Solved: Hi,The VPC and VSS works.When

nuredin4133 · ‎07-21-2015

Recently I had the opportunity to prepare two 4500X switches and two Nexus 9372 and configure VSS and vPC on them respectively. I have one Core block with Nexus VPC (Layer2) and three Distribution blocks with 4500x VSS (Layer3). WAN/DMZ is attached to the Core.
I tried in many ways, but at the end it didnt work. I dont have the LAN-Enterprise-services licence for the nexus devices so i have it to use as layer 2.
For the VPC VSS configuration i followed Cisco deployment Guide and cisco best practice.
My question is what would be the best solution for this network? Is it correct how I am trying?

Thank you in advance for your help.

Reza Sharifi · ‎07-21-2015

If the links between VSS switches and Nexus are layer-2 you can put them in a VPC. If the links are layer-3, layer-3 VPC is not supported. So you can use regular Portchannels from each Nexus. In this case you would need 2 Portchannels, one is for the primary Nexus connecting to VSS and one for the secondary Nexus to VSS.

HTH

View solution in original post

Reza Sharifi · ‎07-21-2015

If the links between VSS switches and Nexus are layer-2 you can put them in a VPC. If the links are layer-3, layer-3 VPC is not supported. So you can use regular Portchannels from each Nexus. In this case you would need 2 Portchannels, one is for the primary Nexus connecting to VSS and one for the secondary Nexus to VSS.

HTH

nuredin4133 · ‎07-21-2015

Hi Reza

Thanks for your response. I tried this already, when i have only one Distribution then it works, when i add the second one then sometimes i can ping the other Distribution and sometimes not.

What you think about the solution? Should i use Layer 3 on the Core?

Thanks

Nuredin

Reza Sharifi · ‎07-21-2015

Hi Nuredin,

I think, if the connections between the VSS and Nexus are layer-3, you would have a faster convergence with no STP issue. In order to do so, you need a Portchannle from each Nexus to both VSS switches (the same way you have it in your diagram) but the key is that these Portchannels can not be in a VPC, they need to be regular Portchannles with /30 IP on the Portchannles interface.

So, example:

vss---------PO10----/30--------Nexus-1

vss---------PO20----/30--------Nexus-2

vss means 2 connections (one from each switch)

HTH

nuredin4133 · ‎07-21-2015

Hi Reza,

Once we have the license, then i will test it. Thanks.

Through the vPC peer link it will allow only layer 2, do i need a separate connection (layer3) between the nexus?

Regards

Nuredin

mohankumarm · ‎08-04-2015

Hi there,

In our environment, we are running Layer 2 VPC between Nexus Core and the 4500 VSS distribution switches. Layer 3 is used on the Core Nexus and SVI's are created on the Nexus core for the various VLAN's as well as HSRP. The 4500's function as pure L2 aggregation switches.

In this scenario, if the connections between Nexus and 4500's are changed to Layer 3 Port channel with no VPC, will this result in faster convergence? and is there any other configuration changes required on the 4500's or the Nexus when the links are changed to L3 port channel without VPC.

Thanks and Regards.

Reza Sharifi · ‎08-04-2015

Hi,

So, your access switches connect to the 4500 (VSS) (layer-2) and than the 4500 connect to Nexus (layer-2) right? Do you have a diagram of the network you can post.

HTH

mohankumarm · ‎08-04-2015

Hi,

Yes, you are absolutely right. the access switches connect to the VSS switch and the VSS is then connected to the Nexus core. Attached a sketch of the topology.

mohankumarm · ‎08-17-2015

Hi Reza,

Any update on this scenario? Fyi, Diagram attached below.

Thanks and Regards,

Mohan

Madhukrishnan Gopinathan Nair · ‎07-21-2015

Hello,

When you say it do not work, can you tell us what is the issue?

Is the VPC not coming up?

Thanks,

nuredin4133 · ‎07-21-2015

Hi,

The VPC and VSS works.

When i connect all the Distribution blocks to the Core Layer, then sometimes i can ping the other Distribution and sometimes not.

Hope you can understand me. :)

Nuredin

Joseph W. Doherty · ‎07-21-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As Reza has noted, L2 VPC to L2 Etherchannel should work (I have such a setup). If you want a "routed" connection, can you not use a dedicated SVI on both sides?

VPC Layer 2 (core) with VSS Layer 3 (distribution)?