Nexus 5000 setup and configurations for L2 connectivity
This document briefly describes Data Center technology and provides a straight-forward, simple configuration to 2 N5Ks, connected and running layer 2 protocols. This Design assumes 2 Nexus 5020 units, with 12 FEX 2000 single homed to each of the Nexus 5000.
Data Center Switching:
The Cisco Nexus family of switches is a primary part of the unified fabric pillar of the Cisco Data Center Business Advantage architectural framework. These switches are designed to meet the stringent requirements of the next-generation data center. Not simply bigger or faster, these switches offer the following advantages:
- Infrastructure that can be scaled cost-effectively and that helps you increase energy, budget, and resource efficiency
- Transport 10 Gigabit Ethernet and unified fabric and can handle virtualization, Web 2.0 applications, and cloud computing
- Operational continuity where system availability is assumed and maintenance windows are rare or nonexistent
The Cisco Nexus 5000 Series Switches help you transform the data center with innovative, standards-based, multilayer, multiprotocol, and multipurpose Ethernet-based fabric. Now you can help enable any transport over Ethernet, including Layer 2 and Layer 3 traffic, and storage traffic, all on one common data center-class platform.
Best Practice Design Objectives
The Goal of this document is to connect 2 Nexus 5020 devices and have them configured to do Layer 2 switching while layer 3 is handled on the core level. Layer 3 configs are out of the scope of this document.
Best Practice Design Technology Considerations
This design uses 2 Nexus 5020 with 24 Fabric extender 2248G attached single homed (12 FEX attached on to each of the 5020). Layer 3 routing is done on a core switch Cisco 6513 (not covered in this document)
The following steps need to be taken:
- upgrade the switch NX-OS
- enable features
- connect and configure the fabric extenders; which includes creating port channel interfaces and associating the Ethernet interfaces with a FEX ID and PO number.
- configure vPC between N5K
- General and layer 2 configurations
- TACACS+ configs
Reference Design Example
Upgrading the Nexus parent Switch:
Upgrading Cisco Nexus switch:
- Select and download the kickstart and system software files to a server.
- Ensure that the required space is available in the bootflash: directory for the image file(s) to be copied --dir bootflash:
- Copy the kickstart and system images to the supervisor module bootflash using a transfer protocol.
copy tftp bootflash:kick start n5000-uk9-kickstart.5.0.2.N1.1.bin copy tftp bootflash:system files n5000-uk184.108.40.206.N1.1.bin
I used ftp as the files were too large for tftp.
- Install the new images, specifying the new image names that you downloaded
install all kickstart bootflash:n5000-uk9-kickstart.5.0.2.N1.1.bin system bootflash:n5000-uk220.127.116.11.N1.1.bin
- After the switch completes the installation, log in and verify that the switch is running the required software version. -- sh ver
- Make sure; you set the boot variables for kickstart and system image to point to the proper BIN files.
Nexus needs to have its features enabled to do a lot of the configurations. Available features are listed below:
fcoe Enable/Disable FCoE/FC feature fex Enable/Disable FEX http-server Enable/Disable http-server interface-vlan Enable/Disable interface vlan lacp Enable/Disable LACP private-vlan Enable/Disable private-vlan privilege Enable/Disable IOS type privilege level support ssh Enable/Disable ssh tacacs+ Enable/Disable tacacs+ telnet Enable/Disable telnet udld Enable/Disable UDLD vpc Enable/Disable VPC (Virtual Port Channel) vtp Enable/Disable Vlan Trunking Protocol (VTP)
Connecting the Fabric extenders:
Note: lacp feature and FEX feature needs to be enabled Note: all configurations are done on the parent switch (Nexus 5020). When connecting a fabric extender to its parent switch (5020), it will not come up online; unless it has a chassis ID configured and the chassis ID is associated with the interface where the fabric extender is plugged into. Configure the Fabric extender (FEX):
fex 101 pinning max-links 1 description "FEX0101" fex 102 pinning max-links 1 description "FEX0102" fex 103 pinning max-links 1 description "FEX0103" fex 104 pinning max-links 1 description "FEX0104" fex 105 pinning max-links 1 description "FEX0105" fex 106 pinning max-links 1 description "FEX0106" fex 107 pinning max-links 1 description "FEX0107" fex 108 pinning max-links 1 description "FEX0108" fex 109 pinning max-links 1 description "FEX0109" fex 110 pinning max-links 1 description "FEX0110" fex 111 pinning max-links 1 description "FEX0111" fex 112 pinning max-links 1 description "FEX0112"
Configure the Port Channels:
interface port-channel101 switchport mode fex-fabric fex associate 101 interface port-channel102 switchport mode fex-fabric fex associate 102 interface port-channel103 switchport mode fex-fabric fex associate 103 interface port-channel104 switchport mode fex-fabric fex associate 104 interface port-channel105 switchport mode fex-fabric fex associate 105 interface port-channel106 switchport mode fex-fabric fex associate 106 interface port-channel107 switchport mode fex-fabric fex associate 107 interface port-channel108 switchport mode fex-fabric fex associate 108 interface port-channel109 switchport mode fex-fabric fex associate 109 interface port-channel110 switchport mode fex-fabric fex associate 110 interface port-channel111 switchport mode fex-fabric fex associate 111 interface port-channel112 switchport mode fex-fabric fex associate 112
Configure the Ethernet port interfaces and associate them with the FEX chassis and port-channel:
interface Ethernet1/1 fex associate 101 switchport mode fex-fabric channel-group 101 interface Ethernet1/2 fex associate 101 switchport mode fex-fabric channel-group 101 interface Ethernet1/3 fex associate 102 switchport mode fex-fabric channel-group 102 interface Ethernet1/4 fex associate 102 switchport mode fex-fabric channel-group 102 interface Ethernet1/5 fex associate 103 switchport mode fex-fabric channel-group 103 interface Ethernet1/6 fex associate 103 switchport mode fex-fabric channel-group 103 interface Ethernet1/7 fex associate 104 switchport mode fex-fabric channel-group 104 interface Ethernet1/8 fex associate 104 switchport mode fex-fabric channel-group 104 interface Ethernet1/9 fex associate 105 switchport mode fex-fabric channel-group 105 interface Ethernet1/10 fex associate 105 switchport mode fex-fabric channel-group 105 interface Ethernet1/11 fex associate 106 switchport mode fex-fabric channel-group 106 interface Ethernet1/12 fex associate 106 switchport mode fex-fabric channel-group 106 interface Ethernet1/13 fex associate 107 switchport mode fex-fabric channel-group 107 interface Ethernet1/14 fex associate 107 switchport mode fex-fabric channel-group 107 interface Ethernet1/15 fex associate 108 switchport mode fex-fabric channel-group 108 interface Ethernet1/16 fex associate 108 switchport mode fex-fabric channel-group 108 interface Ethernet1/17 fex associate 109 switchport mode fex-fabric channel-group 109 interface Ethernet1/18 fex associate 109 switchport mode fex-fabric channel-group 109 interface Ethernet1/19 fex associate 110 switchport mode fex-fabric channel-group 110 interface Ethernet1/20 fex associate 110 switchport mode fex-fabric channel-group 110 interface Ethernet1/21 fex associate 111 switchport mode fex-fabric channel-group 111 interface Ethernet1/22 fex associate 111 switchport mode fex-fabric channel-group 111 interface Ethernet1/23 fex associate 112 switchport mode fex-fabric channel-group 112 interface Ethernet1/24 fex associate 112 switchport mode fex-fabric channel-group 112
Configuring a vPC between the 2 N5K chassis:
Need to configure the port channel and make sure the switchport mode of the channel matches that of the Ethernet interface that will associate with the channel:
interface port-channel100 switchport mode trunk vpc peer-link spanning-tree port type network
Make sure vPC feature is enabled:
Create the vpc domain and specify the peer keep alive destination:
vpc domain "domain ID #" peer-keepalive destination “mgmt0 address”
Configure the Ethernet ports in trunk mode and add them to the channel group of the peer link port channel interface (port channel mode must match ethernet port mode):
interface Ethernet1/35 switchport mode trunk channel-group 100 mode active ! interface Ethernet1/36 switchport mode trunk channel-group 100 mode active
ip domain-lookup ip domain-name mydomain.ca hostname NX1 username myuser password 5 xyz. role priv-15 username myotheruser password 5 abc. role priv-15
Configs to get Layer 2 connectivity with CTD Core:
vlan 75 name mgmt ! interface Vlan75 no shutdown description MGMT ip address 10.16.75.X/24 ! interface Ethernet1/39 switchport mode trunk switchport trunk allowed vlan 75 ! vrf context management ip route 0.0.0.0/0 10.60.75.Y (10.160.175.Y is the address of the vlan interface on the Layer 3 core)
ip tacacs source-interface Vlan75 tacacs-server timeout 10 tacacs-server host X.X.X.X key 7 "layer2keys" tacacs-server host Y.Y.Y.Y key 7 "layer2keys" aaa group server tacacs+ tac-servers server X.X.X.X server Y.Y.Y.Y use-vrf management source-interface Vlan75 aaa authentication login default group tac-servers local aaa authentication login console group tac-servers local aaa accounting default group tac-servers aaa authentication login error-enable tacacs-server directed-request
Docwiki by Said Izawi