cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1768
Views
15
Helpful
7
Replies

replace lan core 6509s with nexus 3048

mkazam001
Level 3
Level 3

Can someone please help with the following questions:

1. If you configure vPC between the two nexus 3k switches, this means they appear as one logical switch - do you then also have to configure one of the HSRP protocols? This was suggested on a site & is confusing as you would normally configure catalyst switches as a stack OR use FHRP.

2. Can you configure a cross-stack etherchannel from a catalyst switch stack or ASA to the 2 nexus switches?

3. On the LAN side, they will connect to a multiple access switch stacks via etherchannel and on the WAN side, they will connect to 2 routers running VRRP. Do the nexus switches have the IP SLA feature to track the connections to the routers?

4. Is there anything wrong with this design, it would be my first time using nexus switches.

Thank you in advance :)

Regards, mk

7 Replies 7

shaps
Level 3
Level 3
I have some experience with the Nexus
1. You are correct, they are one logical switch however there are 2 seprate control planes, HSRP will be configured although they will both respond to arp and path traffic as if they were both active.
2. You can port channel to both switches yes,
3. Pretty confident IP SLA is supported
4. Topology sounds fairly standard however, I have only used them with Fabric extenders and not access switches, but no reason why you cannot, you only want to have both the switches appear as one.

Just to add to shaps post , ip sla is on 3ks but not the 5ks
switches are no issues , use standard port-channel on switch side then VPC portchannel on nexus side

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/IP_SLA/7x/b_Cisco_Nexus_3000_Series_NX-OS_IP_SLAs_Configuration_Guide_7x/b_Cisco_Nexus_3000_Series_NX-OS_IP_SLAs_Configuration_Guide_7x_chapter_01001.html

heres one of my vpc setups you can tweak to get started , we follow best practices


VPC Config

vpc domain 200
role priority 200
system-priority 150
peer-keepalive destination x.x.x.x source x.x.x.x
delay restore 90

interface mgmt0
description OOB.TRUSTED.SERVER
vrf member management
ip address x.x.x.x

interface Vlan3003
description VPC Heartbeat
vrf member heartbeat
ip address 10.1.1.1/30

interface Ethernet1/44
description VPC Heartbeat
switchport access vlan 3003
logging event port link-status


interface port-channel1
description Peer_Link_To_xxxxxxxxx
switchport mode trunk
no lacp suspend-individual
switchport trunk allowed vlan 2,10-11,17-18,20,28,31,33-34,36-39,48,50,64-65,70,72,74,76,78,80,90-96,102-103,105,107,400,1226,2224
spanning-tree port type network
speed 10000
vpc peer-link


interface Ethernet1/45
description Peer_Link_1_of_4_to_xxxxxxxxxx
switchport mode trunk
switchport trunk allowed vlan 2,10-11,17-18,20,28,31,33-34,36-39,48,50,64-65,70,72,74,76,78,80,90-96,102-103,105,107,400,1226,2224
channel-group 1 mode active

interface Ethernet1/46
description Peer_Link_2_of_4_to_xxxxxxxxx
switchport mode trunk
switchport trunk allowed vlan 2,10-11,17-18,20,28,31,33-34,36-39,48,50,64-65,70,72,74,76,78,80,90-96,102-103,105,107,400,1226,2224
channel-group 1 mode active

interface Ethernet1/47
description Peer_Link_3_of_4_to_xxxxxxxxx
switchport mode trunk
switchport trunk allowed vlan 2,10-11,17-18,20,28,31,33-34,36-39,48,50,64-65,70,72,74,76,78,80,90-96,102-103,105,107,400,1226,2224
channel-group 1 mode active

interface Ethernet1/48
description Peer_Link_4_of_4_to_xxxxxxxxxxx
switchport mode trunk
switchport trunk allowed vlan 2,10-11,17-18,20,28,31,33-34,36-39,48,50,64-65,70,72,74,76,78,80,90-96,102-103,105,107,400,1226,2224
channel-group 1 mode active


##############################################################################

vpc domain 200
role priority 150
system-priority 150
peer-keepalive destination x.x.x.x source x.x.x.x
delay restore 90

interface mgmt0
description OOB.TRUSTED.SERVER
vrf member management
ip address x.x.x.x/x


interface Vlan3003
description VPC Heartbeat
vrf member heartbeat
ip address 10.1.1.2/30

interface Ethernet1/44
description VPC Heartbeat
switchport access vlan 3003
logging event port link-status

Thank you, I may be back with some follow up questions :)

Does the peer link have to be 10Gig, would any of the switch ports work with Cat7 cable?

Is the heartbeat link via 1Gig ports?

Do you need Enterprise license to have the VRF feature?

Thanks

Peer link wont form unless it 10GB usually , havent tested 3ks now but generally in NX-OS must be 10gb
Heartbeat is just a keepalive so could be 1GB , i only ever used a 10gb though , all it does it make sure the VPC peer link can come back up if it fails , if heartbeats not in place peer ink wont come back so its an important link between the 2

Thank you again Mark.

So, do you also have to configure HSRP for this to work?

Regards, mk

Yes thats the way mine are setup works good

example of 1 of my L3 SVI interfaces in HSRP between both Nexus switches

 

interface Vlan70
  no ip redirects
  ip address 172.x.x.x/26
  no ipv6 redirects
  ip router eigrp 1
  ip passive-interface eigrp 1
  hsrp 70
    authentication text secret
    preempt
    priority 150
    ip 172.x.x.x
  ip dhcp relay address x.x.x.x
  ip dhcp relay address x.x.x.x
  description Cisco_IPT_Backend
  no shutdown


interface Vlan70
  no ip redirects
  ip address 172.x.x.x/26
  no ipv6 redirects
  ip router eigrp 1
  ip passive-interface eigrp 1
  hsrp 70
    authentication text secret
    preempt
    priority 200
    ip 172.x.x.x
  ip dhcp relay address x.x.x.x
  ip dhcp relay address x.x.x.x
  description Cisco_IPT_Backend
  no shutdown