Presentation is loading. Please wait.

Presentation is loading. Please wait.

VRF, Interface Configuration. Enable VRF On A Leaf Command Syntax: Enabling VRF on leaf is a pre-requisite for most of the L3 configuration on that leaf.

Published byJob McKenzie Modified over 8 years ago

Similar presentations

Presentation on theme: "VRF, Interface Configuration. Enable VRF On A Leaf Command Syntax: Enabling VRF on leaf is a pre-requisite for most of the L3 configuration on that leaf."— Presentation transcript:

1 VRF, Interface Configuration

2 Enable VRF On A Leaf Command Syntax: Enabling VRF on leaf is a pre-requisite for most of the L3 configuration on that leaf. VRF must be enabled on leaf before: ① EPGs can be deployed on leaf ② Protocols can be configured on leaf ③ Interfaces on leaf can be assigned to a VRF ④ Static Routes can be added on leaf ⑤ Route Maps can be configured on leaf Tenant and VRF must have already been created before VRF can be enabled on a leaf. Leaf is automatically assigned a default router-id when VRF is enabled. This router-id can be changed using ‘router-id’ command. Deleting VRF from a leaf will remove EPGs, Protocols, Static Routes, Route Maps from the leaf. Also, Interfaces will be removed from the VRF. VRF is actually deployed on leaf when first interface is added to the VRF. [no] vrf context tenant vrf

3 Enable VRF On A Leaf (cont.) Example: STEP1: Create tenant and VRF apic1# configure apic1(config)# tenant Nubecentro apic1(config-tenant)# vrf context vrf1 apic1(config-tenant-vrf)# STEP2: Enable VRF apic1# configure apic1(config)# leaf 101 apic1(config-leaf)# vrf context tenant Nubecentro vrf vrf1 STEP3: Change Router ID (optional) apic1(config-leaf-vrf)# router-id 1.1.1.1

4 Static Routes Command Syntax: Static routes will actually be deployed on leaf only if VRF is already deployed on that leaf, which in turn happens when first interface is added to the VRF. Example: apic1# configure apic1(config)# leaf 101 apic1(config-leaf)# vrf context tenant Nubecentro vrf vrf1 apic1(config-leaf-vrf)# ip route 10.10.20.0/24 11.11.11.1 8 apic1(config-leaf-vrf)# ipv6 route 2002::0/64 2003::1 16 [no] ip route [preference] [no] ipv6 route [preference]

5 Routed Interface Command Syntax: Steps to configure and deploy a routed interface: ① Assign interface to a vlan-domain ② Change interface mode to L3 (no switchport) ③ Assign to interface a VRF ④ Configure IPv4/IPv6 addresses Interface must be a member of a vlan-domain before it can be assigned to a VRF. [no] switchport [no] vrf member tenant vrf [no] ip address [secondary] [no] ipv6 address preferred [no] mtu [no] mac-address

6 Routed Interface (cont.) Although interface mode is changed to L3 on ‘no switchport’ the port state on leaf does not change to L3 until interface is assigned to a VRF. Interface can be assigned to only one VRF. Interface needs to be removed form existing VRF before it can be assigned to a new VRF. Interface can be assigned to a VRF only if it is a member of only one vlan-domain. This vlan-domain must be the vlan-domain that is used for a given tenant and VRF. Basically, all interfaces assigned to a given VRF must be the member of the same vlan-domain. Interface mode can not be changed to L3 if there is a L2 configuration (Application EPG, Port part of an SVI or L2 External) on the interface or on the leaf of that interface.

7 Routed Interface (cont.) Example: STEP1: Assign to a vlan-domain apic1# configure apic1(config)# leaf 101 apic1(config-leaf)# interface ethernet 1/12 apic1(config-leaf-if)# vlan-domain member dom1 STEP2: Change mode to L3 apic1(config-leaf-if)# no switchport STEP3: Assign to a VRF apic1(config-leaf-if)# vrf member tenant Nubecentro vrf vrf1 STEP4: Configure IP addresses apic1(config-leaf-if)# ip address 10.10.10.12/24 apic1(config-leaf-if)# ipv6 address 2004::1/64 preferred

8 Sub Interface Command Syntax: Ensure the following on main interface before creating a sub interface: ① Interface is a member of vlan-domain and the vlan-domain is configured with vlan which this sub interface will use for encapsulation ② Interface is ‘routed’ (no switchport) ③ Interface is not assigned to any VRF It should be noted that sub interface id is used as encap. There is no separate command to configure encap. [no] interface ethernet /. [no] vrf member tenant vrf [no] ip address [secondary] [no] ipv6 address preferred

9 Sub Interface (cont.) Example: apic1# configure apic1(config)# vlan-domain dom1 apic1(config-vlan)# vlan 100-150 apic1(config-vlan)# exit apic1(config)# vlan-domain dom2 apic1(config-vlan)# vlan 151-500 apic1(config-vlan)# STEP1: Configure Main Interface apic1# configure apic1(config)# leaf 101 apic1(config-leaf)# interface ethernet 1/12 apic1(config-leaf-if)# vlan-domain member dom1 apic1(config-leaf-if)# vlan-domain member dom2 apic1(config-leaf-if)# no switchport STEP2: Configure Sub Interfaces apic1(config-leaf)# interface ethernet 1/2.1000 apic1(config-leaf-if)# vrf member tenant Nubecentro vrf vrf1 apic1(config-leaf-if)# ip address 10.10.10.12/24 apic1(config-leaf-if)# ipv6 address 2004::1/64 preferred apic1(config-leaf)# interface ethernet 1/12.2000 apic1(config-leaf-if)# vrf member tenant Nubecentro1 vrf vrf1 apic1(config-leaf-if)# ip address 10.10.30.13/24 apic1(config-leaf-if)# ipv6 address 1001::1/64 preferred

10 Switched Virtual Interface

11 SVI Configuration Create SVI Associate SVI to L2 Interface SVI over VPC SVI as BGP Source Interface Restrictions and Caveats

12 Create SVI Syntax to create SVI Interface a.k.a external-SVI: [no] interface vlan [no] vrf member tenant vrf NOTE: SVI interface configuration will not be created until the VRF details are specified. SVI can be configured as follows: apic1(config)# leaf 101 apic1(config-leaf)# interface vlan 100 apic1(config-leaf-if)# ip address 10.10.10.1/24 apic1(config-leaf-if)# ip address 10.10.10.2/24 secondary apic1(config-leaf-if)# ip router eigrp default apic1(config-leaf-if)# ip router ospf default area 0.0.0.101 apic1(config-leaf-if)# ipv6 nd mtu 2345 apic1(config-leaf-if)# ipv6 nd hop-limit 11 apic1(config-leaf-if)# ipv6 nd retransmission-retry-count 51 apic1(config-leaf-if)# ipv6 nd ns-interval 1234 apic1(config-leaf-if)# ipv6 nd ra-interval 250 apic1(config-leaf-if)# ipv6 nd ra-lifetime 9000 apic1(config-leaf-if)# ipv6 nd reachable-time 250000 apic1(config-leaf-if)# ipv6 nd retrans-timer 1234567890 apic1(config-leaf-if)# ipv6 nd suppress-ra apic1(config-leaf-if)# ipv6 nd suppress-ra-mtu apic1(config-leaf-if)# ipv6 address 100:1::1/64 preferred apic1(config-leaf-if)# ipv6 router ospf default area 0.0.0.101 apic1(config-leaf-if)# ipv6 link-local fe80::90:1:1:1:101 apic1(config-leaf-if)# exit

13 Associate SVI To Layer2 Interface A given SVI can be associated to any number of L2 interfaces −The mode SVI under L2 interface can be trunk, native or access Syntax: [no] switchport { trunk allowed | native | access } vlan tenant external-svi NOTE: Before association, the L2 interface must have the appropriate vlan-domain associated with it. The L2 interface can be a physical interface, port-channel or VPC L2 Interface to SVI association can be configured as follows: apic1(config)# leaf 101 apic1(config-leaf)# interface ethernet 1/15 apic1(config-leaf-if)# vlan-domain member dom1 apic1(config-leaf-if)# switchport trunk allowed vlan 100 tenant svi_Nubecentro external-svi apic1(config-leaf)# interface port-channel po5 apic1(config-leaf-if)# vlan-domain member dom1 apic1(config-leaf-if)# switchport access vlan 100 tenant svi_Nubecentro external-svi apic1(config)# vpc context leaf 101 102 apic1(config-vpc)# interface vpc po10 apic1(config-vpc-if)# vlan-domain member dom1 apic1(config-leaf-if)# switchport native vlan 100 tenant svi_Nubecentro external-svi

14 SVI Over VPC To associate SVI to a VPC interface, we need to do the following: −Create SVI interface in VPC node A −Create SVI interface in VPC node B −Associate SVI to VPC interface via ‘vpc context’ VPC to SVI association can be configured as follows: apic1(config)# leaf 101 apic1(config-leaf)# interface vlan 100 apic1(config-leaf-if)# ip address 10.10.10.1/24 apic1(config-leaf-if)# ip address 10.10.10.2/24 secondary apic1(config)# leaf 102 apic1(config-leaf)# interface vlan 100 apic1(config-leaf-if)# ip address 10.10.20.1/24 apic1(config-leaf-if)# ip address 10.10.20.2/24 secondary apic1(config)# vpc context leaf 101 102 apic1(config-vpc)# interface vpc po15 apic1(config-vpc-if)# vlan-domain member dom1 apic1(config-leaf-if)# switchport trunk allowed vlan 100 tenant svi_Nubecentro external-svi

15 Restrictions and Caveats Mandating SVI  L2 Association: NxOS lets users create SVI interface by itself (without L2 association) However, ACI Model does not allow SVI interface without L2 association Hence, for SVI interface to be deployable, we need L2 interface association. Till L2 association happens, SVI interface properties will be saved in a place-holder L3Out that is not deployable. Order of configuration: NxOS lets users associate L2 interface with SVI even before creating SVI interface. This is not possible in the APIC due to model restrictions, i.e, we need to create SVI interface first, and follow that with L2 association. On similar lines, SVI interface cannot be deleted if there are L2 interfaces associated with it. SVI as BGP Source: As mentioned earlier, SVI can be set as BGP source interface ONLY after at least one L2 interface is associated to the SVI

Download ppt "VRF, Interface Configuration. Enable VRF On A Leaf Command Syntax: Enabling VRF on leaf is a pre-requisite for most of the L3 configuration on that leaf."

Similar presentations

Mitigating Layer 2 Attacks

Mitigating Layer 2 Attacks
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
IPv6 Static Routes Overview.

IPv6 Static Routes Overview.
11: IPv6 Routing Table and Static Routes

11: IPv6 Routing Table and Static Routes
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
CCNP Network Route IPV-6 Part-III IPV-6 Static Routing: R1(Conf t)# ip routing  (Turn on Routing) R1(Conf t)# ipv6 unicast-routing  (Turn on ipv6 routing)

CCNP Network Route IPV-6 Part-III IPV-6 Static Routing: R1(Conf t)# ip routing  (Turn on Routing) R1(Conf t)# ipv6 unicast-routing  (Turn on ipv6 routing)
Implementing Inter-VLAN Routing

Implementing Inter-VLAN Routing
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.

Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
VLANs Module 2. 2 VLANs  VLANs  Trunking  VLAN Trunking Protocol (VTP)

VLANs Module 2. 2 VLANs  VLANs  Trunking  VLAN Trunking Protocol (VTP)
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.
VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward

VLANs- Chapter 3 CCNA Exploration Semester 3 Modified by Profs. Ward
VLAN ROUTING How can we route traffic between vlans ? By Default Vlans isolate them selves. To Route Traffic we can use: 1. Router: A Router connected.

VLAN ROUTING How can we route traffic between vlans ? By Default Vlans isolate them selves. To Route Traffic we can use: 1. Router: A Router connected.
© Wiley Inc. 2006. All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)
Sybex CCNA 640-802 Chapter 9: VLAN’s Instructor & Todd Lammle.

Sybex CCNA Chapter 9: VLAN’s Instructor & Todd Lammle.
VLANs.ppt CCNA Exploration Semester 3 Chapter 3

VLANs.ppt CCNA Exploration Semester 3 Chapter 3
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing And Switching.
Chapter 6 Inter-VLAN Routing.

Chapter 6 Inter-VLAN Routing.
Advanced Computer Networks

Advanced Computer Networks
Chapter 6 Lecture11 Inter-VLAN Routing Assistant Professor Pongpisit Wuttidittachotti, Ph.D. Faculty of Information Technology King Mongkut's University.

Chapter 6 Lecture11 Inter-VLAN Routing Assistant Professor Pongpisit Wuttidittachotti, Ph.D. Faculty of Information Technology King Mongkut's University.

Similar presentations

Ads by Google