Cisco Nexus 3500 VPC – Gateway Configuration Guide

I am testing a setup with 2 Nexus 3524 and a 2960X in a VPC Topology :

For this test lab, I miss some SFP so there's only one physical link between each switch (and those link are copper using 1000BASE-T Copper SFP).

All 3 switches have VLAN 17 up and configured with an IP address:

Nexus 1 (left) : 192.168.17.254
Nexus 2 (right) : 192.168.17.252
2960X : 192.168.17.2

Both ports channel are trunk with VLAN 17 allowed.

When all links are up I can ping all addresses from any switch.

If I shutdown the link between 2960X and Nexus1 I got this:

2960X can ping Nexus2
Nexus2 can ping Nexus1
29060X cannot ping Nexus1

Note that the purpose is to use the Nexus as gateway for a bunch of VLAN with HSRP (also there will be 8 switches 2960X used as TOR, each with a VPC to the Nexus). HSRP is not configured yet as I want to have a working VPC configuration first.

Here are the configurations:
(all 3 switches are factory default settings apart from the configuration bellow, all interfaces not shown have no config at all)

Nexus 1

version 6.0(2)A1(1b)
hostname STA-TST-NEXUS1

no feature telnet
cfs eth distribute
feature interface-vlan
feature hsrp
feature lacp
feature vpc

control-plane
  service-policy input copp-system-policy

vrf context management
  ip route 0.0.0.0/0 10.22.110.254
vlan 1
vlan 17
  name test-17
vlan 18
  name test-18

vpc domain 100
  role priority 2000
  system-priority 4000
  peer-keepalive destination 10.22.110.12
  auto-recovery

interface Vlan1

interface Vlan17
  no shutdown
  ip address 192.168.17.254/24

interface Vlan18
  no shutdown
  ip address 192.168.18.254/24

interface port-channel10
  switchport mode trunk
  switchport trunk allowed vlan 17-18
  vpc 100

interface port-channel100
  switchport mode trunk
  spanning-tree port type network
  vpc peer-link

interface Ethernet1/1
  switchport mode trunk
  speed 1000
  channel-group 100


interface Ethernet1/23
  switchport mode trunk
  switchport trunk allowed vlan 17-18
  speed 1000
  channel-group 10 mode active


interface mgmt0
  no ip redirects
  ip address 10.22.110.11/24

Nexus 2

version 6.0(2)A1(1b)
hostname STA-TST-NEXUS2

no feature telnet
cfs eth distribute
feature interface-vlan
feature lacp
feature vpc

control-plane
  service-policy input copp-system-policy

vrf context management
  ip route 0.0.0.0/0 10.22.110.254

vlan 1

vlan 17
  name test-17

vlan 18
  name test-18

vpc domain 100
  role priority 3000
  system-priority 4000
  peer-keepalive destination 10.22.110.11
  auto-recovery

interface Vlan1

interface Vlan17
  no shutdown
  ip address 192.168.17.252/24

interface Vlan18
  no shutdown
  ip address 192.168.18.252/24

interface port-channel10
  switchport mode trunk
  switchport trunk allowed vlan 17-18
  vpc 100

interface port-channel100
  switchport mode trunk
  spanning-tree port type network
  vpc peer-link

interface Ethernet1/1
  switchport mode trunk
  speed 1000
  channel-group 100

interface Ethernet1/24
  switchport mode trunk
  switchport trunk allowed vlan 17-18
  speed 1000
  channel-group 10 mode active

interface mgmt0
  no ip redirects
  ip address 10.22.110.12/24

2960X

version 15.2
hostname STA-TSTSW1
!
switch 1 provision ws-c2960x-48td-l
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
lldp run
!
interface Port-channel1
 switchport mode trunk
!
interface FastEthernet0
 ip address 10.22.110.13 255.255.255.0
!
interface GigabitEthernet1/0/1
 switchport access vlan 17
 switchport mode access
!
interface GigabitEthernet1/0/2
 switchport access vlan 17
 switchport mode access
!
interface GigabitEthernet1/0/23
 switchport mode trunk
 shutdown
 channel-group 1 mode active
!
interface GigabitEthernet1/0/24
 switchport mode trunk
 channel-group 1 mode active
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan17
 ip address 192.168.17.2 255.255.255.0
!
ip default-gateway 10.22.110.254

So the question is: Why can't I ping between 2960X and Nexus1 when I cut a link?

Bonus: How to configure HSRP in this configuration?

Best Answer

For your first question, enable 'peer-gateway' under the VPC domain settings. This allows for directed ping forwarding over the VPC peer-link.

With core Nexus VPC peers, it is also recommended to set 'peer-switch' under the VPC domain settings and set their STP priorities for VPC vlans to the same values.

For your second question, HSRP is configured under the SVI on both N9k's:

N9k-1:

interface vlan 17
  no shutdown
  ip address 192.168.17.254/24
  hsrp version 2
  hsrp 17
    priority 110
    ip 192.168.17.1
    preempt

N9k-2

interface Vlan17
  no shutdown
  ip address 192.168.17.252/24
  hsrp version 2
  hsrp 17
    ip 192.168.17.1
    preempt

HSRP version 2 is not required here, default HSRP priority of 100. Verify HSRP is working between peers with 'show hsrp brief' and make sure you can ping all the various IP's.

Best Answer

Related Solutions

NX-OS peer-switch issues with 6500 VSS

VLAN DHCP Issues on Cisco Nexus 3048 – Troubleshooting Guide

Related Topic