It is all about networking, technology and Cisco - Learn Something New Everyday


Cisco NX-OS: vPC & Failures

vPC Orphan Ports – Traffic from remote Orphan is allowed over Peer Link and exit via local Member– Traffic from remote Member is allowed over Peer Link and exit via local Orphan-Orphans ports should be avoided at all costs because PL is a bottleneck of the system Ideal: vPC Peers only have vPC Member Ports and all downstream devices are dual...


Cisco NX-OS: vPC & FHRP

FHRP acts as active/active forwarding over vPC: traffic received in vPC Member Port of FHRP Standby to FHRP Virtual MAC is not forwarded over Peer Link to Active FHRP – essentially HSRP Standby acts as HSRP Active peer-gateway allows to proxy not only virtual active MAC address but also to proxy physical primary MAC address (in case destination MAC address is...


Cisco NX-OS: From vPC to Back-to-Back vPC

The vPC Peer Link should never be blocking because this link carries important traffic such as the Cisco Fabric Services over Ethernet (CFSoE) Protocol. The peer link is always forwarding. STP from SW8 and SW9: STP from NXOS1 and NXOS2: In the correct design, the vPC Peer Link should be used only in case of failure. All links are up and...


Cisco NX-OS: vPC Configuration

vPC Order of Operations IP connectivity for Peer Keepalive Enable vPC & LACP globally Create vPC domain define Peer Keepalive address configure vPC role priority (Optional) – lower priority => vPC primary switch. (default 32667) Establish Port Channel for vPC Peer link Verify vPC Consistency Parameters Disable vPC Member Port (optional but recommended) Configure vPC Member Ports Enable vPC Member Ports...


Cisco NX-OS: Virtual Port Channel (vPC)

Three Main Types of MCEC (Multi Chassis EtherChannel) C3750 Cross Stack Port Channels (StackWise) single control plane C6500 Virtual Switching System (VSS) single control plane via Virtual Switch Link (VSL) Nexus Virtaul Port Channel (vPC) separate control planes separate control plane protocol instances (STP/IGPs/BGP/FHRP) via a Peer Link (like VSS’s VSL) Each vPC peer has Peer Link to sync control plane...


Cisco NX-OS: FEX Designs

1. Basic topology: 2. Host Port-Channel: 3. vPC Implementation problem – configuration must be synced between different control planes: config sync command 4. Dual vPC or EvPC – Enhanced vPC – only N5K 5. N7K


Cisco NX-OS: Fabric Extender (FEX)

Nexus 2000 Series Fabric Extenders acts as a remote line card of N7K or N5K chassis. N2K FEX – ToR – Top of the RackN5K/N7K – EoR – End of the Row Why? Solve the problem of wiring cables in the data center. Keep all cables inside the rack as much as possible Simplify the management and reduce number of management...


Cisco NX-OS: Virtual Device Contexts (VDCs)

Nexus Virtual Device Contexts (VDCs) vitualize physical hardware (like contexts in ASA) also vitualize control plane protocols. Separate control plane per VDC (vlan 10 in VDC 1 is not vlan 10 in VDC 2) Each VDC has its own: Management plane Control plane Data plane Why use VDC: multiple logical roles (Core & Distribution on the same box) VDCs as a...

Cisco Firepower Version 6.5.0

Cisco Firepower Version 6.5.0 Entirely new URL categories, most of which identify threats: Talos Intelligence Categories Larger instances for FTDv on Azure – Firepower Threat Defense Virtual on Microsoft Azure now supports larger instances: D4_v2 and D5_v2. VMware vSphere/VMware ESXi 6.7 support Cisco Firepower Version 6.5.0 Release note


Cisco NX-OS: CLI notes

1. NX-OS supports aliases “cli alias name <name of alias> <command>” conf tcli alias name wr copy run star => can use “wr” to save config NX-OS also supports multiple commands aliases. Use “;” as separator: 2. IOS range command =>  3. CTRL+0 => clear the screen 4. Tab to complete the command  5. Admins of efault VDC can verify or...