Here's a nice link on how to configure a Virtual Port Channel (vPC) in a Cisco Nexus switch. This link is also comprehensive resource regarding vPC toplogy, design and configuration.
N5K-1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
N5K-1(config)# feature lacp // ENABLE FEATURES FOR VPC
N5K-1(config)# feature vpc
N5K-1(config)#
N5K-1(config)# vpc ?
bind-vrf Bind vrf
domain Specify domain
nve Nve
N5K-1(config)# vpc domain ?
<1-1000> Domain id
N5K-1(config)# vpc
domain 1 // NEXUS SWITCH CAN ONLY BE IN A SINGLE VPC DOMAIN
N5K-1(config-vpc-domain)# ?
auto-recovery VPC settings to enable auto recovery if peer is
presumed non-operational
delay Initialization delay
dual-active Configuration when peer link is down but peer is
alive
graceful Enable graceful features
ip Configure IP features
ipv6 Configure IPv6 features
layer3 Enable layer 3 functionality
no Negate a command or set its defaults
peer-config-check-bypass Ignore type checks on primary, when MCT is down
peer-gateway Enable L3 forwarding for packets destined to peer's
gateway mac-address
peer-keepalive Keepalive/Hello with peer switch
peer-switch Enable peer switch on vPC pair switches
role Role related configuration
shutdown Suspend vpc locally
system-mac Configure system mac address
system-priority Configure system priority
track Tracking object to suspend vPC if object goes down
end Go to exec mode
exit Exit from command interpreter
pop Pop mode from stack or restore from name
push Push current mode to stack or save it under name
where Shows the cli context you are in
N5K-1(config-vpc-domain)# role ?
priority Configure priority to be used during vPC role (primary/secondary)
election
N5K-1(config-vpc-domain)# role priority ?
<1-65535> Specify priority value
N5K-1(config-vpc-domain)# role priority 10 // FORCE N5K-1 TO ACT AS PRIMARY; LOWER IS PREFERRED
Warning:
!!:: vPCs will be flapped on current primary vPC switch while attempting role change ::!!
Note:
--------:: Change will take effect after user has re-initd the vPC peer-link ::--------
N5K-1(config-vpc-domain)#
N5K-1(config-vpc-domain)# peer-keepalive ?
destination Specify destination ip address of peer switch
N5K-1(config-vpc-domain)# peer-keepalive destination ?
<CR>
A.B.C.D IPv4 address (A.B.C.D) of destination
A:B::C:D IPv6 address of destination
hold-timeout Hold timeout to ignore stale peer alive messages
interval Enter interval in milleseconds
precedence Precedence
source Source interface for hello
tos Type of Service(IPV4)/Traffic Class(IPV6)
tos-byte Type of Service Byte(IPv4)/Traffic Class Octet(IPv6)
udp-port Enter UDP port number used for hello
vrf Vrf to be used for hello messages
N5K-1(config-vpc-domain)# peer-keepalive destination 10.10.2.9 ?
<CR>
hold-timeout Hold timeout to ignore stale peer alive messages
interval Enter interval in milleseconds
precedence Precedence
source Source interface for hello
tos Type of Service(IPV4)/Traffic Class(IPV6)
tos-byte Type of Service Byte(IPv4)/Traffic Class Octet(IPv6)
udp-port Enter UDP port number used for hello
vrf Vrf to be used for hello messages
N5K-1(config-vpc-domain)# peer-keepalive destination 10.10.2.9 source 10.10.2.8 ?
<CR>
hold-timeout Hold timeout to ignore stale peer alive messages
interval Enter interval in milleseconds
precedence Precedence
tos Type of Service(IPV4)/Traffic Class(IPV6)
tos-byte Type of Service Byte(IPv4)/Traffic Class Octet(IPv6)
udp-port Enter UDP port number used for hello
vrf Vrf to be used for hello messages
N5K-1(config-vpc-domain)# peer-keepalive destination 10.10.2.9 source 10.10.2.8 vrf ?
WORD Vrf to be used for hellos
default Known VRF name
management Known VRF name
N5K-1(config-vpc-domain)#
peer-keepalive destination 10.10.2.9 source 10.10.2.8 vrf management // LAYER 3 HEARTBEAT; WILL USE management VRF BY DEFAULT
N5K-1(config-vpc-domain)# exit
N5K-1(config)#
N5K-1(config)# interface Eth1/47-48
N5K-1(config-if-range)# switchport mode trunk
N5K-1(config-if-range)# channel-group 10 mode active
N5K-1(config-if-range)# no shut
N5K-1(config-if-range)# exit
N5K-1(config)# interface port-channel10
N5K-1(config-if)# switchport mode trunk
N5K-1(config-if)# spanning-tree port type network
N5K-1(config-if)# vpc ?
<CR>
<1-4096> Specify a Virtual Port Channel number
orphan-port Orphan-port (non-vpc port)
peer-link Specify if this link is used for peer communication
N5K-1(config-if)# vpc peer-link // HIGH-SPEED BACKPLANE
Please note that spanning tree port type is changed to "network" port type on vPC peer-link.
This will enable spanning tree Bridge Assurance on vPC peer-link provided the STP Bridge Assurance
(which is enabled by default) is not disabled.
N5K-1(config-if)# end
N5K-1# show run vpc
!Command: show running-config vpc
!Time: Thu Apr 14 18:43:40 2005
version 7.3(8)N1(1)
feature vpc
vpc domain 1
role priority 10
peer-keepalive destination 10.10.2.9 source 10.10.2.8 vrf management
interface port-channel10
vpc peer-link
N5K-1# show vpc // MAIN VERIFICATION COMMAND
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer link is down // CONFIGURE VPC IN NK5-2
vPC keep-alive status : Suspended (Destination IP not reachable)
Configuration consistency status : failed
Per-vlan consistency status : success
Configuration inconsistency reason: Consistency Check Not Performed
Type-2 inconsistency reason : Consistency Check Not Performed
vPC role : none established
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Disabled (due to peer configuration)
Operational Layer3 Peer-router : Disabled
Auto-recovery status : Enabled (timeout = 240 seconds)
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po10 down -
-----
N5K-2# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
N5K-2(config)# feature lacp
N5K-2(config)# feature vpc
N5K-2(config)# vpc domain 1
N5K-2(config-vpc-domain)# role priority 20 // FORCE NK5-2 TO BE SECONDARY
Warning:
!!:: vPCs will be flapped on current primary vPC switch while attempting role change ::!!
Note:
--------:: Change will take effect after user has re-initd the vPC peer-link ::--------
N5K-2(config-vpc-domain)# peer-keepalive destination 10.10.2.8 source 10.10.2.9 vrf management
N5K-2(config-vpc-domain)# exit
N5K-2(config)# interface Eth1/47-48
N5K-2(config-if-range)# switchport mode trunk
N5K-2(config-if-range)# channel-group 10 mode active
N5K-2(config-if-range)# no shutdown
N5K-2(config-if-range)# exit
N5K-2(config)# interface port-channel10
N5K-2(config-if)# switchport mode trunk
N5K-2(config-if)# spanning-tree port type network
N5K-2(config-if)# vpc peer-link
Please note that spanning tree port type is changed to "network" port type on vPC peer-link.
This will enable spanning tree Bridge Assurance on vPC peer-link provided the STP Bridge Assurance
(which is enabled by default) is not disabled.
N5K-2(config-if)# end
N5K-2# show run vpc
!Command: show running-config vpc
!Time: Thu Apr 14 19:26:29 2005
version 7.3(8)N1(1)
feature vpc
vpc domain 1
role priority 20
peer-keepalive destination 10.10.2.8 source 10.10.2.9
interface port-channel10
vpc peer-link
N5K-2# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer link is down
vPC keep-alive status : peer is alive
Configuration consistency status : failed
Per-vlan consistency status : success
Configuration inconsistency reason: Consistency Check Not Performed
Type-2 inconsistency reason : Consistency Check Not Performed
vPC role : none established
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Disabled (due to peer configuration)
Operational Layer3 Peer-router : Disabled
Auto-recovery status : Enabled (timeout = 240 seconds)
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po10 down -
N5K-2# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok // PEER ADJACENCY FORMED AFTER A FEW SECONDS
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Operational Layer3 Peer-router : Disabled
Auto-recovery status : Enabled (timeout = 240 seconds)
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po10 up 1,99
N5K-2# show vpc role
vPC Role status
----------------------------------------------------
vPC role : secondary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:01
vPC system-priority : 32667
vPC local system-mac : 00:de:fb:78:03:81
vPC local role-priority : 20
NK5-2# show vpc peer-keepalive
vPC keep-alive status : peer is alive
--Peer is alive for : (216) seconds, (223) msec
--Send status : Success
--Last send at : 2005.04.13 21:12:39 711 ms
--Sent on interface : mgmt0
--Receive status : Success
--Last receive at : 2005.04.13 21:12:39 712 ms
--Received on interface : mgmt0
--Last update from peer : (0) seconds, (667) msec
vPC Keep-alive parameters
--Destination : 10.10.2.8 // NK5-1 mgmt0 IP
--Keepalive interval : 1000 msec
--Keepalive timeout : 5 seconds
--Keepalive hold timeout : 3 seconds
--Keepalive vrf : management
--Keepalive udp port : 3200
--Keepalive tos : 192
-----
N5K-1# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Operational Layer3 Peer-router : Disabled
Auto-recovery status : Enabled (timeout = 240 seconds)
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po10 up 1,99
N5K-1# show vpc role
vPC Role status
----------------------------------------------------
vPC role : primary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:01
vPC system-priority : 32667
vPC local system-mac : 00:de:fb:78:01:bc
vPC local role-priority : 10
N5K-1# show vpc peer-keepalive
vPC keep-alive status : peer is alive
--Peer is alive for : (171) seconds, (879) msec
--Send status : Success
--Last send at : 2005.04.13 20:33:08 941 ms
--Sent on interface : mgmt0
--Receive status : Success
--Last receive at : 2005.04.13 20:33:08 941 ms
--Received on interface : mgmt0
--Last update from peer : (0) seconds, (418) msec
vPC Keep-alive parameters
--Destination : 10.10.2.9 // NK5-2 mgmt0 IP
--Keepalive interval : 1000 msec
--Keepalive timeout : 5 seconds
--Keepalive hold timeout : 3 seconds
--Keepalive vrf : management
--Keepalive udp port : 3200
--Keepalive tos : 192
No comments:
Post a Comment