10-28-2024 01:00 AM
Hi everyone,
I'm relatively new to Cisco Nexus configuration with vPC and LAG/LACP and I hope someone here could help me understand a bit more the configuration I'd like to implement on two Cisco N9k. First, here is the diagram below :
Each Cisco Catalyst in my stack is connected to each Cisco Nexus like this :
Te 1/0/49 and Te 2/0/49 are configured in port-channel with LACP mode active.
Eth 1/2 on both Nexus are configured in port-channel LACP mode active (Po11 & vpc 11).
Does this configuration work or not ?
When I tried to connect my Stack to both Nexus, I had no link so I wonder if I really needed to configure port-channel on Nexus' side ?
Thanks for your help.
Best regards,
Solved! Go to Solution.
10-28-2024 02:36 AM
Hi,
Your config is not complete, here's a detailed explanation with configs on working config, including validations:https://www.firewall.cx/cisco/cisco-data-center/nexus-vpc-configuration-design-operation-troubleshooting.html#vpc_failure_scenario_vpc_peer_switch_failure
Or, better use Cisco's guide, however it's more extensive.https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf
Best,
Cristian.
10-28-2024 01:46 AM
yes it works, But cat 9300 is just stacking (there is no support of VSS)
You need to configure on nexus side vPC that is connecting to Catlyst switches.
On the Catalyst 9300 just configure LACP, that's all you need.
When I tried to connect my Stack to both Nexus, I had no link so I wonder if I really needed to configure port-channel on Nexus' side ?
Physical Ports should comeup - so that is layer1 issue you need to find out, what mode of presentation, if this is SFP make sure both the side same SFP and speeds, Multimode or single more appropriate cables.
If this ethernet then should work straight. (then you need to provide config and output of the information).
check example config on nexus and switch below :
10-28-2024 02:16 AM
Hi,
Thanks for your reply, could you please confirm this below configuration should work.
interface port-channel11
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100
spanning-tree port type normal
vpc 11
interface Ethernet1/2
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100
channel-group 11 mode active
no shutdown
interface Port-channel1
switchport mode trunk
spanning-tree portfast disable
interface TenGigabitEthernet1/1/1
switchport mode trunk
channel-group 1 mode active
interface TenGigabitEthernet2/1/1
switchport mode trunk
channel-group 1 mode active
Thanks for your help.
Best regards,
10-28-2024 02:36 AM
Hi,
Your config is not complete, here's a detailed explanation with configs on working config, including validations:https://www.firewall.cx/cisco/cisco-data-center/nexus-vpc-configuration-design-operation-troubleshooting.html#vpc_failure_scenario_vpc_peer_switch_failure
Or, better use Cisco's guide, however it's more extensive.https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf
Best,
Cristian.
10-28-2024 03:04 AM
Hi,
My bad, I forgot to mention the vPC configuration in my last comment but I followed all the steps from FirewallCX.
vrf context vpc-keepalive
vpc domain 1
peer-switch
role priority 100
peer-keepalive destination 192.168.1.2 source 192.168.1.1 vrf vpc-keepalive
delay restore 300
auto-recovery
ip arp synchronize
interface port-channel1
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
spanning-tree port type network
vpc peer-link
interface Vlan3500
no shutdown
vrf member vpc-keepalive
ip address 192.168.1.1/30
interface Ethernet1/45
switchport
switchport access vlan 3500
no shutdown
interface Ethernet1/47
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
channel-group 1 mode active
no shutdown
interface Ethernet1/48
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
channel-group 1 mode active
no shutdown
vrf context vpc-keepalive
vpc domain 1
peer-switch
role priority 200
peer-keepalive destination 192.168.1.1 source 192.168.1.2 vrf vpc-keepalive
delay restore 300
auto-recovery
ip arp synchronize
interface port-channel1
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
spanning-tree port type network
vpc peer-link
interface Vlan3500
no shutdown
vrf member vpc-keepalive
ip address 192.168.1.2/30
interface Ethernet1/45
switchport
switchport access vlan 3500
no shutdown
interface Ethernet1/47
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
channel-group 1 mode active
no shutdown
interface Ethernet1/48
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
channel-group 1 mode active
no shutdown
Thanks and best regards,
10-28-2024 03:18 AM
Hi,
Those two documents are so clear, just follow it, also perform validations, link being UP doesn't necessarily mean the outcome is an expected one.
I guess the final config is both the initial config (downstream bundle) and latest config (vpc bundle), so looks correct; remove the spanning-tree commands, as first I see inconsistencies in your config, second, do you know the implications?
Best,
Cristian.
10-28-2024 03:42 AM
Hi,
Thanks for your time and your help, really appreciate it.
I'll remove the spanning-tree command on each port-channel (except vPC if I understood documentation correctly.).
What do you mean by "implications" ? about spanning-tree protocol on port-channel ?
Best regards,
10-28-2024 03:46 AM - edited 10-28-2024 03:47 AM
Required configuration in Nexus 9300 and catalyst 9300 stack switch is ok. It should work. except spanning tree.
What issue you are facing?
10-28-2024 05:07 AM
I was facing an issue where network traffic didn't come back after connecting my Stack Catalyst to Cisco Nexus.
After this thread, I actually removed spanning-tree from each port-channel and will try to connect the Catalyst on it.
I'm going to summarize the configuration here so people who come across this thread can get an overview of it.
feature vpc
vlan 1-100,3500
vrf context vpc-keepalive
vpc domain 1
peer-switch
role priority 100
peer-keepalive destination 192.168.1.2 source 192.168.1.1 vrf vpc-keepalive
delay restore 300
auto-recovery
ip arp synchronize
interface Vlan3500
no shutdown
vrf member vpc-keepalive
ip address 192.168.1.1/30
interface port-channel1
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
spanning-tree port type network
vpc peer-link
interface port-channel11
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
vpc 11
interface Ethernet1/2
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
channel-group 11 mode active
no shutdown
interface Ethernet1/45
switchport
switchport access vlan 3500
no shutdown
interface Ethernet1/47
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
channel-group 1 mode active
no shutdown
interface Ethernet1/48
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
channel-group 1 mode active
no shutdown
feature vpc
vlan 1-100,3500
vrf context vpc-keepalive
vpc domain 1
peer-switch
role priority 200
peer-keepalive destination 192.168.1.1 source 192.168.1.2 vrf vpc-keepalive
delay restore 300
auto-recovery
ip arp synchronize
interface Vlan3500
no shutdown
vrf member vpc-keepalive
ip address 192.168.1.2/30
interface port-channel1
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
spanning-tree port type network
vpc peer-link
interface port-channel11
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
vpc 11
interface Ethernet1/2
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
channel-group 11 mode active
no shutdown
interface Ethernet1/45
switchport
switchport access vlan 3500
no shutdown
interface Ethernet1/47
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
channel-group 1 mode active
no shutdown
interface Ethernet1/48
switchport
switchport mode trunk
switchport trunk allowed vlan 1-100,3500
channel-group 1 mode active
no shutdown
interface Port-channel1
switchport mode trunk
spanning-tree portfast disable
interface TenGigabitEthernet1/1/1
switchport mode trunk
channel-group 1 mode active
interface TenGigabitEthernet2/1/1
switchport mode trunk
channel-group 1 mode active
10-28-2024 06:16 AM
what is the status of the ports - Layer 1 up is basic to form anything to work.
is the ports going error disable ? what is the logs says on both the ends.
you have not provide the information requested before :
Physical Ports should comeup - so that is layer1 issue you need to find out, what mode of presentation, if this is SFP make sure both the side same SFP and speeds, Multimode or single more appropriate cables.
If this ethernet then should work straight. (then you need to provide config and output of the information).
My comments on your configuration :
Make sure you have cat switch side VLAN created and decide were you looking to be Root for the VLAN and setup priority.
Also suggest you to only allow VLAN required from nexus to cat switches as you mentioned vlan allowed statement, should match both sides.
Also look spanning tree type
10-28-2024 06:46 AM
Hi,
The configuration were effectively all good.
For some reasons, LACP configuration was "lost" on Catalyst side and both TenGigabit interfaces were not present in LACP.
Thanks to all, best regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide