Last Updated on 02/08/2025 by administrator
Step-by-Step vPC Configuration on Cisco Nexus Switches
Step-by-Step vPC Configuration on Cisco Nexus Switches
Motivation:
Basic Step-by-Step vPC Configuration on Cisco Nexus Switches includes:
- Enable the vPC feature.
- Create a vPC domain and enter vpc-domain mode.
- Configure the vPC peer-keepalive link between switches.
- Create the vPC peer link.
- Move the PortChannel to vPC.
Virtual Port Channel Guidelines:
The following are the general guidelines to follow when deploying a vPC topology:
- Same Switch Type: The switches in a vPC domain must be of the same type. For instance, you can pair two Cisco Nexus 9300 Series switches, but you cannot mix a Cisco Nexus 9300 Series with a Cisco Nexus 9800 Series switch within the same vPC domain. Similarly, you can pair two 9300-EX switches but not a 9300-EX with a 9300-FX switch.
- Peer-Keepalive Link: You must configure the peer-keepalive link and adjacency between peers must be formed before the system can establish the vPC peer link.
- Manual Configuration: You must manually configure both vPC peer devices; the configuration is not sent from one device to the other.
- Layer 2 Only: Only Layer 2 port channels can be in vPCs.
- Configuration Compatibility: You must ensure that all the necessary configuration parameters are compatible on both sides of the vPC peer link.
- Peer-Link Bandwidth: To accommodate increased traffic when the vPC goes down and traffic needs to cross the peer-link, the best practice is to use multiple high-bandwidth interfaces (such as the 40G interfaces for the Cisco Nexus 9000 switches) across line cards for the peer-link.
- Layer 3 Over vPC: Layer 3 over vPC is supported on Cisco Nexus 9000 Series switches for Layer 3 unicast communication only. Layer 3 over vPC is not supported for Layer 3 multicast traffic.
- Same NX-OS Version: vPC peers must run the same Cisco NX-OS release.
Topology:
Step-by-Step vPC Configuration on Cisco Nexus Switches [1][2]:
Create and Verify the vPC Keepalive Link:
NXOS-1:
Create a VRF for the keepalive link:
NXOS-1# configure terminal
NXOS-1(config)# vrf context VPC-KEEPALIVE
Configure a interface on Ethernet 1/8, and convert the interface to Layer 3. Assign the interface to the VRF VPC-KEEPALIVE. Then, assign the IP address 10.0.0.1/24 and enable interface:
NXOS-1(config-vrf)# interface Ethernet 1/8
NXOS-1(config-if)# no switchport
NXOS-1(config-if)# vrf member VPC-KEEPALIVE
Warning: Deleted all L3 config on interface Ethernet1/8
NXOS-1(config-if)# ip address 10.0.0.1/24
NXOS-1(config-if)# no shutdown
Verify that the Layer 3 interface is up:
NXOS-1(config-if)# show ip interface brief vrf VPC-KEEPALIVE
IP Interface Status for VRF "VPC-KEEPALIVE"(3)
Interface IP Address Interface Status
Eth1/8 10.0.0.1 protocol-up/link-up/admin-up
NXOS-2:
Create a VRF for the keepalive link:
NXOS-2# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
NXOS-2(config)# vrf context VPC-KEEPALIVE
Configure a interface on Ethernet 1/8, and convert the interface to Layer 3. Assign the interface to the VRF VPC-KEEPALIVE. Then, assign the IP address 10.0.0.2/24 and enable interface:
NXOS-2(config-vrf)# interface Ethernet 1/8
NXOS-2(config-if)# no switchport
NXOS-2(config-if)# vrf member VPC-KEEPALIVE
Warning: Deleted all L3 config on interface Ethernet1/8
NXOS-2(config-if)# ip address 10.0.0.2/24
NXOS-2(config-if)# no shutdown
Verify that the Layer 3 interface is up:
NXOS-2(config-if)# show ip interface brief vrf VPC-KEEPALIVE
IP Interface Status for VRF "VPC-KEEPALIVE"(3)
Interface IP Address Interface Status
Eth1/8 10.0.0.2 protocol-up/link-up/admin-up
Verify the connectivity to peer NXOS-1 switch Layer 3 interface from NXOS-2:
NXOS-2(config-if)# ping 10.0.0.1 vrf VPC-KEEPALIVE
PING 10.0.0.1 (10.0.0.1): 56 data bytes
36 bytes from 10.0.0.2: Destination Host Unreachable
Request 0 timed out
64 bytes from 10.0.0.1: icmp_seq=1 ttl=254 time=14.757 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=254 time=2.346 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=254 time=1.768 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=254 time=2.07 ms
--- 10.0.0.1 ping statistics ---
5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 1.768/5.235/14.757 ms
Verify state of the vPC feature on NXOS-1 and NXOS-2. The vPC feature is disabled by default:
NXOS-1(config-if)# show feature | include vpc
vpc 1 disabled
NXOS-2(config-if)# show feature | include vpc
vpc 1 disabled
Enable the vPC Feature and Create the vPC Domain:
NXOS-1:
Enable the vPC feature:
NXOS-1(config)# feature vpc
To configure the vPC domain 10 and set up the vPC peer-keepalive by specifying the destination and source IPs along with the VRF:
NXOS-1(config)# vpc domain 10
NXOS-1(config-vpc-domain)# peer-keepalive destination 10.0.0.2 source 10.0.0.1 vrf VPC-KEEPALIVE
NXOS-2:
Enable the vPC feature:
NXOS-2(config)# feature vpc
To configure the vPC domain 10 and set up the vPC peer-keepalive by specifying the destination and source IPs along with the VRF:
NXOS-2(config)# vpc domain 10
NXOS-2(config-vpc-domain)# peer-keepalive destination 10.0.0.1 source 10.0.0.2 vrf VPC-KEEPALIVE
Confirm the status of the peer-keepalive link:
NXOS-2(config-vpc-domain)# show vpc peer-keepalive
vPC keep-alive status : peer is alive
--Peer is alive for : (833) seconds, (18) msec
--Send status : Success
--Last send at : 2025.07.27 09:01:43 372 ms
--Sent on interface : Eth1/8
--Receive status : Success
--Last receive at : 2025.07.27 09:01:43 376 ms
--Received on interface : Eth1/8
--Last update from peer : (0) seconds, (213) msec
vPC Keep-alive parameters
--Destination : 10.0.0.1
--Keepalive interval : 1000 msec
--Keepalive timeout : 5 seconds
--Keepalive hold timeout : 3 seconds
--Keepalive vrf : VPC-KEEPALIVE
--Keepalive udp port : 3200
--Keepalive tos : 192
Create and Verify vPC Peer Link:
NXOS-1:
Enter the interface range configuration mode for Ethernet1/1-2. Set the interfaces to Layer 2 mode and configure them as trunks. Then, add them to Port-Channel 10:
NXOS-1(config-vpc-domain)# interface Ethernet 1/1-2
NXOS-1(config-if-range)# switchport
NXOS-1(config-if-range)# switchport mode trunk
NXOS-1(config-if-range)# channel-group 10
Create a Port-Channel 10 interface. Then, designate the port-channel as a vPC peer-link:
NXOS-1(config-if-range)# interface port-channel 10
NXOS-1(config-if)# vpc peer-link
Warning: Bridge Assurance MUST be enabled at the remotely connected interface
Note: While Bridge Assurance is enabled by default on Cisco Nexus switches, this warning serves as a reminder to check the configuration, especially if the peer switch is from another vendor or has a different setup.
NXOS-2:
Enter the interface range configuration mode for Ethernet1/1-2. Set the interfaces to Layer 2 mode and configure them as trunks. Then, add them to Port-Channel 10:
NXOS-2(config-vpc-domain)# interface Ethernet 1/1-2
NXOS-2(config-if-range)# switchport
NXOS-2(config-if-range)# switchport mode trunk
NXOS-2(config-if-range)# channel-group 10
Create a Port-Channel 10 interface. Then, designate the port-channel as a vPC peer-link:
NXOS-2(config-if-range)# interface port-channel 10
NXOS-2(config-if)# vpc peer-link
Verify the status of Port-Channel 10. Ensure that Port-Channel 10 is up, indicated by the SU flag (S for a switched port-channel and U for up). Additionally, confirm that both Ethernet1/1 and Ethernet1/2 are active members of the port-channel, as shown by the P flag next to each interface.
NXOS-2(config-if)# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
b - BFD Session Wait
S - Switched R - Routed
U - Up (port-channel)
p - Up in delay-lacp mode (member)
M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
10 Po10(SU) Eth NONE Eth1/1(P) Eth1/2(P)
Verify the operational status of Port-Channel 10. Confirm that Port-Channel 10 is up and in trunk mode, with both Ethernet1/1 and Ethernet1/2 as active port-channel members:
NXOS-2(config-if)# show interface port-channel 10
port-channel10 is up
admin state is up,
Hardware: Port-Channel, address: 5210.b476.0101 (bia 5210.b476.0101)
MTU 9216 bytes, BW 2000000 Kbit , DLY 10 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, medium is broadcast
Port mode is trunk
full-duplex, 1000 Mb/s
Input flow-control is off, output flow-control is off
Auto-mdix is turned off
Switchport monitor is off
EtherType is 0x8100
Members in this channel: Eth1/1, Eth1/2
Last clearing of "show interface" counters never
<... output omitted ...>
Verify the vPC role:
NXOS-2(config-if)# show vpc role
vPC Role status
----------------------------------------------------
vPC role : primary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:0a
vPC system-priority : 32667
vPC local system-mac : 52:10:b4:76:1b:08
vPC local role-priority : 32667
vPC local config role-priority : 32667
vPC peer system-mac : 52:1b:aa:7c:1b:08
vPC peer role-priority : 32667
vPC peer config role-priority : 32667
Note: The vPC role may vary.
NXOS-1:
Verify the status of Port-Channel 10. Ensure that Port-Channel 10 is up, indicated by the SU flag (S for a switched port-channel and U for up). Additionally, confirm that both Ethernet1/1 and Ethernet1/2 are active members of the port-channel, as shown by the P flag next to each interface.
NXOS-1(config-if)# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
b - BFD Session Wait
S - Switched R - Routed
U - Up (port-channel)
p - Up in delay-lacp mode (member)
M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
10 Po10(SU) Eth NONE Eth1/1(P) Eth1/2(P)
Verify the operational status of Port-Channel 10. Confirm that Port-Channel 10 is up and in trunk mode, with both Ethernet1/1 and Ethernet1/2 as active port-channel members.
NXOS-1(config-if)# show interface port-channel 10
port-channel10 is up
admin state is up,
Hardware: Port-Channel, address: 521b.aa7c.0101 (bia 521b.aa7c.0101)
MTU 9216 bytes, BW 2000000 Kbit , DLY 10 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, medium is broadcast
Port mode is trunk
full-duplex, 1000 Mb/s
Input flow-control is off, output flow-control is off
Auto-mdix is turned off
Switchport monitor is off
EtherType is 0x8100
Members in this channel: Eth1/1, Eth1/2
Last clearing of "show interface" counters never
<... output omitted ...>
Verify the vPC status. Confirm that the vPC peer adjacency is formed successfully and the vPC keepalive status indicates that the peer is alive. Check that the Port-Channel 10 is up:
NXOS-1(config-if)# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 10
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po10 up 1
Verify the vPC role:
NXOS-1(config-if)# show vpc role
vPC Role status
----------------------------------------------------
vPC role : secondary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:0a
vPC system-priority : 32667
vPC local system-mac : 52:1b:aa:7c:1b:08
vPC local role-priority : 32667
vPC local config role-priority : 32667
vPC peer system-mac : 52:10:b4:76:1b:08
vPC peer role-priority : 32667
vPC peer config role-priority : 32667
Configure vPC Member Interfaces:
NXOS-1:
Enable the Link Aggregation Control Protocol (LACP) feature:
NXOS-1(config-if)# feature lacp
Configure the interface Ethernet 1/3 to trunk mode and add it to the channel group 20 in mode active:
NXOS-1(config)# interface Ethernet1/3
NXOS-1(config-if)# switchport mode trunk
NXOS-1(config-if)# channel-group 20 mode active
Create an interface port channel 20 and configure it to vPC 20:
NXOS-1(config-if)# interface port-channel 20
NXOS-1(config-if)# vpc 20
Verify the state of Port-Channel 20. Port-Channel 20 will be in down state until you configure the interface on the NXOS-2 switch.
NXOS-1(config-if)# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
b - BFD Session Wait
S - Switched R - Routed
U - Up (port-channel)
p - Up in delay-lacp mode (member)
M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
10 Po10(SU) Eth NONE Eth1/1(P) Eth1/2(P)
20 Po20(SD) Eth LACP Eth1/3(D)
NXOS-2:
Enable the Link Aggregation Control Protocol (LACP) feature:
NXOS-2(config-if)# feature lacp
Configure the interface Ethernet 1/3 to trunk mode and add it to the channel group 20 in mode active:
NXOS-2(config)# interface Ethernet1/3
NXOS-2(config-if)# switchport mode trunk
NXOS-2(config-if)# channel-group 20 mode active
Create an interface port channel 20 and configure it to vPC 20:
NXOS-2(config-if)# interface port-channel 20
NXOS-2(config-if)# vpc 20
Check the vPC 20 within the vPC domain 10 is up. Note that it may take a minute or two for the status to transition from „down“ to „up.“
NXOS-2(config-if)# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 10
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po10 up 1
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
20 Po20 up success success 1
Please check "show vpc consistency-parameters vpc <vpc-num>" for the
consistency reason of down vpc and for type-2 consistency reasons for
any vpc.
NXOS-3:
Enable the Link Aggregation Control Protocol (LACP) feature:
NXOS-3(config-if)# feature lacp
Enter the interface range configuration mode for GigabitEthernet0/0 – 1. Set the interfaces to Layer 2 mode and configure them as trunks. Then add it to the channel group 20 in mode active:
NXOS-3(config)# interface range GigabitEthernet0/0 - 1
NXOS-3(config-if)# switchport
NXOS-3(config-if)# switchport mode trunk
NXOS-3(config-if)# channel-group 20 mode active
Create an interface port channel 20 and configure them as trunk:
NXOS-3(config-if)# interface port-channel 20
NXOS-3(config-if)# switchport mode trunk
Verify the state of Port-Channel 20 on the NXOS-3 switch:
NXOS-3(config-if)# show port-channel summary
Flags: D - Down P - Up in channel
I - Standalone s - Suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - Up (port-channel) M - Not in use, minimum links not met
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
20 Po20(SU) LACP Gi0/0(P) Gi0/1(P)
Final topology with configured commands:
And that’s all! I hope that this article Step-by-Step vPC Configuration on Cisco Nexus Switches helped.
Source:
[2] https://www.ciscopress.com/articles/article.asp?p=3150966&seqNum=2
