NX-OS runs Rapid Per-VLAN Spanning-Tree Protocol by default. This means that for each VLAN that is created, a separate instance of STP is created, with each of these running the 802.1w RSTP algorithm. Beyond this, the default behavior of STP on NX-OS is essentially identical to that of Catalyst IOS.
Lab Name: Nexus 9k NXOSv
Task
● Erase the previous configuration on switches NXOS01, NXOS02, NXOS03 and NXOS04 using command “write erase” and reload both switches, assign hostname the same hostname to both switches. Use provisioning documents if required
● Configure all links connecting NXOS01, NXOS02, NXOS03, and NXOS04 as 802.1Q trunk ports.
● Configure the links connecting NXOS03 and NXOS04 as a port channel 1.
● Create VLANs 10 and 20 on all switches, and assign them as follows:
a) Win Server’slink to NXOS03 should be in VLAN 10 and use the IP address 10.0.0.1/24.
b) Win Server’slink to NXOS04 should be in VLAN 20 and use the IP address 20.0.0.1/24.
c) SW’s link to NXOS03 should be in VLAN 20 and use the IP address 20.0.0.2/24.
d) SW’s link to NXOS04 should be in VLAN 10 and use the IP address 10.0.0.2/24.
● Configure Spanning-Tree Protocol between the switches as follows:
a) All switches should use 32 bits for spanning-tree port path costs.
b) NXOS01 should be the STP Root Bridge for VLAN 10, with NXOS02 being the backup Root Bridge.
c) NXOS04 should be the STP Root Bridge for VLAN 20, with NXOS03 being the backup Root Bridge.
d) Win Server’s VLAN 10 traffic to SW should follow the path of NXOS03 ->NXOS02 ->NXOS01 ->NXOS04 ->SW.
e) SW’s VLAN 20 traffic to Win Server should follow the path of NXOS03 ->NXOS01 ->NXOS02 ->NXOS04 -> Server 1.
● Keep saving your configuration using command “copy run start”
Configuration
NXOS03:
! vlan 10,20 ! spanning-tree pathcost method long ! spanning-tree vlan 20 priority 8192 ! interface Ethernet1/1-2 switchport switchport mode trunk channel-group 1 no shutdown ! interface port-channel1 switchport mode trunk spanning-tree vlan 10,20 cost 99999 ! interface Ethernet1/3-4 switchport switchport mode trunk spanning-tree vlan 10 cost 99999 no shutdown ! interface Ethernet1/5-6 switchport switchport mode trunk spanning-tree vlan 20 cost 99999 no shutdown ! interface Ethernet1/7 switchport switchport access vlan 10 no shutdown ! interface Ethernet1/8 switchport switchport access vlan 20 no shutdown ! |
NXOS04:
! vlan 10,20 ! spanning-tree pathcost method long ! spanning-tree vlan 20 priority 4096 ! interface Ethernet1/1-2 switchport switchport mode trunk channel-group 1 no shutdown ! interface port-channel1 switchport mode trunk ! interface Ethernet1/3-6 switchport switchport mode trunk no shutdown ! interface Ethernet1/7 switchport switchport access vlan 20 no shutdown ! interface Ethernet1/8 switchport switchport access vlan 10 no shutdown |
NXOS01:
! vlan 10,20 ! spanning-tree pathcost method long ! spanning-tree vlan 10 priority 4096 ! interface Ethernet1/1-2 switchport switchport mode trunk no shutdown ! interface Ethernet1/3-4 switchport switchport mode trunk spanning-tree vlan 10 cost 99999 no shutdown ! interface Ethernet1/5-6 switchport switchport mode trunk spanning-tree vlan 20 cost 99999 no shutdown ! |
NXOS02:
! vlan 10,20 ! spanning-tree pathcost method long ! spanning-tree vlan 10 priority 8192 ! interface Ethernet1/1-6 switchport switchport mode trunk no shutdown ! |
SW:
! hostname SW ! Interface Eth0/0 no switchport ip address 20.0.0.2 255.255.255.0 no shutdown ! Interface Eth0/1 no switchport ip address 10.0.0.2 255.255.255.0 no shutdown ! |
Verification
Assign IP addresses to WinServer on its both interfaces
Notice the Mac address of both the interfaces on WinServer interfaces. Marked in yellow.
Notice the Mac addresses on SW interfaces
SW#show interfaces eth0/0 Ethernet0/0 is up, line protocol is up (connected) Hardware is Ethernet, address is aabb.cc00.6000 (bia aabb.cc00.6000) Internet address is 20.0.0.2/24 |
SW#show interfaces eth0/1 Ethernet0/1 is up, line protocol is up (connected) Hardware is Ethernet, address is aabb.cc00.6010 (bia aabb.cc00.6010) Internet address is 10.0.0.2/24 |
Verification of this task can be performed by viewing the Root Bridge and Root Port election on a per-switch basis, or by viewing the MAC address table, as the STP topology ultimately controls which interfaces can participate in MAC address learning. Below we see that for VLAN 10, NXOS01 is elected the Root Bridge. This implies that all of its VLAN 10 links will be Designated ports in the Forwarding state.
NXOS01# show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol rstp Root ID Priority 4106 Address 5000.0001.0007 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4106 (priority 4096 sys-id-ext 10) Address 5000.0001.0007 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type —————- —- — ——— ——– ——————————– Eth1/1 Desg FWD 20000 128.1 P2p Eth1/2 Desg FWD 20000 128.2 P2p Eth1/3 Desg FWD 99999 128.3 P2p Eth1/4 Desg FWD 99999 128.4 P2p Eth1/5 Desg FWD 20000 128.5 P2p Eth1/6 Desg FWD 20000 128.6 P2p |
Try to send PING traffic from SW to WinServer or vice versa. In case traffic dies out, use continuous ping to generate traffic.
SW#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 21/24/31 ms SW#ping 20.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 20.0.0.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 26/30/36 ms |
MAC addresses for VLAN 10 are being learned in ports Eth2/5 and Eth1/1, which implies that NXOS04 and NXOS02 on the other end of these links, respectively, have chosen those ports as their Root Ports.
NXOS01# show system internal l2fwder mac Legend: * – primary entry, G – Gateway MAC, (R) – Routed MAC, O – Overlay MAC age – seconds since last seen,+ – primary entry using vPC Peer-Link, (T) – True, (F) – False, C – ControlPlane MAC VLAN MAC Address Type age Secure NTFY Ports ———+—————–+——–+———+——+—-+—————— * 10 5000.0005.0000 dynamic 00:10:18 F F Eth1/1 * 10 aabb.cc00.6010 dynamic 00:10:22 F F Eth1/5 |
Use command “show mac address-table dynamic vlan 10” on physical switch which represents the same output.
Per the output below, NXOS02 chose E1/1 as the Root Port to reach NXOS01. Although all ports have the same cost of 2000, E1/1 has the lowest Port ID (port priority and port number) on the other end of the link.
NXOS02# show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol rstp Root ID Priority 4106 Address 5000.0001.0007 Cost 20000 Port 1 (Ethernet1/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 8202 (priority 8192 sys-id-ext 10) Address 5000.0002.0007 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type —————- —- — ——— ——– ——————————– Eth1/1 Root FWD 20000 128.1 P2p Eth1/2 Altn BLK 20000 128.2 P2p Eth1/3 Desg FWD 20000 128.3 P2p Eth1/4 Desg FWD 20000 128.4 P2p Eth1/5 Desg FWD 20000 128.5 P2p Eth1/6 Desg FWD 20000 128.6 P2p |
Per the view of the CAM table below, we see that NXOS02 learns MAC addresses for VLAN 10 in Eth1/1, its root port, and Eth2/5, the downstream link connecting to NXOS03.
Look on for mac addresses in VLAN 10
NXOS02# show system internal l2fwder mac Legend: * – primary entry, G – Gateway MAC, (R) – Routed MAC, O – Overlay MAC age – seconds since last seen,+ – primary entry using vPC Peer-Link, (T) – True, (F) – False, C – ControlPlane MAC VLAN MAC Address Type age Secure NTFY Ports ———+—————–+——–+———+——+—-+—————— * 10 5000.0005.0000 dynamic 00:17:28 F F Eth1/5 * 10 aabb.cc00.6010 dynamic 00:17:32 F F Eth1/1 |
Use command “show mac address-table dynamic vlan 10” on physical switch which represents the same output.
On the next downstream switch, NXOS03, we see that it has chosen Eth1/8, a link to NXOS02, as its Root Port. This is because other possible paths to the Root Bridge have had their cost raised to 99999. The end result is that traffic received from Win Serverin VLAN 10 going to SW is first forwarded to NXOS02, then to NXOS01, then to NXOS04, and finally to SW.
Note: Use command “show mac address-table dynamic vlan 10” on physical switch which represents the same output.
Likewise, traffic in VLAN 20 from SW can be verified to follow the path of NXOS03 ->NXOS01 ->NXOS02 ->NXOS04 ->Win Serverby the CAM tables below.
Look only for mac addresses in VLAN 20
NXOS03# show system internal l2fwder mac Legend: * – primary entry, G – Gateway MAC, (R) – Routed MAC, O – Overlay MAC age – seconds since last seen,+ – primary entry using vPC Peer-Link, (T) – True, (F) – False, C – ControlPlane MAC VLAN MAC Address Type age Secure NTFY Ports ———+—————–+——–+———+——+—-+—————— * 20 5000.0005.0001 dynamic 00:00:07 F F Eth1/3 * 20 aabb.cc00.6000 dynamic 00:00:07 F F Eth1/8 NXOS01# show system internal l2fwder mac Legend: * – primary entry, G – Gateway MAC, (R) – Routed MAC, O – Overlay MAC age – seconds since last seen,+ – primary entry using vPC Peer-Link, (T) – True, (F) – False, C – ControlPlane MAC VLAN MAC Address Type age Secure NTFY Ports ———+—————–+——–+———+——+—-+—————— * 20 5000.0005.0001 dynamic 00:01:29 F F Eth1/1 * 20 aabb.cc00.6000 dynamic 00:01:29 F F Eth1/3 NXOS02# show system internal l2fwder mac Legend: * – primary entry, G – Gateway MAC, (R) – Routed MAC, O – Overlay MAC age – seconds since last seen,+ – primary entry using vPC Peer-Link, (T) – True, (F) – False, C – ControlPlane MAC VLAN MAC Address Type age Secure NTFY Ports ———+—————–+——–+———+——+—-+—————— * 20 5000.0005.0001 dynamic 00:06:05 F F Eth1/3 * 20 aabb.cc00.6000 dynamic 00:06:05 F F Eth1/1 NXOS04# show system internal l2fw mac Legend: * – primary entry, G – Gateway MAC, (R) – Routed MAC, O – Overlay MAC age – seconds since last seen,+ – primary entry using vPC Peer-Link, (T) – True, (F) – False, C – ControlPlane MAC VLAN MAC Address Type age Secure NTFY Ports ———+—————–+——–+———+——+—-+—————— * 20 5000.0005.0001 dynamic 00:07:44 F F Eth1/7 * 20 aabb.cc00.6000 dynamic 00:07:44 F F Eth1/3 |
Alok Rastogi
Alok Rastogi is a highly experienced data center administrator and certified trainer. Currently he is working with one of the top IT companies in India. He has done CCIE DC and have more than 15 years of working experience in top companies in India. He is working as a consultant with MNC's for long years. Working experience in data center ...
More... | Author`s Bog | Book a MeetingComments (0)
Categories
Popular posts
TLOC Extension: Explore Cisco SD-WAN
5 Jun 2024
What is BGP and How Does it Work?
16 May 2024
Test blog
19 Jun 2024
Firewalls in Computer Networks: Concepts
6 Jan 2024Recent posts
Step by Step cisco WLC configuration
22 Nov 2024
Test blog
19 Jun 2024
TLOC Extension: Explore Cisco SD-WAN
5 Jun 2024
IPSec over GRE on Cisco IOS Routers
4 Jun 2024
BGP MED Attribute Configuration Example
30 May 2024Upcoming batches
Contact learning advisor