The external Nexus and SmartFabric leaf switches are cabled as shown in the following figure and are powered on. When L2 uplink configuration is complete, Leaf1A and Leaf1B connect with a VLT port channel to a virtual PortChannel (vPC) on the external Nexus switches. In this example, an existing DNS/NTP server also connects to the Nexus switches using a vPC.
All ports on the four switches shown in the figure above are in the External Management VLAN, 1811, in this example.
General settings
Enable the following features: interface-vlan, lacp, vrrp, vpc, and lldp. Configure the hostname, OOB management IP address on VRF management, and the VRF management route as shown.
N9K-External-A | N9K-External-B |
|
|
Configure the External Management VLAN
VLAN 1811 represents a preexisting management VLAN on the external network. DNS and NTP services are located on this VLAN. Optionally, enable jumbo frames with the mtu 9216 command.
If traffic will be routed from the external switches to other external networks, assign a unique IP address on each switch and configure VRRP to provide gateway redundancy. Assign the same virtual address to both switches.
N9K-External-A | N9K-External-B |
|
|
Configure the vPC domain and peer link
Create the vPC domain. The peer-keepalive destination is the OOB management IP address of the vPC peer switch.
Configure a port channel to use as the vPC peer link. Put the port channel in trunk mode and allow the default and External Management VLANs, 1 and 1811 respectively.
Configure the interfaces to use in the vPC peer link. Put the interfaces in trunk mode and allow the default and External Management VLANs, 1 and 1811 respectively. Add the interfaces to the peer link port channel. Port-channel 1000 is set as an LACP port-channel with the channel-group 1000 mode active command.
N9K-External-A | N9K-External-B |
|
|
Configure interfaces
Configure the interfaces for connections to the SFS leaf switches. Interfaces 1/49 and 1/50 are configured in vPC 100 in this example. Port-channel 100 is set as an LACP port-channel with the channel-group 100 mode active command.
Use the switchport mode trunk command to enable the port-channel to carry traffic for multiple VLANs. Allow VLAN 1811 (the External Management VLAN).
Optionally, allow the forwarding of jumbo frames with the mtu 9216 command.
In this example, interface 1/1 on each external switch is configured in vPC 1 for connections to the DNS/NTP server. Port-channel 1 is set as an LACP port-channel with the channel-group 1 mode active command.
When the configuration is complete, exit configuration mode and save the configuration with the end and copy running-config startup-config commands.
N9K-External-A | N9K-External-B |
|
|
Validation
Once the uplink interfaces have been configured in the SFS UI and on the external Nexus switches, connectivity can be verified using the switch CLI.
Show command output on Leaf1A
With SFS, port channel numbers are automatically assigned as they are created. In this example, port channel 1 is the uplink connected to the Nexus switches. It has two members that are both up and active. Port channel 1000 is reserved for the VLTi.
Leaf1A# show port-channel summary
Flags: D - Down I - member up but inactive P - member up and active
U - Up (port-channel) F - Fallback Activated
--------------------------------------------------------------------------------
Group Port-Channel Type Protocol Member Ports
--------------------------------------------------------------------------------
1 port-channel1 (U) Eth DYNAMIC 1/1/53(P) 1/1/54(P)
1000 port-channel1000 (U) Eth STATIC 1/1/49(P) 1/1/50(P) 1/1/51(P)
1/1/52(P)
The L2 uplink (port channel 1 in this example) is a tagged member of VLAN 1811. This is verified at the CLI using the show virtual-network 1811 command as follows:
Leaf1A# show virtual-network 1811
Codes: DP - MAC-learn Dataplane, CP - MAC-learn Controlplane, UUD - Unknown-Unicast-Drop
Virtual Network: 1811
VLTi-VLAN: 1811
Members:
VLAN 1811: port-channel1, port-channel1000, ethernet1/1/1, ethernet1/1/2, ethernet1/1/3
VxLAN Virtual Network Identifier: 1811
Source Interface: loopback2(172.30.0.0)
Remote-VTEPs (flood-list):
Use the show vlt 255 vlt-port-detail command to verify the status of VLT ports. Port channel 1 is the L2 uplink to the Nexus switches. The output shows information for both VLT peer switches. An asterisk (*) denotes the local switch. In this case, Leaf1A is VLT unit 1, and Leaf1B is VLT unit 2.
Leaf1A# show vlt 255 vlt-port-detail
vlt-port-channel ID : 1
VLT Unit ID Port-Channel Status Configured ports Active ports
-------------------------------------------------------------------------------
* 1 port-channel1 up 2 2
2 port-channel1 up 2 2
Show command output on N9K-External-A
The show port-channel summary command confirms port channels are up. Po1 connects to the DNS/NTP server, Po100 connects to the SFS leaf switches, and Po1000 is the peer link.
N9K-External-A# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
p - Up in delay-lacp mode (member)
M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
1 Po1(SU) Eth LACP Eth1/1(P)
100 Po100(SU) Eth LACP Eth1/49(P) Eth1/50(P)
1000 Po1000(SU) Eth LACP Eth1/51(P) Eth1/52(P)
Run the show vlan command to verify ports are correctly assigned to the External Management VLAN (VLAN 1811). Po1 connects to the DNS/NTP server, Po100 connects to the SFS leaf switches, and Po1000 is the peer link.
N9K-External-A# show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Po1000, Eth1/51, Eth1/52
1811 ExtMgmt active Po1, Po100, Po1000, Eth1/49
Eth1/50, Eth1/51, Eth1/52
VLAN Type Vlan-mode
---- ----- ----------
1 enet CE
1811 enet CE
Remote SPAN VLANs
-------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- --------------- -------------------------------------------
Run the show vpc command to verify all vpc connections are up. In this example, Po1000 is the peer link, Po1 connects to the DNS/NTP server, and Po100 connects to the SFS leaf switches.
N9K-External-A# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 129
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po1000 up 1,1811
vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
1 Po1 up success success 1811
100 Po100 up success success 1811