Lab 3: Layer 2 Switching: DCNI-2

DCNI-2
Lab 3: Layer 2 Switching

Complete this lab activity to practice what you learned in the related lesson.
Activity Objective
In this activity, you will become familiar with the Layer 2 switching features supported by the
Cisco Nexus 7010 and Cisco NX-OS Software. After completing this activity, you will be able
to meet these objectives:
n Configure VLANs and PVST+ within each VDC, and activate and validate spanning tree
parameters
n Create and manage primary and secondary VLANs, assign interfaces to secondary VLANs,
and perform mappings
n Configure MST regions across both Cisco Nexus 7010 Switches
n Enable UDLD on VDC links
n Configure port channels for interswitch VDC links using LACP
Visual Objective
The following diagram shows the logical lab topology diagram.
DCNI-2 Layer 2 Switching Lab Topology
N7K11 N7K12
eth 2/1 eth 2/1
VDC eth 2/2 eth 2/2 VDC
N7K11-pod1 N7K12-pod1
eth 2/4 eth 2/4
eth 1/2 eth 1/1 eth 1/1 eth 1/2
eth 1/13 eth 1/13

eth 2/9 eth 2/9
eth 2/12 eth 2/12
eth 1/14 eth 1/14
eth 1/26 eth 1/26
eth 1/25 eth 2/17 eth 2/17 eth 1/25
eth 2/20 eth 2/20
10G
1G
2009 Cisco Systems, Inc. All rights reserved. DCNI-2 v3.01-1
Required Resources
These are the resources and equipment required to complete this activity:
n Two Cisco Nexus 7010 chassis with dual supervisor modules
n Dual power supplies, dual system fans, dual fabric fans, and three fabric modules per
chassis
n One 48-port 1 Gigabit Ethernet I/O module per chassis
n One 32-port 10 Gigabit Ethernet I/O module per chassis with SFP+ SR optical transceivers
installed
n Cisco NX-OS LAN Enterprise License
n Cisco NX-OS LAN Advanced Services License
2 Implementing Cisco Data Center Networking Infrastructure 2 (DCNI-2) v3.0 2009 Cisco Systems, Inc.
Command List
The table lists the commands that are used in this activity.
Command
bandwidth
channel-group
feature interface-vlan
feature lacp
feature private-vlan
feature udld
instance
interface port-channel
interface vlan
name
no vlan
private-vlan community
private-vlan isolated
private-vlan mapping
private-vlan primary
private-vlan synchronize
revision
show interface ethernet slot/port
switchport
show interface brief
show port-channel summary
show running-config spanning-tree
show spanning-tree brief
show spanning-tree mst
show spanning-tree root
show spanning-tree vlan
show vlan private-vlan
show udld neighbors
spanning-tree mode mst
spanning-tree mst configuration
state suspend
switchback
switchport
switchport mode private-vlan host
2009 Cisco Systems, Inc. Lab Guide 3

switchport mode private-vlan promiscuous
switchport mode trunk
switchport private-vlan host-association
switchport private-vlan mapping
switchto
vlan
udld aggressive
To have a painless experience and avoid unnecessary support
requests, it is important to go through the entire Lab Access session
before starting the lab!!!
Lab Access
Identify Your Pod Number: Pod number can be found on the left upper corner **** NX-OS-X ,
where X is your pod number. Make a note of your pod number on a paper.
Note: In this doc, the interfaces referred in most of the output shown in these steps refer to Pod1.
Once your pod number is identified, go to Table 1 POD Information and Access Account and
make a note of the credentials and interfaces assigned to your pod on a paper.
Table 1 POD Information and Access Account
POD Devices Login/Password Assigned Interfaces mgmt0 IP
POD 1
N7K11 admin/pod1nxos 1/1-5, 2/1-8 10.2.8.17
N7K12 admin/pod1nxos 1/1-5, 2/1-8 10.2.8.18
CAT 6K n/a 6/1-2
Nexus 5K admin/1234qwe 10.10.8.15
MDS 9124 admin/1234qwe
VSphere Client cisco/12345qwe localhost
POD 2
N7K11 admin/pod2nxos 1/13-17, 2/9-16 10.2.8.27
N7K12 admin/pod2nxos 1/13-17, 2/9-16 10.2.8.28
CAT 6K n/a 6/1-2
POD 3
N7K11 admin/pod3nxos 1/25-29, 2/17-24 10.2.8.37
N7K12 admin/pod3nxos 1/25-29, 2/17-24 10.2.8.38
CAT 6K n/a 6/1-2
Dont try to ping these IP addresses from your desktop, they are private addresses.

Task 1: Configure Layer 2 Interfaces, Spanning Tree Topology,
and Parameters
In this task you will change all VDC interfaces to Layer 2 switch ports, create and manage
VLANs, and view the default spanning tree topology.
Note The lab topology includes two Cisco Nexus 7010 platforms. Each Nexus 7010 switch is
shared between the pods and has multiple virtual device contexts (VDCs). You will manage
the VDC assigned to your pod.
Activity Procedure
Step 1 Connect to your assigned N7K11-podX VDC (where X is your pod number) using
the provided access information (username admin with password pod1nxos,
pod2nxos, or pod3nxos, depending on your pod).
Note The output examples are for POD1. The range of interfaces assigned to each POD is
different. Check the LAB Aids or execute show interface brief command from your assigned
VDC to find out which ports are assigned to your VDC
Step 2 Enter VDC global configuration context and change all VDC-assigned physical
interfaces to Layer 2 switch ports.
N7K11-pod1(config)# interface ethernet 1/1-5, ethernet 2/1-8
N7K11-pod1(config-if-range)# switchport
Step 3 Verify that all VDC-assigned interfaces are now Layer 2 switch ports.
N7K11-pod1# show interface brief

-----------------------------------------------------------------------------
Port VRF Status IP Address Speed
MTU
-----------------------------------------------------------------------------
mgmt0 -- up 10.2.8.17 1000
1500
------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
------------------------------------------------------------------------------
Eth1/1 1 eth access down Link not connected auto(D) --
Eth1/3 1 eth access up none 1000(D) --
Eth2/1 1 eth access up none 10G(S) --
Eth2/4 1 eth access down Link not connected auto(S) --
Eth2/6 1 eth access down SFP not inserted auto(S) --
Step 4 Configure all VDC Layer 2 interfaces as switch port trunks and verify the change
using the show interface brief command.
N7K11-pod1(config)# interface ethernet 1/1-5, ethernet 2/1-8
N7K11-pod1(config-if-range)# switchport mode trunk
1. Are all VDC assigned interfaces configured as Layer 2 trunk switch ports?
Note On the second N7K on your assigned VDC the VLANs are already configured. You can
verify the configuration of your assigned VDC on the second N7K using the provided access
information
Step 5 Issue the show spanning-tree vlan 1 command from within your VDC pod.
N7K11-pod1# show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 0022.5579.f743
Cost 2
Port 257 (Ethernet2/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0024.f714.c242
Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Eth1/3 Desg FWD 4 128.131 P2p
Eth2/3 Root FWD 2 128.259 P2p
2. Which PVST+ port cost method is being used? ___________________________________
3. Complete the following table.
Switch VDC Interface Role Status Priority
N7K11 pod eth 1/
eth 2/
eth 2/
eth 2/
eth 2/
4. Which switch/VDC is the root bridge for VLAN 1?

___________________________________
Step 6 Within your pod, create VLAN 10, give it the name TEST and confirm that your
VDC pod contains VLANs 1 and 10.
N7K11-pod1(config)# vlan 10
N7K11-pod1(config-vlan)# name TEST
Step 7 Determine the number of spanning instances running.

N7K11-pod1(config-vlan)# show spanning-tree brief
VLAN0001
Address 000d.ecb4.457c
Cost 2


---------------- ---- --- --------- -------- --------------------------------
VLAN0010
Address 0022.5579.f742
Cost 2


---------------- ---- --- --------- -------- --------------------------------
Eth2/2 Altn BLK 2 128.258 P2p
5. Is the root bridge for VLAN 10 different than for VLAN 1? _______________
Step 8 Issue the state suspend command from within the VLAN 10 configuration context.
N7K11-pod1(config-vlan)# state suspend
Step 9 View the spanning tree status.

N7K11-pod1(config-vlan)# show spanning-tree brief
6. Has VLAN 10 a spanning tree instance? ______________________
Step 10 Delete VLAN 10 within your VDC pod and confirm that it has been removed.
N7K11-pod1(config-vlan)# no vlan 10
N7K11-pod1(config)# show vlan
VLAN Name Status Ports

---- -------------------------------- --------- ------------------------------
1 default active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth1/5, Eth2/1, Eth2/2, Eth2/3
Eth2/8
VLAN Type
---- -----
1 enet
Remote SPAN VLANs

------------------------------------------------------------------------------
Primary Secondary Type Ports

------- --------- --------------- -----------------------------------------
Task 2: Create Private VLANs
In this task you will create private VLANs consisting of primary and secondary (isolated and
community), assign interfaces, and perform the primary to secondary mapping.
Note You will conduct this task on Cisco Nexus 7010 equipment shared between the pods. For
that reason, you will be allowed only to examine the setup and will not be able to change
any parameters if not required by the task.
Activity Procedure
Complete these steps:
Step 11 On your N7K switch, enter global configuration mode and enable the feature to
create a private VLAN. Private VLAN is a Layer 2 feature that requires activation
before the service will be loaded and run within the VDC. Enter the global
configuration context from within your VDC pod and activate the private VLAN
feature.
N7K11-pod1(config)# feature ?
bfd Bfd
bgp Enable/Disable Border Gateway Protocol (BGP)
cts Enable/Disable CTS
dhcp Enable/Disable DHCP Snooping
dot1x Enable/Disable dot1x
eigrp Enable/Disable Enhanced Interior Gateway Routing Protocol
(EIGRP)
eou Enable/Disable eou(l2nac)
fip-snooping Enable/Disable fip-snooping(FCoE Initializtion Protocol)
glbp Enable/Disable Gateway Load Balancing Protocol (GLBP)
hsrp Enable/Disable Hot Standby Router Protocol (HSRP)
interface-vlan Enable/Disable interface vlan
isis Enable/Disable IS-IS Unicast Routing Protocol (IS-IS)
lacp Enable/Disable LACP
ldap Enable/Disable ldap
lldp Enable/Disable LLDP
msdp Enable/Disable Multicast Source Discovery Protocol (MSDP)
netflow Enable/Disable NetFlow
ospf Enable/Disable Open Shortest Path First Protocol (OSPF)
ospfv3 Enable/Disable Open Shortest Path First Version 3 Protocol
(OSPFv3)
otv Enable/Disable Overlay Transport Virtualization (OTV)
pbr Enable/Disable Policy Based Routing(PBR)
pim Enable/Disable Protocol Independent Multicast (PIM)
pim6 Enable/Disable Protocol Independent Multicast (PIM) for IPv6
port-security Enable/Disable port-security
private-vlan Enable/Disable private-vlan
privilege Enable/Disable IOS type privilege level support
rip Enable/Disable Routing Information Protocol (RIP)
scheduler Enable/Disable scheduler
ssh Enable/Disable ssh
tacacs+ Enable/Disable tacacs+
telnet Enable/Disable telnet
tunnel Enable/Disable Tunnel Manager
udld Enable/Disable UDLD
vpc Enable/Disable VPC (Virtual Port Channel)
vrrp Enable/Disable Virtual Router Redundancy Protocol (VRRP)
vtp Enable/Disable VTP

wccp Enable/Disable Web Cache Communication Protocol (WCCP)
N7K11-pod1(config)# feature private-vlan ?

<CR>
N7K11-pod1(config)# feature private-vlan
Step 12 Create VLAN 20 named PRIMO and assign it as a primary VLAN and confirm that
it has been created.
N7K11-pod1(config-vlan)# name PRIMO
N7K11-pod1(config-vlan)# private-vlan primary
N7K11-pod1(config-vlan)# show vlan

---- -------------------------------- --------- ------------------------------
Eth2/8
20 PRIMO active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth2/8
VLAN Type
---- -----
1 enet
20 enet
Remote SPAN VLANs

------------------------------------------------------------------------------

------- --------- --------------- -----------------------------------------
20 primary
Step 13 Create and confirm an isolated secondary VLAN 30 named LONER.
N7K11-pod1(config-vlan)# vlan 30
N7K11-pod1(config-vlan)# name LONER
N7K11-pod1(config-vlan)# private-vlan isolated
N7K11-pod1(config-vlan)# show vlan

---- -------------------------------- --------- ------------------------------
Eth2/8
Eth2/8
30 LONER active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth2/8
---- -------------------------------- --------- ------------------------------
Remote SPAN VLANs

------------------------------------------------------------------------------

------- --------- --------------- -----------------------------------------
20 primary
30 isolated
Step 14 Create a community VLAN 40 named MOE.
N7K11-pod1(config-vlan)# name MOE
N7K11-pod1(config-vlan)# private-vlan community
Step 15 Create two additional community VLANs 50 and 60 named LARRY and CURLY.
Confirm that they have been created.
N7K11-pod1# show vlan

---- -------------------------------- --------- ------------------------------
Eth2/8
Eth2/8
30 LONER active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth2/8
40 MOE active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth2/8
50 LARRY active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth2/8
60 CURLY active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth2/8
---- -------------------------------- --------- ------------------------------
40 enet
50 enet
60 enet
Remote SPAN VLANs

------------------------------------------------------------------------------

------- --------- --------------- -----------------------------------------
20 primary
30 isolated
40 community
50 community
60 community
Step 16 You may also view just the type of private VLANs that have been created within
your VDC pod.
N7K11-pod1# show vlan private-vlan
------- --------- --------------- -----------------------------------------
20 primary
30 isolated
40 community
50 community
60 community
Step 17 Remove the community secondary VLAN named CURLY and replace it with
VLAN 70 named SHEMP.
N7K11-pod1(config-vlan)# no vlan 60
N7K11-pod1(config-vlan)# name SHEMP

N7K11-pod1(config-vlan)# private-vlan community
N7K11-pod1(config-vlan)# show vlan private-vlan
------- --------- --------------- -----------------------------------------
20 primary
30 isolated
40 community
50 community
70 community
Step 18 Establish an association between the primary and secondary VLANs you have
created.
N7K11-pod1(config-vlan)# private-vlan association ?
<1-3967,4048-4093> VLAN IDs of the private VLANs to be configured
add Add a VLAN to private VLAN list
remove Remove a VLAN from private VLAN list
N7K11-pod1(config-vlan)# private-vlan association 30,40,50,70

N7K11-pod1(config-vlan)# show vlan private-vlan
------- --------- --------------- -----------------------------------------
--
20 30 isolated
20 40 community
20 50 community
20 70 community
Note The isolated and community secondary VLANs are now assigned to the primary VLAN 20.
Step 19 Assign the following interfaces to your secondary VLANs.

VLAN Interfaces Promiscuous Port
---------------------------------------------------------------------------------------------------------------
30 eth 1/1-2 eth 2/7
40 eth 1/3
50 eth 1/4
70 eth 1/5
N7K11-pod1(config)# interface ethernet 1/1-2
N7K11-pod1(config-if-range)# switchport mode private-vlan host
N7K11-pod1(config-if-range)# switchport private-vlan host-association ?
<1-3967,4048-4093> Primary VLAN ID
N7K11-pod1(config-if-range)# switchport private-vlan host-association 20 ?
<1-3967,4048-4093> Secondary VLAN ID
N7K11-pod1(config-if-range)# switchport private-vlan host-association 20 30
Step 20 Repeat this procedure for the other interfaces and primary-secondary VLAN
associations.
Step 21 Verify the private VLAN interface assignments.
N7K11-pod1# show interface ethernet 1/1 switchport
Name: Ethernet1/1
Switchport: Enabled
Switchport Monitor: Not enabled
Operational Mode: Private-vlan host
Access Mode VLAN: 30 (LONER)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: 1-3967,4048-4093
Administrative private-vlan primary host-association: 20
Administrative private-vlan secondary host-association: 30
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: 1
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: (20,30)
7. Are all of the private VLAN interfaces assignments correct? ___________________
Step 22 Assign interface 2/7 as the promiscuous port for your VDC pod.
N7K11-pod1(config)# interface ethernet 2/7
N7K11-pod1(config-if)# switchport mode private-vlan ?
host Port mode pvlan host
promiscuous Port mode pvlan promiscuous
trunk Private-vlan trunk promiscuous
N7K11-pod1(config-if)# switchport mode private-vlan promiscuous ?

<CR>
N7K11-pod1(config-if)# switchport mode private-vlan promiscuous

N7K11-pod1(config-if)# switchport private-vlan ?
association Private vlan trunk association
host-association Set the private VLAN host association
mapping Set the private VLAN trunk promiscuous mapping
trunk Set the private vlan trunking configuration
N7K11-pod1(config-if)# switchport private-vlan mapping ?

<1-3967,4048-4093> Primary private VLAN
trunk Private-vlan trunk promiscuous
N7K11-pod1(config-if)# switchport private-vlan mapping 20 ?

<1-3967,4048-4093> Secondary VLAN IDs
add Add a VLAN to private VLAN list
remove Remove a VLAN from private VLAN list
N7K11-pod1(config-if)# switchport private-vlan mapping 20 30,40,50,70

N7K11-pod1(config-if)# show interface ethernet 2/7 switchport
Name: Ethernet2/7
Switchport: Enabled
Switchport Monitor: Not enabled
Operational Mode: Private-vlan promiscuous
Access Mode VLAN: 20 (PRIMO)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: 1-3967,4048-4093
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: 20
Administrative private-vlan secondary mapping: 30,40,50,70
Administrative private-vlan trunk native VLAN: 1
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: (20,30) (20,40) (20,50) (20,70)
Step 23 Assign a switched virtual interface to enable routing between private VLANs.
N7K11-pod1(config)# feature interface-vlan
N7K11-pod1(config)# interface vlan 20
N7K11-pod1(config-if)# private-vlan mapping 30, 40, 50, 70
Step 24 View the spanning-tree topology.
N7K11-pod1# show spanning-tree root
Root Hello Max Fwd

Vlan Root ID Cost Time Age Dly Root Port
---------------- -------------------- ------- ----- --- --- ----------------
VLAN0001 32769 000d.ecb4.457c 2 2 20 15 Ethernet2/3
VLAN0020 32788 0022.5579.f742 2 2 20 15 Ethernet2/1
VLAN0030 32798 0022.5579.f742 2 2 20 15 Ethernet2/1

VLAN0040 32808 0022.5579.f742 2 2 20 15 Ethernet2/1
VLAN0050 32818 0022.5579.f742 2 2 20 15 Ethernet2/1
VLAN0070 32838 0022.5579.f742 2 2 20 15 Ethernet2/1
8. Is the spanning-tree topology for private VLANs different than VLAN 1?
9. Which VDC is acting as the root bridge?

_________________________________________
10. What is the root bridge ID?

___________________________________________________
Task 3: Configure MST

In this task you will become familiar with the proper configuration of MST, its interoperability
with the default Cisco NX-OS loop avoidance scheme PVST+, and you will view and modify
spanning tree topologies.
Activity Procedure
Step 1 Connect to your N7K11-podX (where X is your pod number).
Step 2 Issue the show spanning-tree root command.

N7K11-pod1# show spanning-tree root
Step 3 Log the results in the table below.
Vlan Root ID Root Hello Max Fwd Root Port

Cost Time Age Dly
Step 4 Within a VDC, either PVST+ or MST may be running, but not both. Enter MST
configuration mode and specify the name according to the following table:
Switch VDC MST Name
N7K11 N7K11-POD1 region1
N7K11-POD2 region1
N7K11-POD3 region2
N7K12 N7K12-POD1 region1

N7K12-POD2 region2
N7K12-POD3 region2
Note You must configure your both assigned VDC, on N7K11 and N7K12 according to the
information above
N7K11-pod1# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7K11-pod1(config)# spanning-tree mode mst
N7K11-pod1(config)# spanning-tree mst configuration
N7K11-pod1(config-mst)# name REGION1
N7K11-pod1(config-mst)# exit
Note Repeat above step on the second VDC
Note Important: MST configuration changes become effective after exiting the specific
configuration context.
Step 5 Verify that MST is running within your VDC.

N7010-C1-C1-Pod1-Red(config-mst)# show spanning-tree mst
N7K11-pod1(config)# show spanning-tree mst
##### MST0 vlans mapped: 1-4094

Bridge address 0024.f714.c242 priority 32768 (32768 sysid 0)
Root this switch for the CIST
Regional Root this switch
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20

---------------- ---- --- --------- -------- --------------------------------
Eth1/3 Desg FWD 20000 128.131 P2p
Eth2/1 Root FWD 2000 128.257 P2p
Eth2/2 Altn BLK 2000 128.258 P2p
Eth2/3 Desg FWD 2000 128.259 P2p
Eth2/5 Desg FWD 2000 128.261 P2p
11. What is the bridge priority? __________________________________________________
12. Which interface cost method does MST use? _____________________________________
Step 6 Assign the MST instance id =1 for VLANs 1 and 20. Assign the MST instance id =2
for VLANs 30, 40, 50, and 70.
N7K11-pod1(config-mst)# instance 1 vlan 1,20
N7K11-pod1(config-mst)# instance 2 vlan 30,40,50,70
Note You will receive the following error message:

ERROR:
These secondary VLANs are not mapped to the same instance as their primary VLANs: 30,
40, 50, 70.
MST configuration requires that primary and secondary VLANs be assigned to the same
MST instance.

Step 7 Verify the two separate MST instances and their VLAN assignments.
N7K11-pod1(config)# show spanning-tree mst
##### MST0 vlans mapped: 2-19,21-29,31-39,41-49,51-69,71-4094

Root address 0022.5579.f742 priority 32768 (32768 sysid 0)
port Eth2/1 path cost 0
Regional Root address 0022.5579.f742 priority 32768 (32768 sysid 0)
internal cost 2000 rem hops 19
Operational hello time 2 , forward delay 15, max age 20, txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max hops 20

---------------- ---- --- --------- -------- --------------------------------
Eth1/3 Desg FWD 20000 128.131 P2p
Eth2/1 Root FWD 2000 128.257 P2p
Eth2/2 Altn BLK 2000 128.258 P2p
Eth2/3 Desg FWD 2000 128.259 P2p
Eth2/5 Desg FWD 2000 128.261 P2p
##### MST1 vlans mapped: 1,20

port Eth2/1 cost 2000 rem hops 19

---------------- ---- --- --------- -------- --------------------------------
Eth1/3 Desg FWD 20000 128.131 P2p
Eth2/1 Root FWD 2000 128.257 P2p
Eth2/2 Altn BLK 2000 128.258 P2p
Eth2/3 Desg FWD 2000 128.259 P2p
Eth2/5 Desg FWD 2000 128.261 P2p
##### MST2 vlans mapped: 30,40,50,70

port Eth2/1 cost 2000 rem hops 19

---------------- ---- --- --------- -------- --------------------------------
Eth2/1 Root FWD 2000 128.257 P2p
Eth2/2 Altn BLK 2000 128.258 P2p
Eth2/3 Desg FWD 2000 128.259 P2p
Eth2/5 Desg FWD 2000 128.261 P2p
13. Is the root bridge the same for each MST instance? _______________________________
14. If so, what is the bridge ID? ___________________ If not, what are the two bridge IDs?
Step 8 Assure that the primary and secondary VLANs within your VDC are assigned to the
same MST instance.
N7K11-pod1(config-mst)# private-vlan synchronize
Note Remember to issue the exit command while in MST configuration context to assure that the
commands are successfully compiled.
Note Repeat above step on the second VDC.
Step 9 Verify that Step 7 was successful.
N7K11-pod1# show spanning-tree mst
##### MST0 vlans mapped: 2-19,21-29,31-39,41-49,51-69,71-

4094
Bridge address 0024.f714.c242 priority 32768
(32768 sysid 0)
Root address 0022.5579.f742 priority 32768
(32768 sysid 0)
port Eth2/1 path cost 0
Regional Root address 0022.5579.f742 priority 32768
(32768 sysid 0)
internal cost 2000
rem hops 19
Operational hello time 2 , forward delay 15, max age 20,
txholdcount 6
Configured hello time 2 , forward delay 15, max age 20, max
hops 20

---------------- ---- --- --------- -------- ----------------
Eth1/3 Desg FWD 20000 128.131 P2p
Eth2/1 Root FWD 2000 128.257 P2p
Eth2/2 Altn BLK 2000 128.258 P2p
Eth2/3 Desg FWD 2000 128.259 P2p
Eth2/5 Desg FWD 2000 128.261 P2p
##### MST1 vlans mapped: 1,20,30,40,50,70

Bridge address 0024.f714.c242 priority 32769
(32768 sysid 1)
Root address 0022.5579.f742 priority 32769
(32768 sysid 1)
port Eth2/1 cost 2000
rem hops 19

---------------- ---- --- --------- -------- ---------------
Eth1/3 Desg FWD 20000 128.131 P2p
Eth2/1 Root FWD 2000 128.257 P2p
Eth2/2 Altn BLK 2000 128.258 P2p
Eth2/3 Desg FWD 2000 128.259 P2p
Eth2/5 Desg FWD 2000 128.261 P2p
Step 10 Assign a revision number to the MST name.
N7K11-pod1(config-mst)# revision 1
Note Repeat this step on the second VDC.
Step 11 View the spanning-tree running configuration.

N7K11-pod1(config-mst)# show running-config spanning-tree
name REGION1
revision 1
instance 1 vlan 1,20,30,40,50,70
Task 4: Configure Port Channels and Enable UDLD and Bridge

Assurance
In this task you will configure Layer 2 port channels between the VDCs in both Cisco Nexus
7010 Switches and enable UDLD and Bridge Assurance.
Activity Procedure
Step 1 Connect to your assigned N7K11-podX (where X is your pod number).
Step 2 Create a port channel from within your VDC pod.

N7K11-pod1(config)# interface port-channel 1
N7K11-pod1(config-if)# switchport
N7K11-pod1(config-if)# switchport mode trunk
Step 3 Verify that the port channel exists.

N7K11-pod1(config-if)# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
------------------------------------------------------------------------------
1 Po1(SD) Eth NONE --
Step 4 Assign both 10 Gigabit Ethernet interfaces within your VDC pod to the port
channel.
N7K11-pod1(config-if)# interface ethernet 2/1-2
N7K11-pod1(config-if-range)# channel-group 1 mode active
LACP process needs to be started before configuring active mode
Step 5 Enable the feature LACP, and then repeat the previous step.
N7K11-pod1(config-if-range)# feature lacp
N7K11-pod1(config)# interface ethernet 2/1-2
N7K11-pod1(config-if-range)# channel-group 1 mode active
Step 6 Verify the port channel configuration and its member interfaces.
N7K11-pod1(config-if-range)# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
------------------------------------------------------------------------------
1 Po1(SU) Eth LACP Eth2/1(P) Eth2/2(P)
Step 7 Specify the bandwidth for the port channel.

N7K11-pod1(config-if)# bandwidth 10000000
Step 8 Enable UDLD on your VDC pod.
N7K11-pod1(config)# feature udld
N7K11-pod1(config)# udld aggressive
Step 9 Verify UDLD configuration and view neighbors.

N7K11-pod1# show udld neighbors
Port Device Name Device ID Port ID Neighbor State
--------------------------------------------------------------------------
Ethernet2/1 TBM12378178 1 Ethernet2/1 bidirectional
Ethernet2/2 TBM12378178 1 Ethernet2/2 bidirectional
Step 10 Enable Spanning Tree Bridge Assurance within your VDC pod.
N7K11-pod1(config)# spanning-tree bridge assurance
N7K11-pod1(config)# show spanning-tree summary
Switch is in mst mode (IEEE Standard)
Root bridge for: none
Port Type Default is disable
Edge Port [PortFast] BPDU Guard Default is disabled
Edge Port [PortFast] BPDU Filter Default is disabled
Bridge Assurance is enabled
Loopguard Default is disabled
Pathcost method used is long
PVST Simulation is enabled
Name Blocking Listening Learning Forwarding STP Active

------------------- -------- --------- -------- ---------- ----------
MST0000 0 0 0 4 4
MST0001 0 0 0 4 4
---------------------- -------- --------- -------- ---------- ----------
2 msts 0 0 0 8 8
Step 11 Create a checkpoint named LAB3.

Answer Key
The correct answers and expected solutions for the activities that are described in this guide
appear here.
Lab 3 Activity Verification

Upon completing this lab exercise, your VDC pod running configuration should look similar to
the following:
version 5.0(3)
feature telnet
feature private-vlan
feature udld
feature interface-vlan
feature lacp
username admin password 5 $1$LVQxygTs$YR.oO8KhXrNMIb9Vt51YH0 role vdc-admin

ip domain-lookup
switchname pod1
logging event link-status default
snmp-server user admin vdc-admin auth md5 0xffc46dea7a4eb4c1d792c71bc5549043
priv 0xffc46dea7a4eb4c1d792c71bc5549043 localizedkey
vrf context management

ip route 0.0.0.0/0 10.2.8.1
vlan 1
vlan 20
name PRIMO
private-vlan primary
private-vlan association 30,40,50,70
vlan 30
name LONER
private-vlan isolated
vlan 40
name MOE
vlan 50
name LARRY
vlan 70
name SHEMP
name REGION1
revision 1
instance 1 vlan 1,20,30,40,50,70
udld aggressive
interface Vlan1
interface Vlan20
private-vlan mapping 30,40,50,70
interface port-channel1
switchport
bandwidth 20000000
interface Ethernet1/1
switchport
switchport private-vlan host-association 20 30
no shutdown
switchport
no shutdown
description p1-65k
switchport
no shutdown
switchport
no shutdown
switchport
no shutdown
description N7K12-e2/1
switchport
bandwidth 10000000
channel-group 1 mode active
no shutdown
description N7K12-e2/2
switchport
bandwidth 10000000
channel-group 1 mode active
no shutdown
switchport
no shutdown
switchport
no shutdown
switchport
no shutdown
switchport
no shutdown
switchport
switchport mode private-vlan promiscuous
switchport private-vlan mapping 20 30,40,50,70
no shutdown

switchport
no shutdown
interface mgmt0
no snmp trap link-status
ip address 10.2.8.17/24
When you complete this activity, your answers will be similar to the results here, with
differences that are specific to your device or workgroup:
1. Yes
2. The short method
3. The completed table is shown here (will differ per pod).
Switch VDC Interface Role Status Priority
N7K11-pod1 pod1 eth 1/3 Desg Fwd 128

eth 2/1 Desg Fwd 128
eth 2/3 Root Fwd 128
4. Depends on the pod
5. Yes
6. No
7. There is no command available.
8. Yes
9. N7K12-pod1, VDC ID 2 (pod1) (may depend on the pod)
10. depends on the pod001b.54c2.c0c2
11. 32768
12. The long method
13. Yes
14. Depends on the pod

Lab 3: Layer 2 Switching: DCNI-2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lab 3: Layer 2 Switching: DCNI-2

Uploaded by

Copyright:

Available Formats

DCNI-2

Lab 3: Layer 2 Switching

eth 1/13 eth 1/13

2009 Cisco Systems, Inc. All rights reserved. DCNI-2 v3.01-1

2009 Cisco Systems, Inc. Lab Guide 3

2009 Cisco Systems, Inc. Lab Guide 5

N7K11-pod1# show interface brief

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Interface Role Sts Cost Prio.Nbr Type

3. Complete the following table.

Switch VDC Interface Role Status Priority

N7K11 pod eth 1/

4. Which switch/VDC is the root bridge for VLAN 1?

Step 7 Determine the number of spanning instances running.

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

2009 Cisco Systems, Inc. Lab Guide 7

Interface Role Sts Cost Prio.Nbr Type

Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)

Interface Role Sts Cost Prio.Nbr Type

Step 9 View the spanning tree status.

6. Has VLAN 10 a spanning tree instance? ______________________

VLAN Name Status Ports

Remote SPAN VLANs

Primary Secondary Type Ports

2009 Cisco Systems, Inc. Lab Guide 9

N7K11-pod1(config)# feature private-vlan ?

VLAN Name Status Ports

Remote SPAN VLANs

Primary Secondary Type Ports

VLAN Name Status Ports

Remote SPAN VLANs

Primary Secondary Type Ports

VLAN Name Status Ports

Remote SPAN VLANs

Primary Secondary Type Ports

2009 Cisco Systems, Inc. Lab Guide 11

N7K11-pod1(config-vlan)# private-vlan association 30,40,50,70

Step 19 Assign the following interfaces to your secondary VLANs.

30 eth 1/1-2 eth 2/7

N7K11-pod1(config-if)# switchport mode private-vlan promiscuous ?

N7K11-pod1(config-if)# switchport mode private-vlan promiscuous

N7K11-pod1(config-if)# switchport private-vlan mapping ?

N7K11-pod1(config-if)# switchport private-vlan mapping 20 ?

N7K11-pod1(config-if)# switchport private-vlan mapping 20 30,40,50,70

Root Hello Max Fwd

2009 Cisco Systems, Inc. Lab Guide 13

9. Which VDC is acting as the root bridge?

10. What is the root bridge ID?

Task 3: Configure MST

Step 2 Issue the show spanning-tree root command.

Step 3 Log the results in the table below.

Vlan Root ID Root Hello Max Fwd Root Port

N7K12 N7K12-POD1 region1

Note Repeat above step on the second VDC

Step 5 Verify that MST is running within your VDC.

##### MST0 vlans mapped: 1-4094

Interface Role Sts Cost Prio.Nbr Type

12. Which interface cost method does MST use? _____________________________________

Note You will receive the following error message:

2009 Cisco Systems, Inc. Lab Guide 15

##### MST0 vlans mapped: 2-19,21-29,31-39,41-49,51-69,71-4094

Interface Role Sts Cost Prio.Nbr Type

##### MST1 vlans mapped: 1,20