Inter-VLAN Routing on the Nexus 5k

Mar 13, 2014 Cisco Cisco Systems Data center FEX networking Nexus NX-OS Routing switching technology tutorial
Share on:

I previously had the chance to play around with the 5596UP switch, and made some notes on how to configure inter-vlan routing. Since this was a 5596UP switch I needed a layer 3 card to take advantage of it. The next-generation units the 5600 include layer 3 without a card required along with introducing 40GB uplinks! However in this post let's go back to the basics and configure inter-vlan routing on a nexus switch and in this case I am using a 5596UP.  In this example I have already configured a FEX port with a 2k check out the my earlier post Connecting FEX (5k to 2k) so let's start right after that and login into the 5k.

 1User Access Verification
 2demo5k login: admin
 3Password:
 4Cisco Nexus Operating System (NX-OS) Software
 5TAC support: http://www.cisco.com/tac
 6Copyright (c) 2002-2013, Cisco Systems, Inc. All rights reserved.
 7The copyrights to certain works contained in this software are
 8owned by other third parties and used and distributed under
 9license. Certain components of this software are licensed under
10the GNU General Public License (GPL) version 2.0 or the GNU
11Lesser General Public License (LGPL) Version 2.1. A copy of each
12such license is available at
13http://www.opensource.org/licenses/gpl-2.0.php and
14http://www.opensource.org/licenses/lgpl-2.1.php
15demo5k# config t

Now in configuration mode we have to turn on a feature in the NX-OS to enable VLAN Routing, we do this by issuing the “feature interface-vlan” command. The Nexus runs on efficiency and only loads what it needs or configured. This is familiar approach that Linux uses which loads what is installed and nothing else. In the output below we can see all the features that the NX-OS supports followed by the command to turn on Inter-VLAN Routing.

 1demo5k(config)# feature ?
 2  bgp             Enable/Disable Border Gateway Protocol (BGP)
 3  cts             Enable/Disable CTS
 4  dhcp            Enable/Disable DHCP Snooping
 5  dot1x           Enable/Disable dot1x
 6  eigrp           Enable/Disable Enhanced Interior Gateway Routing Protocol
 7                  (EIGRP)
 8  fcoe            Enable/Disable FCoE/FC feature
 9  fcoe-npv        Enable/Disable FCoE NPV feature
10  fex             Enable/Disable FEX
11  flexlink        Enable/Disable Flexlink
12  hsrp            Enable/Disable Hot Standby Router Protocol (HSRP)
13  http-server     Enable/Disable http-server
14  interface-vlan  Enable/Disable interface vlan
15  lacp            Enable/Disable LACP
16  msdp            Enable/Disable Multicast Source Discovery Protocol (MSDP)
17  ntp             Enable/Disable NTP
18  ospf            Enable/Disable Open Shortest Path First Protocol (OSPF)
19  ospfv3          Enable/Disable Open Shortest Path First Version 3 Protocol
20                  (OSPFv3)
21  pim             Enable/Disable Protocol Independent Multicast (PIM)
22  port-security   Enable/Disable port-security
23  private-vlan    Enable/Disable private-vlan
24  privilege       Enable/Disable IOS type privilege level support
25  ptp             Enable/Disable PTP
26  rip             Enable/Disable Routing Information Protocol (RIP)
27  scp-server      Enable/Disable SCP server
28  sftp-server     Enable/Disable SFTP server
29  ssh             Enable/Disable ssh
30  tacacs+         Enable/Disable tacacs+
31  telnet          Enable/Disable telnet
32  udld            Enable/Disable UDLD
33  vpc             Enable/Disable VPC (Virtual Port Channel)
34  vrrp            Enable/Disable Virtual Router Redundancy Protocol (VRRP)
35  vtp             Enable/Disable Vlan Trunking Protocol (VTP)
36
37demo5k(config)# feature interface-vlan
38demo5k(config)#

Just like the Catalyst line we are in configuration mode and let's create two vlans 50 and 60 with IP addresses.

 1demo5k(config)# vlan 50
 2demo5k(config-vlan)# name SERVER-A-VLAN
 3demo5k(config-vlan)# exit
 4demo5k(config)# interface vlan 50
 5demo5k(config-if)# description SERVER-A-NETWORK
 6demo5k(config-if)# ip address 192.168.50.1 255.255.255.0
 7demo5k(config-if)# no shutdown
 8demo5k(config-if)# exit
 9! Create another Interface VLAN!
10demo5k(config)# interface vlan 60
11demo5k(config-if)# description SERVER-B-NETWORK
12demo5k(config-if)# ip address 192.168.60.1 255.255.255.0
13demo5k(config-if)# no shutdown
14demo5k(config-if)# exit
15demo5k(config)#exit

Let's verify our creation by doing a show interface vlan 60

1demo5k# show interface vlan 60
2Vlan60 is down (VLAN does not exist), line protocol is down
3  Hardware is EtherSVI, address is  547f.ee59.a2c1
4  Description: SERVER-B-NETWORK
5  Internet Address is 192.168.60.1/24
6  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec\[/code\]

Let's look at VLAN 50:

1demo5k# show interface vlan 50
2Vlan60 is down (VLAN is down), line protocol is down
3  Hardware is EtherSVI, address is  547f.ee59.a2c1
4  Description: SERVER-A-NETWORK
5  Internet Address is 192.168.50.1/24
6  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec\[/code\]

We can also look at the interface brief:

1demo5k# show ip interface brief
2IP Interface Status for VRF "default"(1)
3Interface            IP Address      Interface Status
4Vlan50               192.168.50.1    protocol-down/link-down/admin-up
5Vlan60               192.168.60.1    protocol-down/link-down/admin-up\[/code\]

VLANs have been created and IP addresses assigned to the interfaces, now let's configure the 2k. In this example I've configured two access ports on the 2k one is in VLAN 50 and another is in VLAN 60. Starting with VLAN 50 on port 1 on the 2k

 1demo5k(config)# interface ethernet 100/1/1
 2demo5k(config-if)# switchport access vlan 50
 3demo5k(config-if)# spanning-tree port type edge
 4Warning: Edge port type (portfast) should only be enabled on ports connected to a single
 5 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 6 interface  when edge port type (portfast) is enabled, can cause temporary bridging loops.
 7 Use with CAUTION
 8
 9Edge Port Type (Portfast) has been configured on Ethernet100/1/1 but will only
10 have effect when the interface is in a non-trunking mode.
11demo5k(config-if)# no shutdown
12demo5k(config-if)# exit\[/code\]

You'll notice the warning when we configure the port as an edge port, in the Catalyst world this is the same as spanning-tree portfast. Let's next configure port 25 on the same 2k into VLAN 60.

 1demo5k(config)# interface ethernet 100/1/25
 2demo5k(config-if)# switchport access vlan 60
 3demo5k(config-if)# spanning-tree port type edge
 4Warning: Edge port type (portfast) should only be enabled on ports connected to a single
 5 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 6 interface  when edge port type (portfast) is enabled, can cause temporary bridging loops.
 7 Use with CAUTION
 8
 9Edge Port Type (Portfast) has been configured on Ethernet100/1/25 but will only
10 have effect when the interface is in a non-trunking mode.
11demo5k(config-if)# no shutdown
12demo5k(config-if)# exit\[/code\]

Done and Done, If you hook-up two PCs with correct IP address scheme in the separate VLANs you would be able to ping them. To verify the routing table you would do a show ip route, just like the IOS world :) Like always I hope this information is helpful and comment below if you have any questions.