01-17-2014 03:11 AM - edited 03-01-2019 07:30 AM
Hi All, I've 2 Nexus 7009 chassis, configured both into agg and Core each.
I would like to Connect a palo Alto Firewall in Transparent mode, I found that the recommended solution is to Configure a sub-agg layer from the AGG(VDC sandwitch).
I can't find how to configure the sandwitch VDC, anybody can help.
Also, will I create peer-links or peer keep-alives for the New sub-aggs
my AGG-1 configuration is below and the Same config on AGG-2, and the required design is attached.
N7K1-Agg1#sh run
ntp distribute
ntp server 10.10.50.6 use-vrf management
ntp commit
ip route 0.0.0.0/0 10.10.50.1
ip route 10.254.254.21/32 10.10.50.241
vrf context management
ip route 0.0.0.0/0 192.168.77.1
vlan 1,3,10,32,50-52,55-56,66,70,77,98,101-114,120,125,130,140,150,163,172,300,600,700,800,900-903,1101-1102,1104-1107,1109-1110,111
5,1163
spanning-tree domain 2
spanning-tree vlan 3,10,32,50-51,55-56,98,101-115,120,130,150,163,300,600,700,800,900-903,1101-1102,1104-1105,1107,1109-1110,1115,11
63 priority 0
service dhcp
ip dhcp relay
vpc domain 2
peer-switch
peer-keepalive destination 192.168.77.74 source 192.168.77.73
peer-gateway
auto-recovery
interface Vlan1
no ip redirects
ip address 192.168.1.31/24
no ipv6 redirects
description Native and Management Vlan
no shutdown
interface Vlan3
no ip redirects
ip address 192.168.3.31/24
no ipv6 redirects
description NAC Server Vlan
no shutdown
interface Vlan10
no ip redirects
ip address 10.10.10.4/24
no ipv6 redirects
description Exchange DAG Vlan
no shutdown
interface Vlan50
no ip redirects
ip address 10.10.50.231/24
no ipv6 redirects
description Sukari Servers Vlan
no shutdown
interface Vlan51
no ip redirects
ip address 10.10.51.231/24
no ipv6 redirects
description MSA Storage and iLO Server Vlan
no shutdown
interface Vlan52
no ip redirects
ip address 10.10.52.12/24
no ipv6 redirects
description Sukari WFE02
no shutdown
interface Vlan55
no ip redirects
ip address 10.10.55.12/24
no ipv6 redirects
no shutdown
interface Vlan70
ip address 10.10.70.231/24
description Jersey Network
no shutdown
interface Vlan77
no ip redirects
ip address 192.168.77.4/24
no ipv6 redirects
description Nexus Management Vlan
no shutdown
interface Vlan98
no ip redirects
ip address 192.168.98.31/23
no ipv6 redirects
hsrp 1
priority 255
ip 192.168.98.1
ip dhcp relay address 10.10.50.5
ip dhcp relay address 10.10.50.6
description Wireless Vlan
no shutdown
interface Vlan101
no ip redirects
ip address 192.168.101.31/24
no ipv6 redirects
hsrp 1
priority 255
ip 192.168.101.1
ip dhcp relay address 10.10.50.5
ip dhcp relay address 10.10.50.6
description Construction, Power Station and LV Vlan
no shutdown
interface Vlan102
no ip redirects
ip address 192.168.102.31/24
no ipv6 redirects
hsrp 1
priority 255
ip 192.168.102.1
ip dhcp relay address 10.10.50.5
ip dhcp relay address 10.10.50.6
description new admin office
no shutdown
interface Vlan104
no ip redirects
ip address 192.168.104.31/24
no ipv6 redirects
hsrp 1
priority 255
ip 192.168.104.1
ip dhcp relay address 10.10.50.5
ip dhcp relay address 10.10.50.6
description Clinic and kitchen
no shutdown
interface Vlan105
no ip redirects
ip address 192.168.105.31/24
no ipv6 redirects
hsrp 1
priority 255
ip 192.168.105.1
ip dhcp relay address 10.10.50.5
ip dhcp relay address 10.10.50.6
description Security office
no shutdown
interface Vlan106
no ip redirects
ip address 192.168.106.31/24
no ipv6 redirects
hsrp 1
priority 255
ip 192.168.106.1
ip dhcp relay address 10.10.50.5
ip dhcp relay address 10.10.50.6
description Underground
no shutdown
interface Vlan107
no ip redirects
ip address 192.168.107.31/24
no ipv6 redirects
hsrp 1
priority 255
ip 192.168.107.1
ip dhcp relay address 10.10.50.5
ip dhcp relay address 10.10.50.6
description Warehouse and supply
no shutdown
interface Vlan108
no ip redirects
ip address 10.10.11.5/24
no ipv6 redirects
description QuesCom Vlan
no shutdown
interface Vlan109
no ip redirects
ip address 192.168.109.31/24
no ipv6 redirects
hsrp 1
priority 255
ip 192.168.109.1
ip dhcp relay address 10.10.50.5
ip dhcp relay address 10.10.50.6
description Lab and plant maintenance
no shutdown
interface Vlan110
no ip redirects
ip address 192.168.110.31/24
no ipv6 redirects
hsrp 1
priority 255
ip 192.168.110.1
ip dhcp relay address 10.10.50.5
ip dhcp relay address 10.10.50.6
description Process, mining and geology
no shutdown
interface Vlan111
no ip redirects
ip address 192.168.111.31/24
no ipv6 redirects
hsrp 1
priority 255
ip 192.168.111.1
ip dhcp relay address 10.10.50.5
ip dhcp relay address 10.10.50.6
description IP Phones Vlan
no shutdown
interface Vlan112
no ip redirects
ip address 192.168.112.31/24
no ipv6 redirects
hsrp 1
priority 255
ip 192.168.112.1
ip dhcp relay address 10.10.50.5
ip dhcp relay address 10.10.50.6
description Contractors
no shutdown
interface Vlan113
no ip redirects
ip address 192.168.113.31/24
no ipv6 redirects
hsrp 1
priority 255
ip 192.168.113.1
ip dhcp relay address 10.10.50.5
ip dhcp relay address 10.10.50.6
description Bedouin Camp
no shutdown
interface Vlan114
no ip redirects
ip address 192.168.114.31/24
no ipv6 redirects
hsrp 1
priority 255
ip 192.168.114.1
ip dhcp relay address 10.10.50.5
ip dhcp relay address 10.10.50.6
description North Camp Vlan
no shutdown
interface Vlan120
no ip redirects
ip address 192.168.120.31/24
no ipv6 redirects
description Old ASA Vlan
no shutdown
interface Vlan125
no ip redirects
ip address 192.168.125.4/24
no ipv6 redirects
description IPS Vlan
no shutdown
interface Vlan130
no ip redirects
ip address 192.168.130.31/24
no ipv6 redirects
description New ASA vlan
no shutdown
interface Vlan140
no ip redirects
ip address 192.168.140.31/24
no ipv6 redirects
description 1MB Internet Vlan
no shutdown
interface Vlan172
no ip redirects
ip address 172.16.0.231/24
no ipv6 redirects
no shutdown
interface Vlan600
no ip redirects
ip address 41.33.160.114/24
no ipv6 redirects
description Internet 5MB Vlan
no shutdown
interface Vlan800
no ip redirects
ip address 41.33.165.64/24
no ipv6 redirects
description Internet 1MB Vlan
no shutdown
interface Vlan901
no ip redirects
ip address 192.168.91.31/24
no ipv6 redirects
description VPN 0.5MB Vlan
no shutdown
interface Vlan902
no ip redirects
ip address 192.168.92.31/24
no ipv6 redirects
description VPN 1.5MB Vlan
no shutdown
interface Vlan903
no ip redirects
ip address 192.168.93.31/24
no ipv6 redirects
no shutdown
interface port-channel1
description Port Channel for Core Switches
switchport mode trunk
spanning-tree port type network
vpc 1
interface port-channel20
description Port Channel for Agg Switches
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel705
description Port Channel for Operation Switches
switchport mode trunk
vpc 705
interface port-channel706
description Port Channel for Supply Switches
switchport mode trunk
vpc 706
interface port-channel707
description Port Channel for Construction Switches
switchport mode trunk
vpc 707
interface port-channel708
description Port Channel for Security Switches
switchport mode trunk
vpc 708
interface port-channel709
description Port Channel for Lab Switches
switchport mode trunk
vpc 709
interface port-channel710
switchport mode trunk
spanning-tree port type network
vpc 710
interface Ethernet3/29
description Connected to N7K2-Agg Port Eth3/29
switchport mode trunk
channel-group 20 mode active
no shutdown
interface Ethernet3/30
description Connected to N7K2-Agg Port Eth3/30
switchport mode trunk
channel-group 20 mode active
no shutdown
interface Ethernet3/31
description Connected to N7K1-Core Port Eth3/3
switchport mode trunk
channel-group 1 mode active
no shutdown
interface Ethernet3/32
description Connected to N7K1-Core Port Eth3/4
switchport mode trunk
channel-group 1 mode active
no shutdown
interface Ethernet3/33
description Connected to N7K2-Core Port Eth3/5
switchport mode trunk
channel-group 1 mode active
no shutdown
interface Ethernet3/34
description Connected to N7K2-Core Port Eth3/6
switchport mode trunk
channel-group 1 mode active
no shutdown
interface Ethernet3/35
no shutdown
interface Ethernet3/36
switchport mode trunk
channel-group 710 mode active
no shutdown
interface Ethernet3/37
no shutdown
interface Ethernet3/38
no shutdown
interface Ethernet3/39
description Connected to OPER-SW24-E Port Gig0/1
switchport mode trunk
spanning-tree port type network
channel-group 705 mode active
no shutdown
interface Ethernet3/40
description Connected to Supply-SW24-B Port Gig0/1
switchport mode trunk
spanning-tree port type network
channel-group 706 mode active
no shutdown
interface Ethernet3/41
description Connected CONS-24SW-B Port Gig0/2
switchport mode trunk
spanning-tree port type network
channel-group 707 mode active
no shutdown
interface Ethernet3/42
description Connected to SEC-SW24-A Port Gig0/2
switchport mode trunk
spanning-tree port type network
channel-group 708 mode active
no shutdown
interface Ethernet3/43
description Connected to Lab-SW24-B Port Gig0/2
switchport mode trunk
spanning-tree port type network
channel-group 709 mode active
no shutdown
interface Ethernet3/44
no shutdown
interface Ethernet3/45
no shutdown
interface Ethernet3/46
no shutdown
interface Ethernet3/47
no shutdown
interface Ethernet3/48
no shutdown
interface mgmt0
description Connected to SUK-Core-SW2 Port Gig0/11
vrf member management
ip address 192.168.77.73/24
logging logfile messages 6
logging server 10.10.50.3 5 use-vrf management
line vty
Regards,
Maher
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide