Cisco
Cisco
Cisco
Authored By:
Email: [email protected]
Page 1 of 139
Cisco Nexus Switch Configuration
Module 1 –
Configuring Nexus Module 1 – Configuring Nexus 7K & 5K
Switches
7K & 5K Switches
Email: [email protected]
Page 2 of 139
Lab 1- Introduction to the Nexus
Operating System (NX-OS)
Nexus 7K - 1
E 3/13-14 E 3/23-24
E 1/13-14 E 1/23-24
E 1/10-11 E 1/10-11
Nexus 5K - 1 Nexus 5K - 2
Task 1
Configure the Switches with Hostnames of the switches based on the following:
• Nexus 7K - N7K-1
• Nexus 5K-1 - N5K-1
• Nexus 5K-2 - N5K-2
OR OR
Hostname N5K-1
Email: [email protected]
Page 3 of 139
OR
Switchname N5K-2
Task 2
Find out the operating system that is running on the Nexus devices.
Show version
Task 3
Figure out the modules installed in your Nexus devices.
Show module
Task 4
Find out the features available on your Nexus devices.
Show feature
Task 5
Find out the features that are enabled by default.
Email: [email protected]
Page 4 of 139
Task 6
Find the status of the interface and its characteristics. What type of Ethernet
Interface is it (Gigabit, Ten G or 100G)?
Task 7
Find out the System Image files that are present in the Devices.
Dir Dir
Nexus 7K-2
Dir
Note: System Image files can be updated from remote servers using FTP,
SCP, SFTP or TFTP. Use the copy command to accomplish this.
NX-OS offers a 120-day grace period license. To enable this license, use
the following command:
License grace-period
To upgrade the license to full, download the license file from Cisco and
copy it to the device bootflash using a TFTP server. Once the license file
is copied, use the following command to install it on the device:
Email: [email protected]
Page 5 of 139
Task 8
Configure a checkpoint of your config file
Checkpoint CK1
Task 9
Change the Hostname of the devices to the following:
• Nexus 7K-1 - Bangalore
• Nexus 5K-1 - Delhi
• Nexus 5K-2 - Dubai
Swtichname Dubai
Task 10
Revert the Switch back the running-config to the checkpoint created.
Nexus 7K-1
Email: [email protected]
Page 6 of 139
Lab 2 – Configuring Trunking & VLANs
(Builds on Lab 1)
Task 1
Configure the interfaces that connect N7K-1 to N5K-1 and N5K-2 as Trunk
ports. Only use the ports shown in the Diagram (Lab1).
N7K-1
Task 2
Configure VLANs and assign ports to these vlans based on the following table:
N7K-1
VLAN 10
VLAN 20
!
interface E 4/23
switchport
switchport mode access
Switchport access vlan 10
!
interface E 4/24
switchport
switchport mode access
Switchport access vlan 20
N5K-1
VLAN 10
VLAN 20
Email: [email protected]
Page 7 of 139
!
interface E 1/21
switchport
switchport mode access
Switchport access vlan 10
!
interface E 1/22
switchport
switchport mode access
Switchport access vlan 20
N5K-2
VLAN 10
VLAN 20
!
interface E 1/29
switchport
switchport mode access
Switchport access vlan 10
!
interface E 1/30
switchport
switchport mode access
Switchport access vlan 20
Task 3
Only VLANs 10 thru 20 should be allowed to cross the trunk links.
N7K-1
Interface E 1/13 - 14
Switchport trunk allowed vlan 10-20
N5K-2
Interface E 1/13 - 14
Switchport trunk allowed vlan 10-20
Email: [email protected]
Page 8 of 139
Lab 3 – Configuring Etherchannels
(Builds on Lab 2)
Task 1
Configure the Ports connecting N5K-1 and N5K-2 to be part of an
Etherchannel. The Etherchannel should use an Industry standard protocol.
N5K-1
Feature LACP
!
Interface E 1/10 - 11
Channel-group 12 mode active
N5K-2
Feature LACP
!
Interface E 1/10 - 11
Channel-group 12 mode active
Task 2
Configure the Port-Channel to be a trunk.
N5K-1
Inteface Port-channel 12
Switchport
Switchport mode trunk
N5K-2
Inteface Port-channel 12
Switchport
Switchport mode trunk
Task 3
Configure the Load Balancing mechanism method to be done based on a
combination of the Source and Destination IP.
N5K-1
Email: [email protected]
Page 9 of 139
Port-channel load-balance ethernet src-dst-ip-vlan
Task 3
Verify the Etherchannel status.
N5K-1
Explanation:
If a link within an EtherChannel fails, traffic previously carried over that failed
link changes to the remaining links within the EtherChannel. A trap is sent for
a failure, identifying the switch, the EtherChannel, and the failed link.
NOTE: All interfaces in each Etherchannel must be the same speed and
duplex, same trunking encapsulation or the same access vlan ID, also the STP
cost for each port must be the same and none of the Etherchannel ports can be
involved in SPAN, RSPAN configuration or neither 802.1X.
Email: [email protected]
Page 10 of 139
Lab 4 – Configuring Switch Virtual
Interfaces (SVI)
(Builds on Lab 3)
Task 1
Enable the SVI feature on the Nexus Switches.
N7K-1 N5K-1
Feature interface-vlan
Task 2
Configure the SVI's on the Nexus switches based on the following table:
N7K-1
Interface VLAN 10
Ip address 10.1.10.1/24
No shut
!
Interface VLAN 20
Ip address 10.1.20.1/24
No shut
N5K-1
Interface VLAN 10
Ip address 10.1.10.11/24
No shut
!
Interface VLAN 20
Ip address 10.1.20.11/24
No shut
N5K-2
Interface VLAN 10
Email: [email protected]
Page 11 of 139
Ip address 10.1.10.12/24
No shut
!
Interface VLAN 20
Ip address 10.1.20.12/24
No shut
Task 3
Make sure the devices are pingable within the same VLANs.
N7K-1 N5K-1
Ping 10.1.10.1
Ping 10.1.20.1
Ping 10.1.10.11
Ping 10.1.20.11
Email: [email protected]
Page 12 of 139
Lab 5 – Configuring Port Security
(Builds on Lab 4)
Task 1
Configure N5K-1 such that only MAC 0010.1111.2222 can connect to Port E
1/21. If another port tries to connect to these ports they should be shudown.
N5K-1
Interface E 1/21
Switchport port-security
Switchport port-security mac 0010.1111.2222
Task 2
Configure N5K-2 such that only MAC 0010.2222.4444 can connect to Port E
1/29. If another port tries to connect to these ports they should be shudown.
N5K-2
Interface E 1/29
Switchport port-security
Switchport port-security mac 0010.2222.4444
Task 3
Configure Port security on N7K-1 ports E 4/23 & 4/24. You would like to learn
the MAC address dynamically and copy it to the running-configuration file.
N7K-1
Interface E 4/23-24
Switchport port-security
Switchport port-security mac sticky
Task 4
Configure E 1/22 in VLAN 10 on N5K-1. Enable Port security for this port such
that 5 MAC address can be connected to it. Configure 2 MAC Address (0001-
1010-AB12 and 0001-1010-AB13) statically. The rest of the MAC addresses
can be learned dynamically.
N5K-1
Interface E 1/22
Switchport
Email: [email protected]
Page 13 of 139
Switchport mode access
Switchport access vlan 10
Switchport port-security
Switchport port-security max 5
Switchport port-security mac 0001.1010.AB12
Switchport port-security mac 0001.1010.AB13
Switchport port-security mac sticky
Task 5
Configure the N5K-1 such that it tries to bring up the Port-security error
disabled port automatically after 4 minutes.
N5K-1
Email: [email protected]
Page 14 of 139
Lab 6 – Preventing the Rogue DHCP
Server Attack using the DHCP Snooping
(Builds on Lab 5)
Feature
Task 1
All the SALES users will be in the SALES VLAN (100). Create this VLAN. Assign
ports E 1/5 – 9 on N5K-2 to this VLAN.
N5K-2
VLAN 100
Names SALES
!
Interface E 1/5 – 9
switchport
Switchport mode access
Switchport access vlan 100
Task 2
The DHCP server resides on the E 1/4 on N5K-2. Assign this port to the SALES
VLAN.
N5K-2
Interface E 1/4
switchport
Switchport mode access
Switchport access vlan 100
Task 3
Enable the DHCP Snooping Feature on the Nexus N5K-2.
N5K-2
Feature dhcp-snooping
Task 4
Make sure the switch only allows DHCP replies from port E 1/4 on N5K-2.
N5K-2
Ip dhcp snooping
Email: [email protected]
Page 15 of 139
Ip dhcp snooping vlan 100
!
Interface E 1/4
Ip dhcp snooping trust
Email: [email protected]
Page 16 of 139
Lab 7 – Configuring Dynamic ARP
Inspection (DAI)
(Builds on Lab 6)
Task 1
Configure N5K-2 such that it intercepts all packets received on untrusted ports
in VLAN 100. It should verify valid IP-MAC mappings against the DHCP
Snooping Database. This database was created by enabling DHCP Snooping for
VLAN 100 in a previous lab.
N5K-2
Email: [email protected]
Page 17 of 139
Lab 8 – Configuring the Source Guard
Feature
(Builds on Lab 7)
Task 1
There is a Server connected to port E 1/3 on N5K-2. Turn on the IP Source
Guard feature on SW2 such that only this server connects up to E 1/3. This
Server has a MAC address of 0001.1010.1020 and an IP address of 192.1.50.7.
This server should be in VLAN 100 and has a static IP Assignment.
N5K-2
Task 2
Enable the source guard feature for the rest of the devices in this VLAN as well.
Use the DHCP binding database to verify the information.
N5K-2
Interface E 1/4 - 9
Ip verify source dhcp-snooping-vlan
Email: [email protected]
Page 18 of 139
Lab 9 – Configuring Storm Control
(Builds on Lab 8)
Task 1
Configure N5K-2 port E 1/14 such that broadcast and multicast traffic do not
use more than 50% of the Interface bandwidth.
N5K-2
Interface E 1/14
Storm-control broadcast level 50.00
Storm-control multicast level 50.00
Email: [email protected]
Page 19 of 139
Lab 10 – Configuring IP ACLs
(Builds on Lab 9)
Task 1
Configure an ACL to only allow Telnet & SSH traffic coming into port E 4/23 on
N7K-1
N7K-1
Ip access-list CONTROL
Permit tcp any any eq 23
Permit tcp any any eq 22
!
Interface E 4/23
Ip access-group CONROL in
Email: [email protected]
Page 20 of 139
Lab 11 – Configuring MAC ACLs
(Builds on Lab 10)
Task 1
There is a MAC Address 0001.0012.2222 trying to attack VLAN 100 by sending
a broadcast storm. You have traced this packet to port E 1/6 on N5K-2. Block
this MAC address on E 1/6 on N5K-2. Do not use Storm control or VACL to
accomplish this task.
N5K-2
Email: [email protected]
Page 21 of 139
Lab 12 – Configuring VLAN ACLs (VACL)
(Builds on Lab 11)
Task 1
You have been requested to implement the following policy on N7K-1:
N7K-1
Ip Access-list VACL-10
permit igmp any any
!
Ip Access-list VACL-20
permit udp any any eq 69
!
Mac access-list MAC-VACL-10
Permit host 0001.0012.2222 any
!
Ip access-list IP-PERMIT
Permit ip any any
!
Vlan access-map VLAN10 10
Match ip addr VACL-10
Action drop
Vlan access-map VLAN10 20
Match mac addr MAC-VACL-10
Action drop
Vlan access-map VLAN10 100
Match ip address IP-PERMIT
Action forward
!
Vlan access-map VLAN20 10
Match ip addr VACL-20
Action drop
Vlan access-map VLAN20 100
Match ip address IP-PERMIT
Email: [email protected]
Page 22 of 139
Action forward
!
Vlan filter VLAN10 vlan-list 10
Vlan filter VLAN20 vlan-list 20
Email: [email protected]
Page 23 of 139
Lab 13 – Configuring SPAN & ERSPAN
(Builds on Lab 12)
Task 1
There is a protocol analyzer connected to N7K-1 port E 4/5. You received a
request to monitor and analyze all packets for VLAN's 10 & 20 on N7K-1.
Configure N7K-1 to send all traffic from VLANs 10 & 20 to Port E 4/5.
N7K-1
Interface E 4/5
Switchport
Switchport montior
No shut
!
Monitor session 1
Source vlan 10 rx
Source vlan 20 rx
Destination Interface E 4/5
No shut
Task 2
There is a protocol analyzer connected to N5K-2 port E 1/5. You received a
request to monitor and analyze all packets for VLAN 10 on N7K-1. Configure
N7K-1 to send all traffic from VLAN 10 to Port E 1/5 on N5K-2. The
communication between the 2 sessions should be IP based.
N7K-1
interface E 1/5
switchport
switchport monitor
no shut
!
Email: [email protected]
Page 24 of 139
monitor session 2 type erspan-destination
source ip 10.1.20.1
destination interface E 1/5
erspan-id 100
vrf default
no shut
Email: [email protected]
Page 25 of 139
Lab 14 – Private VLANs
(Builds on Lab 13)
Task 1
Configure VLANs on N5K-1 based on the following:
N5K-1
Vlan 100
Private-vlan primary
!
Vlan 110
Private-vlan community
!
Vlan 120
Private-vlan isolated
Task 2
Configure VLAN 100 to be the primary VLAN for VLANs 110 & 120.
N5K-1
Vlan 100
Private-vlan association add 110,120
Task 3
Configure N5K-1 such that the following is accomplished:
N5K-1
Email: [email protected]
Page 26 of 139
Interface E 1/5
Switchport mode private-vlan promiscuous
Switchport private-vlan mapping 100 add 110 , 120
!
Interface E 1/6-7
Switchport
Switchport mode private-vlan host
Switchport private-vlan host-assoc 100 110
!
Interface E 1/7-8
switchport
Switchport mode private-vlan host
Switchport private-vlan host-assoc 100 120
on
Email: [email protected]
Page 27 of 139
Lab 15 – Remote Management
(Builds on Lab 14)
Task 1
Configure N7K-1 for Remote Management using Telnet. Configure a local
username admin with a password of admin. Telnet should use the local
database for authentication.
N7K-1
Feature telnet
!
Username admin password admin
!
Line vty 0 4
Login local
Task 2
Configure N5K-1 & N5K-2 for Remote Management using SSH. Configure a
local username admin with a password of admin. SSH should use the local
database for authentication.
N5K-1
Email: [email protected]
Page 28 of 139
Cisco Nexus Switch Configuration
Authored By:
Khawar Butt
Penta CCIE # 12353 Module 2 – Configuring Spanning Tree
CCDE # 20110020 Protocol (STP) on Nexus Switches
Email: [email protected]
Page 29 of 139
Lab 1- Configuring Root Bridges in a
Rapid PVST Network
(Builds on Previous Module)
Nexus 7K - 1
E 3/13-14 E 3/23-24
E 1/13-14 E 1/23-24
E 1/10-11 E 1/10-11
Nexus 5K - 1 Nexus 5K - 2
Task 1
Although the default STP mode is Rapid PVST, make sure you set all 3
switches to Rapid PVST manually.
N7K-1
Task 2
Configure N7K-1 as the root bridge for VLANs 1 - 20. Configure N5K-1 as the
secondary for VLANs 1-10 and N5K-2 as the secondary for VLANs 11-20.
Email: [email protected]
Page 30 of 139
N7K-1
Or
Or
Or
Task 3
Verify STP information for VLAN 10 & 20 by using the show spanning-tree
vlan XX commands on all 3 switches.
N7K-1
Note: Check the Root ID and make sure N7K-1 is the root bridge for all VLAN.
N5K-1
Note: Check the Root ID and make sure N7K-1 is the root bridge for all VLAN.
N5K-2
Note: Check the Root ID and make sure N7K-1 is the root bridge for all VLAN.
Email: [email protected]
Page 31 of 139
Lab 2 – Tuning STP Startup Times
(Builds on Lab 1)
Task 1
Create a VLAN 5 on N7K-1 & N5K-1. Assign port E 4/25 – E 4/26 on N7K-1 to
VLAN 5. Assign port E 1/25 – E 1/27 on N5K-1 to VLAN 5.
N7K-1
VLAN 5
!
Interface E 4/25 – 26
switchport
Switchport mode access
Switchport access vlan 5
N5K-1
VLAN 5
!
Interface E 1/25 – 27
switchport
Switchport mode access
Switchport access vlan 5
Task 2
Users in VLAN 5 are complaining about the time it usually takes for an
interface to come up after they have plugged in the network cable. Configure
the TOTAL link startup delay until the port becomes forwarding to 16 seconds.
Configure N7K-1 to accomplish this without jumping any state.
N7K-1
Task 3
Verify that the Timers have changed for VLAN 5 by using the show spanning-
tree vlan 5 command on N7K-1 & N5K-1 Nexus switches.
N7K-1
Email: [email protected]
Page 32 of 139
Explanation:
Forwarding delay is the time spent by a port in the learning and listening
states.
Email: [email protected]
Page 33 of 139
Lab 3 – Configuring Edge Ports
(Builds on Lab 2)
Task 1
Configure the port range from E 1/25 – 26 on N5K-1 in a way that, the link will
come up as soon as someone plugs in a network cable into these ports
bypassing STP learning/listening states.
N5K-1
Interface E 1/25-26
Spanning-tree port type edge
Task 2
Verifying the setting by using the show spanning-tree interface E 1/XX
N5K-1
Email: [email protected]
Page 34 of 139
Lab 4 - Configuring BPDU Guard & BPDU
Filter
(Builds on Lab 3)
Task 1
The IT departament just found out that someone in the lobby area just plugged
in a switch into port E 1/25 on N5K-1. Configure a command on the
appropriate ports on N5K-1 such that if someone connects a hub or a switch to
any of the 2 edge ports configured in the previous lab, the port will be disabled.
Also make sure that after 4 minutes the disabled port comes up automatically.
N5K-1
Interface E 1/25 - 26
Spanning-tree bpduguard enable
!
Errdisable recovery cause bpduguard
Errdisable recovery interval 240
Task 2
Verify the errdisable recovery feature by using the show errdisable revovery
command.
N5K-1
Task 3
Configure N5K-1 port E1/27 such that this port won’t send or receive any
BDPU packets.
N5K-1
Interface E 1/27
Spanning-tree bpdufilter enable
Email: [email protected]
Page 35 of 139
Lab 5 – Configuring Root Guard
(Builds on Lab 4)
Task 1
N5K-2 will be connected to N2K-2 in the future on Ports E 1/1 & 2. Make sure
that you prevent a superior BPDU from being processed on these ports.
N5K-2
Interface E 1/1-2
Spanning-tree guard root
Email: [email protected]
Page 36 of 139
Lab 6 – Configuring Loop Guard / UDLD
(Builds on Lab 5)
Task 1
Protect the Port Channel between N5K-1 & N5K-1 from unidirectional link
failures without using the UDLD feature.
N5K-1
Interface Port-channel 12
Spanning-tree guard root
Task 2
Protect the Trunk links between N7K-1 & N5K-2 from unidirectional link
failures using the UDLD Aggressive feature.
N7K-1
Interface E 3/23-24
udld aggressive
N5K-2
Interface E 1/23-24
udld aggressive
Email: [email protected]
Page 37 of 139
Lab 7 – Configuring Bridge Assurance on
Network Port Types
(Builds on Lab 6)
Task 1
Configure the Trunk links between N7K-1 and N5K-1 such that they maintain
a bidirectional Keepalive using BPDU.
N7K-1
Email: [email protected]
Page 38 of 139
Lab 8 – Configuring Port Profiles
(Builds on Lab 7)
Task 1
Ports E 1/25 -27 need to be assigned to VLAN 15 on N5K-2. The Ports need to
have BPDUGuard & BPDUFilter features enabled. Make sure they skip the STP
Listening & Learning States. Use Port Profiles to accomplish this task.
N5K-2
VLAN 15
!
Port-profile VLAN15
Switchport
Switchport mode access
Switchport access vlan 15
Spanning-tree port type edge
Spanning-tree bpdufilter enable
Spanning-tree bpduguard enable
No shutdown
State enabled
!
Interface E 1/25 -27
Inherit port-profile VLAN15
Exit
Email: [email protected]
Page 39 of 139
Lab 9 – Configuring MSTP
(Builds on Lab 8)
Task 1
Re-Configure all three Nexus switches to run STP in MST Mode.
N7K-1 N5K-1
Task 2
Configure MST based on the following requirements:
N7K-1 N5K-1
Email: [email protected]
Page 40 of 139
Spanning-tree mst configuration
Revision 10
Name KB-NEXUS
Instance 1 vlan 1-10
Instance 2 vlan 11-20
!
Spanning-tree mst 2 priority 4096
Email: [email protected]
Page 41 of 139
Cisco Nexus Switch Configuration
Authored By:
Khawar Butt
Penta CCIE # 12353 Module 3 – Configuring Virtual Device
CCDE # 20110020 Context (VDC) & Virtual Port Channels
(VPC)
Email: [email protected]
Page 42 of 139
Lab 1- Configuring Virtual Device
Contexts (VDC)
Nexus 7K - 1
E 4/12 E 4/3
E 4/20 E 4/15
E 4/21 E 4/16
Task 1
Connect to 7K1. Configure the admin username with a password of Cciedc01.
Configure it with a hostname of 7K1.
N7K-1
Email: [email protected]
Page 43 of 139
Task 2
Configure 2 VDCs on 7K1 using the following information:
N7K-1
vdc 7K2 id 2
allocate interface E 3/1-2, E 3/21-24
allocate interface E 4/20-21, E 4/24
!
vdc 7K3 id 3
allocate interface E 3/17-18, E 3/29-32
allocate interface E 4/15-16
Note : When you allocate interfaces to VDCs, they are allocated based on Port-
groups. Press Yes when prompted to allocate all members of the port-group.
Task 3
Verify the Creation of the VDCs by using the sh run vdc and sh vdc
membership commands.
N7K-1
Task 4
Configure alias for switching to VDC 7K2 and VDC 7K3 from the default VDC
as VDC2 & VDC3 respectively.
N7K-1
Email: [email protected]
Page 44 of 139
Task 5
Switch to 7K2 using the appropriate alias you created. Configure the password
for the admin account as Cciedc01. Configure a alias for the Switchback
command as SB. Switchback to the default VDC. Use the alias that you created
to switchback.
N7K-1
VDC2
N7K-2
Task 6
Switch to 7K3 using the appropriate alias you created. Configure the password
for the admin account as Cciedc01. Configure a alias for the Switchback
command as SB. Switchback to the default VDC. Use the alias that you created
to switchback.
N7K-1
VDC3
N7K-3
Task 7
Configure the prompt to only display the current VDC.
N7K-1
no vdc combined-hostname
Email: [email protected]
Page 45 of 139
Lab 2 – Configuring Virtual Port Channels
(VPC) on a Nexus 7K
(Builds on Lab 1)
Nexus 7K - 1
E 4/12 E 4/3
VPC 23
E 4/20 E 4/15
E 4/21 E 4/16
Task 1
We will be configuring a vPC to 7K1 to 7K2 & 7K3 based on the above diagram.
Enable the vPC & LACP features on 7K2 & 7K3.
N7K-2
Feature vpc
Feature lacp
N7K-3
Feature vpc
Feature lacp
Task 2
Configure the parameters for the vPC Peer keepalive link based on the
following:
• 7K2
Email: [email protected]
Page 46 of 139
• VRF Name: PKL-23
• Interface: 4/21
• IP Address: 10.1.23.2/24
• 7K3
• VRF Name: PKL-23
• Interface: 4/16
• IP Address: 10.1.23.3/24
N7K-2
Task 3
Configure a vPC Domain between 7K2 & 7K3. Use 23 as the Domain ID. Use
the Interfaces and VRFs from the previous step to configure the vPC Peer
Keepalive link. Make 7K3 as the Primary vPC device.
N7K-2
vpc domain 23
peer-keepalive destination 10.1.23.3 source 10.1.23.2 vrf PKL-23
N7K-3
vpc domain 23
role priority 300
peer-keepalive destination 10.1.23.2 source 10.1.23.3 vrf PKL-23
Task 4
Configure the Port-channel port type as Network. This will enable the Bridge
Assurance Fault tolerance feature. Use this port channel as the vPC Peer Link.
Use the following parameters:
Email: [email protected]
Page 47 of 139
• 7K2
• Port-Channel #: 23
• Interfaces: 3/1-2
• Port Type: Network
• 7K3
• Port-Channel #: 23
• Interface: 3/17-18
• Port Type: Network
N7K-2
int e 3/1-2
channel-group 23 mode active
no shut
!
int port-channel 23
spanning-tree port type network
switch mode trunk
vpc peer-link
N7K-3
int e 3/17-18
channel-group 23 mode active
no shut
!
int port-channel 23
switch mode trunk
spanning-tree port type network
vpc peer-link
Task 5
Verify the status of the vPC Port Channel. Also, make sure the vPC Peer
keepalive link is up. Use the Show VPC command to verify it.
N7K-2
Show VPC
vPC domain id : 23
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
.
Email: [email protected]
Page 48 of 139
.
.
.
vPC Peer-Link status
------------------------------------------------------
id Port Status Active vlans
-- ----- -------- ----------------------------------
1 Po23 up 1
N7K-3
Show VPC
vPC domain id : 23
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
.
.
.
.
vPC Peer-Link status
------------------------------------------------------
id Port Status Active vlans
-- ----- -------- ----------------------------------
1 Po23 up 1
Task 6
Configure a vPC from 7K2 & 7K3 towards 7K1. Configure it as a L2 Trunk Port
Channel. Use 12 as the Port-channel ID. Use E 4/20 on 7K2 & E 4/15 on 7K3
as the vPC member ports.
N7K-2
int E 4/20
switchport
channel-group 12 mode active
no shut
!
int port-channel 12
switchport mode trunk
vpc 23
7K3
int E 4/15
Email: [email protected]
Page 49 of 139
switchport
channel-group 12 mode active
no shut
!
int port-channel 12
switchport mode trunk
vpc 23
Task 7
Enable the LACP feature on 7K1. Configure a normal Port-Channel on 7K1.
Configure it as a L2 Trunk Port Channel. Use 23 as the Port-channel ID. Use E
4/3 & E 4/12 on 7K1 as the member ports.
N7K-1
feature lacp
!
int E 4/3 , E 4/12
switchport
channel-group 23 mode active
no shut
!
int port-channel 23
switchport mode trunk
Task 8
Verify the status of the Port Channel on 7K1. Use the normal Show port-
channel summary command to verify it.
P - Up in Port-channel (member)
S - Switched
U - Up (Port-Channel)
.
.
.
Group Port- Type Protocol Member Ports
Channel
23 Po23(SU) Eth LACP Eth4/3(P) Eth4/12(P)
Email: [email protected]
Page 50 of 139
Cisco Nexus Switch Configuration
Authored By:
Khawar Butt
Penta CCIE # 12353 Module 4 – Configuring Nexus as Layer 3
CCDE # 20110020 Routing Device
Email: [email protected]
Page 51 of 139
Lab 1- Configuring Base Topology for
Routing Protocols
Physical /L2 Topology
E 4/12 E 4/20
E 3/13
E 1/13
VLAN 30
E 1/10 E 1/10
Nexus 5K - 2 Nexus 5K - 1
Task 1
Connect to 7K1. Configure the admin username with a password of Cciedc01.
Install the Grace Period License. Configure it with a hostname of R1.
7K-1
Task 2
Configure a VDC on 7K1 using the following information:
Email: [email protected]
Page 52 of 139
vdc R2 id 2
limit-resource module-type f1 m1
allocate interface E 3/13 , E 4/20
Note : When you allocate interfaces to VDCs, they are allocated based on Port-
groups. Press Yes when prompted to allocate all members of the port-group.
Task 3
Verify the Creation of the VDC by using the sh run vdc and sh vdc membership
commands.
7K-1
Task 4
Configure alias for switching to VDC R2 from the default VDC as R2.
7K-1
Task 5
Switch to R2 using the appropriate alias you created. Configure the password
for the admin account as Cciedc01. Configure a alias for the Switchback
command as SB. Switchback to the default VDC. Use the alias that you created
to switchback.
7K-1
Email: [email protected]
Page 53 of 139
R2
7K-2
Task 6
Configure the password for the admin account as Cciedc01 on 5K1 & 5K2.
Configure the Hostname of 5K1 as R3 & 5K2 as R4.
5K1
Task 7
Configure the prompt to only display the current VDC.
7K-1
no vdc combined-hostname
Email: [email protected]
Page 54 of 139
Logical Topology
R1 R2
VLAN 20
192.1.23.0/24
VLAN 20
192.1.34.0/24
VLAN30 VLAN30
R4 R3
Task 8
Configure VLANs and assign ports to them to create the logical topology based
on the Logical Topology Diagram. Use the following to accomplish this task:
• 7K2(R2):
• VLAN 20 : Interface : E 3/13
• 5K1(R3):
• VLAN 20 : Interface : E 3/13
• VLAN 30 : Interface : E 1/10
• 5K2(R4):
• VLAN 30 : Interface : E 1/10
7K2 (R2)
Vlan 20
!
Interface E 3/13
Switchport mode access
Switchport access vlan 20
No shut
5K1 (R3)
Email: [email protected]
Page 55 of 139
Vlan 20
Vlan 30
!
Interface E 3/13
Switchport mode access
Switchport access vlan 20
No shut
!
Interface E 1/10
Switchport mode access
Switchport access vlan 30
No shut
5K2 (R4)
Vlan 30
!
Interface E 1/10
Switchport mode access
Switchport access vlan 30
No shut
Task 9
Configure a VRF that will be used for L3 Forwarding. Name the VRF as DATA.
Assign the Interface to the Data VRF and configure IP addresses on the them
based on the following:
• 7K1(R1):
• VRF : DATA Interface : E 4/12 IP Address : 192.1.12.1/24
• VRF : DATA Interface : Loop 0 IP Address : 1.1.1.1/8
• 7K2(R2):
• VRF : DATA Interface : E 4/20 IP Address : 192.1.12.2/24
• VRF : DATA Interface : VLAN20 IP Address : 192.1.23.2/24
• VRF : DATA Interface : Loop 0 IP Address : 2.2.2.2/8
• 5K1(R3):
• VRF : DATA Interface : VLAN20 IP Address : 192.1.23.3/24
• VRF : DATA Interface : VLAN30 IP Address : 192.1.34.3/24
• VRF : DATA Interface : Loop 0 IP Address : 3.3.3.3/8
• 5K2(R4):
• VRF : DATA Interface : VLAN30 IP Address : 192.1.34.4/24
• VRF : DATA Interface : Loop 0 IP Address : 4.4.4.4/8
7K1 (R1)
Email: [email protected]
Page 56 of 139
Interface E 4/12
Vrf member DATA
IP address 192.1.12.1 255.255.255.0
No shut
!
Interface loopback 0
Vrf member DATA
Ip address 1.1.1.1 255.0.0.0
7K2 (R2)
Feature interface-vlan
!
VRF Context DATA
!
Interface E 4/20
Vrf member DATA
IP address 192.1.12.2 255.255.255.0
No shut
!
Interface VLAN 20
Vrf member DATA
Ip address 192.1.23.2 255.255.255.0
No shut
!
Interface loopback 0
Vrf member DATA
Ip address 2.2.2.2 255.0.0.0
5K1(R3)
Feature interface-vlan
!
VRF Context DATA
!
Interface VLAN20
Vrf member DATA
IP address 192.1.23.3 255.255.255.0
No shut
!
Interface VLAN 30
Vrf member DATA
IP address 192.1.34.3 255.255.255.0
No shut
!
Interface loopback 0
Email: [email protected]
Page 57 of 139
Vrf member DATA
Ip address 3.3.3.3 255.0.0.0
5K2(R4)
Feature interface-vlan
!
VRF Context DATA
!
Interface VLAN 30
Vrf member DATA
IP address 192.1.34.4 255.255.255.0
No shut
!
Interface loopback 0
Vrf member DATA
Ip address 4.4.4.4 255.0.0.0
Task 10
Verify IP Connectivity by pinging directly connected interfaces.
7K1(R1)
Note: Save the configurations on all the routers. Don't save during the Labs so
that you can reload the topology between different Routing Protocol sections.
Email: [email protected]
Page 58 of 139
Lab 2 – Configuring Static Routing on
Nexus 5K & 7K
(Builds on Lab 1)
R1 R2
VLAN20
192.1.23.0/24
VLAN20
192.1.34.0/24
VLAN30 VLAN30
R4 R3
Task 1
Configure R1 & R4 with default gateways pointing towards R2 & R3
respectively.
7K1(R1)
Email: [email protected]
Page 59 of 139
Task 2
Verify IP Connectivity by pinging 2.2.2.2 network from R1 & 3.3.3.3 from R4.
7K1(R1)
Task 3
Configure R2 & R3 with static routes to achieve full reachability based on the
following table:
• 7K2(R2):
• VRF : DATA Network : 1.0.0.0/8 Next-Hop : 192.1.12.1
• VRF : DATA Network : 3.0.0.0/8 Next-Hop : 192.1.23.3
• VRF : DATA Network : 4.0.0.0/8 Next-Hop : 192.1.23.3
• VRF : DATA Network : 192.1.34.0/24 Next-Hop : 192.1.23.3
• 5K1(R3):
• VRF : DATA Network : 1.0.0.0/8 Next-Hop : 192.1.23.2
• VRF : DATA Network : 2.0.0.0/8 Next-Hop : 192.1.23.2
• VRF : DATA Network : 4.0.0.0/8 Next-Hop : 192.1.34.4
• VRF : DATA Network : 192.1.12.0/24 Next-Hop : 192.1.23.2
7K2(R2)
Email: [email protected]
Page 60 of 139
Task 4
Verify IP Connectivity by pinging 1.1.1.1 network from R4 & 4.4.4.4 from R1.
7K1(R1)
Email: [email protected]
Page 61 of 139
Lab 3 – Configuring EIGRP on Nexus 5K
& 7K - Basic
Physical /L2 Topology
E 4/12 E 4/20
E 4/43
E 4/44
VLAN 30
E 3/4 E 3/2
Task 1
Connect to 7K1. Configure the admin username with a password of Cciedc01.
Install the Grace Period License. Configure it with a hostname of R1.
7K-1
Task 2
Configure the following VDC's on the 7K using the following information:
Email: [email protected]
Page 62 of 139
• VDC 2: Name : R4 ID: 4
• Interfaces : E 3/4 , E 4/7
•
7K-1
vdc R2 id 2
allocate interface E 4/20 , E 4/43
!
vdc R3 id 3
allocate interface E 3/2 , E 4/44
!
vdc R4 id 4
allocate interface E 3/4 , E 4/7
Note : When you allocate interfaces to VDCs, they are allocated based on Port-
groups. Press Yes when prompted to allocate all members of the port-group.
Task 3
Verify the Creation of the VDC by using the sh run vdc and sh vdc membership
commands.
7K-1
Task 4
Configure alias's for switching to VDC R2, R3 & R4 from the default VDC as
R2, R3 & R4 respectively.
7K-1
Task 5
Switch to R2, R3 & R4 using the appropriate alias's you created. Configure the
password for the admin account as Cciedc01. Configure a alias for the
Email: [email protected]
Page 63 of 139
Switchback command as SB. Switchback to the default VDC. Use the alias
that you created to switchback.
7K-1
R2
7K-2
Task 6
Configure the prompt to only display the current VDC.
7K-1
no vdc combined-hostname
Email: [email protected]
Page 64 of 139
Logical Topology
R1 R2
E 4/43
192.1.23.0/24
E 4/44
192.1.34.0/24
VLAN 30 VLAN 30
R4 R3
Task 7
Configure VLANs and assign ports to them to create the logical topology based
on the Logical Topology Diagram. Use the following to accomplish this task:
• 7K3(R3):
• VLAN 30 : Interface : E 3/2
• 7K4(R4):
• VLAN 30 : Interface : E 3/4
7K3 (R3)
Vlan 30
!
Interface E 3/2
Switchport mode access
Switchport access vlan 30
No shut
7K4 (R4)
Vlan 30
!
Interface E 3/4
Switchport mode access
Email: [email protected]
Page 65 of 139
Switchport access vlan 30
No shut
Task 8
Configure a VRF that will be used for L3 Forwarding. Name the VRF as DATA.
Assign the Interface to the Data VRF and configure IP addresses on the them
based on the following:
• R1:
• VRF : DATA Interface : E 4/12 IP Address : 192.1.12.1/24
• VRF : DATA Interface : Loop 0 IP Address : 1.1.1.1/8
• R2:
• VRF : DATA Interface : E 4/20 IP Address : 192.1.12.2/24
• VRF : DATA Interface : E 4/43 IP Address : 192.1.23.2/24
• VRF : DATA Interface : Loop 0 IP Address : 2.2.2.2/8
• R3:
• VRF : DATA Interface : E 4/44 IP Address : 192.1.23.3/24
• VRF : DATA Interface : VLAN30 IP Address : 192.1.34.3/24
• VRF : DATA Interface : Loop 0 IP Address : 3.3.3.3/8
• R4:
• VRF : DATA Interface : VLAN30 IP Address : 192.1.34.4/24
• VRF : DATA Interface : Loop 0 IP Address : 4.4.4.4/8
R1
Email: [email protected]
Page 66 of 139
Vrf member DATA
Ip address 192.1.23.2 255.255.255.0
No shut
!
Interface loopback 0
Vrf member DATA
Ip address 2.2.2.2 255.0.0.0
R3
Feature interface-vlan
!
VRF Context DATA
!
Interface E 4/44
Vrf member DATA
IP address 192.1.23.3 255.255.255.0
No shut
!
Interface VLAN 30
Vrf member DATA
IP address 192.1.34.3 255.255.255.0
No shut
!
Interface loopback 0
Vrf member DATA
Ip address 3.3.3.3 255.0.0.0
R4
Feature interface-vlan
!
VRF Context DATA
!
Interface VLAN 30
Vrf member DATA
IP address 192.1.34.4 255.255.255.0
No shut
!
Interface loopback 0
Vrf member DATA
Ip address 4.4.4.4 255.0.0.0
Task 9
Verify IP Connectivity by pinging directly connected interfaces.
Email: [email protected]
Page 67 of 139
R1
Note: Save the configurations on all the routers. Don't save during the Labs so
that you can reload the topology between different Routing Protocol sections.
Task 10
Enable the EIGRP feature on all 4 Devices.
R1
Feature eigrp
R2
Feature eigrp
R3
Feature eigrp
R4
Feature eigrp
Task 11
Configure EIGRP on R1, R2, R3 & R4 in AS 100. Enable the Loopbacks under
EIGRP 100. Use NEXUS as the Instance Name. Set the EIGRP Router ID based
on XX.XX.XX.XX, where X is the Router #.
R1
Email: [email protected]
Page 68 of 139
autonomous-system 100
router-id 11.11.11.11
!
Interface E 4/12
Ip router eigrp NEXUS
!
Interface Loopback 0
Ip router eigrp NEXUS
R2
Email: [email protected]
Page 69 of 139
vrf DATA
autonomous-system 100
router-id 44.44.44.44
!
Interface VLAN 30
Ip router eigrp NEXUS
!
Interface Loopback 0
Ip router eigrp NEXUS
Task 12
Verify IP Connectivity by pinging 4.4.4.4 network from R1 & 1.1.1.1 from R4.
R1
Task 13
Configure EGIRP Authentication between R2 - R4. R1 - R2 should not be
authenticated. Use a Key of Cciedc01 with a Key ID of 12353.
R2
Email: [email protected]
Page 70 of 139
Address-family ipv4 unicast
Vrf DATA
Authentication mode MD5
Authentication key-chain NEXUS
R4
Task 14
Verify EIGRP Authentication.
RX
Task 15
Email: [email protected]
Page 71 of 139
Make sure the Routers don't send EIGRP updates on the Loopback Interfaces.
R1
Interface Loopback0
Ip passive-interface eigrp NEXUS
R2
Interface Loopback0
Ip passive-interface eigrp NEXUS
R3
Interface Loopback0
Ip passive-interface eigrp NEXUS
R4
Interface Loopback0
Ip passive-interface eigrp NEXUS
Task 16
Verify that Passive Interfaces have been set.
RX
Email: [email protected]
Page 72 of 139
Redistributed max-prefix: Disabled
Email: [email protected]
Page 73 of 139
Lab 4 – Configuring EIGRP on Nexus 5K
& 7K - Advanced
(Builds on Lab 3)
R1 R2
E 4/43
192.1.23.0/24
E 4/44
192.1.34.0/24
VLAN 30 VLAN 30
R4 R3
Task 1
Configure Loopback Interfaces on R1 based on the Table. Enable them under
EIGRP.
• 7K1(R1):
• VRF : DATA Loopback 201: 201.1.4.0/24
• VRF : DATA Loopback 202: 201.1.5.0/24
• VRF : DATA Loopback 203: 201.1.6.0/24
• VRF : DATA Loopback 204: 201.1.7.0/24
R1
Email: [email protected]
Page 74 of 139
Ip address 201.1.5.1 255.255.255.0
Ip router eigrp NEXUS
!
Interface Loopback 203
Vrf member DATA
Ip address 201.1.6.1 255.255.255.0
Ip router eigrp NEXUS
!
Interface Loopback 204
Vrf member DATA
Ip address 201.1.7.1 255.255.255.0
Ip router eigrp NEXUS
Task 2
Verify IP Connectivity by pinging 201.1.4.1 network from R4.
R4
Task 3
Summarize the 201.1.X.0 routes on R1 towards R2.
R1
Interface E 4/12
Ip summary-address eigrp NEXUS 201.1.4.0 255.255.252.0
Task 4
Verify that the appropriate route is getting propagated. (Only the 201.1.4.0/22)
RX
Task 5
Make sure the R2 don't send EIGRP Queries towards R1.
R1
Email: [email protected]
Page 75 of 139
Vrf DATA
Stub
Task 6
Verify that R1 is a stub router by using the Show ip eigrp neighbor detail
command on R2.
R2
Note: Don't save during the Labs. Reload the routers. It should reload with just
the IP Configuration saved during Lab 3.
Email: [email protected]
Page 76 of 139
Lab 5 – Configuring OSPF on Nexus 5K &
7K - Basic
(Builds on Lab 3)
R1 R2
E 4/43
192.1.23.0/24
E 4/44
192.1.34.0/24
VLAN 30 VLAN 30
R4 R3
Task 1
Enable the OSPF feature on all 4 Devices.
R1
Feature ospf
R2
Feature ospf
R3
Feature ospf
R4
Feature ospf
Task 2
Email: [email protected]
Page 77 of 139
Configure OSPF on R1, R2, R3 & R4. Enable the Loopbacks under OSPF Area
0. Use 1 as the Instance Name. Set the OSPF Router ID based on
XX.XX.XX.XX, where X is the Router #.
R1
Router OSPF 1
vrf DATA
router-id 11.11.11.11
!
Interface E 4/12
Ip router ospf 1 area 0
!
Interface Loopback 0
Ip router ospf 1 area 0
R2
Router OSPF 1
vrf DATA
router-id 22.22.22.22
!
Interface E 4/20
Ip router ospf 1 area 0
!
Interface E 4/43
Ip router ospf 1 area 0
!
Interface Loopback 0
Ip router ospf 1 area 0
R3
Router OSPF 1
vrf DATA
router-id 33.33.33.33
!
Interface E 4/44
Ip router ospf 1 area 0
!
Interface VLAN 30
Ip router ospf 1 area 0
!
Interface Loopback 0
Ip router ospf 1 area 0
R4
Email: [email protected]
Page 78 of 139
Router OSPF 1
Vrf DATA
Router-id 44.44.44.44
!
Interface VLAN 30
Ip router ospf 1 area 0
!
Interface Loopback 0
Ip router ospf 1 area 0
Task 3
Verify IP Connectivity by pinging 4.4.4.4 network from R1 & 1.1.1.1 from R4.
R1
Task 4
Configure Clear Text OSPF Authentication between R1 & R2. Use a Key of
Cciedc01.
R1
Interface E 4/12
Ip ospf authentication
Ip ospf authentication-key Cciedc01
R2
Interface E 4/20
Ip ospf authentication
Ip ospf authentication-key Cciedc01
Email: [email protected]
Page 79 of 139
Task 5
Configure MD5 OSPF Authentication between R2 - R4. R1 - R2 should not be
authenticated. Use a Key of Cciedc01 with a Key ID of 1.
R2
Interface E 4/43
Ip ospf authentication message-digest
Ip ospf message-digest-key 1 md5 Cciedc01
R3
Interface E 4/44
Ip ospf authentication message-digest
Ip ospf message-digest-key 1 md5 Cciedc01
!
Interface VLAN 30
Ip ospf authentication message-digest
Ip ospf message-digest-key 1 md5 Cciedc01
R4
Interface VLAN 30
Ip ospf authentication message-digest
Ip ospf message-digest-key 1 md5 Cciedc01
Task 5
Verify OSPF Authentication.
R1
Email: [email protected]
Page 80 of 139
R2
Task 6
Make sure they appear in the remote routing tables with the appropriate
masks.
R1
Interface Loopback0
Ip ospf network point-to-point
R2
Interface Loopback0
Ip ospf network point-to-point
Email: [email protected]
Page 81 of 139
R3
Interface Loopback0
Ip ospf network point-to-point
R4
Interface Loopback0
Ip ospf network point-to-point
Note: Don't save during the Labs. Reload the routers. It should reload with just
the IP Configuration saved during Lab 3.
Email: [email protected]
Page 82 of 139
Lab 6 – Configuring OSPF on Nexus 5K &
7K - Advanced
(Builds on Lab 3)
R1 R2
Area 10
E 4/43
192.1.23.0/24 Area 0
E 4/44
192.1.34.0/24
VLAN30 VLAN30
R3
R3
R4 Area 20
Task 1
Enable the OSPF feature on all 4 Devices.
R1
Feature ospf
R2
Feature ospf
R3
Feature ospf
R4
Feature ospf
Task 2
Email: [email protected]
Page 83 of 139
Configure OSPF on R1, R2, R3 & R4. Enable the Interfaces in the appropriate
Area based on the following table & figure. Use 1 as the Instance Name. Set the
OSPF Router ID based on XX.XX.XX.XX, where X is the Router #. Advertise the
Loopbacks with the Interface masks.
R1
Router OSPF 1
Vrf DATA
Router-id 11.11.11.11
!
Interface E 4/12
Ip router ospf 1 area 10
!
Interface Loopback 0
Ip router ospf 1 area 10
Ip ospf network point-to-point
R2
Router OSPF 1
Vrf DATA
Router-id 22.22.22.22
!
Interface E 4/20
Ip router ospf 1 area 10
!
Interface E 4/43
Ip router ospf 1 area 0
!
Interface Loopback 0
Ip router ospf 1 area 10
Ip ospf network point-to-point
R3
Router OSPF 1
Vrf DATA
Router-id 33.33.33.33
!
Interface E 4/44
Ip router ospf 1 area 0
Email: [email protected]
Page 84 of 139
!
Interface VLAN 30
Ip router ospf 1 area 20
!
Interface Loopback 0
Ip router ospf 1 area 20
Ip ospf network point-to-point
R4
Router OSPF 1
Vrf DATA
Router-id 44.44.44.44
!
Interface VLAN 30
Ip router ospf 1 area 20
!
Interface Loopback 0
Ip router ospf 1 area 20
Ip ospf network point-to-point
Task 3
Verify IP Connectivity by pinging 4.4.4.4 network from R1 & 1.1.1.1 from R4.
R1
Task 4
Configure Loopback Interfaces on R2 & R4 based on the Table. Redistribute
these routes into OSPF using Redistribute Connected. These routes should
appear in OSPF as external routes.
• 7K2(R2):
• VRF : DATA Loopback 201: 202.1.4.0/24
• VRF : DATA Loopback 202: 202.1.5.0/24
• VRF : DATA Loopback 203: 202.1.6.0/24
• VRF : DATA Loopback 204: 202.1.7.0/24
Email: [email protected]
Page 85 of 139
• 5K2(R4):
• VRF : DATA Loopback 201: 204.1.4.0/24
• VRF : DATA Loopback 202: 204.1.5.0/24
• VRF : DATA Loopback 203: 204.1.6.0/24
• VRF : DATA Loopback 204: 204.1.7.0/24
R2
Email: [email protected]
Page 86 of 139
Interface Loopback 204
Vrf member DATA
Ip address 204.1.7.1 255.255.255.0
!
route-map RC permit 10
match interface loopback201 loopback202 loopback203 loopback204
!
Router ospf 1
Vrf DATA
Redistribute direct route-map RC
Task 5
Verify IP Connectivity by pinging 204.1.4.1 network from R1 & 202.1.4.1 from
R1.
R1
Task 6
Summarize the 202.1.X.0 and the 204.1.X.0 networks on the appropriate
routers.
R2
Router ospf 1
Vrf DATA
Summary-address 202.1.4.0 255.255.252.0
R4
Router ospf 1
Vrf DATA
Summary-address 204.1.4.0 255.255.252.0
Task 7
Verify IP Connectivity by pinging 202.1.4.1 network from R1. Also, verify that
the routes are getting summarized.
Email: [email protected]
Page 87 of 139
R1
Task 8
Configure Area 10 as a Totally Stubby area.
R1
Router ospf 1
Vrf DATA
Area 10 stub
R2
Router ospf 1
Vrf DATA
Area 10 stub no-summary
Task 9
Verify IP Connectivity by pinging 202.1.4.1 network from R1. Also, verify that
Inter-Area & External Routes are not getting sent to R1.
R1
Task 10
Configure Area 20 as a NSSA-Totally Stubby Area.
R3
Router ospf 1
Vrf DATA
Area 20 nssa no-summary
Email: [email protected]
Page 88 of 139
R4
Router ospf 1
Vrf DATA
Area 20 nssa
Task 11
Verify IP Connectivity by pinging 202.1.4.1 network from R4. Also, verify that
Inter-Area & External Routes from the backbone are not getting sent to R4.
R2
Note: Don't save during the Labs. Reload the routers. It should reload with just
the IP Configuration saved during Lab 3.
Email: [email protected]
Page 89 of 139
Lab 7 – Configuring BGP on Nexus 5K &
7K
(Builds on Lab 1)
R1 R2
E 4/43
192.1.23.0/24
E 4/44
192.1.34.0/24
VLAN 30 VLAN 30
R4 R3
R3
R1 R2 R4
AS 100 AS 200
Email: [email protected]
Page 90 of 139
Task 1
Enable the BGP & OSPF features on all 4 Devices.
R1
Feature bgp
Feature ospf
R2
Feature bgp
Feature ospf
R3
Feature bgp
Feature ospf
R4
Feature bgp
Feature ospf
Task 2
Configure BGP between R1 & R2 based on the BGP Logical Topology. Advertise
the Loopback 0 Interfaces under BGP.
R1
Task 3
Verify IP Connectivity by pinging 2.2.2.2 network from R1 & 2.2.2.2 from R1.
Email: [email protected]
Page 91 of 139
R1
Task 4
Secure the BGP relationship between R1 & R2. Use Cciedc01 as the key.
R1
Task 5
Configure Loopback 10 on R2, R3 & R4 using the 10.X.X.X/32 format.
Configure OSPF as the IGP in AS 200. Enable OSPF in Area 0 on the internal
links in Area 0 and the Loopback 10 networks. These will be used to setup the
iBGP relationships.
R2
Router ospf 1
Vrf DATA
Router-id 22.22.22.22
!
Interface E 4/43
Ip router ospf 1 area 0
!
Interface Loopback 10
Email: [email protected]
Page 92 of 139
Vrf member DATA
Ip address 10.2.2.2 255.255.255.255
Ip router ospf 1 area 0
R3
Router ospf 1
Vrf DATA
Router-id 33.33.33.33
!
Interface E 4/44
Ip router ospf 1 area 0
!
Interface VLAN 30
Ip router ospf 1 area 0
!
Interface Loopback 10
Vrf member DATA
Ip address 10.3.3.3 255.255.255.255
Ip router ospf 1 area 0
R4
Router ospf 1
Vrf DATA
Router-id 44.44.44.44
!
Interface VLAN 30
Ip router ospf 1 area 0
!
Interface Loopback 10
Vrf member DATA
Ip address 10.4.4.4 255.255.255.255
Ip router ospf 1 area 0
Task 6
Verify IP Connectivity by using the Show ip route vrf DATA command on R2,
R3 & R4.
R2
Email: [email protected]
Page 93 of 139
Show ip route vrf DATA
Task 7
Configure an iBGP neighbor relationship between R2 & R3. Configure the
neighbor relationship based on Lookback 10. Advertise Loopback 0 in BGP on
R3. Change the Next-hop attribute on R2 towards R3.
R2
Task 8
Verify reachability to the 1.0.0.0 network from 3.0.0.0.
R1
Task 9
Email: [email protected]
Page 94 of 139
Configure an iBGP neighbor relationship between R3 & R4. Configure the
neighbor relationship based on Lookback 10. Advertise Loopback 0 in BGP on
R4. Configure R3 as a Route Reflector for R2 & R4.
R3
Task 11
Verify reachability to the 1.0.0.0 network from 4.0.0.0.
R1
Note: Don't save during the Labs. Reload the routers. It should reload with jsut
the IP Configuration saved during Lab 3.
Email: [email protected]
Page 95 of 139
Lab 8 – Configuring PIM Sparse Mode on
Nexus 5K & 7K - Static RP
(Builds on Lab 3)
R1 R2
E 4/43
192.1.23.0/24
E 4/44
192.1.34.0/24
VLAN 30 VLAN 30
R4 R3
Task 1
Enable the EIGRP & PIM feature on all 4 Devices.
R1
Feature eigrp
Feature PIM
R2
Feature eigrp
Feature PIM
R3
Feature eigrp
Feature PIM
R4
Feature eigrp
Feature PIM
Email: [email protected]
Page 96 of 139
Task 2
Configure EIGRP on R1, R2, R3 & R4 in AS 100. Enable the Loopbacks under
EIGRP 100. Use NEXUS as the Instance Name. Set the EIGRP Router ID based
on XX.XX.XX.XX, where X is the Router #.
R1
Email: [email protected]
Page 97 of 139
Ip router eigrp NEXUS
!
Interface Loopback 0
Ip router eigrp NEXUS
R4
Task 3
Verify IP Connectivity by pinging 4.4.4.4 network from R1 & 1.1.1.1 from R4.
R1
Task 4
Configure R1 to be the RP for Multicast groups 224.1.1.0/24, and R4 to be the
RP for the groups 224.4.4.0/24. These two RPs should use their Loopback 0
interface for this purpose.
R1
Email: [email protected]
Page 98 of 139
!
Interface E 4/12
Ip pim sparse-mode
R2
Email: [email protected]
Page 99 of 139
Task 5
Configure R1 Loopback 0 and R4 loopback to to join the following Multicast
groups:
R1 R4
Task 6
Verify the configuration by using the Show ip pim rp command.
R2
Show ip pim rp
R3
Show ip pim rp
Email: [email protected]
Page 100 of 139
Cisco Nexus Switch Configuration
Authored By:
Khawar Butt
Penta CCIE # 12353 Module 5 – Configuring Advanced vPCs
CCDE # 20110020 & FEX
Email: [email protected]
Page 101 of 139
Lab 1- Configuring vPC on Nexus 7K
Switches
Nexus 7K - 1
E 4/12 E 4/3
E 4/20 E 4/15
E 4/21 E 4/16
Nexus 5K - 1 Nexus 5K - 2
E 1/10-11 E 1/10-11
Mgmt 0 Mgmt 0
Task 1
Connect to 7K1. Configure the admin username with a password of Cciedc01.
Configure it with a hostname of 7K1.
7K-1
Email: [email protected]
Page 102 of 139
Task 2
Configure 2 VDCs on 7K1 using the following information:
7K-1
vdc 7K2 id 2
allocate interface E 3/1-2, E 3/21-24
allocate interface E 4/20-21, E 4/24
!
vdc 7K3 id 3
allocate interface E 3/17-18, E 3/29-32
allocate interface E 4/15-16
Note : When you allocate interfaces to VDCs, they are allocated based on Port-
groups. Press Yes when prompted to allocate all members of the port-group.
Task 3
Verify the Creation of the VDCs by using the sh run vdc and sh vdc
membership commands.
7K-1
Task 4
Configure alias for switching to VDC 7K2 and VDC 7K3 from the default VDC
as VDC2 & VDC3 respectively.
7K-1
Email: [email protected]
Page 103 of 139
Task 5
Switch to 7K2 using the appropriate alias you created. Configure the password
for the admin account as Cciedc01. Configure a alias for the Switchback
command as SB. Switchback to the default VDC. Use the alias that you created
to switchback.
7K-1
VDC2
7K-2
Task 6
Switch to 7K3 using the appropriate alias you created. Configure the password
for the admin account as Cciedc01. Configure a alias for the Switchback
command as SB. Switchback to the default VDC. Use the alias that you created
to switchback.
7K-1
VDC3
7K-3
Task 7
Configure the prompt to only display the current VDC.
7K-1
no vdc combined-hostname
Task 8
Email: [email protected]
Page 104 of 139
We will be configuring a vPC to 7K1 to 7K2 & 7K3 based on the above diagram.
Enable the vPC & LACP features on 7K2 & 7K3.
7K-2
Feature vpc
Feature lacp
7K-3
Feature vpc
Feature lacp
Task 9
Configure the parameters for the vPC Peer keepalive link based on the
following:
• 7K2
• VRF Name: PKL-23
• Interface: 4/21
• IP Address: 10.1.23.2/24
• 7K3
• VRF Name: PKL-23
• Interface: 4/16
• IP Address: 10.1.23.3/24
7K-2
Task 10
Email: [email protected]
Page 105 of 139
Configure a vPC Domain between 7K2 & 7K3. Use 23 as the Domain ID. Use
the Interfaces and VRFs from the previous step to configure the vPC Peer
Keepalive link. Make 7K3 as the Primary vPC device.
7K-2
vpc domain 23
peer-keepalive destination 10.1.23.3 source 10.1.23.2 vrf PKL-23
7K-3
vpc domain 23
role priority 300
peer-keepalive destination 10.1.23.2 source 10.1.23.3 vrf PKL-23
Task 11
Configure the Port-channel port type as Network. This will enable the Bridge
Assurance Fault tolerance feature. Use this port channel as the vPC Peer Link.
Use the following parameters:
• 7K2
• Port-Channel #: 23
• Interfaces: 3/1-2
• Port Type: Network
• 7K3
• Port-Channel #: 23
• Interface: 3/17-18
• Port Type: Network
7K-2
Interface E 3/1-2
channel-group 23 mode active
no shut
!
Interface port-channel 23
spanning-tree port type network
switch mode trunk
vpc peer-link
7K-3
int e 3/17-18
channel-group 23 mode active
no shut
!
Email: [email protected]
Page 106 of 139
Interface port-channel 23
switch mode trunk
spanning-tree port type network
vpc peer-link
Task 12
Verify the status of the vPC Port Channel. Also, make sure the vPC Peer
keepalive link is up. Use the Show VPC command to verify it.
7K-2
Show VPC
vPC domain id : 23
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
.
.
.
.
vPC Peer-Link status
------------------------------------------------------
id Port Status Active vlans
-- ----- -------- ----------------------------------
1 Po23 up 1
7K-3
Show VPC
vPC domain id : 23
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
.
.
.
.
vPC Peer-Link status
------------------------------------------------------
id Port Status Active vlans
-- ----- -------- ----------------------------------
1 Po23 up 1
Email: [email protected]
Page 107 of 139
Task 13
Configure a port-channel from 7K2 & 7K3 towards 7K1 using vPC. Configure it
as a L2 Trunk Port Channel. Use 12 as the Port-channel ID. Use E 4/20 on
7K2 & E 4/15 on 7K3 as the vPC member ports.
7K-2
Interface E 4/20
switchport
channel-group 12 mode active
no shut
!
Interface port-channel 12
switchport mode trunk
vpc 23
7K3
Interface E 4/15
switchport
channel-group 12 mode active
no shut
!
Interface port-channel 12
switchport mode trunk
vpc 23
Task 14
Enable the LACP feature on 7K1. Configure a normal Port-Channel on 7K1.
Configure it as a L2 Trunk Port Channel. Use 23 as the Port-channel ID. Use E
4/3 & E 4/12 on 7K1 as the member ports.
7K-1
feature lacp
!
Interface E 4/3 , E 4/12
switchport
channel-group 23 mode active
no shut
!
Interface port-channel 23
switchport mode trunk
Task 15
Email: [email protected]
Page 108 of 139
Verify the status of the Port Channel on 7K1. Use the normal Show port-
channel summary command to verify it.
7K-1
P - Up in Port-channel (member)
S - Switched
U - Up (Port-Channel)
.
.
.
Group Port- Type Protocol Member Ports
Channel
23 Po23(SU) Eth LACP Eth4/3(P) Eth4/12(P)
Note: In this setup, 7K-2 & 7K-3 are seen as one logical switch by 7K1. The
following is the logical diagram.
Nexus 7K - 1
Port Channel 23
Port Channel 12
Port Channel 23
Email: [email protected]
Page 109 of 139
Lab 2 – Configuring vPC with Nexus 5K
Switches
(Builds on Lab 1)
Task 1
Configure a port-channel from 7K2 & 7K3 towards 5K1 using vPC. Configure it
as a L2 Trunk Port Channel. Use 523 as the Port-channel ID. Use E 3/21-22
Ports on 7K2 & E 3/31-32 Ports on 7K3 as the vPC member ports.
7K-2
Interface E 3/21 - 22
channel-group 523 mode active
no shut
!
Interface port-channel 523
switchport mode trunk
vpc 523
7K-3
Interface E 3/31 - 32
channel-group 523 mode active
no shut
!
Interface port-channel 523
switchport mode trunk
vpc 523
Task 2
Enable the LACP feature on 5K1. Configure a normal Port-Channel on 5K1.
Configure it as a L2 Trunk Port Channel. Use 523 as the Port-channel ID. Use
E 1/15-16 & E 1/21-22 on 5K1 as the member ports.
5K-1
feature lacp
!
Interface E 1/15-16 , E 1/21-22
switchport
channel-group 523 mode active
no shut
Email: [email protected]
Page 110 of 139
!
int port-channel 523
switchport mode trunk
Task 3
Verify the status of the Port Channel on 5K1. Use the normal Show port-
channel summary command to verify it.
5K-1
P - Up in Port-channel (member)
S - Switched
U - Up (Port-Channel)
.
.
.
Group Port- Type Protocol Member Ports
Channel
523 Po523(SU) Eth LACP Eth1/15(P) Eth1/16(P) Eth1/21(P) Eth1/22(P)
Task 4
Configure a port-channel from 7K2 & 7K3 towards 5K2 using vPC. Configure it
as a L2 Trunk Port Channel. Use 524 as the Port-channel ID. Use E 3/23-24
Ports on 7K2 & E 3/29-30 Ports on 7K3 as the vPC member ports.
7K-2
Interface E 3/23 - 24
channel-group 524 mode active
no shut
!
Interface port-channel 524
switchport mode trunk
vpc 524
7K-3
Interface E 3/29 - 30
channel-group 524 mode active
no shut
!
Interface port-channel 524
switchport mode trunk
Email: [email protected]
Page 111 of 139
vpc 524
Task 5
Enable the LACP feature on 5K2. Configure a normal Port-Channel on 5K2.
Configure it as a L2 Trunk Port Channel. Use 524 as the Port-channel ID. Use
E 1/23-24 & E 1/29-30 on 5K2 as the member ports.
5K-2
feature lacp
!
Interface E 1/23-24 , E 1/29-30
switchport
channel-group 524 mode active
no shut
!
Interface port-channel 524
switchport mode trunk
Task 6
Verify the status of the Port Channel on 5K2. Use the normal Show port-
channel summary command to verify it.
5K-2
P - Up in Port-channel (member)
S - Switched
U - Up (Port-Channel)
.
.
.
Group Port- Type Protocol Member Ports
Channel
524 Po524(SU) Eth LACP Eth1/23(P) Eth1/24(P) Eth1/29(P) Eth1/30(P)
Email: [email protected]
Page 112 of 139
Note: In this setup, 7K-2 & 7K-3 are seen as one logical switch by the 5K
devices. The following is the logical diagram.
Nexus 7K - 1
Port Channel 23
Port Channel 12
Port Channel 23
vPC Peer Link
Nexus 5K - 1 Nexus 5K - 2
Email: [email protected]
Page 113 of 139
Lab 3 – Configuring vPC between Nexus
5K switches to setup a Back-to-Back vPC
(Builds on Lab 2)
Nexus 7K - 1
E 4/12 E 4/3
E 4/20 E 4/15
E 4/21 E 4/16
E 3/21-22 E 3/23-24
E 3/31-32 E 3/29-30
Nexus 5K - 1 Nexus 5K - 2
E 1/10-11 E 1/10-11
Mgmt 0 Mgmt 0
Task 1
We will be configuring a vPC configuration between 5K1 to 5K2 based on the
above diagram. Enable the vPC feature on 5K2 & 5K2.
5K-1
Feature vpc
Email: [email protected]
Page 114 of 139
Feature lacp
5K-2
Feature vpc
Feature lacp
Task 2
Configure the parameters for the vPC Peer keepalive link based on the
following:
• 5K1
• Interface: Mgmt 0
• IP Address: 10.1.112.1/24
• 5K2
• Interface: Mgmt 0
• IP Address: 10.1.112.2/24
5K-1
Interface mgmt 0
ip address 10.1.112.1/24
no shut
5K-2
Interface mgmt 0
ip address 10.1.112.2/24
no shut
Task 3
Configure a vPC Domain between 5K1 & 5K2. Use 12 as the Domain ID. Use
the Interfaces from the previous step to configure the vPC Peer Keepalive link.
Make 5K1 as the Primary vPC device.
5K-1
vpc domain 12
peer-keepalive destination 10.1.112.2
role priority 300
5K-2
vpc domain 12
peer-keepalive destination 10.1.112.1
Email: [email protected]
Page 115 of 139
Task 4
Configure the Port-channel port type as Network. This will enable the Bridge
Assurance Fault tolerance feature. Use this port channel as the vPC Peer Link.
Use the following parameters:
• 5K-1
• Port-Channel #: 12
• Interfaces: 1/10-11
• Port Type: Network
• 5K-2
• Port-Channel #: 12
• Interface: 1/10-11
• Port Type: Network
5K-1
Interface E 1/10-11
channel-group 12 mode active
no shut
!
Interface port-channel 12
spanning-tree port type network
switch mode trunk
vpc peer-link
5K-2
Interface E 1/10-11
channel-group 12 mode active
no shut
!
Interface port-channel 12
switch mode trunk
spanning-tree port type network
vpc peer-link
Task 5
Verify the status of the vPC Port Channel. Also, make sure the vPC Peer
keepalive link is up. Use the Show VPC command to verify it.
5K-1
Show VPC
vPC domain id : 12
Email: [email protected]
Page 116 of 139
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
.
.
.
.
vPC Peer-Link status
------------------------------------------------------
id Port Status Active vlans
-- ----- -------- ----------------------------------
1 Po12 up 1
5K-2
Show VPC
vPC domain id : 12
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
.
.
.
.
vPC Peer-Link status
------------------------------------------------------
id Port Status Active vlans
-- ----- -------- ----------------------------------
1 Po12 up 1
Task 6
Disable the old vPC based port-channel (523) on the 7K devices (7K2 & 7K3).
Create a new vPC port-channel (75) using ports E 3/21-24 as member ports on
7K-2. Use ports E 3/29-32 on 7K-3. Use VPC id of 75 for this port-channel.
7K-2
Email: [email protected]
Page 117 of 139
7K-3
Interface E 3/29 - 32
channel-group 75 mode active
!
Interface port-channel 75
vpc 75
Task 7
Disable the old vPC based port-channels (723-724) on the 5K devices (5K1 &
5K2). Create a new vPC port-channel (75) using ports E 1/21-22 , E 1/15-16
as member ports on 5K-1. Use ports E 1/23-24, E 1/29-30 on 5K-2. Use VPC
id of 75 for this port-channel.
5K-1
Email: [email protected]
Page 118 of 139
Note: In this setup, 7K-2 & 7K-3 are seen as one logical switch by the 5K
devices and vice versa. The following is the logical diagram.
Nexus 7K - 1
Port Channel 23
Port Channel 12
Port Channel 23
vPC Peer Link
Port Channel 75
Port Channel 75
Port Channel 12
vPC Peer Link
Nexus 5K - 1 Nexus 5K - 2
Email: [email protected]
Page 119 of 139
Lab 4 – Configuring FEX -
Using Static Pinning
(Builds on Lab 3)
Nexus 7K - 1
E 4/12 E 4/3
E 4/20 E 4/15
E 4/21 E 4/16
E 3/21-22 E 3/23-24
E 3/31-32 E 3/29-30
Nexus 5K - 1 Nexus 5K - 2
E 1/10-11 E 1/10-11
Mgmt 0 Mgmt 0
E 1/1-2 E 1/1-2
E 1/3-4 E 1/3-4
Nexus 5K - 2
Nexus 2K - 1
Server
Email: [email protected]
Page 120 of 139
Task 1
We will be connecting the Nexus 2K switches as Fabric Extensions for the
Nexus 5K switches. Enable the FEX feature on 5K-1.
5K-1
Feature fex
Task 2
We will configure Ports E 1/1 & E 1/2 as FEX ports from 5K-1 towards 2K-1.
Use 101 as the FEX Identifier.
5K-1
Interface E 1/1-2
switchport mode fex
fex associate 101
Task 3
Use the Show Fex command to verify the port status. It will initially show the
ports as connected before going to online.
5K-1
Show Fex
Email: [email protected]
Page 121 of 139
Task 4
By default, only 1 of the links is used. You can use the Show Fex command to
verify this.
5K-1
Task 5
Change the number of Links for Fex to 2 to load share the traffic over the 2
links. It will equally share the physical ports based on the number of links
connecting the 5K to the 2K switches.
5K-1
fex 101
pinning max-links 2
Task 6
Verify the use of both links based on the Show Fex detail command.
5K-1
Email: [email protected]
Page 122 of 139
Extender Model: N2K-C2232PP-10GE, Part No: 73-12533-05
Card Id: 82, Mac Addr: 0c:d9:96:08:1d:42, Num Macs: 64
Module Sw Gen: 12594 [Switch Sw Gen: 21]
post level: complete
pinning-mode: static Max-links: 2
.
.
.
Email: [email protected]
Page 123 of 139
Lab 5 – Configuring FEX -
Using Port Channels
(Builds on Lab 4)
Nexus 7K - 1
E 4/12 E 4/3
E 4/20 E 4/15
E 4/21 E 4/16
E 3/21-22 E 3/23-24
E 3/31-32 E 3/29-30
Nexus 5K - 1 Nexus 5K - 2
E 1/10-11 E 1/10-11
Mgmt 0 Mgmt 0
E 1/1-2 E 1/1-2
E 1/3-4 E 1/3-4
Nexus 5K - 2
Nexus 2K - 1
Server
Email: [email protected]
Page 124 of 139
Task 1
We will be connecting the Nexus 2K switches as Fabric Extensions for the
Nexus 5K switches. Enable the FEX feature on 5K-2.
5K-2
Feature fex
Task 2
We will configure Ports E 1/1 & E 1/2 as FEX ports from 5K-2 towards 2K-1.
We will be using Port Channels to take advantage of Dynamic Pinning and Load
Balancing. Use 102 as the FEX Identifier. Use 102 as the Port Channel ID.
5K-2
Interface E 1/1-2
channel-group 102 mode on
!
Interface port-channel 102
switchport mode fex-fabric
fex associate 102
Task 3
Use the Show Fex command to verify if the port is online. It will take a couple
of minutes to come online.
5K-2
Email: [email protected]
Page 125 of 139
Task 4
You can use the show fex detail command to verify that the Port-channel is
being used to connect to the 2K2 Fex.
5K-2
Email: [email protected]
Page 126 of 139
Lab 6 – Configuring FEX -
Using vPC
(Builds on Lab 5)
Nexus 7K - 1
E 4/12 E 4/3
E 4/20 E 4/15
E 4/21 E 4/16
E 3/21-22 E 3/23-24
E 3/31-32 E 3/29-30
Nexus 5K - 1 Nexus 5K - 2
E 1/10-11 E 1/10-11
Mgmt 0 Mgmt 0
E 1/1-2 E 1/1-2
E 1/3-4 E 1/3-4
Nexus 5K - 2
Nexus 2K - 1
Server
Email: [email protected]
Page 127 of 139
Pre-requisite Configuration:
We will be configuring the Nexus 2K switches to see the Nexus 5K switches as
one logical switch using vPCs. We have already configured a vPC Peer Keepalive
Link and Port-Channel between 5K-1 & 5K-2 in Lab3. We are using a Domain-
id of 12.
Task 1
Re-Configure Ports E 1/1-2 on 5K-1 to be part of an Port-Channel. This port
channel will be used to connect the 5K devices to 2K1. Use Port-channel ID as
501. Use 101 as the FEX ID. Use a vPC ID of 10 for the Port Channel. Also,
configure the cross-links E 1/3-4 on 5K-2 as a port channel to connect to 2K1
to the 5K switches. Use the same ID's as you did on 5K1.
5K-1
Interface E 1/1-2
No switchport mode fex-fabric
No Fex associate 101
!
Interface E 1/1-2
channel-group 501 mode on
!
Interface port-channel 501
switchport mode fex-fabric
fex associate 101
vpc 10
5K-2
Interface E 1/3-4
channel-group 501 mode on
!
Interface port-channel 501
switchport mode fex-fabric
fex associate 101
vpc 10
Email: [email protected]
Page 128 of 139
Task 2
Use the Show Fex command to verify if the ports are online on both the 5K
switches. It will take a couple of minutes to come online.
5K-1
Show Fex
Show fex
Task 3
Re-Configure Ports E 1/1-2 on 5K-2 to be part of an Port-Channel 502. This
port channel will be used to connect the 5K devices to 2K2. Use Port-channel
ID as 502. Use 102 as the FEX ID. Use a vPC ID of 20 for the Port Channel.
Also, configure the cross-links E 1/3-4 on 5K-1 as a port channel to connect to
2K2 to the 5K switches. Use the same ID's as you did on 5K2.
5K-2
Interface E 1/1-2
No channel-group 102 mode on
!
No interface port-channel 102
!
Interface E/1-2
channel-group 502 mode on
int port-channel 502
switchport mode fex-fabric
fex associate 102
vpc 20
5K-1
Interface E 1/3-4
Email: [email protected]
Page 129 of 139
channel-group 502 mode on
!
Interface port-channel 502
switchport mode fex-fabric
fex associate 102
vpc 20
Task 4
Use the Show Fex command to verify if the ports are online on both the 5K
switches. It will take a couple of minutes to come online.
5K-1
Show Fex
Show fex
Email: [email protected]
Page 130 of 139
Note: In this setup, 5K-1 & 5K-2 are seen as one logical switch by the 2K
devices. The following is the logical diagram of the entire topology.
Nexus 7K - 1
Port Channel 23
Port Channel 12
Port Channel 23
vPC Peer Link
Port Channel 75
Port Channel 75
Port Channel 12
vPC Peer Link
Nexus 5K - 1 Nexus 5K - 2
Nexus 2K - 1 Nexus 2K - 2
Server
Email: [email protected]
Page 131 of 139
Lab 7 – Configuring Enhanced vPC to
Connect the Server with Redundancy
(Builds on Lab 5)
Nexus 7K - 1
E 4/12 E 4/3
E 4/20 E 4/15
E 4/21 E 4/16
E 3/21-22 E 3/23-24
E 3/31-32 E 3/29-30
Nexus 5K - 1 Nexus 5K - 2
E 1/10-11 E 1/10-11
Mgmt 0 Mgmt 0
E 1/1-2 E 1/1-2
E 1/3-4 E 1/3-4
Nexus 5K - 2
Nexus 2K - 1
Server
Email: [email protected]
Page 132 of 139
Task 1
To allow the Server to configure NIC Teaming/Trunking so that it has complete
redundancy, we need to setup the Ports facing the Server as Edge Trunks. This
type of complete redundancy upto the server level is known as Enhanced vPC.
Configure the ports connected the FEX 2K1 towards the server as Spanning-
tree port type Edge trunk on any 5K.
5K-1
Task 2
Server side will configure NIC Teaming for the 2 ports connecting into the 2
Nexus 2K switches.
Email: [email protected]
Page 133 of 139
Lab 8 – Configuring FCoE on the Nexus
Switch to Connect to Storage Network
(Builds on Lab 5)
Nexus 7K - 1
E 4/12 E 4/3
E 4/20 E 4/15
E 4/21 E 4/16
E 3/21-22 E 3/23-24
E 3/31-32 E 3/29-30
Nexus 5K - 1 Nexus 5K - 2
E 1/10-11 E 1/10-11
Mgmt 0 Mgmt 0
E 1/1-2 E 1/1-2
E 1/3-4 E 1/3-4
Nexus 5K - 2
Nexus 2K - 1
Server
Email: [email protected]
Page 134 of 139
Task 1
Enable the FCoE Feature on both the Nexus 5K switches. Configure the FEX
Links 101 for FCoE on 5K-1. Configure FEX Link 102 for FCoE on 5K-2.
5K-1
feature fcoe
!
Fex 101
Fcoe
5K-2
feature fcoe
!
Fex 102
Fcoe
Task 2
Configure VFC ports ports towards the server on 5K1 & 5K2. Configure VFC
101 on 5K-1. The server is connected to E 101/1/20. Configure the swithcport
mode as F. Configure VFC 102 on 5K-2. The server is connected to E
102/1/21. Configure the swithcport mode as F.
5K-1
Email: [email protected]
Page 135 of 139
Task 3
Configure VSAN 100 on 5K1 and attach it to VFC 101. Configure VSAN 200 on
5K2 and attach it to VFC 102.
5K-1
vsan database
vsan 100
vsan Interface vfc 101
5K-2
vsan database
vsan 200
vsan 200 Interface vfc 102
Task 4
Configure VLAN 100 & 200 as FCoE VSAN on 5K1 & 5K2.
5K-1
vlan 100
fcoe vsan 100
5K-2
vlan 200
fcoe vsan 200
Email: [email protected]
Page 136 of 139
Task 5
Verify that the FCoE VLANs are operational by using the show vlan fcoe
command on both the 5K Switches.
5K-1
sh vlan fcoe
Task 6
Once you are done configuring the FCoE VSAN, bring the VFC interfaces up on
both switches.
5K-1
Email: [email protected]
Page 137 of 139
Task 7
Configure the E 101/1/20 port on 5K1 as a trunk and allow the fcoe vlan 100
and data vlan on it. Configure the E 102/1/21 port on 5K1 as a trunk and
allow the fcoe vlan 200 and data vlan on it.
5K-1
Interface e 101/1/20
switchport mode trunk
switchport trunk allowed vlan 100
5K-2
Interface E 102/1/21
switchport mode trunk
switchport trunk allowed vlan 200
Task 8
Verify that the VSANs are up on the VFC Interface.
5K-2
Email: [email protected]
Page 138 of 139
Task 9
Also verify the flogi entry is in the FLOGI Database by using the sh flogi
database command.
5K-2
-------------------------------------------------------------------------------------------------------
INTERFACE VSAN FCID PORT NAME NODE NAME
-------------------------------------------------------------------------------------------------------
vfc102 200 0xb00000 20:00:a4:4c:11:13:56:d3 10:00:a4:4c:11:13:56:d3
Email: [email protected]
Page 139 of 139