc role command. ROLE
PRIORITY command under VPC domain can be used to change the VPC role but bouncing
of VPC peer link is required to apply the new configured priority.
N7K-1(config-if)# show vpc role
vPC Role status
----------------------------------------------------
vPC role : primary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:64
vPC system-priority : 32667
vPC local system-mac : 00:26:98:0d:3c:c4
vPC local role-priority : 32667
|
Below command can show the status of the peer-keepalive
link and its statistics.
N7K-1(config-if)# show vpc peer-keepalive
vPC keep-alive status : peer is alive
--Peer is alive for : (8525) seconds, (220) msec
--Send status : Success
--Last send at : 2014.12.19 17:55:30 978
ms
--Sent on interface : mgmt0
--Receive status : Success
--Last receive at : 2014.12.19 17:55:30 978 ms
--Received on interface : mgmt0
--Last update from peer : (0) seconds, (139) msec
vPC Keep-alive parameters
--Destination : 10.1.1.72
--Keepalive interval : 1000 msec
--Keepalive timeout : 5 seconds
--Keepalive hold timeout : 3 seconds
--Keepalive vrf : management
--Keepalive udp port : 3200
--Keepalive tos : 192
|
Below command shows the consistency check between the VPC
peers. Peer with Consistency type-1 are not allowed to make pair.
N7K-1(config-if)# show vpc consistency-parameters
global
Legend:
Type 1 :
vPC will be suspended in case of mismatch
Name Type Local Value Peer Value
-------------
---- ----------------------
-----------------------
STP Mode 1 Rapid-PVST Rapid-PVST
STP Disabled 1 None None
STP MST Region Name 1
""
""
STP MST Region Revision 1
0 0
STP MST Region Instance to 1
VLAN Mapping
STP Loopguard 1 Disabled Disabled
STP Bridge Assurance 1
Enabled Enabled
STP Port Type, Edge
1 Normal, Disabled, Normal, Disabled,
BPDUFilter, Edge BPDUGuard Disabled Disabled
STP MST Simulate PVST 1
Enabled Enabled
Allowed VLANs - 1 1
Local suspended VLANs -
- -
|
Particular vpc port-channel consistency parameter can
also been seen using below command.
N7K.;-1(config-if)# show vpc consistency-parameters
interface po10
Legend:
Type 1 :
vPC will be suspended in case of mismatch
Name Type Local Value Peer Value
------------- ---- ----------------------
-----------------------
STP Port Type 1 Default Default
STP Port Guard 1 None None
STP MST Simulate PVST 1
Default Default
lag-id 1 [(7f9b, [(7f9b,
0-23-4-ee-be-64,
800a, 0-23-4-ee-be-64, 800a,
0, 0), (8000, 0, 0), (8000,
0-5-73-ca-90-1, 13, 0, 0-5-73-ca-90-1, 13, 0,
0)] 0)]
mode 1 active active
Speed 1 10 Gb/s 10 Gb/s
Duplex 1 full full
Port Mode 1 trunk trunk
Native Vlan 1 1
1
MTU 1 1500
1500
Allowed VLANs -
1-4094
1-4094
Local suspended VLANs - -
-
|
Subscribe to:
Posts (Atom)