cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1489
Views
15
Helpful
11
Replies

Inter-connecting 5596T Switches

Hello there, i have recently purchased two new Cisco 596T switches to add to our remote datacenter (Remote site). i have two existing 5596T at our HQ site, setup vPC between these two 5596T at the HQ site. now i need to add the two new 5596T to the remote site to connect to the two 5596T switches at HQ Site. i need guidance with configuration to connect the two new 5596T switches to the existing switches at HQ site (see simple diagram below depicting the setup). 

HQ Site                         Remote Site

Switch1 -------------> Switch1

     |                                      |

Switch2 ------------->Switch2 

                

 

 

 

1 Accepted Solution

Accepted Solutions

If you want to have both Nexus as Root bridge and send and process BPDUs, then yes you want to enable peer-switch. As soon as it is enabled, the Spanning-tree config must be identical on both devices.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

11 Replies 11

Francesco Molino
VIP Alumni
VIP Alumni
Hi

You will connect both pair together using a VPC I believe. Config on new site will be the same as HQ but you need to make sure the vpc domain id will be different than the one already existing.
Then to have both nexus in the pair as a unique bridge id, you can enable the peer-switch feature under the vpc domain configuration.
Will you have same vlans spanned across both dc? Just make sure to configure the root spt on the right side. Also if you have same vlans, you would probably want the new vpc at remote site participating in your existing hsrp group if you have any.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

hi @Francesco Molino  thank you very much for your helpful advise. i came across an old post by @aaronanderson on a similar setup and someone posted the solution below. can you advise if that config will work with what i am trying to achieve?

[N5k-1]------[N5k-2]

|             \       / |

|               \  /    |

|               /\      |

|              /   \    |

[N5k-3]------ [N5k-4]


=========== n5k-1 ===========
vpc domain 10
role priority 2000
system-priority 4000

interface port-channel1
description vPC Peer Link
vpc peer-link

interface port-channel2
description vPC link to second N5k pair
vpc 2

interface eth 1/1
description N5k-3 Eth 1/1
channel-group 2 mode active

interface eth 1/2
description N5k-4 Eth 1/1
channel-group 2 mode active

=========== n5k-2 ===========
vpc domain 10
role priority 2100
system-priority 4000

interface port-channel1
description vPC Peer Link
vpc peer-link

interface port-channel2
description vPC link to second N5k pair
vpc 2

interface eth 1/1
description N5k-3 Eth 1/2
channel-group 2 mode active

interface eth 1/2
description N5k-4 Eth 1/2
channel-group 2 mode active

=========== n5k-3 ===========
vpc domain 20
role priority 3000
system-priority 4000

interface port-channel1
description vPC Peer Link
vpc peer-link

interface port-channel2
description vPC link to first N5k pair
vpc 2

interface eth 1/1
description N5k-1 Eth 1/1
channel-group 2 mode active

interface eth 1/2
description N5k-2 Eth 1/1
channel-group 2 mode active

=========== n5k-4 ===========
vpc domain 20
role priority 3100
system-priority 4000

interface port-channel1
description vPC Peer Link
vpc peer-link

interface port-channel2
description vPC link to first N5k pair
vpc 2

interface eth 1/1
description N5k-1 Eth 1/2
channel-group 2 mode active

interface eth 1/2
description N5k-2 Eth 1/2
channel-group 2 mode active

 

 

Hi @jethro.w.tambeana 

Your configuration is ok, it would work as it is.

You might also want to consider the following things for your DCI (if is the case):

  • First Hop Redundancy Protocol (FHRP) isolation: Prevent sub-optimal routing with the use of a dedicated gateway for each data center. Configurations vary dependent upon the location of the FHRP gateway
  • STP isolation: prevents the propagation of outages from one data center to another.
  • Broadcast storm control: This is used in order to minimize the amount of broadcast traffic between the data centers.
  • MACSec Encryption (optional): This encrypts the traffic in order to prevent intrusion between the two facilities.

For more details about FHRP Isolation I would suggest to read this document:

https://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/118934-configure-nx7k-00.html  

 

Stay safe,

Sergiu

Thank you very much for your response. I will consider implementing those things (FHRP, STP isolation, broadcast storm control) you mentioned in your response. 

 

You already got an answer but yes the config looks good.
As I said, you already have a pair of VPC running which means the config would be quite the same except the VPC domain ID which must be different if you want to interconnect both VPC pairs together.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Thank you for your input. Yes i did the setup as per my previous post. below is the vpc config on the new nexus pair

Nexus Switch1

-------------------

vpc domain 10
role priority 17000
system-priority 8192
peer-keepalive destination 172.31.30.32
delay restore 150
ip arp synchronize

 

Nexus Switch2

-------------------

vpc domain 10
role priority 17100
system-priority 8192
peer-keepalive destination 172.31.30.31
delay restore 150
ip arp synchronize

 

 

QUESTION: do i need to also include the command 'peer-switch' in the vpc config or what i have currently is sufficient?

 

If you want to have both Nexus as Root bridge and send and process BPDUs, then yes you want to enable peer-switch. As soon as it is enabled, the Spanning-tree config must be identical on both devices.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

If i can seek your further assistance with another issue i came across while connecting hosts to the nexus. i setup a port with the config below 

interface port-channel18
switchport access vlan 206
spanning-tree port type edge
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
vpc 18

 

interface Ethernet1/44
switchport access vlan 206
spanning-tree port type edge
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
channel-group 18

 

i use cisco sfp (SFP-10G-SR) and multimode fibre cable to connect a host to the port. when i connect the host to the switch port the port does not come up. i notice that when i remove the command 'channel-group 18' from port eth1/44 the port comes up. why is it behaving this way? 

 

See logs below i get when i added the command 'channel-group 18' to eth1/44 and the port goes down

 

GOV-PVME-AGSP04(config-if)# 2020 May 26 16:43:21 GOV-PVME-AGSP04 %ETHPORT-5-IF_DOWN_CHANNEL_MEMBERSHIP_UPDATE_IN_PROGRESS: Interface Ethernet1/43 is down (Channel membership update in progress)
2020 May 26 16:43:23 GOV-PVME-AGSP04 last message repeated 1 time
2020 May 26 16:43:23 GOV-PVME-AGSP04 %ETHPORT-5-SPEED: Interface Ethernet1/43, operational speed changed to 10 Gbps
2020 May 26 16:43:23 GOV-PVME-AGSP04 %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/43, operational duplex mode changed to Full
2020 May 26 16:43:23 GOV-PVME-AGSP04 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/43, operational Receive Flow Control state changed to off
2020 May 26 16:43:23 GOV-PVME-AGSP04 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/43, operational Transmit Flow Control state changed to off
2020 May 26 16:43:24 GOV-PVME-AGSP04 %ETHPORT-5-SPEED: Interface port-channel19, operational speed changed to 10 Gbps
2020 May 26 16:43:24 GOV-PVME-AGSP04 %ETHPORT-5-IF_DUPLEX: Interface port-channel19, operational duplex mode changed to Full
2020 May 26 16:43:24 GOV-PVME-AGSP04 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface port-channel19, operational Receive Flow Control state changed to off
2020 May 26 16:43:24 GOV-PVME-AGSP04 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface port-channel19, operational Transmit Flow Control state changed to off

Logs refer to another interface e1/43.
What is this interface and where it is connected to?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

I resolved the issue. the portchannel configuration was not applied to the other pair of Nexus5K yet while i was connecting a host to the other Nexus 5K that already has portchannel configured. i noticed that when i do ran the 'show vpc brief' command and noticed the inconsistency message. i applied the same port-channel configuration on the other pair of nexus 5k and the port came up.

thank you for your assistance though.

Glad it works

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: