configure nexus devices

1. הגדרת NEXUS 7000 - נכתב על ידי אלי קנדל<br />על גבי כרטיס CPU ישנם מספר חיבורים Console , AUX , CMP<br />חיבור Console להתחברות מרחוק <br />חיבור OOB לרשת ניהול <br />חיבור CMP זהו חיבור למכונה ולראות את כל תהליך העלאה של המכונה כאשר מבצעים RESET למכונה Nexus 7000 , החיבור זהו מיני PC שממשיך לעבוד למרות שהמכונה מבצעת RESET כאשר ה-OOB מחובר לפורט זה עלינו להתחבר ל-Supervisor , התחברות ל-CP מנתקת את ה-Console בממוקם בחלק הקדמי של ה-SUPERVISOR<br />attach cp<br />הגדרת כתובת עבור OOB כולל DWG , פורט ניהול יושב על VRF נפרד<br />interface mgmt0<br /> ip address 192.168.254.22/24<br />!<br />vrf context management<br /> ip route 0.0.0.0/0 192.168.254.1<br />!<br />הגדרת כתובת עבור פורט CMP<br />interface cmp-mgmt module 5<br /> ip address 192.168.254.22 255.255.255.0<br /> ip default-gateway 192.168.254.1<br />שדרוג גרסה , ישנם שתי קבצים שצריכים על מנת לשדרג את המערכת<br />האחד kickstart והשני קובץ המערכת<br />install all kickstart bootflash:bootflash:n7000-s1-kickstart.5.1.2.bin system bootflash:bootflash:n7000-s1-dk9.5.1.2.bin<br />!<br />boot kickstart bootflash:/n7000-s1-kickstart.5.1.2.bin sup-1<br />boot system bootflash:/n7000-s1-dk9.5.1.2.bin sup-1<br />הגדרת VDC על גבי 7K<br />הדוגמה הבאה מציגה כיצד להגדיר VDC על גבי פלטפורמה 7K , חשוב לזכור שכרגע <br />על גבי גרסה 5.1.2 ישנו מגבלה של 4 VDC בלבד לכל המכונה<br />! After creating the VDC you must allocate the interfaces that will belong to it<br />vdc VDC-LAYER3<br /> allocate interface Ethernet1/3-5<br />! To enter the VDC use the next command<br />switchto vdc VDC-LAYER3<br />!<br />לראות את כל ה-VDC שמוגדרים על גבי המכונה <br />Sh vdc<br />BB-7K-DRP# sh vdc <br />vdc_id vdc_name state mac <br /> lc <br />------ -------- ----- ---------- <br /> ------ <br />1 BB-7K-DRP active 00:26:98:0f:f7:41 <br /> m1 f1 m1xl <br />2 VDC-LAYER3 active 00:26:98:0f:f7:42 <br /> m1 f1 m1xl <br />3 Kendel active 00:26:98:0f:f7:43 <br /> m1 f1 m1xl<br />לראות את הרגלים שמשויכות לכל VDC<br />Sh Vdc Membership<br />BB-7K-DRP# sh vdc <br />vdc_id vdc_name state mac <br /> lc <br />------ -------- ----- ---------- <br /> ------ <br />1 BB-7K-DRP active 00:26:98:0f:f7:41 <br /> m1 f1 m1xl <br />2 VDC-LAYER3 active 00:26:98:0f:f7:42 <br /> m1 f1 m1xl <br />3 Kendel active 00:26:98:0f:f7:43 <br /> m1 f1 m1xl<br />!<br />מחיקת VDC <br />no vdc kendel <br />Deleting this vdc will remove its config. Continue deleting this vdc (y/n)? [no] y<br />Note: Deleting VDC, one moment please ...<br />BB-7K-DRP(config)# 2011 Feb 20 18:25:04 BB-7K-DRP %$ VDC-1 %$ %VDC_MGR-2-VDC_OFFLINE: vdc 3 is now offline<br />!<br />הגדרת OTV <br />OTV is used to create a layer 2 connection between datacenters on a layer 3 core and prevent both sites going down when a problem (like a broadcast storm) exists only in one of them. OTV should be configured in the default VDC.<br />! Enable the use of OTV<br />feature otv<br />! Configure an interface that will connect to the layer 3 core. This interface must use<br />! IGMP version 3<br />interface Ethernet1/1<br /> no switchport<br /> ip address 192.168.1.2/24<br /> ip igmp version 3<br /> no shutdown<br />! Configure the virtual layer 2 link between the sites<br />! The control group is used for discovering other OTV sites<br />! The data group is used to send multicast between OTV sites<br />! The extended vlans are the vlans that are being connected between the sites<br />interface Overlay1<br /> otv join-interface Ethernet1/1<br /> otv control-group 239.0.0.1<br /> otv data-group 232.0.0.0/8<br /> otv extend-vlan 2100, 2120-2130<br /> no shutdown<br />!<br />בגרסאות הבאות של NEXUS סיסקו תוציא פקודה שתיישם Active Active בפרוטוקול VRRP , HSRP<br />עד שהפקודה תייצא אנחנו נצטרך להגדיר הגדרות ב-7K כך שניישם לבסוף שכל אתר יהיה<br />אקטיבי בצד שלו<br />FHRP Isolation (VRRP active on both sides)<br />With the current NX-OS releaseOTV provides a single command to enable the FHRP filtering functionality. However, this is not available in the current OTV software release An alternative configuration (leveraging MAC access-control lists) can be implemented in the interim to achieve the same result.<br />!<br />In order to use OTV and both sides serve the ARP request for the same IP address it important to enter the next configuration on both OTV devices. This config stop the VRRP advertisements from traversing the overlay interface and stop learning the VRRP mac from the opposite otv device<br />ip access-list ALL_IPs<br />10 permit ip any any<br />!<br />ip access-list VRRP_IP<br />10 permit ip any 224.0.0.18/32<br />!<br />vlan access-map VRRP_Localization 10<br />match ip address VRRP_IP<br />action drop<br />vlan access-map VRRP_Localization 20<br />match ip address ALL_IPs<br />action forward<br />!<br />vlan filter VRRP_Localization vlan-list 2120-2130<br />!<br />mac-list VRRP-vmac-deny seq 5 deny 0000.5e00.0100 ffff.ffff.ff00<br />mac-list VRRP-vmac-deny seq 10 permit 0000.0000.0000 0000.0000.0000<br />!<br />route-map stop-VRRP permit 10<br />match mac-list VRRP-vmac-deny<br />!<br />otv-isis default<br />vpn Overlay1<br />redistribute filter route-map stop-VRRP<br /> <br />Nexus 5000 Configuration<br />In order to connect Nexus 2000 there is a need to used special SFPs called FET10G.<br />The next configuration must be entered after connecting the optic cables in order for the NX5K to recognize the NX2K and automatically upgrade them to the required software.<br />! This commands enable the feature to use of the NX2K as slot extension<br />feature fex<br />! This defines the 2K slot number <br />fex 101<br /> pinning max-links 1<br /> description quot;
FEX0101quot;
<br />! The port-channel is associated with an interface that is connected to the NX2K<br />! The port mode must be fex-fabric which indicates that the port will be connected to a<br />! NX2K<br />! The fex associate commands defines slot number 101 to be associated with this port<br />! channel<br />! When using the NX2K being dual homed to two NX5K we must associate a VPC number<br />! to the port channel being the same on both NX5K<br />interface Ethernet1/1<br /> fex associate 101<br /> switchport mode fex-fabric<br /> channel-group 101<br />!<br />interface port-channel101<br /> switchport mode fex-fabric<br /> vpc 101<br /> fex associate 101<br />When configuring two NX5K to be used as one virtual switch when relating to the devices connected to them the next configuration must be implemented.<br />! The role priority decided which of the switches will be master. The role is not<br />! preemptive<br />! The keepalive is needed for bringing up the vpc peer-link ( it should be done through <br />! the management port) and check what is the status of both Nexuses in case that the<br />! vpc peer link goes down<br />vpc domain 1<br /> role priority 1000<br /> peer-keepalive destination 192.168.254.25 source 192.168.254.24<br />! The only configuration done on the port is turning the mode to be trunk and <br />! Configuring it as a peer-link<br />interface port-channel1<br /> switchport mode trunk<br /> vpc peer-link<br /> spanning-tree port type network<br /> speed 10000<br /> The next configuration indicates how to configure the OOB management port<br />interface mgmt0<br /> description OOB Connection<br /> ip address 192.168.254.24/24<br />!<br />ip route 0.0.0.0/0 192.168.254.1<br />!<br />