Solved: 6500 Core (no VSS) to Nexus 5500 with vPC, L3, Routing, HSRP & OSPF

CiscoGirl · ‎09-14-2018

Hi, I have 2 6506 Core Switches running HSRP (no VSS) and Nexus 5596-UP connected to it at L2. Just like this setup I followed and it works.
https://community.cisco.com/t5/switching/vpc-on-nexus-5000-with-catalyst-6500-no-vss/td-p/1618853

Now we want to move a few congested vlans (vlan701 & 704) from the 6506 to the 5596-UP (add routing and ospf to the Nexus because 6506 can only handle 1G per vlan with the current hardware and the 5596-UP have 10G... and I can only work with the current hardware).

1. OSPF is configured on the 6506-CORE1 and 6506-CORE2 and works. I want to move vlan from core1, add routing and ospf to the Nexus. See the "<<<add" in the config. Does the 5596-UP ospf config look right or do I need to add something to it? Any suggestions on OSPF?

2. How would I configure the the uplink from Nexus 5596-UP to 6506 Core, leave it as a L2 is ok?

----------------------------------------------
6506-CORE1#
----------------------------------------------
router ospf 1
redistribute connected subnets
redistribute static subnets
passive-interface Loopback0
network 10.0.20.177 0.0.0.0 area 0.0.0.0
network 10.0.0.0 0.255.255.255 area 0.0.0.0
default-information originate

----------------------------------------------
N5K-1#
----------------------------------------------
feature ospf
feature pbr
feature interface-vlan
feature hsrp
feature lacp
feature dhcp
feature vpc
feature lldp
feature vtp

interface Vlan550
no shutdown
vrf member VPC-KEEPALIVE
ip address 10.10.50.2/24
!
vpc domain 5
role priority 10
peer-keepalive destination 10.10.50.3 source 10.10.50.2 vrf VPC-KEEPALIVE
delay restore 150
auto-recovery reload-delay 300
!
interface Ethernet1/5
description KEEPALIVE - N5K1 TO N5K2
switchport access vlan 550
!
interface port-channel50
description 5K1 TO 5K2
switchport mode trunk
spanning-tree port type network
vpc peer-link
!
interface Ethernet1/9
description PEER-LINK
switchport mode trunk
channel-group 50 mode active
!
interface Ethernet1/10
description PEER-LINK
switchport mode trunk
channel-group 50 mode active
-------------------------------

interface port-channel61
description TO 6506-CORE1
switchport mode trunk
vpc 61
!
interface port-channel62
description TO 6506-CORE2
switchport mode trunk
vpc 62
!
interface range Ethernet1/1 - 4
description ETHERCHANNEL (4) TO 6506-CORE1
switchport mode trunk
channel-group 61 mode passive
!
interface range Ethernet1/45 - 48
description ETHERCHANNEL (4) TO 6506-CORE2
switchport mode trunk
channel-group 62 mode passive
----------------------------------
interface Vlan701
description SYSTEMS_01
no shutdown
no ip redirects
ip address 10.10.0.2/24 <<<add
ip router ospf 1 area 0.0.0.0 <<<add
hsrp 1 <<<add
preempt
priority 120
ip 10.10.0.1
!
interface Vlan704
description SYSTEMS_03
no shutdown
no ip redirects
ip address 10.10.16.2/24 <<<add
ip router ospf 1 area 0.0.0.0 <<<add
hsrp 1 <<<add
preempt
priority 120
ip 10.10.16.1
!
interface Vlan751
description HW3-CISCO-MGT
no shutdown
no ip redirects
ip address 10.10.7.32/24
!
interface loopback0
ip address 10.0.21.1/28
ip router ospf 1 area 0.0.0.0 <<<add
--------------
ip route 0.0.0.0/0 10.10.0.1
router ospf 1 <<<add
area 0.0.0.0 range 10.10.0.0/22 <<<add
area 0.0.0.0 range 10.10.16.0/24 <<<add
area 0.0.0.0 range 10.0.21.0/28 <<<add

CiscoGirl · ‎09-18-2018

2018SEP18 - I implemented this over the weekend and it works with the below tweaks!

Moving vlan 701 and 704 off the Core to the Nexus 5596 to elevate 1G vlan on core to nexus 10G vlans.
Nexus - using L3, OSPF & PBR
I left the trunk ports from core to nexus as L2.
I’m not an architect or good with RP, but this is what I have and it works! I added in some other commands to configure Nexus also. Any suggestion is welcome.

Lesson Learned / Info:

Create another vlan on Core and Nexus for routing between the N5K and CORE, (vlan 552, ip route 0.0.0.0/0 10.8.52.1)
Nexus 5596 doesn’t support Netflow, so you can’t see Netflow if you move the vlan to Nexus. Newer model support Netflow.
Route-map doesn’t support deny.

N5K-1 (config-if)# ip policy route-map TO_LA_ENLAN

% Could not apply PBR route-map - policy action not supported

2018 Aug 16 13:02:15 HW3-N5K1-SW1 %$ VDC-1 %$ %RPM-2-PPF_SES_VERIFY: rpm [4172] PPF session verify failed in client afm(Line card 1/VDC NONE/UUID 656) with an error 0x41ee0013(policy action not supported)

----------------------------------------------------------------------------------------

6506-CORE1# (CORE2 WOULD BE SIMILAR WITH DIFFERENT IP)

----------------------------------------------------------------------------------------

router ospf 1

redistribute connected subnets

redistribute static subnets

passive-interface Loopback0

network 10.0.20.177 0.0.0.0 area 0.0.0.0

!I would do more specific network below, but it is before me, so I am leaving it alone.

network 10.0.0.0 0.255.255.255 area 0.0.0.0

default-information originate

!

interface Vlan552

description CORE-NEXUS-L3

ip address 10.8.52.2 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow monitor NETFLOW_MONITOR input

ip flow monitor NETFLOW_MONITOR output

standby 0 ip 10.8.52.1

standby 0 priority 120

standby 0 preempt

----------------------------------------------

N5K-1#

----------------------------------------------

no feature telnet

cfs eth distribute

feature ospf

feature pbr

feature interface-vlan

feature hsrp

feature lacp

feature dhcp

feature vpc

feature lldp

feature vtp

!PEER-LINK

vrf context VPC-KEEPALIVE

interface Vlan550

description PEER-LINK

no shutdown

vrf member VPC-KEEPALIVE

ip address 10.8.50.2/24

!

vpc domain 5

role priority 10

peer-keepalive destination 10.8.50.3 source 10.8.50.2 vrf VPC-KEEPALIVE

delay restore 150

auto-recovery reload-delay 300

!

interface Ethernet1/5

description KEEPALIVE - N5K1 TO N5K2

switchport access vlan 550

!

interface port-channel50

description 5K1 TO 5K2 PEER-LINK

switchport mode trunk

spanning-tree port type network

vpc peer-link

!

interface Ethernet1/9-10

description PEER-LINK

switchport mode trunk

channel-group 50 mode active

!ETHERCHANNEL TO CORE1 & CORE2

interface port-channel61

description TO 6506-CORE1

switchport mode trunk

vpc 61

!

interface port-channel62

description TO 6506-CORE2

switchport mode trunk

vpc 62

!

interface Ethernet1/1-4

description ETHERCHANNEL (4) TO 6506-CORE1

switchport mode trunk

channel-group 61 mode passive

!

interface Ethernet1/45-48

description ETHERCHANNEL (4) TO 6506-CORE2

switchport mode trunk

channel-group 62 mode passive

--------------------------------------

!TO BLADE SWITCHES - 10G

interface port-channel51

description BLADE-SW1

switchport mode trunk

speed 10000

vpc 51

interface port-channel52

description BLADE-SW2

switchport mode trunk

speed 10000

vpc 52

interface port-channel53

description BLADE-SW3

switchport mode trunk

speed 10000

vpc 53

interface port-channel54

description BLADE-SW4

switchport mode trunk

speed 10000

vpc 54

interface port-channel55

description BLADE-SW5

switchport mode trunk

speed 10000

vpc 55

interface port-channel56

description BLADE-SW6

switchport mode trunk

speed 10000

vpc 56

---

interface Ethernet1/17

description BLADE-SW1

switchport mode trunk

channel-group 51 mode active

interface Ethernet1/19

description BLADE-SW2

switchport mode trunk

channel-group 52 mode active

interface Ethernet1/25

description BLADE-SW3

switchport mode trunk

channel-group 53 mode active

interface Ethernet1/27

description BLADE-SW4

switchport mode trunk

channel-group 54 mode active

interface Ethernet1/33

description BLADE-SW5

switchport mode trunk

channel-group 55 mode active

interface Ethernet1/35

description BLADE-SW6

switchport mode trunk

channel-group 56 mode active

---------------------------------------------

!ROUTING VLANS

interface Vlan701

description SYSTEMS_01

no shutdown

no ip redirects

ip address 10.8.0.2/22

ip router ospf 1 area 0.0.0.0

ip policy route-map TO_LA_ENLAN

hsrp 1

preempt

priority 120

ip 10.8.0.1

ip dhcp relay address 10.X.X.X

!

!USE FOR DEFAULT GATEWAY

interface Vlan552

description CORE-NEXUS-L3

no shutdown

no ip redirects

ip address 10.8.52.32/24

ip router ospf 1 area 0.0.0.0

hsrp 1

preempt

priority 120

ip 10.8.52.31

!

interface Vlan704

description SYSTEMS_03

no shutdown

no ip redirects

ip address 10.8.16.2/24

ip router ospf 1 area 0.0.0.0

ip policy route-map TO_LA_ENLAN

hsrp 1

preempt

priority 120

ip 10.8.16.1

ip dhcp relay address 10.X.X.X

!

interface Vlan751

description CISCO-MGT

no shutdown

no ip redirects

ip address 10.8.7.32/24

ip router ospf 1 area 0.0.0.0

hsrp 1

preempt

priority 120

ip 10.8.7.31

!

interface loopback0

ip address 10.0.21.1/28

ip router ospf 1 area 0.0.0.0

--------------

!ROUTING & OSPF

ip route 0.0.0.0/0 10.8.52.1

router ospf 1

area 0.0.0.0 range 10.0.21.0/28

area 0.0.0.0 range 10.8.0.0/22

area 0.0.0.0 range 10.8.7.0/24

area 0.0.0.0 range 10.8.16.0/24

area 0.0.0.0 range 10.8.52.0/24

----------------------

!access-list 1 to allow only certain network to ssh

ip access-list 1

10 remark : REMOTE ACCESS TO SWITCH FROM THESE IP

20 permit ip 10.8.0.0/32 any

line console

exec-timeout 15

line vty

exec-timeout 15

access-class 1 in

!SNMP (NOTE IT USES ACL 1 ALSO)

snmp-server contact NETWORK SUPPORT 123.456.789

snmp-server location 11 CISCO DR, SAN JOSE, CA 77077

snmp-server host 10.8.18.100 traps version 2c <KEY>

snmp-server host 10.8.18.100 source-interface Vlan751

!

!network-operator is for RO, network-admin is for RW

snmp-server community <RO> group network-operator

snmp-server community <RW STRING> group network-admin

snmp-server community <RW STRING> use-ipv4acl 1

!AUTHENTICATION & RADIUS

username NWADMIN password <XXXXX> role network-admin

aaa authentication login default group radius local

aaa accounting default group radius

radius-server host 10.X.X.X key XXXXX auth-port 1645 acct-port 1646 authentication accounting

ssh login-attempts 2

ssh key rsa 2048

login block-for 1800 attempts 5 within 90

login quiet-mode access-class 1

!ROUTE-MAP

ip access-list 150

10 remark : ROUTE TO LA ENLAN

20 remark : PBR DOESN.T SUPPPORT DENY . PERMIT BELOW EXCEPT TO 10.8.1.24

30 permit ip 10.8.0.0/22 10.1.1.0/28

40 permit ip 10.8.0.0/22 10.1.1.16/29

50 permit ip 10.8.0.0/22 10.1.1.25/32

60 permit ip 10.8.0.0/22 10.1.1.26/31

70 permit ip 10.8.0.0/22 10.1.1.28/30

80 permit ip 10.8.0.0/22 10.1.1.32/27

90 permit ip 10.8.0.0/22 10.1.1.64/26

100 permit ip 10.8.0.0/22 10.1.1.128/25

!

route-map TO_LA_ENLAN permit 10

match ip address 150

set ip next-hop 172.16.2.2

!

interface x

ip policy route-map TO_LA_ENLAN

!MGT (OPTIONAL)

vrf context management

ip route 0.0.0.0/0 10.8.7.1

interface mgmt0

vrf member management

ip address 10.X.X.X/24

!OTHER COMMANDS

no ip domain-lookup

ip domain-name XXXXX.com

ip name-server 10.XXXX

no ip source-route

no ip igmp snooping mrouter vpc-peer-link

clock timezone CST -6 0

clock summer-time CDT 1 Sun Apr 02:00 4 sun oct 02:00 60

cli alias name wrme copy run start

ntp server 10.X.X.X

boot kickstart bootflash:/n5000-uk9-kickstart.7.3.3.N1.1.bin

boot system bootflash:/n5000-uk9.7.3.3.N1.1.bin

logging server 10.X.X.X

----------------------------------------------

N5K-2#

----------------------------------------------

!PEER-LINK

vrf context VPC-KEEPALIVE

!

vpc domain 5

role priority 20

peer-keepalive destination 10.8.50.2 source 10.8.50.3 vrf VPC-KEEPALIVE

delay restore 150

auto-recovery reload-delay 300

!

interface Vlan550

description PEER-LINK

no shutdown

vrf member VPC-KEEPALIVE

ip address 10.8.50.3/24

!

interface Ethernet1/5

description KEEPALIVE - N5K2 TO N5K1

switchport access vlan 550

!

interface port-channel50

description 5K1 TO 5K2 PEER-LINK

switchport mode trunk

spanning-tree port type network

speed 10000

duplex full

vpc peer-link

!

interface Ethernet1/9-10

description PEER-LINK

switchport mode trunk

duplex full

channel-group 50 mode passive

!ETHERCHANNEL TO CORE1 & CORE2

interface port-channel61

description TO 6506-CORE1

switchport mode trunk

vpc 61

!

interface port-channel62

description TO 6506-CORE2

switchport mode trunk

vpc 62

!

interface Ethernet1/1-4

description ETHERCHANNEL (4) TO 6506-CORE1

switchport mode trunk

channel-group 61 mode passive

!

interface Ethernet1/45-48

description ETHERCHANNEL (4) TO 6506-CORE2

switchport mode trunk

channel-group 62 mode passive

--------------------------------------

!TO BLADE SWITCHES - 10G

interface port-channel51

description BLADE-SW1

switchport mode trunk

speed 10000

vpc 51

interface port-channel52

description BLADE-SW2

switchport mode trunk

speed 10000

vpc 52

interface port-channel53

description BLADE-SW3

switchport mode trunk

speed 10000

vpc 53

interface port-channel54

description BLADE-SW4

switchport mode trunk

speed 10000

vpc 54

interface port-channel55

description BLADE-SW5

switchport mode trunk

speed 10000

vpc 55

interface port-channel56

description BLADE-SW6

switchport mode trunk

speed 10000

vpc 56

---

interface Ethernet1/17

description BLADE-SW1

switchport mode trunk

channel-group 51 mode active

interface Ethernet1/19

description BLADE-SW2

switchport mode trunk

channel-group 52 mode active

interface Ethernet1/25

description BLADE-SW3

switchport mode trunk

channel-group 53 mode active

interface Ethernet1/27

description BLADE-SW4

switchport mode trunk

channel-group 54 mode active

interface Ethernet1/33

description BLADE-SW5

switchport mode trunk

channel-group 55 mode active

interface Ethernet1/35

description BLADE-SW6

switchport mode trunk

channel-group 56 mode active

!ROUTING VLANS

interface Vlan701

description SYSTEMS_01

no shutdown

no ip redirects

ip address 10.8.0.23/22

ip router ospf 1 area 0.0.0.0

ip policy route-map TO_LA_ENLAN

hsrp 1

preempt

priority 110

ip 10.8.0.1

ip dhcp relay address 10.X.X.X

interface Vlan550

description PEER-LINK

no shutdown

vrf member VPC-KEEPALIVE

ip address 10.8.50.3/24

interface Vlan552

description CORE-NEXUS-L3

no shutdown

no ip redirects

ip address 10.8.52.33/24

ip router ospf 1 area 0.0.0.0

hsrp 1

preempt

priority 110

ip 10.8.52.31

interface Vlan704

description SYSTEMS_03

no shutdown

no ip redirects

ip address 10.8.16.3/24

ip router ospf 1 area 0.0.0.0

ip policy route-map TO_LA_ENLAN

hsrp 1

preempt

priority 110

ip 10.8.16.1

ip dhcp relay address 10.X.X.X

interface Vlan751

description CISCO-MGT

no shutdown

no ip redirects

ip address 10.8.7.33/24

ip router ospf 1 area 0.0.0.0

hsrp 1

preempt

priority 110

ip 10.8.7.31

!ROUTING & OSPF

ip route 0.0.0.0/0 10.8.52.1

router ospf 1

area 0.0.0.0 range 10.0.21.16/28

area 0.0.0.0 range 10.8.0.0/22

area 0.0.0.0 range 10.8.7.0/24

area 0.0.0.0 range 10.8.16.0/24

area 0.0.0.0 range 10.8.52.0/24

View solution in original post

nazimkha · ‎09-17-2018

If you leave the link between the Nexus 5596 and the catalyst 6500 as L2 you may need to ensure that you are running 7.3(0)N1(1) code the Nexus 5596 as Dynamic routing over vPC or L3 vPC is only supported from this release.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/notes/7x/Nexus5500_Release_Notes_7x.html#pgfId-622079

Your configs looks okay, you may need to add 'layer3 peer-router' and peer-gateway under the vpc domain and also ensure the config is identical across both vPC switches.

As always all changes only in maintenance window :)

CiscoGirl · ‎09-18-2018

I'm running it ;)
boot kickstart bootflash:/n5000-uk9-kickstart.7.3.3.N1.1.bin
boot system bootflash:/n5000-uk9.7.3.3.N1.1.bin

CiscoGirl · ‎09-18-2018

2018SEP18 - I implemented this over the weekend and it works with the below tweaks!

Moving vlan 701 and 704 off the Core to the Nexus 5596 to elevate 1G vlan on core to nexus 10G vlans.
Nexus - using L3, OSPF & PBR
I left the trunk ports from core to nexus as L2.
I’m not an architect or good with RP, but this is what I have and it works! I added in some other commands to configure Nexus also. Any suggestion is welcome.

Lesson Learned / Info:

Create another vlan on Core and Nexus for routing between the N5K and CORE, (vlan 552, ip route 0.0.0.0/0 10.8.52.1)
Nexus 5596 doesn’t support Netflow, so you can’t see Netflow if you move the vlan to Nexus. Newer model support Netflow.
Route-map doesn’t support deny.

N5K-1 (config-if)# ip policy route-map TO_LA_ENLAN

% Could not apply PBR route-map - policy action not supported

2018 Aug 16 13:02:15 HW3-N5K1-SW1 %$ VDC-1 %$ %RPM-2-PPF_SES_VERIFY: rpm [4172] PPF session verify failed in client afm(Line card 1/VDC NONE/UUID 656) with an error 0x41ee0013(policy action not supported)

----------------------------------------------------------------------------------------

6506-CORE1# (CORE2 WOULD BE SIMILAR WITH DIFFERENT IP)

----------------------------------------------------------------------------------------

router ospf 1

redistribute connected subnets

redistribute static subnets

passive-interface Loopback0

network 10.0.20.177 0.0.0.0 area 0.0.0.0

!I would do more specific network below, but it is before me, so I am leaving it alone.

network 10.0.0.0 0.255.255.255 area 0.0.0.0

default-information originate

!

interface Vlan552

description CORE-NEXUS-L3

ip address 10.8.52.2 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow monitor NETFLOW_MONITOR input

ip flow monitor NETFLOW_MONITOR output

standby 0 ip 10.8.52.1

standby 0 priority 120

standby 0 preempt

----------------------------------------------

N5K-1#

----------------------------------------------

no feature telnet

cfs eth distribute

feature ospf

feature pbr

feature interface-vlan

feature hsrp

feature lacp

feature dhcp

feature vpc

feature lldp

feature vtp

!PEER-LINK

vrf context VPC-KEEPALIVE

interface Vlan550

description PEER-LINK

no shutdown

vrf member VPC-KEEPALIVE

ip address 10.8.50.2/24

!

vpc domain 5

role priority 10

peer-keepalive destination 10.8.50.3 source 10.8.50.2 vrf VPC-KEEPALIVE

delay restore 150

auto-recovery reload-delay 300

!

interface Ethernet1/5

description KEEPALIVE - N5K1 TO N5K2

switchport access vlan 550

!

interface port-channel50

description 5K1 TO 5K2 PEER-LINK

switchport mode trunk

spanning-tree port type network

vpc peer-link

!

interface Ethernet1/9-10

description PEER-LINK

switchport mode trunk

channel-group 50 mode active

!ETHERCHANNEL TO CORE1 & CORE2

interface port-channel61

description TO 6506-CORE1

switchport mode trunk

vpc 61

!

interface port-channel62

description TO 6506-CORE2

switchport mode trunk

vpc 62

!

interface Ethernet1/1-4

description ETHERCHANNEL (4) TO 6506-CORE1

switchport mode trunk

channel-group 61 mode passive

!

interface Ethernet1/45-48

description ETHERCHANNEL (4) TO 6506-CORE2

switchport mode trunk

channel-group 62 mode passive

--------------------------------------

!TO BLADE SWITCHES - 10G

interface port-channel51

description BLADE-SW1

switchport mode trunk

speed 10000

vpc 51

interface port-channel52

description BLADE-SW2

switchport mode trunk

speed 10000

vpc 52

interface port-channel53

description BLADE-SW3

switchport mode trunk

speed 10000

vpc 53

interface port-channel54

description BLADE-SW4

switchport mode trunk

speed 10000

vpc 54

interface port-channel55

description BLADE-SW5

switchport mode trunk

speed 10000

vpc 55

interface port-channel56

description BLADE-SW6

switchport mode trunk

speed 10000

vpc 56

---

interface Ethernet1/17

description BLADE-SW1

switchport mode trunk

channel-group 51 mode active

interface Ethernet1/19

description BLADE-SW2

switchport mode trunk

channel-group 52 mode active

interface Ethernet1/25

description BLADE-SW3

switchport mode trunk

channel-group 53 mode active

interface Ethernet1/27

description BLADE-SW4

switchport mode trunk

channel-group 54 mode active

interface Ethernet1/33

description BLADE-SW5

switchport mode trunk

channel-group 55 mode active

interface Ethernet1/35

description BLADE-SW6

switchport mode trunk

channel-group 56 mode active

---------------------------------------------

!ROUTING VLANS

interface Vlan701

description SYSTEMS_01

no shutdown

no ip redirects

ip address 10.8.0.2/22

ip router ospf 1 area 0.0.0.0

ip policy route-map TO_LA_ENLAN

hsrp 1

preempt

priority 120

ip 10.8.0.1

ip dhcp relay address 10.X.X.X

!

!USE FOR DEFAULT GATEWAY

interface Vlan552

description CORE-NEXUS-L3

no shutdown

no ip redirects

ip address 10.8.52.32/24

ip router ospf 1 area 0.0.0.0

hsrp 1

preempt

priority 120

ip 10.8.52.31

!

interface Vlan704

description SYSTEMS_03

no shutdown

no ip redirects

ip address 10.8.16.2/24

ip router ospf 1 area 0.0.0.0

ip policy route-map TO_LA_ENLAN

hsrp 1

preempt

priority 120

ip 10.8.16.1

ip dhcp relay address 10.X.X.X

!

interface Vlan751

description CISCO-MGT

no shutdown

no ip redirects

ip address 10.8.7.32/24

ip router ospf 1 area 0.0.0.0

hsrp 1

preempt

priority 120

ip 10.8.7.31

!

interface loopback0

ip address 10.0.21.1/28

ip router ospf 1 area 0.0.0.0

--------------

!ROUTING & OSPF

ip route 0.0.0.0/0 10.8.52.1

router ospf 1

area 0.0.0.0 range 10.0.21.0/28

area 0.0.0.0 range 10.8.0.0/22

area 0.0.0.0 range 10.8.7.0/24

area 0.0.0.0 range 10.8.16.0/24

area 0.0.0.0 range 10.8.52.0/24

----------------------

!access-list 1 to allow only certain network to ssh

ip access-list 1

10 remark : REMOTE ACCESS TO SWITCH FROM THESE IP

20 permit ip 10.8.0.0/32 any

line console

exec-timeout 15

line vty

exec-timeout 15

access-class 1 in

!SNMP (NOTE IT USES ACL 1 ALSO)

snmp-server contact NETWORK SUPPORT 123.456.789

snmp-server location 11 CISCO DR, SAN JOSE, CA 77077

snmp-server host 10.8.18.100 traps version 2c <KEY>

snmp-server host 10.8.18.100 source-interface Vlan751

!

!network-operator is for RO, network-admin is for RW

snmp-server community <RO> group network-operator

snmp-server community <RW STRING> group network-admin

snmp-server community <RW STRING> use-ipv4acl 1

!AUTHENTICATION & RADIUS

username NWADMIN password <XXXXX> role network-admin

aaa authentication login default group radius local

aaa accounting default group radius

radius-server host 10.X.X.X key XXXXX auth-port 1645 acct-port 1646 authentication accounting

ssh login-attempts 2

ssh key rsa 2048

login block-for 1800 attempts 5 within 90

login quiet-mode access-class 1

!ROUTE-MAP

ip access-list 150

10 remark : ROUTE TO LA ENLAN

20 remark : PBR DOESN.T SUPPPORT DENY . PERMIT BELOW EXCEPT TO 10.8.1.24

30 permit ip 10.8.0.0/22 10.1.1.0/28

40 permit ip 10.8.0.0/22 10.1.1.16/29

50 permit ip 10.8.0.0/22 10.1.1.25/32

60 permit ip 10.8.0.0/22 10.1.1.26/31

70 permit ip 10.8.0.0/22 10.1.1.28/30

80 permit ip 10.8.0.0/22 10.1.1.32/27

90 permit ip 10.8.0.0/22 10.1.1.64/26

100 permit ip 10.8.0.0/22 10.1.1.128/25

!

route-map TO_LA_ENLAN permit 10

match ip address 150

set ip next-hop 172.16.2.2

!

interface x

ip policy route-map TO_LA_ENLAN

!MGT (OPTIONAL)

vrf context management

ip route 0.0.0.0/0 10.8.7.1

interface mgmt0

vrf member management

ip address 10.X.X.X/24

!OTHER COMMANDS

no ip domain-lookup

ip domain-name XXXXX.com

ip name-server 10.XXXX

no ip source-route

no ip igmp snooping mrouter vpc-peer-link

clock timezone CST -6 0

clock summer-time CDT 1 Sun Apr 02:00 4 sun oct 02:00 60

cli alias name wrme copy run start

ntp server 10.X.X.X

boot kickstart bootflash:/n5000-uk9-kickstart.7.3.3.N1.1.bin

boot system bootflash:/n5000-uk9.7.3.3.N1.1.bin

logging server 10.X.X.X

----------------------------------------------

N5K-2#

----------------------------------------------

!PEER-LINK

vrf context VPC-KEEPALIVE

!

vpc domain 5

role priority 20

peer-keepalive destination 10.8.50.2 source 10.8.50.3 vrf VPC-KEEPALIVE

delay restore 150

auto-recovery reload-delay 300

!

interface Vlan550

description PEER-LINK

no shutdown

vrf member VPC-KEEPALIVE

ip address 10.8.50.3/24

!

interface Ethernet1/5

description KEEPALIVE - N5K2 TO N5K1

switchport access vlan 550

!

interface port-channel50

description 5K1 TO 5K2 PEER-LINK

switchport mode trunk

spanning-tree port type network

speed 10000

duplex full

vpc peer-link

!

interface Ethernet1/9-10

description PEER-LINK

switchport mode trunk

duplex full

channel-group 50 mode passive

!ETHERCHANNEL TO CORE1 & CORE2

interface port-channel61

description TO 6506-CORE1

switchport mode trunk

vpc 61

!

interface port-channel62

description TO 6506-CORE2

switchport mode trunk

vpc 62

!

interface Ethernet1/1-4

description ETHERCHANNEL (4) TO 6506-CORE1

switchport mode trunk

channel-group 61 mode passive

!

interface Ethernet1/45-48

description ETHERCHANNEL (4) TO 6506-CORE2

switchport mode trunk

channel-group 62 mode passive

--------------------------------------

!TO BLADE SWITCHES - 10G

interface port-channel51

description BLADE-SW1

switchport mode trunk

speed 10000

vpc 51

interface port-channel52

description BLADE-SW2

switchport mode trunk

speed 10000

vpc 52

interface port-channel53

description BLADE-SW3

switchport mode trunk

speed 10000

vpc 53

interface port-channel54

description BLADE-SW4

switchport mode trunk

speed 10000

vpc 54

interface port-channel55

description BLADE-SW5

switchport mode trunk

speed 10000

vpc 55

interface port-channel56

description BLADE-SW6

switchport mode trunk

speed 10000

vpc 56

---

interface Ethernet1/17

description BLADE-SW1

switchport mode trunk

channel-group 51 mode active

interface Ethernet1/19

description BLADE-SW2

switchport mode trunk

channel-group 52 mode active

interface Ethernet1/25

description BLADE-SW3

switchport mode trunk

channel-group 53 mode active

interface Ethernet1/27

description BLADE-SW4

switchport mode trunk

channel-group 54 mode active

interface Ethernet1/33

description BLADE-SW5

switchport mode trunk

channel-group 55 mode active

interface Ethernet1/35

description BLADE-SW6

switchport mode trunk

channel-group 56 mode active

!ROUTING VLANS

interface Vlan701

description SYSTEMS_01

no shutdown

no ip redirects

ip address 10.8.0.23/22

ip router ospf 1 area 0.0.0.0

ip policy route-map TO_LA_ENLAN

hsrp 1

preempt

priority 110

ip 10.8.0.1

ip dhcp relay address 10.X.X.X

interface Vlan550

description PEER-LINK

no shutdown

vrf member VPC-KEEPALIVE

ip address 10.8.50.3/24

interface Vlan552

description CORE-NEXUS-L3

no shutdown

no ip redirects

ip address 10.8.52.33/24

ip router ospf 1 area 0.0.0.0

hsrp 1

preempt

priority 110

ip 10.8.52.31

interface Vlan704

description SYSTEMS_03

no shutdown

no ip redirects

ip address 10.8.16.3/24

ip router ospf 1 area 0.0.0.0

ip policy route-map TO_LA_ENLAN

hsrp 1

preempt

priority 110

ip 10.8.16.1

ip dhcp relay address 10.X.X.X

interface Vlan751

description CISCO-MGT

no shutdown

no ip redirects

ip address 10.8.7.33/24

ip router ospf 1 area 0.0.0.0

hsrp 1

preempt

priority 110

ip 10.8.7.31

!ROUTING & OSPF

ip route 0.0.0.0/0 10.8.52.1

router ospf 1

area 0.0.0.0 range 10.0.21.16/28

area 0.0.0.0 range 10.8.0.0/22

area 0.0.0.0 range 10.8.7.0/24

area 0.0.0.0 range 10.8.16.0/24

area 0.0.0.0 range 10.8.52.0/24