Cisco Nexus 9000 Series Configuration Manual

  • Cisco Manuals
  • Network Router
  • Nexus 9000 Series
  • Configuration manual

Cisco Nexus 9000 Series Configuration Manual

  • Configuration manual (562 pages)
  • Troubleshooting manual (126 pages)
  • Quick start configuration manual (6 pages)
  • page of 182 Go / 182

Table of Contents

  • Document Conventions
  • Documentation Feedback

CHAPTER 1 Newandchangedinformation

Chapter 2 overview 5.

  • VXLAN Encapsulation and Packet Format
  • Vpc Consistency Check for Vpc Vteps
  • Static Ingress Replication
  • Bud Node Topology

CHAPTER 3 Configuringvxlan

  • Considerations for VXLAN Deployment
  • Network Considerations for VXLAN Deployments
  • Considerations for the Transport Network
  • Enabling Vxlans
  • Mapping VLAN to VXLAN VNI
  • Configuring Port VLAN Mapping on a Trunk Port
  • Configuring Inner VLAN and Outer VLAN Mapping on a Trunk Port
  • Creating and Configuring an NVE Interface and Associate Vnis
  • Configuring Static MAC for VXLAN VTEP
  • Disabling Vxlans
  • Configuring BGP EVPN Ingress Replication
  • Configuring Static Ingress Replication
  • Configuring Q-In-VNI
  • Configuring Selective Q-In-VNI
  • Configuring Q-In-VNI with LACP Tunneling
  • Overview for FHRP over VXLAN
  • Guidelines and Limitations for FHRP over VXLAN
  • Only Supported Deployments for FHRP over VXLAN
  • New Supported Topology for Configuring FHRP over VXLAN
  • Overview of IGMP Snooping over VXLAN
  • Guidelines and Limitations for IGMP Snooping over VXLAN
  • Configuring IGMP Snooping over VXLAN
  • Verifying the VXLAN Configuration
  • Example of VXLAN Bridging Configuration

CHAPTER 4 Configuring VXLAN BGP EVPN

  • Notes for EVPN Convergence
  • Considerations for VXLAN BGP EVPN Deployment
  • VPC Considerations for VXLAN BGP EVPN Deployment
  • BGP EVPN Considerations for VXLAN Deployment
  • Commands for BGP EVPN
  • Enabling VXLAN
  • Configuring VLAN and VXLAN VNI
  • Configuring VRF for VXLAN Routing
  • Configuring SVI for Hosts for VXLAN Routing
  • Configuring VRF Overlay VLAN for VXLAN Routing
  • Configuring VNI under VRF for VXLAN Routing
  • Configuring Anycast Gateway for VXLAN Routing
  • Configuring the NVE Interface and Vnis
  • Configuring BGP on the VTEP
  • Configuring RD and Route Targets for VXLAN Bridging
  • Configuring VXLAN EVPN Ingress Replication
  • Configuring BGP for EVPN on the Spine
  • Suppressing ARP
  • Duplicate Detection for IP and MAC Addresses
  • Verifying the VXLAN BGP EVPN Configuration
  • Example of VXLAN BGP EVPN (EBGP)
  • Example of VXLAN BGP EVPN (IBGP)
  • Example Show Commands
  • Configuring VXLAN OAM
  • VXLAN OAM Overview
  • Loopback (Ping) Message
  • Traceroute or Pathtrace Message

CHAPTER 5 Configuring VXLAN OAM

  • Configuring NGOAM Profile
  • NGOAM Authentication

CHAPTER 6 Configuring VXLAN EVPN Multihoming

  • Introduction to Multihoming
  • BGP EVPN Multihoming
  • BGP EVPN Multihoming Terminology
  • EVPN Multihoming Implementation
  • EVPN Multihoming Redundancy Group
  • Ethernet Segment Identifier
  • LACP Bundling
  • Guidelines and Limitations for VXLAN EVPN Multihoming
  • Enabling EVPN Multihoming
  • VXLAN EVPN Multihoming Configuration Examples
  • Layer 2 Gateway STP Overview
  • Guidelines for Moving to Layer 2 Gateway STP
  • Enabling Layer 2 Gateway STP on a Switch
  • EVPN Multihoming Local Traffic Flows
  • EVPN Multihoming Remote Traffic Flows
  • EVPN Multihoming BUM Flows
  • Overview of VLAN Consistency Checking
  • VLAN Consistency Checking Guidelines and Limitations
  • Configuring VLAN Consistency Checking
  • Displaying Show Command Output for VLAN Consistency Checking
  • Overview of ESI ARP Suppression
  • Limitations for ESI ARP Suppression
  • Configuring ESI ARP Suppression
  • Displaying Show Commands for ESI ARP Suppression

VXLAN Bud Node over VPC

  • VXLAN Bud Node over VPC Overview
  • VXLAN Bud Node over VPC Topology Example
  • DHCP Relay in VXLAN BGP EVPN Overview
  • Basic VXLAN BGP EVPN Configuration
  • Client on Tenant VRF and Server on Layer 3 Default VRF
  • Client on Tenant VRF (SVI X) and Server on the same Tenant VRF (SVI Y)
  • Client on Tenant VRF (VRF X) and Server on Different Tenant VRF (VRF Y)
  • Client on Tenant VRF and Server on Non-Default Non-VXLAN VRF
  • Configuring VPC Peers Example
  • Vpc VTEP DHCP Relay Configuration Example

DHCP Relay in VXLAN BGP EVPN

  • Overview of EVPN with Transparent Firewall Insertion
  • EVPN with Transparent Firewall Insertion Example
  • Show Command Examples

EVPN with Transparent Firewall Insertion

  • Overview of Ipv6 Across a VXLAN EVPN Fabric
  • Configuring Ipv6 Across a VXLAN EVPN Fabric Example

Ipv6 Across a VXLAN EVPN Fabric

Advertisement

Quick Links

  • 1 Configuring Vxlan
  • 2 Configuring Q-In-Vni
  • Download this manual

Related Manuals for Cisco Nexus 9000 Series

Switch Cisco Nexus 9000 Series Configuration Manual

Summary of Contents for Cisco Nexus 9000 Series

  • Page 1 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release First Published: 2015-01-27 Last Modified: 2017-02-17 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
  • Page 2 This product includes software written by Tim Hudson ([email protected]). https:/ Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: /www.cisco.com/go/trademarks .

Page 3: Table Of Contents

  • Page 4 Notes for EVPN Convergence Considerations for VXLAN BGP EVPN Deployment VPC Considerations for VXLAN BGP EVPN Deployment Network Considerations for VXLAN Deployments Considerations for the Transport Network BGP EVPN Considerations for VXLAN Deployment Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 5 Configuring NGOAM Profile NGOAM Authentication Configuring VXLAN EVPN Multihoming C H A P T E R 6 VXLAN EVPN Multihoming Overview Introduction to Multihoming BGP EVPN Multihoming BGP EVPN Multihoming Terminology Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 6 DHCP Relay in VXLAN BGP EVPN A P P E N D I X B DHCP Relay in VXLAN BGP EVPN Overview DHCP Relay in VXLAN BGP EVPN Example Basic VXLAN BGP EVPN Configuration Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 7 IPv6 Across a VXLAN EVPN Fabric A P P E N D I X D Overview of IPv6 Across a VXLAN EVPN Fabric Configuring IPv6 Across a VXLAN EVPN Fabric Example Show Command Examples Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 8 Contents Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x viii...

Page 9: Document Conventions

Page 10: documentation feedback, page 11: obtaining documentation and submitting a service request.

  • Page 12 Preface Obtaining Documentation and Submitting a Service Request Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 13: Chapter

  • Page 14 Added support for displaying 7.0(3)I2(2) Verifying the VXLAN tracking route information. Configuration LACP tunneling support for Added support for VXLAN 7.0(3)I2(2) Configuring Q-in-VNI with VXLAN with LACP tunneling. LACP Tunneling Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 15 Static MAC for VXLAN VTEP Enables the configuration of 7.0(3)I1(2) Configuring Static MAC for support static MAC addresses behind a VXLAN VTEP peer VTEP on Cisco Nexus 9300 Series switches. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 16 VXLAN BGP EVPN support Enables the learning of remote 7.0(3)I1(1) Configuring VXLAN BGP VTEPs, overlay MACs, and EVPN routes through the BGP EVPN control plane protocol on Cisco Nexus 9300 Series switches. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 17: Chapter

Page 18: vxlan encapsulation and packet format, page 19: vpc consistency check for vpc vteps, page 20: static ingress replication, page 21: bud node topology.

  • Page 22 The distributed anycast gateway functionality will be used to facilitate flexible workload placement, and optimal traffic across the L3 core network. The overlay network that will be used is based on VXLAN. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 23: Chapter

  • Page 24 IGMP snooping on VXLAN enabled VLANs is not supported in Cisco Nexus 3232C and 3264Q switches. VXLAN with flood and learn and Layer 2 EVPN is supported in Cisco Nexus 3232C and 3264Q switches. • Bind NVE to a loopback address that is separate from other loopback addresses that are required by Layer 3 protocols.
  • Page 25 Configuring VXLAN Guidelines and Limitations for VXLAN • The VXLAN UDP port number is used for VXLAN encapsulation. For Cisco Nexus NX-OS, the UDP port number is 4789. It complies with IETF standards and is not configurable. • For 7.0(3)I2(1) and later, VXLAN is supported on Cisco Nexus 9500 Series switches with the following linecards: ◦...

Page 26: Considerations For Vxlan Deployment

Page 27: vpc considerations for vxlan deployment.

  • Page 28 • The VPC peer-gateway feature must be enabled on both peers. As a best practice, use peer-switch, peer gateway, ip arp sync, ipv6 nd sync configurations for improved convergence in VPC topologies. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 29 In BUD node topologies, the backup SVI needs to be added as a static OIF for each Note underlay multicast group. The SVI must be configured on both VPC peers and requires PIM to be enabled. Note Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 30: Network Considerations For Vxlan Deployments

Page 31: considerations for the transport network, page 32: mapping vlan to vxlan vni.

  • Page 33 • Port VLAN mapping is not supported on Cisco Nexus 9200 Series switches. Beginning with Cisco NX-OS Release 7.0(3)I6(1), port VLAN switching is supported on Cisco Nexus 9500 and 9300 platform switches. However, PV routing is not supported on Cisco Nexus 9500 and 9300 platform switches.
  • Page 34 VLANs. Step 5 [no] switchport vlan Removes all VLAN mappings configured on the interface. mapping all Step 6 copy running-config (Optional) Copies the running configuration to the startup configuration. startup-config Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 35: Configuring Inner Vlan And Outer Vlan Mapping On A Trunk Port

  • Page 36 11 inner 12 111 switch(config-if)# switchport trunk allowed vlan 101-170 switch(config-if)# no shutdown switch(config-if)# show mac address-table dynamic vlan 111 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 37: Creating And Configuring An Nve Interface And Associate Vnis

Page 38: disabling vxlans, page 39: configuring bgp evpn ingress replication, page 40: configuring q-in-vni.

  • Page 41 • The following is an example of configuring a Q-in-VNI (NX-OS 7.0(3)I3(1) and later releases): switch# config terminal switch(config)# interface ethernet 1/4 switch(config-if)# switchport mode dot1q-tunnel switch(config-if)# switchport access vlan 10 switch(config-if)# spanning-tree bpdufilter enable switch(config-if)# Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 42: Configuring Selective Q-In-Vni

  • Page 43 10050 mcast-group 230.1.1.1 • See the following example for the native VLAN configuration: vlan 150 interface vlan150 no shutdown ip address 150.1.150.6/24 ip pim sparse-mode Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 44: Configuring Q-In-Vni With Lacp Tunneling

  • Page 45 • No MAC address-table notification for mac-move. • As a best practice, configure a fast LACP rate on the interface where the LACP port is configured. Otherwise the convergence time is approximately 90 seconds. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 46 ◦ To avoid saturating the MAC, you should turn off/disable learning of VLANS. • Configuring Q-in-VNI to tunnel LACP packets is not supported for VXLAN EVPN. • The number of port-channel members supported is the number of ports supported by the VTEP. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 47: Configuring Fhrp Over Vxlan

Page 48: only supported deployments for fhrp over vxlan.

  • Page 49 FHRP operates in active/active. The VNI mapped to the VLAN must be configured on the NVE interface and it is associated with the used BUM replication mode (Multicast or Ingress Replication). Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 50: New Supported Topology For Configuring Fhrp Over Vxlan

Page 51: configuring igmp snooping over vxlan, page 52: configuring igmp snooping over vxlan.

  • Page 53 Displays logging level. show tech-support nve Displays related NVE tech-support information. show run interface nve x Displays NVE overlay interface configuration. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 54 VXLAN VLAN logical port VP count is 10*10 = 100. Table 4: Display VXLAN configuration information (Release 7.0(3)I2(2) and later) Command Purpose Displays tracking information for running-config. show run track Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 55: Example Of Vxlan Bridging Configuration

  • Page 56 10 switch-vtep-2(config-if)# no shutdown switch-vtep-2(config)# interface nve1 switch-vtep-2(config-if)# no shutdown switch-vtep-2(config-if)# source-interface loopback0 switch-vtep-2(config-if)# member vni 10000 mcast-group 230.1.1.1 switch-vtep-2(config)# vlan 10 switch-vtep-2(config-vlan)# vn-segment 10000 switch-vtep-2(config-vlan)# exit Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 57 200.200.9.9 switch-vtep-1(config-vlan)# exit switch-vtep-1# show nve vni ingress-replication Interface VNI show nve vni ingress-replication Interface VNI Replication List Up Time --------- -------- ----------------- ------- Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 58 Replication List Up Time --------- -------- ----------------- ------- nve1 10011 200.200.8.8 07:42:23 200.200.10.10 07:42:23 nve1 10012 200.200.8.8 07:42:23 • For a vPC VTEP configuration, the loopback address requires a secondary IP. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 59 10 mode active switch-vtep-1(config-if)# no shutdown switch-vtep-1(config)# interface nve1 switch-vtep-1(config-if)# no shutdown switch-vtep-1(config-if)# source-interface loopback0 switch-vtep-1(config-if)# member vni 10000 mcast-group 230.1.1.1 switch-vtep-1(config)# vlan 10 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 60 10 switch-vtep-3(config-if)# no shutdown switch-vtep-3(config)# interface nve1 switch-vtep-3(config-if)# no shutdown switch-vtep-3(config-if)# source-interface loopback0 switch-vtep-3(config-if)# member vni 10000 mcast-group 230.1.1.1 switch-vtep-3(config)# vlan 10 switch-vtep-3(config-vlan)# vn-segment 10000 switch-vtep-3(config-vlan)# exit Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 61 Example of VXLAN Bridging Configuration The secondary IP is used by the emulated VTEP for VXLAN. Note Ensure that all configurations are identical between the VPC primary and VPC secondary. Note Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 62 Configuring VXLAN Example of VXLAN Bridging Configuration Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 63: Configuring Vxlan Bgp Evpn

  • Page 64 • VXLAN BGP EVPN does not support an NVE interface in a non-default VRF. • It is recommended to configure a single BGP session over the loopback for an overlay BGP session. • For Cisco Nexus 9500 Series switches (7.0(3)I2(1) and later), VXLAN BGP EVPN is available only in the default routing mode.

Page 65: Notes For Evpn Convergence

Page 66: considerations for vxlan bgp evpn deployment, page 67: vpc considerations for vxlan bgp evpn deployment.

  • Page 68 SVI is required to be enabled across peer-link and also configured with PIM. This provides a backup routing path in the case when VTEP loses complete connectivity to the spine. Remote peer reachability is re-routed over the peer-link in this case. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 69: Network Considerations For Vxlan Deployments

Page 70: considerations for the transport network, page 71: bgp evpn considerations for vxlan deployment, page 72: configuring vxlan bgp evpn, page 73: configuring vlan and vxlan vni, page 74: configuring svi for hosts for vxlan routing, page 75: configuring anycast gateway for vxlan routing, page 76: configuring bgp on the vtep, page 77: configuring vxlan evpn ingress replication, page 78: configuring bgp for evpn on the spine, page 79: suppressing arp, page 80: disabling vxlans.

  • Page 81 The range is 2 to 36000 seconds; default is 180 seconds. Detects duplicate host addresses (limited switch(config)# l2rib dup-host-mac-detection 100 10 to 100 moves) in a period of 10 seconds. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 82: Verifying The Vxlan Bgp Evpn Configuration

Page 83: example of vxlan bgp evpn (ebgp).

  • Page 84 40.1.1.1 remote-as 200 update-source loopback0 ebgp-multihop 3 address-family l2vpn evpn disable-peer-as-check send-community extended route-map permitall out ◦ Configure the BGP underlay. neighbor 192.168.1.43 remote-as 200 address-family ipv4 unicast allowas-in Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 85 100 router-id 20.1.1.1 address-family l2vpn evpn retain route-target all neighbor 30.1.1.1 remote-as 200 update-source loopback0 ebgp-multihop 3 address-family l2vpn evpn disable-peer-as-check send-community extended route-map permitall out neighbor 40.1.1.1 remote-as 200 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 86 50.1.1.1/32 ip pim sparse-mode ◦ Configure interfaces for Spine-leaf interconnect interface Ethernet2/2 no switchport load-interval counter 1 5 ip address 192.168.1.22/24 ip pim sparse-mode no shutdown Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 87 4.2.2.1/24 ipv6 address 4:2:0:1::1/64 fabric forwarding mode anycast-gateway ◦ Configure ACL TCAM region for ARP suppression hardware access-list tcam region arp-ether 256 double-wide Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 88 ◦ Enable the EVPN control plane functionality and the relevant protocols feature telnet feature nxapi feature bash-shell feature scp-server nv overlay evpn feature bgp feature pim feature interface-vlan feature vn-segment-vlan-based Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 89 4.1.1.1/24 ipv6 address 4:1:0:1::1/64 fabric forwarding mode anycast-gateway interface Vlan1002 no shutdown vrf member vxlan-900001 ip address 4.2.2.1/24 ipv6 address 4:2:0:1::1/64 fabric forwarding mode anycast-gateway Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 90 200 router-id 40.1.1.1 neighbor 10.1.1.1 remote-as 100 update-source loopback0 ebgp-multihop 3 allowas-in send-community extended address-family l2vpn evpn allowas-in send-community extended neighbor 20.1.1.1 remote-as 100 update-source loopback0 ebgp-multihop 3 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 91 2001001 l2 rd auto route-target import auto route-target export auto vni 2001002 l2 rd auto route-target import auto route-target export auto Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 92: Example Of Vxlan Bgp Evpn (Ibgp)

  • Page 93 • Spine (9504-B) ◦ Enable the EVPN control plane and the relevant protocols feature telnet feature nxapi feature bash-shell feature scp-server nv overlay evpn feature ospf Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 94 40.1.1.1 remote-as 65535 update-source loopback0 address-family l2vpn evpn send-community both route-reflector-client • Leaf (9396-A) ◦ Enable the EVPN control plane nv overlay evpn Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 95 ◦ Configure VRF overlay VLAN/SVI for the VRF interface Vlan101 no shutdown vrf member vxlan-900001 ◦ Create VLAN and provide mapping to VXLAN vlan 1001 vn-segment 2001001 vlan 1002 vn-segment 2001002 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 96 ◦ Configure BGP router bgp 65535 router-id 30.1.1.1 neighbor 10.1.1.1 remote-as 65535 update-source loopback0 address-family l2vpn evpn send-community both neighbor 20.1.1.1 remote-as 65535 update-source loopback0 address-family l2vpn evpn send-community both vrf vxlan-900001 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 97 ◦ Create VRF and configure VNI vrf context vxlan-900001 vni 900001 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn address-family ipv6 unicast route-target both auto route-target both auto evpn Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 98 192.168.4.22/24 ip router ospf 1 area 0.0.0.0 ip pim sparse-mode no shutdown interface Ethernet2/3 no switchport ip address 192.168.2.23/24 ip router ospf 1 area 0.0.0.0 ip pim sparse-mode no shutdown Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 99: Example Show Commands

  • Page 100 Topology Mac Address Prod Next Hop (s) ----------- -------------- ------ --------------- 0000.8816.b645 BGP 40.0.0.2 0001.0000.0033 Local Ifindex 4362086 0001.0000.0035 Local Ifindex 4362086 0011.0000.0034 BGP 40.0.0.2 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 101 • show l2route evpn mac-ip all leaf3# show l2route evpn mac-ip all Topology ID Mac Address Prod Host IP Next Hop (s) ----------- -------------- ---- ------------------------------------------------------ 0011.0000.0034 BGP 5.1.3.2 40.0.0.2 0011.0000.0034 BGP 5.1.3.2 40.0.0.2 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 102 Configuring VXLAN BGP EVPN Example Show Commands Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 103: Configuring Vxlan Oam

Page 104: loopback (ping) message, page 105: traceroute or pathtrace message.

  • Page 106 (for example, ingress interface and egress interface). These packets terminate at VTEP and they does not reach the host. Therefore, only the VTEP responds. Figure 12: Traceroute Message Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 107: Configuring Vxlan Oam

  • Page 108 The source ip-address 1.1.1.1 used in the above example is a loopback interface that is configured on Leaf Note 1 in the same VRF as the destination ip-address. For example, the VRF in this example is vni-31000. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 109 Path trace Request to peer ip 209.165.201.4 source ip 209.165.201.2 Sender handle: 46 TTL Code Reply IngressI/f EgressI/f State ====================================================================== 1 !Reply from 209.165.201.3, Eth5/5/1 Eth5/5/2 UP/UP 2 !Reply from 209.165.201.4, Eth1/3 Unknown UP/DOWN Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 110: Configuring Ngoam Profile

Page 111: ngoam authentication.

  • Page 112 Input Stats: PktRate:0 ByteRate:0 Load:0 Bytes:339580108 unicast:14658 mcast:307587 bcast:67 discards:0 errors:3 unknown:0 bandwidth:42949672970000000 Output Stats: PktRate:0 ByteRate:0 load:0 bytes:237405790 unicast:2929 mcast:535716 bcast:10408 discards:0 errors:0 bandwidth:42949672970000000 2 !Reply from 12.0.22.1, Eth1/17 Unknown UP / DOWN Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 113: Configuring Vxlan Evpn Multihoming

Page 114: bgp evpn multihoming terminology, page 115: evpn multihoming redundancy group, page 116: guidelines and limitations for vxlan evpn multihoming, page 117: vxlan evpn multihoming configuration examples.

  • Page 118 9216 ip address 10.1.1.6/30 ip pim sparse-mode no shutdown interface port-channel11 switchport mode trunk switchport access vlan 1001 switchport trunk allowed vlan 901-902,1001-1050 ethernet-segment 2011 system-mac 0000.0000.2011 mtu 9216 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 119: Configuring Layer 2 Gateway Stp

Page 120: enabling layer 2 gateway stp on a switch.

  • Page 121 2016 Aug 29 19:14:19 TOR9-leaf4 %$ VDC-1 %$ %STP-2-L2GW_BACKBONE_BLOCK: L2 Gateway Backbone port inconsistency blocking port Ethernet1/1 on MST0000. 2016 Aug 29 19:14:19 TOR9-leaf4 %$ VDC-1 %$ %STP-2-L2GW_BACKBONE_BLOCK: L2 Gateway Backbone port inconsistency blocking port port-channel13 on MST0000. switch# show spanning-tree Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 122 BPDUs from the access switches. In that case, the access ports on VTEPs lose the advantage of rapid transmission, instead forwarding on Ethernet segment link flap. (They have to go through a proposal and agreement handshake before assuming the FWD-Desg role). Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 123: Configuring Vxlan Evpn Multihoming Traffic Flows

  • Page 124 If switch L1 gets isolated from the core, it must not continue to attract access traffic, as it will not be able to encapsulate and send it on the overlay. This means that the access links must be brought down at L1 if L1 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 125 Instead, H3 shows up as a remote host in the IP table at L1, installed in the context of L3 VNI. This packet must be encapsulated in the router-MAC of L2 and routed to L2 via VXLAN overlay. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 126 Figure 17: L1 is Distributed Anycast Gateway. H1, H2, and H3 are in different VLANs. H1->H3 routing happens via VXLAN tunnel encapsulation. In VPC, H3 ARP would have been synced via MCT and direct routing. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 127 If switch L1 gets isolated from the core, it must not continue to attract access traffic, as it will not be able to encapsulate and send it on the overlay. It means that the access links must be brought down at L1 if L1 loses core reachability. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 128: Evpn Multihoming Remote Traffic Flows

  • Page 129 MAC-IP Route remains the same as used in the current vPC multihoming and standalone single-homing solutions. However, now it has a non-zero ESI field that indicates that this is a multihomed host and it is a candidate for ECMP Path Resolution. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 130 ECMP list for the given ES. Figure 21: Layer 2 VXLAN Gateway. ESI failure on L1. L3 withdraws L1 from MAC ECMP list. This will happen due to EAD/ES mass withdrawal from L1. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 131 L1 and L2 advertise the MAC-IP route for Host H2. Due to the receipt of these routes, L3 builds an L3 ECMP list comprising of L1 and L2. Figure 23: Layer 3 VXLAN Gateway. L3 does IP ECMP to L1/L2 for inter subnet traffic. Access Failure for Remote Routed Traffic Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 132 Figure 24: Layer 3 VXLAN Gateway. ESI failure causes ES mass withdrawal that only impacts L2 ECMP. L3 ECMP continues until Type2 is withdrawn. L3 traffic reaches H2 via suboptimal path L3->L1->L2 until then. Core Failure for Remote Routed Traffic Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 133: Evpn Multihoming Bum Flows

  • Page 134 Figure 27: BUM traffic originating at L1. L2 is the DF for ES1 and ES2. However, L2 must perform split horizon check here as it shares ES1 and ES2 with L1. L2 however Ethernet Segment Route (Type 4) Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 135 DF. Since L2 is the only TOR left in the Ordinal Table, it takes over DF role for all VLANs. BGP EVPN multihoming on Cisco Nexus 9000 Series switches provides minimum operational and cabling expenditure, provisioning simplicity, flow based load balancing, multi pathing, and fail-safe redundancy.

Page 136: Configuring Vlan Consistency Checking

Page 137: configuring vlan consistency checking, page 138: configuring esi arp suppression, page 139: limitations for esi arp suppression.

  • Page 140 Multihoming DEL error invalid current state:0 Peer sync DEL error MAC mismatch Peer sync DEL error second delete Peer sync DEL error deleteing TL route True local DEL error deleteing PS RO route :0 switch# Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 141: Vxlan Bud Node Over Vpc

Page 142: vxlan bud node over vpc overview, page 143: vxlan bud node over vpc topology example.

  • Page 144 10002 mcast-group 225.1.1.1 member vni 10003 mcast-group 225.1.1.1 • Loopback interface configuration interface loopback0 ip address 101.101.101.101/32 ip address 99.99.99.99/32 secondary ip router ospf 1 area 0.0.0.0 ip pim sparse-mode Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 145 Per-vlan consistency status : success Type-2 consistency status : success vPC role : secondary, operational primary Number of vPCs configured Peer Gateway : Enabled Dual-active excluded VLANs Graceful Consistency Check : Enabled Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 146 Up, 99.99.99.99, DP Up, 99.99.99.99, DP IP, Host Reach Mode Nve Vni Configuration 10001-10003 10001-10003 Interface-vlan admin up 2,2000 2,2000 Interface-vlan routing 1-4,2000 1-4,2000 capability Allowed VLANs 1-4,101-103,2000 1-4,101-103,2000 Local suspended VLANs Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 147: Dhcp Relay In Vxlan Bgp Evpn

Page 148: dhcp relay in vxlan bgp evpn example, page 149: basic vxlan bgp evpn configuration.

  • Page 150 900001 associate—vrf member vni 2001001 mcast—group 225.4.0.1 interface Ethernetl/49 switchport mode trunk switchport trunk alluwed vlan 10,1001 spanning—tree port type edge trunk Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 151: Dhcp Relay On Vteps

  • Page 152 Vlanl001 ip dhcp relay address 192.1.42.3 use—vrf default Debug Output • The following is a packet dump for DHCP interact sequences. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 153 Agent Remote ID: f8c2882333a5 Option 82 Suboption: (151) VRF name/VPN ID Option 82 Suboption: (11) Server ID Override Length: 4 Server ID Override: 172.16.16.1 (172.16.16.1) Option 82 Suboption: (5) Link selection Length: 4 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 154: Client On Tenant Vrf (Svi X) And Server On The Same Tenant Vrf (Svi Y)

  • Page 155 !Command: show running-config dhcp !Time: Mon Aug 24 08:26:00 2015 version 7.0(3)11(3) feature dhcp service dhcp ip dhcp relay ip dhcp relay information option I4ip dhcp relay information option vpn ipv6 dhcp relay Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 156 • DHCP Discover packet 9372-1 sent to DHCP server. giaddr is set to 11.11.11.11(loopback1) and suboptions 5/11/151 are set accordingly. Bootstrap Protocol Message type: Boot Request (1) Hardware type: Ethernet (0x01) Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 157 65535 (evpn)segid: 900001 tunnelid: 0x2020202 encap: VXLAN 172.16.16.11/32, ubest/mbest: 1/0, attached *via 172.16.16.11, Vlan1001, [190/0], 00:13:56, hmm 192.1.42.0/24, ubest/mbest: 1/0, attached *via 192.1.42.1, Vlan10, [0/0], 00:36:08, direct 192.1.42.1/32, ubest/mbest: 1/0, attached Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 158: Client On Tenant Vrf (Vrf X) And Server On Different Tenant Vrf (Vrf Y)

  • Page 159 20150825 08:59:37.760733 33.33.33.33 -> 192.1.42.3 DHCP DHCP Request - Transaction ID 0x3eebccae 20150825 08:59:37.761297 192.1.42.3 -> 33.33.33.33 DHCP DHCP ACK - Transaction ID 0x3eebccae 20150825 08:59:37.761554 172.16.16.1 -> 172.16.16.11 DHCP DHCP ACK - Transaction ID 0x3eebccae Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 160: Client On Tenant Vrf And Server On Non-Default Non-Vxlan Vrf

  • Page 161 20150825 09:30:56.216931 0.0.0.0 -> 255.255.255.255 DHCP DHCP Request - Transaction ID 0x28a8606d 20150825 09:30:56.218426 172.16.16.1 -> 172.16.16.11 DHCP DHCP ACK - Transaction ID 0x28a8606d 9372-1# ethanalyzer local interface mgmt display-filter "ip.src==10.122.164.147 or ip.dst==10.122.164.147" limit-captured-frames 0 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 162: Configuring Vpc Peers Example

  • Page 163 /* Only required for VPC VTEP. */ • Advertise LoX into the Layer 3 VRF BGP. Router bgp 2 vrf X network 10.1.1.42/32 • Configure DHCP relay on the SVI under the VRF. interface Vlan1601 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 164: Vpc Vtep Dhcp Relay Configuration Example

  • Page 165 192.168.1.2/30 192.168.1.1 /* vPC Peer-2 */ interface Vlan2000 no shutdown mtu 9216 vrf member tenant-vrf ip address 192.168.1.2/30 vrf context tenant-vrf ip route 192.168.1.1/30 192.168.1.2 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 166 DHCP Relay in VXLAN BGP EVPN vPC VTEP DHCP Relay Configuration Example Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 167: Evpn With Transparent Firewall Insertion

  • Page 168 All TOR leafs have a Layer 2 VNI VLAN X. There is no SVI for VLAN X. The service leafs that are connected to the firewall have Layer 2 VNI VLAN X, non-VXLAN VLAN Y, and SVI Y with a HSRP gateway. Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 169: Evpn With Transparent Firewall Insertion Example

  • Page 170 10.0.94.2/24 hsrp 0 preempt priority 255 ip 10.0.94.1 interface nve1 member vni 100094 mcast-group 239.1.1.1 router bgp 64500 routerid 1.1.2.1 neighbor 1.1.1.1 remote-as 64500 address-family l2vpn evpn Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 171 Ten-1 address-family ipv4 unicast network 10.0.94.0/24 /*advertise /24 for SVI 95 subnet; it is not VXLAN anymore*/ advertise l2vpn evpn evpn vni 100094 l2 rd auto Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 172: Show Command Examples

  • Page 173 EVPN with Transparent Firewall Insertion Show Command Examples 10.0.94.0/24, ubest/mbest: 1/0 *via 10.100.5.0, [20/0], 03:14:27, bgp65000,external, tag 6450 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 174 EVPN with Transparent Firewall Insertion Show Command Examples Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...

Page 175: Ipv6 Across A Vxlan Evpn Fabric

  • Page 176 10 name RED vn-segment 10010 • Configure the VLAN for L3 VNI . vlan 100 name RED_L3_VNI_VLAN vn-segment 20010 • Define the anycast gateway MAC. fabric forwarding anycast-gateway-mac 0000.2222.3333 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 177 10.1.1.1/24 ipv6 address 2001::1/64 fabric forwarding mode anycast-gateway Note IPv6 ND suppression is not supported on Cisco Nexus 9000 Series switches. (7.0(3)I3(1) and earlier releases) • Configure SVI definition for VLAN 100. interface Vlan100 description RED_L3_VNI_VLAN...

Page 178: Show Command Examples

  • Page 179 • Check the L2ROUTE and ensure that the MAC-IP was learned on the remote VTEP - 9396-A-VTEP. rswV1leaf14# show l2route evpn mac-ip evi 1413 host-ip 2001::64 Mac Address Prod Host IP Next Hop (s) -------------- ---- --------------------------------------- -------------- 7c69.f614.2bc1 BGP 2001::64 198.19.0.15 Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 180 IPv6 Across a VXLAN EVPN Fabric Show Command Examples Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x...
  • Page 181 14, 55, 67 host-reachability protocol bgp 59, 63, 65 how interface rd auto 61, 65 retain route-target all route-map permitall out Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x IN-1...
  • Page 182 41, 42, 87 show nve vni vrf context 41, 42, 59, 87 59, 61, 63 show nve vni ingress-replication 41, 42 vrf member show nve vni summary Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x IN-2...

Rename the bookmark

Delete bookmark, delete from my manuals, upload manual.

Andras the Techie

Andras the Techie - Various networking topics, data centers, vRIN

Andras Dosztal

VLAN mapping (is not) on NX-OSv

thumbnail for this post

Note: The GNS3 generic switches required only to make traffic capturing available. Configuration Very straightforward, a trunk is configured between NX-3 and the remote Nexus switch, and VLAN 2 is translated to VLAN 103.

Packet capture The capture reveals that the mapping is like NAC, Netflow, and PBR: only useful for CLI verification but you can’t build a lab on it. The capture file can be downloaded from here.

Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

802.1Q Tag mapping using Private VLANs on Cisco Nexus 3524

I'm struggeling with a VLAN mapping issue on a Nexus 3524 Switch.

I already figured out that basic 1:1 VLAN ID mapping is not supported on the 3k Series nexus boxes, so i try to fix this job using the Private-Vlans feature. Unfortunately i can't change anything in this setup because the uplink Provider is has mapped his Service to this Tag and the donwnlink router is only reachable via VLAN tag 1901 through a metro provider network. i can only put my hands on the downlink router and the Nexus.

VLAN 493 should be my primary private VLAN and 1901 my secondary.

in my understanding primary and secondary vlans are transported on normal trunk ports, so i configured vlans 493 and 1901 as allowed VLANs on a normal trunk port (eth1/1) that carries a lot of other tags facing the Metro network so there should be no needs to configure explicit

i can't change a lot in the configuration here because there are several productive VLANs already configured on this port.

The Port facing the upstream router (Eth1/6) is configured as a promiscious private-vlan trunk port

Mac address-learning looks fine.

but there is no ping possible between the two nodes due to incomplete ARP on the upstream router.

I'm also missing port Eth1/1 in following output.

I'm not sure if this is just a missing statement somewhere or if there is a mayor error in my thinking.

Using Q-in-Q tunneling unfortunately is not an alternative because the downstream router can not terminate Layer3 interfaces in a double-tagged VLAN :(

  • cisco-nexus
  • private-vlan

Andreas Schaefer's user avatar

  • Are you trying to connect VLAN 493 and 1901 with each other? Are they using the same IP Address space? –  Abu Zaid Commented Feb 24, 2020 at 10:41
  • no, not really, 1901 is my secondary community VLAN that is mapped ti Primary VLAN 493 on the promiscious port. –  Andreas Schaefer Commented Feb 24, 2020 at 17:29
  • OK, so lets starts from the beginning. What is the 'job' that you are trying to fix? –  Abu Zaid Commented Feb 24, 2020 at 19:07
  • quite simple, i have a uplink BGP Peer that is reachable via VLAN 493 and a downlink BGP Client that is reachable via VLAN 1901 Both VLANs are present on a Nexus 3524 with basic licensing. On a Nexus 5k or any other "bigger" switch, i would configure simple VLAN Tag rewriting on one port, but this is not supported on the NX3k. –  Andreas Schaefer Commented Feb 25, 2020 at 20:34
  • @AndreasSchaefer I dont think this can be solved on a 3k, like you said you would need to rewrite the TAG’s but AFAIK thats not supported on the 3K, can you not ask the provider to change since that tag is only local to you anyway? –  Matt Douhan Commented Feb 29, 2020 at 1:22

Know someone who can answer? Share a link to this question via email , Twitter , or Facebook .

Your answer, sign up or log in, post as a guest.

Required, but never shown

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy .

Browse other questions tagged cisco cisco-nexus private-vlan or ask your own question .

  • Featured on Meta
  • Upcoming sign-up experiments related to tags

Hot Network Questions

  • Are there alternatives to alias I'm not aware of?
  • Does this double well potential contradict the fact that there is no degeneracy for one-dimensional bound states?
  • Does it matter if a fuse is on a positive or negative voltage?
  • add an apostrophe to equation number having a distant scope
  • Any algorithm to do Huffman encoding without using graphs?
  • Did Tolkien give his son explicit permission to publish all that unfinished material?
  • How much is USA - Brazil?
  • Where does someone go with Tzara'as if they are dwelling in a Ir Miklat?
  • Are there examples of triple entendres in English?
  • Where is the phase shift on this oscillator?
  • How many steps are needed to turn one "a" into at least 100,000 "a"s using only the three functions of "select all", "copy" and "paste"?
  • Con permiso to enter your own house?
  • Is it better to show fake sympathy to maintain a good atmosphere?
  • Different outdir directories in one Quantum ESPRESSO run
  • Is the FOCAL syntax for Alphanumeric Numbers ("0XYZ") documented anywhere?
  • Did the BBC censor a non-binary character in Transformers: EarthSpark?
  • Is there any legal justification for content on the web without an explicit licence being freeware?
  • Subject and particle in 彼は来ると思う
  • What’s the highest salary the greedy king can arrange for himself?
  • How well does the following argument work as a counter towards unfalsifiable supernatural claims?
  • Is there any other reason to stockpile minerals aside preparing for war?
  • What does ‘a grade-hog’ mean?
  • Are Dementors found all over the world, or do they only reside in or near Britain?
  • Is it unfair to retroactively excuse a student for absences?

vlan mapping nexus

  • Skip to content
  • Skip to search
  • Skip to footer

Nexus 7000: Configuring OTV VLAN Mapping using VLAN Translation on a Trunk Port

vlan mapping nexus

Available Languages

Bias-free language.

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

Beginning with Cisco NX-OS Release 6.2(2), you can map a VLAN on the local site to a VLAN with a different VLAN ID on the remote site. When you map two VLANs with different VLAN IDs across sites, they get mapped to a common VLAN called the transport VLAN. For example, when you map VLAN 1 on Site A to VLAN 2 on Site B, both VLANs are mapped to a transport VLAN. All traffic originating from VLAN 1 on Site A is translated as going from the transport VLAN. All traffic arriving at Site B from the transport VLAN is translated to VLAN 2.

This document provides a configuratione example for accomplishing Vlan mapping across OTV.

There are 2 methods to configure vlan translation across OTV:

1. Vlan translation on trunk port (OTV Internal Interface).

2. Vlan translation configured on Overlay (currently not supported on F3 modules).

This document will discuss the 1st method - VLAN translation on trunk port(OTV Internal Interface).

The second method is covered in a separate document.

Prerequisites

Requirements.

Cisco recommends that you have knowledge of these topics:

  • Virtual port channel (vPC)

Components Used

The information in this document is based on the following

  • Cisco Nexus 7000 Series Switches with Supervisor 2 Module.
  • F3 linecards
  • SW version:7.3(0)DX(1)

The information in this document was created from the devices in a specific lab environment.  All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Network Diagram

200997-Nexus-7000-OTV-VLAN-Mapping-00.png

Configurations

You can configure VLAN translation between the ingress VLAN and a local VLAN on a port. The traffic arriving on the ingress VLAN maps to the local VLAN at the ingress of the trunk port and the traffic that is internally tagged with the translated VLAN ID is mapped back to the original VLAN ID before leaving the switch port. This configuration method does not have OTV dependency.

OTV Configuration Guide

General VLAN Translation Configuration Guide

Revision History

Revision Publish Date Comments

TAC Authored

Contributed by Cisco Engineers

  • Sri Vani Cisco TAC Engineer

Was this Document Helpful?

Feedback

Contact Cisco

login required

  • (Requires a Cisco Service Contract )

This Document Applies to These Products

  • Nexus 7000 Series Switches

vlan mapping nexus

Get the Reddit app

Vlan mapping nexus 9516 - features not available.

We are running into a very odd issue thats throwing us off a bit. Below is our configuration

Nexus 9516 Chassis

N9K-X9564PX

N9K-C9516-FM

Ive read through this information about a 1000 times and still can't figure out why we cant run the feature commands to turn on vlan mapping or interface vlan for our solution. If anyone can help me out I'd appreciate it. I cant even run feature interface-vlan ????

we do have the 'LAN_ENTERPRISE_SERVICES_PKG' installed

I see there are feature-set options but none of them are available to install.

switch# show feature-set

Feature Set Name ID State

-------------------- -------- --------

fcoe 1 uninstalled

fex 3 uninstalled

mpls 4 uninstalled

fabric 7 uninstalled

fcoe-npv 8 uninstalled

switch# confi t

switch(config)# feature?

feature Command to enable/disable features

feature-set Enable feature-set

switch(config)# feature-set ?

% Invalid command at '^' marker.

These are the features Im trying to enable but none of them appear with I run command switch(config)# feature ?

feature interface-vlan

feature vn-segment-vlan-based

feature dhcp

feature nv overlay

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/vxlan/configuration/guide/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x_chapter_0100010.html#Cisco_Concept.dita_5b270d9d-d256-45ae-a58e-6178ff0b071e

switch(config)# feature v?

vpc Enable/Disable VPC (Virtual Port Channel)

vrrp Enable/Disable Virtual Router Redundancy Protocol (VRRP)

vrrpv3 Enable/Disable Virtual Router Redundancy Protocol (VRRP) version 3

vtp Enable/Disable VTP

Feature Interface vlan missing too??

switch(config)# feature i?

isis Enable/Disable IS-IS Unicast Routing Protocol (IS-IS)

itd Enable/Disable ITD

This is out of the box factory default and I can't for the life of me figure our why none of these work.

IMAGES

  1. Nexus 7000: OTV VLAN Mapping on Overlay interface

    vlan mapping nexus

  2. Nexus 7000: Configuring OTV VLAN Mapping using VLAN Translation on a

    vlan mapping nexus

  3. Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release

    vlan mapping nexus

  4. Configuring VLANs [Cisco Nexus 5000 Series Switches]

    vlan mapping nexus

  5. Switchport Vlan Mapping

    vlan mapping nexus

  6. How to Configure L2 and L3 InterVlan Routing on Cisco Nexus Switches

    vlan mapping nexus

VIDEO

  1. VLAN Tagging VLAN Mapping LigoDLB

  2. CDATA GPON OLT VLAN TRANSPARENT CONFIGURATION

  3. Nexus 4x4 Tech Tutorial

  4. INTRODUCE TO IPASOLINK VR4: Change the VLAN ID

  5. Parallax mapping with jPCT-AE

  6. How to create a VLAN interface on Cisco n3k switch

COMMENTS

  1. Configuring Port VLAN Mapping

    Port VLAN mapping is not supported on Cisco Nexus 9200 platform switches. VLAN mapping helps with VLAN localization to a port, scoping the VLANs per port. A typical use case is in the service provider environment where the service provider leaf switch has different customers with overlapping VLANs that come in on different ports.

  2. Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide

    When you configure a VLAN mapping between a VLAN and a (local) VLAN on a port, traffic arriving on the VLAN gets mapped or translated to the local VLAN at the ingress of the switch port, and the traffic internally tagged with the translated VLAN ID gets mapped to the original VLAN ID before leaving the switch port.

  3. PDF ConfiguringVLANs

    5. switchport vlan mapping outer-vlan-id inner inner-vlan-id translated-vlan-id 6. (Optional)copy running-config startup-config 7. (Optional)show interface [if-identifier]vlan mapping ... Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide NX-OSLayer2switchingconfiguration Cisco Nexus 9000 Series NX-OS

  4. PDF Configuring Port VLAN Mapping

    3. [no] switchport vlan mapping enable 4. [no] switchport vlan mapping vlan-id translated-vlan-id 5. [no] switchport vlan mapping all 6. copy running-config startup-config 7. show interface [if-identifier]vlan mapping DETAILEDSTEPS CommandorAction Purpose configure terminal Entersglobalconfigurationmode. Example: Step1 switch# configureterminal

  5. CISCO NEXUS 9000 SERIES CONFIGURATION MANUAL Pdf Download

    Page 32: Mapping Vlan To Vxlan Vni Refer to the VLAN counters on the translated VLAN and not on the ingress (incoming) VLAN. • Port VLAN mapping is supported on Cisco Nexus 9300 Series switches. Beginning with Cisco NX-OS Release 7.0(3)I6(1), port VLAN mapping is supported on Cisco Nexus 9300-EX Series switches.

  6. PDF ConfiguringVLANs

    VLANs have the following configuration guidelines and limitations: The maximum number of VLANs per VDC is 4094. You can configure a single VLAN or a range of VLANs. When you configure a large number of VLANs, first create the VLANs using the vlan command (for example, vlan 200 to 300, 303 to 500).

  7. Solved: Vlan translation Nexus 9300

    03-29-2022 11:29 PM. the solution for this is to enable VXLAN on the vlan that needs to be translated. I have tested this with the config below and that works: feature nv overlay. feature vn-segment-vlan-based. vlan 750. vn-segment 750. interface Ethernet1/1. switchport.

  8. PDF Configuring VLANs

    The Cisco Nexus 5000 Series switch supports VLAN numbers 1to 4094 in accordance with the IEEE 802.1Q standard. These VLANs are organized into rang es. ... flows. However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable, or recreate, the specified VLAN, the system automatically reinstates all the original ...

  9. Configuring Port VLAN Mapping

    Port VLAN mapping is not supported on Cisco Nexus 9200 platform switches. VLAN mapping helps with VLAN localization to a port, scoping the VLANs per port. A typical use case is in the service provider environment where the service provider leaf switch has different customers with overlapping VLANs that come in on different ports.

  10. PDF Configuring Private VLANs Using NX-OS

    See the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, for information on assigning IP addresses to VLAN interfaces on primary VLANs of private VLANs. You map secondary VLANs to the VLAN interface of a primary VLAN. Isolated and community VLANs are both called secondary VLANs.

  11. Solved: Cannot ping vlan gateway on Nexus switches when trunking to

    Administrative private-vlan primary mapping: none Administrative private-vlan secondary mapping: none Administrative private-vlan trunk native VLAN: none ... The fact that you can ping the Nexus VLAN 7 IP address when the port-channel facing the HP switch is set to mode access in VLAN 7 suggests to me that the HP switch is not tagging the VLAN ...

  12. Cisco Nexus 9000 Series NX-OS Layer 2 Switching Configuration Guide

    Port VLAN mapping on a trunk port is supported on Cisco Nexus 9000 Series switches with a Network Forwarding Engine (NFE), Cisco Nexus 9200, 9300-EX, 9300-FX, and Cisco Nexus 9500 platform switches with EX/FX line cards.

  13. VLAN mapping (is not) on NX-OSv

    The plan was that a Nexus switch provided mapping between the existing VLAN in the source DC and a new destination VLAN in the target DC; hosts could keep their IP settings this way. ... /11 description NX-1_Eth2/11 switchport switchport mode trunk switchport vlan mapping 2 103 switchport vlan mapping enable no shutdown Packet capture The ...

  14. PVLAN Implementation in Nexus for Traffic Management

    In this document, we will make use of the PVLAN concept to restrict the traffic between two servers which is configured with same IP subnet. The servers L02 & L01 will be part of primary VLAN 130 and secondary VLAN 75. Port connecting to the Remote Access VPN ( ASA5548) is configured as promiscuous port and the two mentioned servers will be ...

  15. Configuring PVLAN on a VLAN Interface

    Configuring PVLAN on a VLAN Interface - Explore how to use NX-API REST API with the Cisco Nexus 3000 and 9000 Series switches. ... interface vlan 1 private-vlan mapping add 1919 . Verifying a DME Configuration. The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. ...

  16. vxlan to vlan mapping

    The reason that VLAN to VNI mapping can result in so many more VNIs when there are only 4000-something VLANs is because the the VLAN to VNI mapping is only 1:1 between individual VTEPs and their directly attached hosts. So, you could have one VNI, let's say 10010, and on VTEP1 it is mapped to VLAN 10, but on VTEP2 it might be mapped to VLAN 11 ...

  17. 802.1Q Tag mapping using Private VLANs on Cisco Nexus 3524

    1. I'm struggeling with a VLAN mapping issue on a Nexus 3524 Switch. My setup: Downlink router<---Dot1Q 1901--->NX3524<---Dot1Q 493--->Uplink router. I already figured out that basic 1:1 VLAN ID mapping is not supported on the 3k Series nexus boxes, so i try to fix this job using the Private-Vlans feature. Unfortunately i can't change anything ...

  18. Configuring VLANs  [Cisco Nexus 5000 Series Switches]

    The Cisco Nexus 5000 Series switch supports VLAN numbers 1to 4094 in accordance with the IEEE 802.1Q standard. These VLANs are organized into ranges. ... However, the system retains all the VLAN-to-port mapping for that VLAN, and when you reenable, or recreate, the specified VLAN, the system automatically reinstates all the original ports to ...

  19. VLAN access-map (VACL) Example Configuration on Cisco Switch

    Later we snap this access-list to a VLAN access-map. switch (config)# ip access-list extended restrict_telnet_R2. switch (config-ext-nacl)# permit tcp host 192.168.10.1 host 192.168.10.2 eq 23. After this we'll create a vlan access-map, which has two main parameters: action and match.

  20. VLAN mapping in NXOS : r/Cisco

    VLAN mapping in NXOS. we're painfully upgrading our network to have a Nexus core, and have run into a snag. We need to translate a vlan going to an older switch (Cisco 3560E) that can't do VLAN translations. when trying to set up vlan mapping on the nexus' trunk port, it said that only VXLAN-enabled VLANs were able to be translated.

  21. Nexus 7000: Configuring OTV VLAN Mapping using VLAN Translation ...

    This document provides a configuratione example for accomplishing Vlan mapping across OTV. There are 2 methods to configure vlan translation across OTV: 1. Vlan translation on trunk port (OTV Internal Interface). 2. Vlan translation configured on Overlay (currently not supported on F3 modules). This document will discuss the 1st method - VLAN ...

  22. Vlan mapping Nexus 9516

    Below is our hardware configuration. Nexus 9516 Chassis. N9K-X9564PX. N9K-C9516-FM. N9K-SC-A. N9K-SUP-B. The solution will be used for an active PON solution. Vlan mapping and underlay needed. Ive read through this information about a 1000 times and still can't figure out why we cant run the feature commands to turn on vlan mapping or interface ...

  23. Vlan mapping Nexus 9516

    We are running into a very odd issue thats throwing us off a bit. Below is our configuration. Nexus 9516 Chassis. N9K-X9564PX. N9K-C9516-FM. N9K-SC-A. N9K-SUP-B. Ive read through this information about a 1000 times and still can't figure out why we cant run the feature commands to turn on vlan mapping or interface vlan for our solution.