cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
404
Views
0
Helpful
10
Replies

Cisco N9k (vPC) connection Cisco Catalyst 9300 (VSS)

Hi everyone,

I'm relatively new to Cisco Nexus configuration with vPC and LAG/LACP and I hope someone here could help me understand a bit more the configuration I'd like to implement on two Cisco N9k. First, here is the diagram below :

Drawing1.png

 

 

 

 

 

 

 

 

 

Each Cisco Catalyst in my stack is connected to each Cisco Nexus like this :

  • Nexus1 Eth 1/2 -> Catalyst1 Te 1/0/49
  • Nexus2 Eth 1/2 -> Catalyst2 Te 2/0/49

Te 1/0/49 and Te 2/0/49 are configured in port-channel with LACP mode active.
Eth 1/2 on both Nexus are configured in port-channel LACP mode active (Po11 & vpc 11).

Does this configuration work or not ?
When I tried to connect my Stack to both Nexus, I had no link so I wonder if I really needed to configure port-channel on Nexus' side ?

Thanks for your help.

Best regards,

1 Accepted Solution

Accepted Solutions

Hi,

   Your config is not complete, here's a detailed explanation with configs on working config, including validations:https://www.firewall.cx/cisco/cisco-data-center/nexus-vpc-configuration-design-operation-troubleshooting.html#vpc_failure_scenario_vpc_peer_switch_failure

   Or, better use Cisco's guide, however it's more extensive.https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

Best,

Cristian.

View solution in original post

10 Replies 10

balaji.bandi
Hall of Fame
Hall of Fame

yes it works, But cat 9300 is just stacking (there is no support of VSS)

You need to configure on nexus side vPC that is connecting to Catlyst switches.

On the Catalyst 9300 just configure LACP, that's all you need.

When I tried to connect my Stack to both Nexus, I had no link so I wonder if I really needed to configure port-channel on Nexus' side ?

Physical Ports should comeup - so that is layer1 issue you need to find out, what mode of presentation, if this is SFP make sure both the side same SFP and speeds, Multimode or single more appropriate cables.

If this ethernet then should work straight. (then you need to provide config and output of the information).

check example config on nexus and switch below :

https://www.balajibandi.com/?s=vpc

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi,

Thanks for your reply, could you please confirm this below configuration should work.

  • Cisco Nexus 9300 (both Nexus)
interface port-channel11
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100
  spanning-tree port type normal
  vpc 11

interface Ethernet1/2
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100
  channel-group 11 mode active
  no shutdown
  •  Cisco Catalyst 9300 (Stack)
interface Port-channel1
 switchport mode trunk
 spanning-tree portfast disable

interface TenGigabitEthernet1/1/1
 switchport mode trunk
 channel-group 1 mode active

interface TenGigabitEthernet2/1/1
 switchport mode trunk
 channel-group 1 mode active

Thanks for your help.

Best regards,

Hi,

   Your config is not complete, here's a detailed explanation with configs on working config, including validations:https://www.firewall.cx/cisco/cisco-data-center/nexus-vpc-configuration-design-operation-troubleshooting.html#vpc_failure_scenario_vpc_peer_switch_failure

   Or, better use Cisco's guide, however it's more extensive.https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

Best,

Cristian.

Hi,

My bad, I forgot to mention the vPC configuration in my last comment but I followed all the steps from FirewallCX.

  • N9k1
vrf context vpc-keepalive
vpc domain 1
  peer-switch
  role priority 100
  peer-keepalive destination 192.168.1.2 source 192.168.1.1 vrf vpc-keepalive
  delay restore 300
  auto-recovery
  ip arp synchronize

interface port-channel1
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  spanning-tree port type network
  vpc peer-link

interface Vlan3500
  no shutdown
  vrf member vpc-keepalive
  ip address 192.168.1.1/30

interface Ethernet1/45
  switchport
  switchport access vlan 3500
  no shutdown

interface Ethernet1/47
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  channel-group 1 mode active
  no shutdown

interface Ethernet1/48
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  channel-group 1 mode active
  no shutdown
  •  N9k2
vrf context vpc-keepalive
vpc domain 1
  peer-switch
  role priority 200
  peer-keepalive destination 192.168.1.1 source 192.168.1.2 vrf vpc-keepalive
  delay restore 300
  auto-recovery
  ip arp synchronize

interface port-channel1
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  spanning-tree port type network
  vpc peer-link

interface Vlan3500
  no shutdown
  vrf member vpc-keepalive
  ip address 192.168.1.2/30

interface Ethernet1/45
  switchport
  switchport access vlan 3500
  no shutdown

interface Ethernet1/47
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  channel-group 1 mode active
  no shutdown

interface Ethernet1/48
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  channel-group 1 mode active
  no shutdown

Thanks and best regards,

Hi,

    Those two documents are so clear, just follow it, also perform validations, link being UP doesn't necessarily mean the outcome is an expected one.

    I guess the final config is both the initial config (downstream bundle) and latest config (vpc bundle), so looks correct; remove the spanning-tree commands, as first I see inconsistencies in your config, second, do you know the implications?

Best,

Cristian.

Hi,

Thanks for your time and your help, really appreciate it.

I'll remove the spanning-tree command on each port-channel (except vPC if I understood documentation correctly.).
What do you mean by "implications" ? about spanning-tree protocol on port-channel ?

Best regards,

Required configuration in Nexus 9300 and catalyst 9300 stack switch is ok. It should work. except spanning tree.

What issue you are facing?

I was facing an issue where network traffic didn't come back after connecting my Stack Catalyst to Cisco Nexus.
After this thread, I actually removed spanning-tree from each port-channel and will try to connect the Catalyst on it.
I'm going to summarize the configuration here so people who come across this thread can get an overview of it.

  • N9k1
feature vpc

vlan 1-100,3500

vrf context vpc-keepalive
vpc domain 1
  peer-switch
  role priority 100
  peer-keepalive destination 192.168.1.2 source 192.168.1.1 vrf vpc-keepalive
  delay restore 300
  auto-recovery
  ip arp synchronize

interface Vlan3500
  no shutdown
  vrf member vpc-keepalive
  ip address 192.168.1.1/30

interface port-channel1
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  spanning-tree port type network
  vpc peer-link

interface port-channel11
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  vpc 11

interface Ethernet1/2
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  channel-group 11 mode active
  no shutdown

interface Ethernet1/45
  switchport
  switchport access vlan 3500
  no shutdown

interface Ethernet1/47
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  channel-group 1 mode active
  no shutdown

interface Ethernet1/48
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  channel-group 1 mode active
  no shutdown
  •  N9k2
feature vpc

vlan 1-100,3500

vrf context vpc-keepalive
vpc domain 1
  peer-switch
  role priority 200
  peer-keepalive destination 192.168.1.1 source 192.168.1.2 vrf vpc-keepalive
  delay restore 300
  auto-recovery
  ip arp synchronize

interface Vlan3500
  no shutdown
  vrf member vpc-keepalive
  ip address 192.168.1.2/30

interface port-channel1
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  spanning-tree port type network
  vpc peer-link

interface port-channel11
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  vpc 11

interface Ethernet1/2
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  channel-group 11 mode active
  no shutdown

interface Ethernet1/45
  switchport
  switchport access vlan 3500
  no shutdown

interface Ethernet1/47
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  channel-group 1 mode active
  no shutdown

interface Ethernet1/48
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 1-100,3500
  channel-group 1 mode active
  no shutdown
  • Catalyst
interface Port-channel1
 switchport mode trunk
 spanning-tree portfast disable

interface TenGigabitEthernet1/1/1
 switchport mode trunk
 channel-group 1 mode active

interface TenGigabitEthernet2/1/1
 switchport mode trunk
 channel-group 1 mode active

what is the status of the ports - Layer 1 up is basic to form anything to work.

is the ports going error disable ? what is the logs says on both the ends.

you have not provide the information requested before :

Physical Ports should comeup - so that is layer1 issue you need to find out, what mode of presentation, if this is SFP make sure both the side same SFP and speeds, Multimode or single more appropriate cables.

If this ethernet then should work straight. (then you need to provide config and output of the information).

My comments on your configuration :

Make sure you have cat switch side VLAN created and decide were you looking to be Root for the VLAN and setup priority.

Also suggest you to only allow VLAN required from nexus to cat switches as you mentioned vlan allowed statement, should match both sides.

Also look spanning tree type

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/layer2/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Layer_2_Switching_Configuration_Guide_7x/configuring_stp_extensions_using_nx_os.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi,

The configuration were effectively all good.
For some reasons, LACP configuration was "lost" on Catalyst side and both TenGigabit interfaces were not present in LACP.

Thanks to all, best regards.

Review Cisco Networking for a $25 gift card