1 Execute this command to enable the feature aggconfig feature vpc 2 Create a

1 execute this command to enable the feature

This preview shows page 10 - 12 out of 15 pages.

1. Execute this command to enable the feature: agg(config)# feature vpc 2. Create a vPC domain and give it a priority, as follows: agg(config)# vpc domain 1 agg(config-vpc-domain)# role priority 100 3. Create a peer link for the communication between the vPC peers: agg(config)# interface port-channel10 agg(config-if)# vpc peer-link agg(config-if)# switchport trunk allowed vlan <all access vlans> 4. Create an out-of-band communication path to verify the health of the vPC peer in case the peer link is cut: vpc domain 1 peer-keepalive destination 192.168.1.2 source 192.168.1.1 vrf vpc-keepalive 5. Make Layer 2 ports members of the vPC: agg(config)#interface ethernet2/9 agg(config-if)# channel-group 51 mode <on | active | passive> agg(config)#interface Port-channel 51 agg(config-if)# switchport agg(config-if)# vpc 51 Private VLANs In order to use private VLANs in Cisco NX-OS, you need to enable the feature: NXOS : (config)#feature private-vlan Assuming that VLAN 50 is the primary VLAN and that VLAN 51 is the secondary VLAN, and that this VLAN is configured as isolated, the configuration in Cisco NX-OS Software is as follows. vlan 50 private-vlan primary private-vlan association 51 vlan 51 private-vlan isolated The SVI configuration for VLAN 50, where VLAN 51 needs to be remapped, follows this syntax: interface Vlan50 no shutdown private-vlan mapping 51
Image of page 10
Design Guide © 2010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 11 of 15 For trunks carrying primary and secondary VLANs where you desire no remapping, the configuration is the usual trunk configuration: interface Ethernet2/9 description tc-nexus5k01 - Eth2/1 switchport switchport mode trunk switchport trunk allowed vlan …50-51… no shutdown Remember the difference between association and mapping: The keyword association is used in conjunction with isolated port configuration (that is, it tells the port, typically an access port, that the primary VLAN needs to be forwarded, or remapped to the secondary, and the secondary VLAN is to be kept as is). The keyword mapping is used in conjunction with the promiscuous ports configuration and it tells the switch that the secondary VLAN should be translated into the primary VLAN. Here is an example of configuring an isolated access port: nexus5000(config-if)# switchport mode private-vlan host switchport private-vlan association trunk 50 51 Here is an example of configuring an isolated trunk port: nexus5000(config-if)# switchport mode private-vlan trunk secondary switchport private-vlan association trunk 50 51 Here is an example of configuring an uplink port that operates as a promiscuous trunk: nexus5000(config-if)# switchport mode private-vlan trunk promiscuous switchport private-vlan mapping trunk 50 51 If the trunk port of a promiscuous trunk or if isolated trunks carry VLANs other than the private VLANs, you need to use a different command to make sure they are correctly forwarded (remember that the port is not in the switch port mode trunk, but in the switch port mode private-vlan trunk):
Image of page 11
Image of page 12

You've reached the end of your free preview.

Want to read all 15 pages?

  • Spring '17
  • kevin croteu
  • Cisco Systems, Cisco Catalyst IOS Software

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture