Step-by-Step vPC Configuration on Cisco Nexus Switches

By | 01/08/2025
0 Comment

Last Updated on 02/08/2025 by administrator

Step-by-Step vPC Configuration on Cisco Nexus Switches

Step-by-Step vPC Configuration on Cisco Nexus Switches

Motivation:

Basic Step-by-Step vPC Configuration on Cisco Nexus Switches includes:

  1. Enable the vPC feature.
  2. Create a vPC domain and enter vpc-domain mode.
  3. Configure the vPC peer-keepalive link between switches.
  4. Create the vPC peer link.
  5. Move the PortChannel to vPC.

Virtual Port Channel Guidelines:

The following are the general guidelines to follow when deploying a vPC topology:

  • Same Switch Type: The switches in a vPC domain must be of the same type. For instance, you can pair two Cisco Nexus 9300 Series switches, but you cannot mix a Cisco Nexus 9300 Series with a Cisco Nexus 9800 Series switch within the same vPC domain. Similarly, you can pair two 9300-EX switches but not a 9300-EX with a 9300-FX switch.
  • Peer-Keepalive Link: You must configure the peer-keepalive link and adjacency between peers must be formed before the system can establish the vPC peer link.
  • Manual Configuration: You must manually configure both vPC peer devices; the configuration is not sent from one device to the other.
  • Layer 2 Only: Only Layer 2 port channels can be in vPCs.
  • Configuration Compatibility: You must ensure that all the necessary configuration parameters are compatible on both sides of the vPC peer link.
  • Peer-Link Bandwidth: To accommodate increased traffic when the vPC goes down and traffic needs to cross the peer-link, the best practice is to use multiple high-bandwidth interfaces (such as the 40G interfaces for the Cisco Nexus 9000 switches) across line cards for the peer-link.
  • Layer 3 Over vPC: Layer 3 over vPC is supported on Cisco Nexus 9000 Series switches for Layer 3 unicast communication only. Layer 3 over vPC is not supported for Layer 3 multicast traffic.
  • Same NX-OS Version: vPC peers must run the same Cisco NX-OS release.

Topology:

Step-by-Step vPC Configuration on Cisco Nexus Switches

Step-by-Step vPC Configuration on Cisco Nexus Switches [1][2]:

Create and Verify the vPC Keepalive Link:

NXOS-1:

Create a VRF for the keepalive link:

NXOS-1# configure terminal
NXOS-1(config)# vrf context VPC-KEEPALIVE

Configure a interface on Ethernet 1/8, and convert the interface to Layer 3. Assign the interface to the VRF VPC-KEEPALIVE. Then, assign the IP address 10.0.0.1/24 and enable interface:

NXOS-1(config-vrf)# interface Ethernet 1/8
NXOS-1(config-if)# no switchport 
NXOS-1(config-if)# vrf member VPC-KEEPALIVE
Warning: Deleted all L3 config on interface Ethernet1/8
NXOS-1(config-if)# ip address 10.0.0.1/24
NXOS-1(config-if)# no shutdown

Verify that the Layer 3 interface is up:

NXOS-1(config-if)# show ip interface brief vrf VPC-KEEPALIVE

IP Interface Status for VRF "VPC-KEEPALIVE"(3)
Interface            IP Address      Interface Status
Eth1/8               10.0.0.1        protocol-up/link-up/admin-up

NXOS-2:

Create a VRF for the keepalive link:

NXOS-2# configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
NXOS-2(config)# vrf context VPC-KEEPALIVE

Configure a interface on Ethernet 1/8, and convert the interface to Layer 3. Assign the interface to the VRF VPC-KEEPALIVE. Then, assign the IP address 10.0.0.2/24 and enable interface:

NXOS-2(config-vrf)# interface Ethernet 1/8
NXOS-2(config-if)# no switchport
NXOS-2(config-if)# vrf member VPC-KEEPALIVE
Warning: Deleted all L3 config on interface Ethernet1/8
NXOS-2(config-if)# ip address 10.0.0.2/24
NXOS-2(config-if)# no shutdown

Verify that the Layer 3 interface is up:

NXOS-2(config-if)#  show ip interface brief vrf VPC-KEEPALIVE

IP Interface Status for VRF "VPC-KEEPALIVE"(3)
Interface            IP Address      Interface Status
Eth1/8               10.0.0.2        protocol-up/link-up/admin-up

Verify the connectivity to peer NXOS-1 switch Layer 3 interface from NXOS-2:

NXOS-2(config-if)# ping 10.0.0.1 vrf VPC-KEEPALIVE
PING 10.0.0.1 (10.0.0.1): 56 data bytes
36 bytes from 10.0.0.2: Destination Host Unreachable
Request 0 timed out
64 bytes from 10.0.0.1: icmp_seq=1 ttl=254 time=14.757 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=254 time=2.346 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=254 time=1.768 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=254 time=2.07 ms

--- 10.0.0.1 ping statistics ---
5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 1.768/5.235/14.757 ms

Verify state of the vPC feature on NXOS-1 and NXOS-2. The vPC feature is disabled by default:

NXOS-1(config-if)# show feature | include vpc
vpc                    1          disabled


NXOS-2(config-if)# show feature | include vpc
vpc                    1          disabled

Enable the vPC Feature and Create the vPC Domain:

NXOS-1:

Enable the vPC feature:

NXOS-1(config)# feature vpc

To configure the vPC domain 10 and set up the vPC peer-keepalive by specifying the destination and source IPs along with the VRF:

NXOS-1(config)# vpc domain 10
NXOS-1(config-vpc-domain)# peer-keepalive destination 10.0.0.2 source 10.0.0.1 vrf VPC-KEEPALIVE

NXOS-2:

Enable the vPC feature:

NXOS-2(config)# feature vpc

To configure the vPC domain 10 and set up the vPC peer-keepalive by specifying the destination and source IPs along with the VRF:

NXOS-2(config)# vpc domain 10
NXOS-2(config-vpc-domain)# peer-keepalive destination 10.0.0.1 source 10.0.0.2 vrf VPC-KEEPALIVE

Confirm the status of the peer-keepalive link:

NXOS-2(config-vpc-domain)# show vpc peer-keepalive 

vPC keep-alive status             : peer is alive                 
--Peer is alive for             : (833) seconds, (18) msec
--Send status                   : Success 
--Last send at                  : 2025.07.27 09:01:43 372 ms
--Sent on interface             : Eth1/8
--Receive status                : Success
--Last receive at               : 2025.07.27 09:01:43 376 ms
--Received on interface         : Eth1/8
--Last update from peer         : (0) seconds, (213) msec

vPC Keep-alive parameters
--Destination                   : 10.0.0.1
--Keepalive interval            : 1000 msec
--Keepalive timeout             : 5 seconds
--Keepalive hold timeout        : 3 seconds
--Keepalive vrf                 : VPC-KEEPALIVE
--Keepalive udp port            : 3200
--Keepalive tos                 : 192

Create and Verify vPC Peer Link:

NXOS-1:

Enter the interface range configuration mode for Ethernet1/1-2. Set the interfaces to Layer 2 mode and configure them as trunks. Then, add them to Port-Channel 10:

NXOS-1(config-vpc-domain)# interface Ethernet 1/1-2
NXOS-1(config-if-range)# switchport
NXOS-1(config-if-range)# switchport mode trunk
NXOS-1(config-if-range)# channel-group 10

Create a Port-Channel 10 interface. Then, designate the port-channel as a vPC peer-link:

NXOS-1(config-if-range)# interface port-channel 10
NXOS-1(config-if)# vpc peer-link
Warning: Bridge Assurance MUST be enabled at the remotely connected interface

Note: While Bridge Assurance is enabled by default on Cisco Nexus switches, this warning serves as a reminder to check the configuration, especially if the peer switch is from another vendor or has a different setup.

NXOS-2:

Enter the interface range configuration mode for Ethernet1/1-2. Set the interfaces to Layer 2 mode and configure them as trunks. Then, add them to Port-Channel 10:

NXOS-2(config-vpc-domain)# interface Ethernet 1/1-2
NXOS-2(config-if-range)# switchport
NXOS-2(config-if-range)# switchport mode trunk
NXOS-2(config-if-range)# channel-group 10

Create a Port-Channel 10 interface. Then, designate the port-channel as a vPC peer-link:

NXOS-2(config-if-range)# interface port-channel 10
NXOS-2(config-if)# vpc peer-link

Verify the status of Port-Channel 10. Ensure that Port-Channel 10 is up, indicated by the SU flag (S for a switched port-channel and U for up). Additionally, confirm that both Ethernet1/1 and Ethernet1/2 are active members of the port-channel, as shown by the P flag next to each interface.

NXOS-2(config-if)# show port-channel summary
Flags:  D - Down        P - Up in port-channel (members)
        I - Individual  H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        b - BFD Session Wait
        S - Switched    R - Routed
        U - Up (port-channel)
        p - Up in delay-lacp mode (member)
        M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
10    Po10(SU)    Eth      NONE      Eth1/1(P)    Eth1/2(P)

Verify the operational status of Port-Channel 10. Confirm that Port-Channel 10 is up and in trunk mode, with both Ethernet1/1 and Ethernet1/2 as active port-channel members:

NXOS-2(config-if)# show interface port-channel 10
port-channel10 is up
admin state is up,
  Hardware: Port-Channel, address: 5210.b476.0101 (bia 5210.b476.0101)
  MTU 9216 bytes, BW 2000000 Kbit , DLY 10 usec
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, medium is broadcast
  Port mode is trunk
  full-duplex, 1000 Mb/s
  Input flow-control is off, output flow-control is off
  Auto-mdix is turned off
  Switchport monitor is off 
  EtherType is 0x8100 
  Members in this channel: Eth1/1, Eth1/2
  Last clearing of "show interface" counters never
<... output omitted ...>

Verify the vPC role:

NXOS-2(config-if)# show vpc role

vPC Role status
----------------------------------------------------
vPC role                        : primary                       
Dual Active Detection Status    : 0
vPC system-mac                  : 00:23:04:ee:be:0a             
vPC system-priority             : 32667
vPC local system-mac            : 52:10:b4:76:1b:08             
vPC local role-priority         : 32667
vPC local config role-priority  : 32667
vPC peer system-mac             : 52:1b:aa:7c:1b:08             
vPC peer role-priority          : 32667
vPC peer config role-priority   : 32667

Note: The vPC role may vary.

NXOS-1:

Verify the status of Port-Channel 10. Ensure that Port-Channel 10 is up, indicated by the SU flag (S for a switched port-channel and U for up). Additionally, confirm that both Ethernet1/1 and Ethernet1/2 are active members of the port-channel, as shown by the P flag next to each interface.

NXOS-1(config-if)# show port-channel summary
Flags:  D - Down        P - Up in port-channel (members)
        I - Individual  H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        b - BFD Session Wait
        S - Switched    R - Routed
        U - Up (port-channel)
        p - Up in delay-lacp mode (member)
        M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
10    Po10(SU)    Eth      NONE      Eth1/1(P)    Eth1/2(P)

Verify the operational status of Port-Channel 10. Confirm that Port-Channel 10 is up and in trunk mode, with both Ethernet1/1 and Ethernet1/2 as active port-channel members.

NXOS-1(config-if)# show interface port-channel 10
port-channel10 is up
admin state is up,
  Hardware: Port-Channel, address: 521b.aa7c.0101 (bia 521b.aa7c.0101)
  MTU 9216 bytes, BW 2000000 Kbit , DLY 10 usec
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, medium is broadcast
  Port mode is trunk
  full-duplex, 1000 Mb/s
  Input flow-control is off, output flow-control is off
  Auto-mdix is turned off
  Switchport monitor is off 
  EtherType is 0x8100 
  Members in this channel: Eth1/1, Eth1/2
  Last clearing of "show interface" counters never
<... output omitted ...>

Verify the vPC status. Confirm that the vPC peer adjacency is formed successfully and the vPC keepalive status indicates that the peer is alive. Check that the Port-Channel 10 is up:

NXOS-1(config-if)# show vpc
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 10
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : peer is alive                 
Configuration consistency status  : success 
Per-vlan consistency status       : success                       
Type-2 consistency status         : success 
vPC role                          : secondary                     
Number of vPCs configured         : 0   
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Disabled
Delay-restore status              : Timer is off.(timeout = 30s)
Delay-restore SVI status          : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router    : Disabled
Virtual-peerlink mode             : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id    Port   Status Active vlans    
--    ----   ------ -------------------------------------------------
1     Po10   up     1

Verify the vPC role:

NXOS-1(config-if)# show vpc role

vPC Role status
----------------------------------------------------
vPC role                        : secondary                     
Dual Active Detection Status    : 0
vPC system-mac                  : 00:23:04:ee:be:0a             
vPC system-priority             : 32667
vPC local system-mac            : 52:1b:aa:7c:1b:08             
vPC local role-priority         : 32667
vPC local config role-priority  : 32667
vPC peer system-mac             : 52:10:b4:76:1b:08             
vPC peer role-priority          : 32667
vPC peer config role-priority   : 32667

Configure vPC Member Interfaces:

NXOS-1:

Enable the Link Aggregation Control Protocol (LACP) feature:

NXOS-1(config-if)# feature lacp

Configure the interface Ethernet 1/3 to trunk mode and add it to the channel group 20 in mode active:

NXOS-1(config)# interface Ethernet1/3
NXOS-1(config-if)# switchport mode trunk
NXOS-1(config-if)# channel-group 20 mode active

Create an interface port channel 20 and configure it to vPC 20:

NXOS-1(config-if)# interface port-channel 20
NXOS-1(config-if)# vpc 20

Verify the state of Port-Channel 20. Port-Channel 20 will be in down state until you configure the interface on the NXOS-2 switch.

NXOS-1(config-if)# show port-channel summary

Flags:  D - Down        P - Up in port-channel (members)
        I - Individual  H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        b - BFD Session Wait
        S - Switched    R - Routed
        U - Up (port-channel)
        p - Up in delay-lacp mode (member)
        M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
10    Po10(SU)    Eth      NONE      Eth1/1(P)    Eth1/2(P)
20    Po20(SD)    Eth      LACP      Eth1/3(D)

NXOS-2:

Enable the Link Aggregation Control Protocol (LACP) feature:

NXOS-2(config-if)# feature lacp

Configure the interface Ethernet 1/3 to trunk mode and add it to the channel group 20 in mode active:

NXOS-2(config)# interface Ethernet1/3
NXOS-2(config-if)# switchport mode trunk
NXOS-2(config-if)# channel-group 20 mode active

Create an interface port channel 20 and configure it to vPC 20:

NXOS-2(config-if)# interface port-channel 20
NXOS-2(config-if)# vpc 20

Check the vPC 20 within the vPC domain 10 is up. Note that it may take a minute or two for the status to transition from „down“ to „up.“

NXOS-2(config-if)# show vpc brief
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 10  
Peer status                       : peer adjacency formed ok      
vPC keep-alive status             : peer is alive                 
Configuration consistency status  : success 
Per-vlan consistency status       : success                       
Type-2 consistency status         : success 
vPC role                          : primary                       
Number of vPCs configured         : 1   
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Disabled
Delay-restore status              : Timer is off.(timeout = 30s)
Delay-restore SVI status          : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router    : Disabled
Virtual-peerlink mode             : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id    Port   Status Active vlans    
--    ----   ------ -------------------------------------------------
1     Po10   up     1                                                           
         

vPC status
----------------------------------------------------------------------------
Id    Port          Status Consistency Reason                Active vlans
--    ------------  ------ ----------- ------                ---------------
20    Po20          up     success     success               1                
         
                                                                                
Please check "show vpc consistency-parameters vpc <vpc-num>" for the 
consistency reason of down vpc and for type-2 consistency reasons for 
any vpc.

NXOS-3:

Enable the Link Aggregation Control Protocol (LACP) feature:

NXOS-3(config-if)# feature lacp

Enter the interface range configuration mode for GigabitEthernet0/0 – 1. Set the interfaces to Layer 2 mode and configure them as trunks. Then add it to the channel group 20 in mode active:

NXOS-3(config)# interface range GigabitEthernet0/0 - 1
NXOS-3(config-if)# switchport
NXOS-3(config-if)# switchport mode trunk
NXOS-3(config-if)# channel-group 20 mode active

Create an interface port channel 20 and configure them as trunk:

NXOS-3(config-if)# interface port-channel 20
NXOS-3(config-if)# switchport mode trunk

Verify the state of Port-Channel 20 on the NXOS-3 switch:

NXOS-3(config-if)# show port-channel summary

Flags:  D - Down        P - Up in channel
        I - Standalone  s - Suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - Up (port-channel) M - Not in use, minimum links not met

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
20     Po20(SU)     LACP        Gi0/0(P)  Gi0/1(P)

Final topology with configured commands:

Step-by-Step vPC Configuration on Cisco Nexus Switches

And that’s all! I hope that this article Step-by-Step vPC Configuration on Cisco Nexus Switches helped.

Source:

[1] https://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/218333-understand-and-configure-nexus-9000-vpc.html

[2] https://www.ciscopress.com/articles/article.asp?p=3150966&seqNum=2

Počet zhlédnutí: 140

Napsat komentář

Vaše e-mailová adresa nebude zveřejněna. Vyžadované informace jsou označeny *