Nexus & vPC's
Initial configuration for Nexus switches & vPC's
First you will be prompted on how you would like to start configuration:
Abort Auto Provisioning and continue with normal setup ?(yes/no)[n]: yes
---- System Admin Account Setup ----
Do you want to enforce secure password standard (yes/no) [y]: n
Enter the password for "admin":
Confirm the password for "admin":
Would you like to enter the basic configuration dialog (yes/no): n
Next, you will be asked to login and can begin your configuration.
Many features are turned off by default on the Nexus switches, so I like to turn on the majority of what I need right from the beginning. To enable features type:
conf t
feature ospf
feature eigrp
feature hsrp
feature lacp
feature tunnel
feature vpc
feature interface-vlan
Next setup vPC. domain and keep-alive so the switches know who their peers are and where the heartbeats will traverse.
vpc domain 104
peer-keepalive destination 192.168.255.2 source 192.168.255.1 vrf management
inter mgmt 0
ip addre 192.168.255.1/24
no shut
Now setup a vPC Peer-Link. This is to synchronize forwarding tables between the two switches and to allow traffic to flow between the Nexus switches should it need to. This is not the same as the keepalive and it is NOT recommended you run your peer-keepalive across this same link.
To setup your vPC Peer-Link; Create a port-channel, assign it as the vPC Peer-Link and then add interfaces into it. It is recommended to have at least 2 links in the port-channel.
interface port-channel 200
description VPC_PEER_LINK
switchport mode trunk
vpc peer-link
inter ether 1/47-48
switchport mode trunk
channel-group 200 mode on
Now, type "show vpc" and you should see the vPC is up and the peer adjacency has been formed.
As you create port-channels, just make sure all configurations match on the port-channel interface as well as the physical interface or the switch will complain. As you add port-channels you will also see them listed when you issue the "show vpc" command.
To make a regular port-channel a vPC, configure like this:
inter port-channel 10
switchport mode trunk
switchport trunk allowed vlan 1-10
vpc 10
interface ethernet 1/10-11
switchport mode trunk
switchport trunk allowed vlan 1-10
channel-group 10 mode on
All must match between the port-channel and the interface or the switch will complain. Additionally, you'll need to make sure everything matches between both peer switches or the vPC will never come up.
You could also setup your peer-keepalive on regular interfaces so you can get redundant connections, helping you avoid an active-active type of scenario if you have cabling or interface issues. Although Cisco recommends you use the mgmt interface, I have found more stability when using regular interfaces. To do that, setup your domain and keep alive like this:
vpc domain 104
peer-keepalive destination 192.168.255.2 source 192.168.255.1 vrf default
then create a vlan an SVI and a port-channel for your peer link
vlan 999
name VPC_PEER-KEEPALIVE
inter vlan 999
description
VPC_PEER-KEEPALIVE
ip address 192.168.255.1/24
no shut
inter port 999
sw mode acc
sw access vlan 999
inter ether 1/1-2
sw mode acc
sw acc vlan 999
channel-group 999 mode on
First you will be prompted on how you would like to start configuration:
Abort Auto Provisioning and continue with normal setup ?(yes/no)[n]: yes
---- System Admin Account Setup ----
Do you want to enforce secure password standard (yes/no) [y]: n
Enter the password for "admin":
Confirm the password for "admin":
Would you like to enter the basic configuration dialog (yes/no): n
Next, you will be asked to login and can begin your configuration.
Many features are turned off by default on the Nexus switches, so I like to turn on the majority of what I need right from the beginning. To enable features type:
conf t
feature ospf
feature eigrp
feature hsrp
feature lacp
feature tunnel
feature vpc
feature interface-vlan
Next setup vPC. domain and keep-alive so the switches know who their peers are and where the heartbeats will traverse.
vpc domain 104
peer-keepalive destination 192.168.255.2 source 192.168.255.1 vrf management
inter mgmt 0
ip addre 192.168.255.1/24
no shut
Now setup a vPC Peer-Link. This is to synchronize forwarding tables between the two switches and to allow traffic to flow between the Nexus switches should it need to. This is not the same as the keepalive and it is NOT recommended you run your peer-keepalive across this same link.
To setup your vPC Peer-Link; Create a port-channel, assign it as the vPC Peer-Link and then add interfaces into it. It is recommended to have at least 2 links in the port-channel.
interface port-channel 200
description VPC_PEER_LINK
switchport mode trunk
vpc peer-link
inter ether 1/47-48
switchport mode trunk
channel-group 200 mode on
Now, type "show vpc" and you should see the vPC is up and the peer adjacency has been formed.
As you create port-channels, just make sure all configurations match on the port-channel interface as well as the physical interface or the switch will complain. As you add port-channels you will also see them listed when you issue the "show vpc" command.
To make a regular port-channel a vPC, configure like this:
inter port-channel 10
switchport mode trunk
switchport trunk allowed vlan 1-10
vpc 10
interface ethernet 1/10-11
switchport mode trunk
switchport trunk allowed vlan 1-10
channel-group 10 mode on
All must match between the port-channel and the interface or the switch will complain. Additionally, you'll need to make sure everything matches between both peer switches or the vPC will never come up.
You could also setup your peer-keepalive on regular interfaces so you can get redundant connections, helping you avoid an active-active type of scenario if you have cabling or interface issues. Although Cisco recommends you use the mgmt interface, I have found more stability when using regular interfaces. To do that, setup your domain and keep alive like this:
vpc domain 104
peer-keepalive destination 192.168.255.2 source 192.168.255.1 vrf default
then create a vlan an SVI and a port-channel for your peer link
vlan 999
name VPC_PEER-KEEPALIVE
inter vlan 999
description
VPC_PEER-KEEPALIVE
ip address 192.168.255.1/24
no shut
inter port 999
sw mode acc
sw access vlan 999
inter ether 1/1-2
sw mode acc
sw acc vlan 999
channel-group 999 mode on