lab 配置教程
背靠背VPC
Enabling Features
feature lacp
feature vpc
Keep Alive Link
还可以使用管理口建立KPL
nxos9000-0 Switch:
switch# conf t
switch(config)# interface e1/1
switch(config-if)# no shutdown
switch(config-if)# no switchport (管理口不需要这条)
switch(config-if)# ip address 10.1.1.1/30
switch(config-if)# description ***vPC Keep-Alive Link***
nxos9000-1 Switch:
switch# conf t
switch(config)# interface e1/1
switch(config-if)# no shutdown
switch(config-if)# no switchport
switch(config-if)# ip address 10.1.1.2/30
switch(config-if)# description ***vPC Keep-Alive Link***
验证通不通
switch(config)# ping 10.1.1.1 vrf default
PING 10.1.1.1 (10.1.1.1): 56 data bytes
36 bytes from 10.1.1.2: Destination Host Unreachable Request 0 timed out
64 bytes from 10.1.1.1: icmp_seq=1 ttl=254 time=8.368 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=254 time=3.676 ms
64 bytes from 10.1.1.1: icmp_seq=3 ttl=254 time=3.626 ms
64 bytes from 10.1.1.1: icmp_seq=4 ttl=254 time=3.73 ms
--- 10.1.1.1 ping statistics ---
5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 3.626/4.849/8.368 ms
nxos9000-2 Switch:
switch(config)# interface e1/1
switch(config-if)# no shutdown
switch(config-if)# no switchport
switch(config-if)# ip address 10.2.2.1/30
switch(config-if)# description ***VPC keep alive link**
nxos9000-3 Switch:
switch(config)# interface e1/1
switch(config-if)# no shutdown
switch(config-if)# no switchport
switch(config-if)# ip address 10.2.2.2/30
switch(config-if)# description ***VPC keep alive link**
switch(config-if)# ping 10.2.2.2 vrf default
PING 10.2.2.2 (10.2.2.2): 56 data bytes
64 bytes from 10.2.2.2: icmp_seq=0 ttl=254 time=3.946 ms
64 bytes from 10.2.2.2: icmp_seq=1 ttl=254 time=3.085 ms
64 bytes from 10.2.2.2: icmp_seq=2 ttl=254 time=2.946 ms
64 bytes from 10.2.2.2: icmp_seq=3 ttl=254 time=2.8 ms
64 bytes from 10.2.2.2: icmp_seq=4 ttl=254 time=2.739 ms
--- 10.2.2.2 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 2.739/3.103/3.946 ms
switch(config-if)#
vPC Domain
nxos9000-0 Switch:
switch(config)# vpc domain 100
switch(config-vpc-domain)# 2023 Jul 29 09:48:58 switch %$ VDC-1 %$ %STP-2-VPC_PEERSWITCH_CONFIG_DISABLED: vPC peer-switch configuration is disabled. Please make sure to change spanning tree "bridge" priority as per the recommended guidelines.
switch(config-vpc-domain)# role priority 100
Note:
Change will take effect after user has:
1. Triggered "vpc role preempt" (non-disruptive - no traffic loss on STP root switch)
OR 2. Re-initd the vPC peer-link (disruptive)
Warning:
!!:: vPCs will be flapped on current primary vPC switch while attempting option 2 ::!!
switch(config-vpc-domain)# peer-keepalive destination 10.1.1.2 source 10.1.1.1 vrf default
nxos9000-1 Switch:
switch(config)# vpc domain 100
switch(config-vpc-domain)# 2023 Jul 29 09:51:39 switch %$ VDC-1 %$ %STP-2-VPC_PEERSWITCH_CONFIG_DISABLED: vPC peer-switch configuration is disabled. Please make sure to change spanning tree "bridge" priority as per the recommended guidelines.
switch(config-vpc-domain)# peer-keepalive destination 10.1.1.1 source 10.1.1.2 vrf default
switch(config-vpc-domain)# role priority 200
Note:
Change will take effect after user has:
1. Triggered "vpc role preempt" (non-disruptive - no traffic loss on STP root switch)
OR 2. Re-initd the vPC peer-link (disruptive)
Warning:
!!:: vPCs will be flapped on current primary vPC switch while attempting option 2 ::!!
switch(config-vpc-domain)# 2023 Jul 29 09:55:54 switch %$ VDC-1 %$ %COPP-2-COPP_NO_POLICY: Control-plane is unprotected.
nxos9000-2 Switch:
switch(config)# vpc domain 200
switch(config-vpc-domain)# role priority 100
switch(config-vpc-domain)# peer-keepalive destination 10.2.2.2 source 10.2.2.1 vrf default
nxos9000-3 Switch:
switch(config)# vpc domain 200
switch(config-vpc-domain)# role priority 200
switch(config-vpc-domain)# peer-keepalive destination 10.2.2.1 source 10.2.2.2 vrf default
Peer Link
nxos9000 0-3 Switch:
switch(config-vpc-domain)# int e1/2-3
switch(config-if-range)# no shutdown
switch(config-if-range)# description ***vpc peer link***
switch(config-if-range)# channel-group 100 mode active
switch(config-if-range)# interface port-channel 100
switch(config-if)# description ***vpc peer link ***
switch(config-if)# no shutdown
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
switch(config-if)# switchport trunk allowed vlan all
switch(config-if)# vpc peer-link
2023 Jul 29 10:07:26 switch %$ VDC-1 %$ %STP-2-BRIDGE_ASSURANCE_WARNING: Bridge Assurance MUST be enabled at the remotely connected interface
2023 Jul 29 10:07:26 switch %$ VDC-1 %$ stp: Please note that spanning tree port type is changed to "network" port type on vPC peer-link. This will enable spanning tree Bridge Assurance on vPC peer-link provided the STP Bridge Assurance (which is enabled by default) is not disabled.
Warning: Bridge Assurance MUST be enabled at the remotely connected interface
sswitch(config-if-range)# channel-group 200
switch(config-if-range)# channel-group 200 mode active
Port-channel mode cannot be changed in a non-empty port-channel, and port mode must match with port-channel mode
这个错误的原因是您不能在一个非空的端口聚合中改变端口聚合的模式,而且端口的模式必须和端口聚合的模式一致。
您需要先删除端口聚合,然后重新创建一个新的端口聚合,并指定您想要的模式。端口聚合的模式有以下几种:
on:强制将端口加入到端口聚合中,不进行任何协商。
active:主动启用LACP协议,与另一端的active或passive模式进行协商。
passive:被动启用LACP协议,只有当另一端是active模式时才进行协商。
switch(config-if-range)# no channel-group 200
switch(config-if-range)# channel-group 200 mode active
Member Ports
switch(config-if)# interface e1/4-5
switch(config-if-range)# no shutdown
switch(config-if-range)# description *** member port**
switch(config-if-range)# channel-group 101 mode active
switch(config-if-range)# int port-channel 101
switch(config-if)# no shut
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
switch(config-if)# switchport trunk allowed vlan all
switch(config-if)# vpc 100
Verification
switch(config-if)# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 200
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po200 up 1
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
200 Po201 up success success 1
hsrp
switch(config)# feature hsrp
switch(config)# feature interface-vlan
switch(config)# interface vlan 100
switch(config-if)# no shutdown
switch(config-if)# ip address 10.1.1.251/24
overlapping network for ipv4 address: 10.1.1.251/24 on vlan100, 10.1.1.1/30 already configured on eth1/1
switch# conf t
switch(config)# feature hsrp
switch(config)# feature interface-vlan
switch(config)# int vlan 100
switch(config-if)# no shutdown
switch(config-if)# description ***hsrp**
switch(config-if)# ip address 192.168.1.252/24
switch(config-if)# hsrp version 2
switch(config-if)# hsrp 100
switch(config-if-hsrp)# preempt
switch(config-if-hsrp)# ip 192.168.1.254
switch(config-if-hsrp)# exi
switch(config-if)# vlan 100
switch(config-vlan)#
00001010.00000001.00000001.1 1111011/24
00001010.00000001.00000001.000001 01/30
switch(config)# show hsrp interface vlan 100
Vlan100 - Group 100 (HSRP-V2) (IPv4)
Local state is Speak, priority 100 (Cfged 100), may preempt
Forwarding threshold(for vPC), lower: 0 upper: 100
Hellotime 3 sec, holdtime 10 sec
Virtual IP address is 10.1.1.254 (Cfged)
Active router is 10.1.1.251, priority 105 expires in 7.790000 sec(s)
Standby router is unknown
Authentication text "cisco"
Virtual mac address is 0000.0c9f.f064 (Default MAC)
2 state changes, last state change 00:00:25
IP redundancy name is hsrp-Vlan100-100 (default)
nexus 9000-0
switch(config-vlan)# show mac address-table vlan 100
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
G 100 0000.0c9f.f064 static - F F sup-eth1(R)
G 100 5200.006d.1b08 static - F F sup-eth1(R)
* 100 5200.0073.1b08 static - F F vPC Peer-Link(R)
nexus 9000-1
switch(config)# show mac address-table vlan 100
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
G 100 0000.0c9f.f064 static - F F vPC Peer-Link(R)
* 100 5200.006d.1b08 static - F F vPC Peer-Link(R)
G 100 5200.0073.1b08 static - F F sup-eth1(R)
下层配置
nexus 9000-2
switch# conf t
switch(config)# int e1/6
switch(config-if)# no shutdown
switch(config-if)# channel-group 1 mode active
switch(config-if)# int port-channel 1
switch(config-if)# no shutdown
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
switch(config-if)# vpc 1
switch# conf t
switch(config)# int e1/7
switch(config-if)# no shutdown
switch(config-if)# channel-group 2 mode active
switch(config-if)# int port-channel 2
switch(config-if)# no shutdown
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
switch(config-if)# vpc 2
nexus 9000-3
switch# conf t
switch(config)# int e1/7
switch(config-if)# no shutdown
switch(config-if)# channel-group 1 mode active
switch(config-if)# int port-channel 1
switch(config-if)# no shutdown
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
switch(config-if)# vpc 1
switch# conf t
switch(config)# int e1/6
switch(config-if)# no shutdown
switch(config-if)# channel-group 2 mode active
switch(config-if)# int port-channel 2
switch(config-if)# no shutdown
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
switch(config-if)# vpc 2
nxos 9000-4
switch# conf t
switch(config)# int e1/1-2
switch(config-if)# no shutdown
switch(config-if)# channel-group 1 mode active
switch(config-if)# int port-channel 1
switch(config-if)# no shutdown
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
nxos 9000-5
switch# conf t
switch(config)# int e1/1-2
switch(config-if)# no shutdown
switch(config-if)# channel-group 2 mode active
switch(config-if)# int port-channel 2
switch(config-if)# no shutdown
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
peer-switch
nexus 9000-0
nexus 9000-1
switch# conf t
switch(config)# spanning-tree vlan 1,100,200 priority 0
switch(config)# vpc domain 100
switch(config-vpc-domain)# peer-switch
switch(config-vpc-domain)# 2023 Aug 2 02:06:16 switch %$ VDC-1 %$ %STP-2-VPC_PEERSWITCH_CONFIG_ENABLED: vPC peer-switch configuration is enabled.
Please make sure to configure spanning tree "bridge" priority as per recommended guidelines to make vPC peer-switch operational.
Peer-gateway
9000-0
switch(config)# show mac address-table
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
G 100 0000.0c9f.f064 static - F F sup-eth1(R)
G - 5200.006d.1b08 static - F F sup-eth1(R)
G 100 5200.006d.1b08 static - F F sup-eth1(R)
* 100 5200.0073.1b08 static - F F vPC Peer-Link(R)
9000-1
switch(config)# show mac address-table
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
G 100 0000.0c9f.f064 static - F F vPC Peer-Link(R)
* 100 5200.006d.1b08 static - F F vPC Peer-Link(R)
G - 5200.0073.1b08 static - F F sup-eth1(R)
G 100 5200.0073.1b08 static - F F sup-eth1(R)
switch(config)# vpc domain 100
switch(config-vpc-domain)# peer-gateway
9000-0
switch(config)# show mac address-table
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
G 100 0000.0c9f.f064 static - F F sup-eth1(R)
G - 5200.006d.1b08 static - F F sup-eth1(R)
G 100 5200.006d.1b08 static - F F sup-eth1(R)
G 100 5200.0073.1b08 static - F F vPC Peer-Link(R)
switch(config)# show mac address-table
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
G 100 0000.0c9f.f064 static - F F vPC Peer-Link(R)
G 100 5200.006d.1b08 static - F F vPC Peer-Link(R)
G - 5200.0073.1b08 static - F F sup-eth1(R)
G 100 5200.0073.1b08 static - F F sup-eth1(R)
switch(config)#