Cisco Nexus 9000v vPC concept Lab

[Link]
Cisco Nexus 9000v vPC concept Lab

Content
Content 2
I. Lab nodes, image versions 3
II. CSR1000v ISP-CE configuration 3
III. Nexus 9000v VPC configuration 5
IV. Nexus 9000v VPC configuration 9
V. Windows Server LACP NIC team 13
VI. Final Test 16

2
Cisco Nexus 9000v vPC concept Lab

Preface: Lab concept: Practical Cisco Nexus 9000v vPC configuration accordingly given objectives.

I.
CSR1000v ISP-CE configuration
NOTE: CSR1000v Interface GigabitEthernet4 is configured as an internet gateway add ip from
[Link]/24 subnet and the default gateway of the interface 4 should be [Link] then you
can access the

Objective: Configure CSR1000v as ISP-CE

1. Configure interfaces GigabitEthernet 1-2 in PortChannel 1. LACP

1.1. Verify with show run if your ISP-CE has obtained IP address on GigabitEthernet4 and have
default route.

ISP-CE#sh ip int
brief
Interface IP- OK? Method Status Protocol
Address
GigabitEthernet1 unassigne YES unset up up
d
GigabitEthernet2 unassigne YES unset up up
d
GigabitEthernet3 unassigne YES unset down down
d

3
 GigabitEthernet4 [Link] YES DHCP up

ISP-CE#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M
- mobile, B - BGP D - EIGRP, EX - EIGRP external,
O - OSPF, IA - OSPF inter area
N1 - OSPF NSS external type 1, N2 - OSPF NSSA
external type 2 E1 - OSPF external type 1, E2 -
OSPF external type 2, m - OMP n - NAT, Ni - NAT
inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2
- IS-IS level-2 ia - IS-IS inter area, * - candidate
default, U - per-user static route H - NHRP, G - NHRP
registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static
route, l - LISP a - application route
+ - replicated route, % - next hop override, p -
overrides from PfR & - replicated local route
overrides by connected

Gateway of last resort is [Link] to network [Link]

S* [Link]/0 [254/0] via [Link]

[Link]/16 is variably subnetted, 2 subnets, 2 masks
C [Link]/24 is directly connected,
GigabitEthernet4 L [Link]/32 is
directly connected, GigabitEthernet4

1.2. Configure ISP-CE interface Portchannel 1

interface Port-
channel1 no ip
address
no shutdown

1.3. Configure ISP-CE interfaces GigabitEthernet1-2 in channel group 1

interface
GigabitEthernet1 no
ip address
channel-group 1 mode
active no shutdown

interface ip
address
channel-group 1 mode
active no shutdown

1.4. Configure ISP-CE interface Portchannel1.100 dot1q vlan 100

4
 interface Port-
channel1.100
encapsulation dot1Q
100
ip address [Link] [Link]

2. Configure ISP-CE NAT

2.1. Configure ISP-CE NAT access list.

ip access-list standard nat

10 permit [Link] [Link]

2.2. Configure ISP-CE NAT

ip nat inside source list nat interface GigabitEthernet4 overload

2.3. Assign ISP-CE interfaces into NAT

interface ip nat
inside

interface
GigabitEthernet4 ip
nat outside

5
 3. Verify internet reachability from VLAN 100

ISP-CE#ping [Link] source Port-

channel1.100 Type escape sequence
to abort.
Sending 5, 100-byte ICMP Echos to [Link], timeout
is 2 seconds: Packet sent with a source address of
[Link]
!!!!!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 8/10/20 ms ISP-CE#sh ip nat tr
ISP-CE#sh ip nat translations
Pro Inside global Inside local Outside local Outside
global icmp [Link]:1 [Link]:[Link]:1
[Link]:1
Total number of translations: 1

II. Nexus 9000v VPC Domain configuration

Objective: Configure Nexus 9000v DS-NX1 and DS-NX2 in VPC domain 10

1. Configure VPC Domain 10 on DS-NX1 and DS-NX2

1.1. Open console to the DS-NX1, login
1.2. Verify with show run if your Nexus 9000 has enabled following features:

feature interface-vlan
feature lacp
feature vpc

1.3. Configure DS-NX1 cli with commands below:

configure terminal
vlan 100
name servers

vpc domain 10
peer-keepalive destination [Link] source [Link]

interface port-
channel10 switchport
mode trunk
spanning-tree port type
network vpc peer-link

interface Ethernet1/10
switchport mode trunk
channel-group 10 mode
active

6
interface Ethernet1/11
switchport mode trunk
channel-group 10 mode
active

1.4. Configure DS-NX2 cli with commands below:

configure terminal
vlan 100
name

servers vpc

domain 10

7
 peer-keepalive destination [Link] source [Link]

interface port-
channel10 switchport
mode trunk
spanning-tree port type
network vpc peer-link

interface Ethernet1/10
switchport mode trunk
channel-group 10 mode
active

interface Ethernet1/11
switchport mode trunk
channel-group 10 mode
active

1.5. Verify VPCs status:

DS-NX1# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC
peer-link

vPC domain id : 10
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is
alive Configuration consistency status :
success
Per-vlan consistency status :
success Type-2 consistency status
:
success
vPC role : primary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check :
Enabled Auto-recovery status :
Disabled
Delay-restore status : Timer is off.(timeout =
30s) Delay-restore SVI status : Timer is off.(timeout
= 10s) Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled

vPC Peer-link status

id Port Status Active

8
vlans 1 Po10 up

1,100

Please check "show vpc consistency-parameters vpc <vpc-

num>" for the consistency reason of down vpc and for type-2
consistency reasons for any vpc.

DS-NX2# show vpc

Legend:
(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 10
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is
alive Configuration consistency status :
success
Per-vlan consistency status :
success Type-2 consistency status
:
success

9
vPC role : secondary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check :
Enabled Auto-recovery status :
Disabled
Delay-restore status : Timer is off.(timeout =
30s) Delay-restore SVI status : Timer is off.(timeout
= 10s) Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled

vPC Peer-link status

id Port Status Active vlans

1 Po10 up 1,100
110 Po110 up success success 1,100

Please check "show vpc consistency-parameters vpc <vpc-

num>" for the consistency reason of down vpc and for type-2
consistency reasons for any vpc.

Objective: Configure Nexus 9000v AS-NX1 and AS-NX2 in VPC domain 10

1. Configure VPC Domain 10 on AS-NX1 and AS-NX2

1.1. Open console and login
1.2. Verify with show run if your Nexus 9000 has enabled following features:

feature interface-vlan
feature lacp
feature vpc

1.3. Configure AS-NX1 cli with commands below:

configure terminal
vlan 100
name servers

vpc domain 10
peer-keepalive destination [Link] source [Link]

interface port-
channel10 switchport
mode trunk
spanning-tree port type
network vpc peer-link

1
0
interface Ethernet1/10
switchport mode trunk
channel-group 10 mode
active

interface Ethernet1/11
switchport mode trunk
channel-group 10 mode
active

1.4. Configure DS-NX2 cli with commands below:

1
1
configure terminal
vlan 100
name servers

vpc domain 10
peer-keepalive destination [Link] source [Link]

interface port-
channel10 switchport
mode trunk
spanning-tree port type
network vpc peer-link

interface Ethernet1/10
switchport mode trunk
channel-group 10 mode
active

interface Ethernet1/11
switchport mode trunk
channel-group 10 mode
active

1.5. Verify VPCs status:

AS-NX1# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC
peer-link

vPC domain id : 10
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is
alive Configuration consistency status :
success
Per-vlan consistency status :
success Type-2 consistency status
:
success
vPC role : primary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check :
Enabled Auto-recovery status :
Disabled
Delay-restore status : Timer is off.(timeout =
30s) Delay-restore SVI status : Timer is off.(timeout
= 10s) Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled

vPC Peer-link status

1
2
id Port Status Active

vlans 1 Po10 up

1,100

Please check "show vpc consistency-parameters vpc <vpc-

num>" for the consistency reason of down vpc and for type-2
consistency reasons for any vpc.

AS-NX2# show vpc

Legend:
(*) - local vPC is down, forwarding via vPC peer-link

1
3
vPC domain id : 10
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is
alive Configuration consistency status :
success
Per-vlan consistency status :
success Type-2 consistency status
:
success
vPC role : secondary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check :
Enabled Auto-recovery status :
Disabled
Delay-restore status : Timer is off.(timeout =
30s) Delay-restore SVI status : Timer is off.(timeout
= 10s) Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled

vPC Peer-link status

id Port Status Active vlans

1 Po10 up 1,100
110 Po110 up success success 1,100

Please check "show vpc consistency-parameters vpc <vpc-

num>" for the consistency reason of down vpc and for type-2
consistency reasons for any vpc.

III. Nexus 9000v VPC configuration

1. Configure VPC 100 facing to ISP-CE router and VPC 110 Facing to AS-NX switches
1.1. Configure onDS-NX1 and DS-NX2 cli with commands below:

interface port-
channel100 switchport
mode trunk vpc 100

interface port-
channel110 switchport
mode trunk vpc 110

interface Ethernet1/1
switchport mode trunk
channel-group 100 mode
active

interface Ethernet1/2

1
4
 switchport mode trunk
channel-group 110 mode
active

interface Ethernet1/3
switchport mode trunk
channel-group 110 mode
active

2. Configure VPC 111 facing to DS-NX switches and VPC 120 facing to Windows server
2.1. Configure onAS-NX1 AS-NX2 cli with commands below:

1
5
interface port-
channel111 switchport
mode trunk vpc 111

interface port-channel120
switchport access vlan
100 vpc 120

interface Ethernet1/1
switchport mode trunk
channel-group 111 mode
active

interface Ethernet1/2
switchport mode trunk
channel-group 111 mode
active

interface Ethernet1/3
switchport access vlan
100 channel-group 120 mode
active

3. Verify VPC configuration

DS-NX1# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC
peer-link

vPC domain id : 10
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is
alive Configuration consistency status :
success
Per-vlan consistency status :
success Type-2 consistency status
:
success
vPC role : primary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check :
Enabled Auto-recovery status :
Disabled
Delay-restore status : Timer is off.(timeout =
30s) Delay-restore SVI status : Timer is off.(timeout
= 10s) Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled

vPC Peer-link status

16
id Port Status Active

vlans 1 Po10 up

1,100

vPC status

Id Port Statu Consisten Reason Active vlans

s cy
100 Po100 up success success 1,100
110 Po110 up success success 1,100

Please check "show vpc consistency-parameters vpc <vpc-num>" for the

consistency reason of down vpc and for type-2 consistency reasons for

17
any vpc.

DS-NX2# show vpc

Legend:
(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 10
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is
alive Configuration consistency status :
success
Per-vlan consistency status :
success Type-2 consistency status
:
success
vPC role : secondary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check :
Enabled Auto-recovery status :
Disabled
Delay-restore status : Timer is off.(timeout =
30s) Delay-restore SVI status : Timer is off.(timeout
= 10s) Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled

vPC Peer-link status

id Port Status Active

vlans 1 Po10 up

1,100

vPC status

Id Port Statu Consisten Reason Active vlans

s cy
100 Po100 up success success 1,100
110 Po110 up success success 1,100

Please check "show vpc consistency-parameters vpc <vpc-

num>" for the consistency reason of down vpc and for type-2
consistency reasons for any vpc.

AC-NX1# show vpc

Legend:
(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 10
18
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is
alive Configuration consistency status :
success
Per-vlan consistency status :
success Type-2 consistency status
:
success
vPC role : primary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check :
Enabled Auto-recovery status :
Disabled
Delay-restore status : Timer is off.(timeout =
30s) Delay-restore SVI status : Timer is off.(timeout =
10s)

19
Operational Layer3 Peer-router :
Disabled Virtual-peerlink mode :
Disabled

vPC Peer-link status

id Port Status Active

vlans 1 Po10 up

1,100

vPC status
Id Port Status Consistency Reason Active vlans

111 Po111 up success success 1,100

120 Po120 up success success 100

Please check "show vpc consistency-parameters vpc <vpc-

num>" for the consistency reason of down vpc and for type-2
consistency reasons for any vpc.

AC-NX1#

AC-NX2# sh vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 10
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is
alive Configuration consistency status :
success
Per-vlan consistency status :
success Type-2 consistency status :
success
vPC role : secondary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check :
Enabled Auto-recovery status :
Disabled
Delay-restore status : Timer is off.(timeout =
30s) Delay-restore SVI status : Timer is off.(timeout =
10s) Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled

vPC Peer-link status

20
id Port Status Active

vlans 1 Po10 up 1,100

vPC status

-
Id Port Status Consistency Reason Active vlans

-
111 Po111 up success success 1,100

21
120 Po120 up success success 100

Please check "show vpc consistency-parameters vpc <vpc-num>"

for the consistency reason of down vpc and for type-2
consistency reasons for any vpc.

IV. Windows Server LACP NIC team

Objective: Configure Windows Server 2019 LACP NIC team and assign IP address
[Link]/24, Gateway 192 168 100.254, DNS [Link]

1. Enable NIC team

1.1. Navigate to Server Manager/Local Server and Click on NIC Teaming to enable it

1.2. Under tasks Create New Team

1.3. Give a Name; LACP, select Interfaces Ethernet and Ethernet2. Select Teaming mode LACP.

22
 1.4. After some time, interfaces should come up.

1.5. Configure LACP Interface IP [Link], Mask [Link], Gateway

[Link], DNS [Link]
1.6. Navigate Start/Windows Settings/Network & Internet/ Click Change Adapter Settings
1.7. Right Click on LACP NIC Team interface/Properties

23
 1.8. Configure static IPv4: [Link], mask: [Link], Gateway: [Link],
DNS: [Link]

24
V. Final Test
Objective: Test reachability from Server 2019 to gateway [Link] and Internet [Link]

1. Open CMD terminal on the Windows

1.1. Ping [Link]
1.2. Ping [Link]
1.3. Both must be success

1.4. Open Browser and navigate some Site

25