Home > Networking Solutions > Converged and Hyperconverged Solutions > VxRail Networking Solutions > Guides > Dell EMC Networking SmartFabric Services Deployment with VxRail 7.0 > Configure external Nexus switches for L2 connections
The external Nexus and SmartFabric leaf switches are cabled as shown in Figure 128 and are powered on. When L2 uplink configuration is complete, Leaf1A and Leaf1B connect with a VLT port channel to a virtual PortChannel (vPC) on the external Nexus switches. In this example, an existing DNS/NTP server also connects to the Nexus switches using a vPC.
Figure 128. L2 uplinks to external Nexus 9000 switches
Note: DNS and NTP servers do not have to connect in this manner if they are reachable on the network.
All ports on the four switches shown in Figure 128 are in the External Management VLAN, 1811, in this example.
Note: All Nexus switch configuration commands used to validate this topology are shown in the sections that follow. These are only examples. Modify your Nexus external switch configuration as needed for your environment.
Enable the following features: interface-vlan, lacp, vrrp, vpc, lldp. Configure the hostname, OOB management IP address on VRF management, and the VRF management route as shown.
Note: Nexus spanning tree settings are at their factory defaults in this example. You may configure spanning tree on the Nexus switches as needed for your environment. On Dell leaf switches in SmartFabric mode, spanning tree is disabled on L2 uplinks. See Dell EMC Networking SmartFabric Services Deployment with VxRail for more information.
N9K-External-A |
N9K-External-B |
configure terminal
feature interface-vlan feature lacp feature vrrp feature vpc feature lldp
hostname N9K-External-A
interface mgmt 0 ip address 100.67.127.30/24 vrf member management no shutdown
vrf context management ip route 100.67.0.0/16 100.67.127.254 |
configure terminal
feature interface-vlan feature lacp feature vrrp feature vpc feature lldp
hostname N9K-External-B
interface mgmt 0 ip address 100.67.127.29/24 vrf member management no shutdown
vrf context management ip route 100.67.0.0/16 100.67.127.254 |
VLAN 1811 represents a preexisting management VLAN on the external network. DNS and NTP services are located on this VLAN. Optionally, enable jumbo frames with the mtu 9216 command.
If traffic will be routed from the external switches to other external networks, assign a unique IP address on each switch and configure VRRP to provide gateway redundancy. Assign the same virtual address to both switches.
N9K-External-A |
N9K-External-B |
vlan 1811 name ExtMgmt no shutdown
interface Vlan1811 description ExtMgmt no shutdown mtu 9216 ip address 172.18.11.252/24 vrrp 11 address 172.18.11.254 no shutdown |
vlan 1811 name ExtMgmt no shutdown
interface Vlan1811 description ExtMgmt no shutdown mtu 9216 ip address 172.18.11.253/24 vrrp 11 address 172.18.11.254 no shutdown |
Create the vPC domain. The peer-keepalive destination is the OOB management IP address of the vPC peer switch.
Configure a port channel to use as the vPC peer link. Put the port channel in trunk mode and allow the default and External Management VLANs, 1 and 1811 respectively.
Configure the interfaces to use in the vPC peer link. Put the interfaces in trunk mode and allow the default and External Management VLANs, 1 and 1811 respectively. Add the interfaces to the peer link port channel. Port-channel 1000 is set as an LACP port-channel with the channel-group 1000 mode active command.
N9K-External-A |
N9K-External-B |
vpc domain 129 role priority 1 peer-keepalive destination 100.67.127.29
interface port-channel 1000 description "Peer-Link to External-B" switchport switchport mode trunk switchport trunk allowed vlan 1,1811 vpc peer-link no shutdown
interface ethernet 1/51-52 description "Link to External-B" switchport switchport mode trunk switchport trunk allowed vlan 1,1811 channel-group 1000 mode active no shutdown |
vpc domain 129 role priority 65535 peer-keepalive destination 100.67.127.30
interface port-channel 1000 description "Peer-Link to External-A" switchport switchport mode trunk switchport trunk allowed vlan 1,1811 vpc peer-link no shutdown
interface ethernet 1/51-52 description "Link to External-A" switchport switchport mode trunk switchport trunk allowed vlan 1,1811 channel-group 1000 mode active no shutdown |
Configure the interfaces for connections to the SFS leaf switches. Interfaces 1/49 and 1/50 are configured in vPC 100 in this example. Port-channel 100 is set as an LACP port-channel with the channel-group 100 mode active command.
Use the switchport mode trunk command to enable the port-channel to carry traffic for multiple VLANs. Allow VLAN 1811 (the External Management VLAN).
Optionally, allow the forwarding of jumbo frames with the mtu 9216 command.
In this example, interface 1/1 on each external switch is configured in vPC 1 for connections to the DNS/NTP server. Port-channel 1 is set as an LACP port-channel with the channel-group 1 mode active command.
When the configuration is complete, exit configuration mode and save the configuration with the end and copy running-config startup-config commands.
N9K-External-A |
N9K-External-B |
interface port-channel 100 description "vPC to Leaf1A/1B" switchport switchport mode trunk switchport trunk allowed vlan 1811 vpc 100 mtu 9216 no shutdown
interface ethernet 1/49-50 description "Link to Leaf1A/1B" switchport switchport mode trunk switchport trunk allowed vlan 1811 mtu 9216 channel-group 100 mode active no shutdown
interface port-channel 1 description "vPC to DNS/NTP" switchport switchport mode access switchport access vlan 1811 vpc 1 no shutdown
interface ethernet 1/1 description "Link to DNS/NTP" switchport switchport mode access switchport access vlan 1811 channel-group 1 mode active no shutdown
end copy running-config startup-config |
interface port-channel 100 description "vPC to Leaf1A/1B" switchport switchport mode trunk switchport trunk allowed vlan 1811 vpc 100 mtu 9216 no shutdown
interface ethernet 1/49-50 description "Link to Leaf1A/1B" switchport switchport mode trunk switchport trunk allowed vlan 1811 mtu 9216 channel-group 100 mode active no shutdown
interface port-channel 1 description "vPC to DNS/NTP" switchport switchport mode access switchport access vlan 1811 vpc 1 no shutdown
interface ethernet 1/1 description "Link to DNS/NTP" switchport switchport mode access switchport access vlan 1811 channel-group 1 mode active no shutdown
end copy running-config startup-config |
Once the uplink interfaces have been configured in the SFS GUI and on the external Nexus switches, connectivity can be verified using the switch CLI.
Note: The command output shown in the following commands is for Leaf1A. The output for Leaf1B is similar.
With SFS, port channel numbers are automatically assigned as they are created. In this example, port channel 1 is the uplink connected to the Nexus switches. It has two members that are both up and active. Port channel 1000 is reserved for the VLTi.
S5248F-Leaf1A# show port-channel summary
Flags: D - Down I - member up but inactive P - member up and active
U - Up (port-channel) F - Fallback Activated
--------------------------------------------------------------------------------
Group Port-Channel Type Protocol Member Ports
--------------------------------------------------------------------------------
1 port-channel1 (U) Eth DYNAMIC 1/1/53(P) 1/1/54(P)
1000 port-channel1000 (U) Eth STATIC 1/1/49(P) 1/1/50(P) 1/1/51(P)
1/1/52(P)
The L2 uplink, port channel 1 in this example, is a tagged member of VLAN 1811. This is verified at the CLI using the show virtual-network command as follows:
S5248F-Leaf1A# show virtual-network
Codes: DP - MAC-learn Dataplane, CP - MAC-learn Controlplane, UUD - Unknown-Unicast-Drop
Un-tagged VLAN: 4080
Virtual Network: 1811
VLTi-VLAN: 1811
Members:
Untagged: ethernet1/1/9:1
VLAN 1811: port-channel1, port-channel1000, ethernet1/1/1, ethernet1/1/2, ethernet1/1/3
VxLAN Virtual Network Identifier: 1811
Source Interface: loopback2(172.30.0.0)
Remote-VTEPs (flood-list):
Virtual Network: 1812
VLTi-VLAN: 1812
Members:
VLAN 1812: port-channel1, port-channel1000, ethernet1/1/1, ethernet1/1/2, ethernet1/1/3
VxLAN Virtual Network Identifier: 1812
Source Interface: loopback2(172.30.0.0)
Remote-VTEPs (flood-list):
Virtual Network: 1813
VLTi-VLAN: 1813
Members:
VLAN 1813: port-channel1, port-channel1000, ethernet1/1/1, ethernet1/1/2, ethernet1/1/3
VxLAN Virtual Network Identifier: 1813
Source Interface: loopback2(172.30.0.0)
Remote-VTEPs (flood-list):
Virtual Network: 1814
VLTi-VLAN: 1814
Members:
VLAN 1814: port-channel1, port-channel1000, ethernet1/1/1, ethernet1/1/2, ethernet1/1/3
VxLAN Virtual Network Identifier: 1814
Source Interface: loopback2(172.30.0.0)
Remote-VTEPs (flood-list):
Virtual Network: 1815
VLTi-VLAN: 1815
Members:
VLAN 1815: port-channel1, port-channel1000, ethernet1/1/1, ethernet1/1/2, ethernet1/1/3
VxLAN Virtual Network Identifier: 1815
Source Interface: loopback2(172.30.0.0)
Remote-VTEPs (flood-list):
Virtual Network: 3939
Description: In-band SmartFabric Services discovery network
VLTi-VLAN: 3939
Members:
VLAN 3939: port-channel1000, ethernet1/1/1, ethernet1/1/2, ethernet1/1/3
VxLAN Virtual Network Identifier: 3939
Source Interface: loopback2(172.30.0.0)
Remote-VTEPs (flood-list):
Virtual Network: 4091
Description: Default untagged network for client onboarding
VLTi-VLAN: 4091
Members:
Untagged: ethernet1/1/1, ethernet1/1/2, ethernet1/1/3
VLAN 4091: port-channel1000
VxLAN Virtual Network Identifier: 4091
Source Interface: loopback2(172.30.0.0)
Remote-VTEPs (flood-list):
Use the show vlt 255 vlt-port-detail to verify the status of VLT ports. Port channel 1 is the L2 uplink to the Nexus switches. The output shows information for both VLT peer switches. An asterisk (*) denotes the local switch. In this case, Leaf1A is VLT unit 1, and Leaf1B is VLT unit 2.
S5248F-Leaf1A# show vlt 255 vlt-port-detail
vlt-port-channel ID : 1
VLT Unit ID Port-Channel Status Configured ports Active ports
-------------------------------------------------------------------------------
* 1 port-channel1 up 2 2
2 port-channel1 up 2 2
Note: The command output shown in the following commands is for the N9K-External-A switch. The output for N9K-External-B is similar.
The show port-channel summary command confirms port channels are up. Po1 connects to the DNS/NTP server, Po100 connects to the SFS leaf switches, and Po1000 is the peer link.
N9K-External-A# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
p - Up in delay-lacp mode (member)
M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
1 Po1(SU) Eth LACP Eth1/1(P)
100 Po100(SU) Eth LACP Eth1/49(P) Eth1/50(P)
1000 Po1000(SU) Eth LACP Eth1/51(P) Eth1/52(P)
Run the show vlan command to verify ports are correctly assigned to the External Management VLAN (VLAN 1811). Po1 connects to the DNS/NTP server, Po100 connects to the SFS leaf switches, and Po1000 is the peer link.
N9K-External-A# show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Po1000, Eth1/51, Eth1/52
1811 ExtMgmt active Po1, Po100, Po1000, Eth1/49
Eth1/50, Eth1/51, Eth1/52
VLAN Type Vlan-mode
---- ----- ----------
1 enet CE
1811 enet CE
Remote SPAN VLANs
-------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- --------------- -------------------------------------------
Run the show vpc command to verify all vpc connections are up. In this example, Po1000 is the peer link, Po1 connects to the DNS/NTP server, and Po100 connects to the SFS leaf switches.
N9K-External-A# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 129
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po1000 up 1,1811
vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
1 Po1 up success success 1811
100 Po100 up success success 1811
Note To continue deployment, go to Configure a jump host port.