I previously had the chance to play around with the 5596UP switch, and made some notes on how to configure inter-vlan routing. Since this was a 5596UP switch I needed a layer 3 card to take advantage of it. The next-generation units the 5600 include layer 3 without a card required along with introducing 40GB uplinks! However in this post let’s go back to the basics and configure inter-vlan routing on a nexus switch and in this case I am using a 5596UP.
In this example I have already configured a FEX port with a 2k check out the my earlier post Connecting FEX (5k to 2k) so let’s start right after that and login into the 5k.
User Access Verification demo5k login: admin Password: Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2013, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Lesser General Public License (LGPL) Version 2.1. A copy of each such license is available at http://www.opensource.org/licenses/gpl-2.0.php and http://www.opensource.org/licenses/lgpl-2.1.php demo5k# config t
Now in configuration mode we have to turn on a feature in the NX-OS to enable VLAN Routing, we do this by issuing the “feature interface-vlan” command. The Nexus runs on efficiency and only loads what it needs or configured. This is familiar approach that Linux uses which loads what is installed and nothing else. In the output below we can see all the features that the NX-OS supports followed by the command to turn on Inter-VLAN Routing.
demo5k(config)# feature ?
bgp Enable/Disable Border Gateway Protocol (BGP)
cts Enable/Disable CTS
dhcp Enable/Disable DHCP Snooping
dot1x Enable/Disable dot1x
eigrp Enable/Disable Enhanced Interior Gateway Routing Protocol
(EIGRP)
fcoe Enable/Disable FCoE/FC feature
fcoe-npv Enable/Disable FCoE NPV feature
fex Enable/Disable FEX
flexlink Enable/Disable Flexlink
hsrp Enable/Disable Hot Standby Router Protocol (HSRP)
http-server Enable/Disable http-server
interface-vlan Enable/Disable interface vlan
lacp Enable/Disable LACP
msdp Enable/Disable Multicast Source Discovery Protocol (MSDP)
ntp Enable/Disable NTP
ospf Enable/Disable Open Shortest Path First Protocol (OSPF)
ospfv3 Enable/Disable Open Shortest Path First Version 3 Protocol
(OSPFv3)
pim Enable/Disable Protocol Independent Multicast (PIM)
port-security Enable/Disable port-security
private-vlan Enable/Disable private-vlan
privilege Enable/Disable IOS type privilege level support
ptp Enable/Disable PTP
rip Enable/Disable Routing Information Protocol (RIP)
scp-server Enable/Disable SCP server
sftp-server Enable/Disable SFTP server
ssh Enable/Disable ssh
tacacs+ Enable/Disable tacacs+
telnet Enable/Disable telnet
udld Enable/Disable UDLD
vpc Enable/Disable VPC (Virtual Port Channel)
vrrp Enable/Disable Virtual Router Redundancy Protocol (VRRP)
vtp Enable/Disable Vlan Trunking Protocol (VTP)
demo5k(config)# feature interface-vlan
demo5k(config)#
Just like the Catalyst line we are in configuration mode and let’s create two vlans 50 and 60 with IP addresses.
demo5k(config)# vlan 50 demo5k(config-vlan)# name SERVER-A-VLAN demo5k(config-vlan)# exit demo5k(config)# interface vlan 50 demo5k(config-if)# description SERVER-A-NETWORK demo5k(config-if)# ip address 192.168.50.1 255.255.255.0 demo5k(config-if)# no shutdown demo5k(config-if)# exit ! Create another Interface VLAN! demo5k(config)# interface vlan 60 demo5k(config-if)# description SERVER-B-NETWORK demo5k(config-if)# ip address 192.168.60.1 255.255.255.0 demo5k(config-if)# no shutdown demo5k(config-if)# exit demo5k(config)#exit
Let’s verify our creation by doing a show interface vlan 60
demo5k# show interface vlan 60 Vlan60 is down (VLAN does not exist), line protocol is down Hardware is EtherSVI, address is 547f.ee59.a2c1 Description: SERVER-B-NETWORK Internet Address is 192.168.60.1/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
Let’s look at VLAN 50:
demo5k# show interface vlan 50 Vlan60 is down (VLAN is down), line protocol is down Hardware is EtherSVI, address is 547f.ee59.a2c1 Description: SERVER-A-NETWORK Internet Address is 192.168.50.1/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
We can also look at the interface brief:
demo5k# show ip interface brief IP Interface Status for VRF "default"(1) Interface IP Address Interface Status Vlan50 192.168.50.1 protocol-down/link-down/admin-up Vlan60 192.168.60.1 protocol-down/link-down/admin-up
VLANs have been created and IP addresses assigned to the interfaces, now let’s configure the 2k. In this example I’ve configured two access ports on the 2k one is in VLAN 50 and another is in VLAN 60. Starting with VLAN 50 on port 1 on the 2k.
demo5k(config)# interface ethernet 100/1/1 demo5k(config-if)# switchport access vlan 50 demo5k(config-if)# spanning-tree port type edge Warning: Edge port type (portfast) should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when edge port type (portfast) is enabled, can cause temporary bridging loops. Use with CAUTION Edge Port Type (Portfast) has been configured on Ethernet100/1/1 but will only have effect when the interface is in a non-trunking mode. demo5k(config-if)# no shutdown demo5k(config-if)# exit
You’ll notice the warning when we configure the port as an edge port, in the Catalyst world this is the same as spanning-tree portfast. Let’s next configure port 25 on the same 2k into VLAN 60.
demo5k(config)# interface ethernet 100/1/25 demo5k(config-if)# switchport access vlan 60 demo5k(config-if)# spanning-tree port type edge Warning: Edge port type (portfast) should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when edge port type (portfast) is enabled, can cause temporary bridging loops. Use with CAUTION Edge Port Type (Portfast) has been configured on Ethernet100/1/25 but will only have effect when the interface is in a non-trunking mode. demo5k(config-if)# no shutdown demo5k(config-if)# exit
Done and Done, If you hook-up two PCs with correct IP address scheme in the separate VLANs you would be able to ping them. To verify the routing table you would do a show ip route, just like the IOS world 🙂 Like always I hope this information is helpful and comment below if you have any questions.
