Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Services VDC sandwitch

Hi All, I've 2 Nexus 7009 chassis, configured both into agg and Core each.

I would like to Connect a palo Alto Firewall in Transparent mode, I found that the recommended solution is to Configure a sub-agg layer from the AGG(VDC sandwitch).

I can't find how to configure the sandwitch VDC, anybody can help.

Also, will I create peer-links or peer keep-alives for the New sub-aggs

my AGG-1 configuration is below and the Same config on AGG-2, and the required design is attached.

N7K1-Agg1#sh run

ntp distribute

ntp server 10.10.50.6 use-vrf management

ntp commit

ip route 0.0.0.0/0 10.10.50.1

ip route 10.254.254.21/32 10.10.50.241

vrf context management

  ip route 0.0.0.0/0 192.168.77.1

vlan 1,3,10,32,50-52,55-56,66,70,77,98,101-114,120,125,130,140,150,163,172,300,600,700,800,900-903,1101-1102,1104-1107,1109-1110,111

5,1163

spanning-tree domain 2

spanning-tree vlan 3,10,32,50-51,55-56,98,101-115,120,130,150,163,300,600,700,800,900-903,1101-1102,1104-1105,1107,1109-1110,1115,11

63 priority 0

service dhcp

ip dhcp relay

vpc domain 2

  peer-switch

  peer-keepalive destination 192.168.77.74 source 192.168.77.73

  peer-gateway

  auto-recovery

interface Vlan1

  no ip redirects

  ip address 192.168.1.31/24

  no ipv6 redirects

  description Native and Management Vlan

  no shutdown

interface Vlan3

  no ip redirects

  ip address 192.168.3.31/24

  no ipv6 redirects

  description NAC Server Vlan

  no shutdown

interface Vlan10

  no ip redirects

  ip address 10.10.10.4/24

  no ipv6 redirects

  description Exchange DAG Vlan

  no shutdown

interface Vlan50

  no ip redirects

  ip address 10.10.50.231/24

  no ipv6 redirects

  description Sukari Servers Vlan

  no shutdown

interface Vlan51

  no ip redirects

  ip address 10.10.51.231/24

  no ipv6 redirects

  description MSA Storage and iLO Server Vlan

  no shutdown

interface Vlan52

  no ip redirects

  ip address 10.10.52.12/24

  no ipv6 redirects

  description Sukari WFE02

  no shutdown

interface Vlan55

  no ip redirects

  ip address 10.10.55.12/24

  no ipv6 redirects

  no shutdown

interface Vlan70

  ip address 10.10.70.231/24

  description Jersey Network

  no shutdown

interface Vlan77

  no ip redirects

  ip address 192.168.77.4/24

  no ipv6 redirects

  description Nexus Management Vlan

  no shutdown

interface Vlan98

  no ip redirects

  ip address 192.168.98.31/23

  no ipv6 redirects

  hsrp 1

    priority 255

    ip 192.168.98.1

  ip dhcp relay address 10.10.50.5

  ip dhcp relay address 10.10.50.6

  description Wireless Vlan

  no shutdown

interface Vlan101

  no ip redirects

  ip address 192.168.101.31/24

  no ipv6 redirects

  hsrp 1

    priority 255

    ip 192.168.101.1

  ip dhcp relay address 10.10.50.5

  ip dhcp relay address 10.10.50.6

  description Construction, Power Station and LV Vlan

  no shutdown

interface Vlan102

  no ip redirects

  ip address 192.168.102.31/24

  no ipv6 redirects

  hsrp 1

    priority 255

    ip 192.168.102.1

  ip dhcp relay address 10.10.50.5

  ip dhcp relay address 10.10.50.6

  description new admin office

  no shutdown

interface Vlan104

  no ip redirects

  ip address 192.168.104.31/24

  no ipv6 redirects

  hsrp 1

    priority 255

    ip 192.168.104.1

  ip dhcp relay address 10.10.50.5

  ip dhcp relay address 10.10.50.6

  description Clinic and kitchen

  no shutdown

interface Vlan105

  no ip redirects

  ip address 192.168.105.31/24

  no ipv6 redirects

  hsrp 1

    priority 255

    ip 192.168.105.1

  ip dhcp relay address 10.10.50.5

  ip dhcp relay address 10.10.50.6

  description Security office

  no shutdown

interface Vlan106

  no ip redirects

  ip address 192.168.106.31/24

  no ipv6 redirects

  hsrp 1

    priority 255

    ip 192.168.106.1

  ip dhcp relay address 10.10.50.5

  ip dhcp relay address 10.10.50.6

  description Underground

  no shutdown

interface Vlan107

  no ip redirects

  ip address 192.168.107.31/24

  no ipv6 redirects

  hsrp 1

    priority 255

    ip 192.168.107.1

  ip dhcp relay address 10.10.50.5

  ip dhcp relay address 10.10.50.6

  description Warehouse and supply

  no shutdown

interface Vlan108

  no ip redirects

  ip address 10.10.11.5/24

  no ipv6 redirects

  description QuesCom Vlan

  no shutdown

interface Vlan109

  no ip redirects

  ip address 192.168.109.31/24

  no ipv6 redirects

  hsrp 1

    priority 255

    ip 192.168.109.1

  ip dhcp relay address 10.10.50.5

  ip dhcp relay address 10.10.50.6

  description Lab and plant maintenance

  no shutdown

interface Vlan110

  no ip redirects

  ip address 192.168.110.31/24

  no ipv6 redirects

  hsrp 1

    priority 255

    ip 192.168.110.1

  ip dhcp relay address 10.10.50.5

  ip dhcp relay address 10.10.50.6

  description Process, mining and geology

  no shutdown

interface Vlan111

  no ip redirects

  ip address 192.168.111.31/24

  no ipv6 redirects

  hsrp 1

    priority 255

    ip 192.168.111.1

  ip dhcp relay address 10.10.50.5

  ip dhcp relay address 10.10.50.6

  description IP Phones Vlan

  no shutdown

interface Vlan112

  no ip redirects

  ip address 192.168.112.31/24

  no ipv6 redirects

  hsrp 1

    priority 255

    ip 192.168.112.1

  ip dhcp relay address 10.10.50.5

  ip dhcp relay address 10.10.50.6

  description Contractors

  no shutdown

interface Vlan113

  no ip redirects

  ip address 192.168.113.31/24

  no ipv6 redirects

  hsrp 1

    priority 255

    ip 192.168.113.1

  ip dhcp relay address 10.10.50.5

  ip dhcp relay address 10.10.50.6

  description Bedouin Camp

  no shutdown

interface Vlan114

  no ip redirects

  ip address 192.168.114.31/24

  no ipv6 redirects

  hsrp 1

    priority 255

    ip 192.168.114.1

  ip dhcp relay address 10.10.50.5

  ip dhcp relay address 10.10.50.6

  description North Camp Vlan

  no shutdown

interface Vlan120

  no ip redirects

  ip address 192.168.120.31/24

  no ipv6 redirects

  description Old ASA Vlan

  no shutdown

interface Vlan125

  no ip redirects

  ip address 192.168.125.4/24

  no ipv6 redirects

  description IPS Vlan

  no shutdown

interface Vlan130

  no ip redirects

  ip address 192.168.130.31/24

  no ipv6 redirects

  description New ASA vlan

  no shutdown

interface Vlan140

  no ip redirects

  ip address 192.168.140.31/24

  no ipv6 redirects

  description 1MB Internet Vlan

  no shutdown

interface Vlan172

  no ip redirects

  ip address 172.16.0.231/24

  no ipv6 redirects

  no shutdown

interface Vlan600

  no ip redirects

  ip address 41.33.160.114/24

  no ipv6 redirects

  description Internet 5MB Vlan

  no shutdown

interface Vlan800

  no ip redirects

  ip address 41.33.165.64/24

  no ipv6 redirects

  description Internet 1MB Vlan

  no shutdown

interface Vlan901

  no ip redirects

  ip address 192.168.91.31/24

  no ipv6 redirects

  description VPN 0.5MB Vlan

  no shutdown

interface Vlan902

  no ip redirects

  ip address 192.168.92.31/24

  no ipv6 redirects

  description VPN 1.5MB Vlan

  no shutdown

interface Vlan903

  no ip redirects

  ip address 192.168.93.31/24

  no ipv6 redirects

  no shutdown

interface port-channel1

  description Port Channel for Core Switches

  switchport mode trunk

  spanning-tree port type network

  vpc 1

interface port-channel20

  description Port Channel for Agg Switches

  switchport mode trunk

  spanning-tree port type network

  vpc peer-link

interface port-channel705

  description Port Channel for Operation Switches

  switchport mode trunk

  vpc 705

interface port-channel706

  description Port Channel for Supply Switches

  switchport mode trunk

  vpc 706

interface port-channel707

  description Port Channel for Construction Switches

  switchport mode trunk

  vpc 707

interface port-channel708

  description Port Channel for Security Switches

  switchport mode trunk

  vpc 708

interface port-channel709

  description Port Channel for Lab Switches

  switchport mode trunk

  vpc 709

interface port-channel710

  switchport mode trunk

  spanning-tree port type network

  vpc 710

interface Ethernet3/29

  description Connected to N7K2-Agg Port Eth3/29

  switchport mode trunk

  channel-group 20 mode active

  no shutdown

interface Ethernet3/30

  description Connected to N7K2-Agg Port Eth3/30

  switchport mode trunk

  channel-group 20 mode active

  no shutdown

interface Ethernet3/31

  description Connected to N7K1-Core Port Eth3/3

  switchport mode trunk

  channel-group 1 mode active

  no shutdown

interface Ethernet3/32

  description Connected to N7K1-Core Port Eth3/4

  switchport mode trunk

  channel-group 1 mode active

  no shutdown

interface Ethernet3/33

  description Connected to N7K2-Core Port  Eth3/5

  switchport mode trunk

  channel-group 1 mode active

  no shutdown

interface Ethernet3/34

  description Connected to N7K2-Core Port  Eth3/6

  switchport mode trunk

  channel-group 1 mode active

  no shutdown

interface Ethernet3/35

  no shutdown

interface Ethernet3/36

  switchport mode trunk

  channel-group 710 mode active

  no shutdown

interface Ethernet3/37

  no shutdown

interface Ethernet3/38

  no shutdown

interface Ethernet3/39

  description Connected to OPER-SW24-E Port Gig0/1

  switchport mode trunk

  spanning-tree port type network

  channel-group 705 mode active

  no shutdown

interface Ethernet3/40

  description Connected to Supply-SW24-B Port Gig0/1

  switchport mode trunk

  spanning-tree port type network

  channel-group 706 mode active

  no shutdown

interface Ethernet3/41

  description Connected CONS-24SW-B Port Gig0/2

  switchport mode trunk

  spanning-tree port type network

  channel-group 707 mode active

  no shutdown

interface Ethernet3/42

  description Connected to SEC-SW24-A Port Gig0/2

  switchport mode trunk

  spanning-tree port type network

  channel-group 708 mode active

  no shutdown

interface Ethernet3/43

  description Connected to Lab-SW24-B Port Gig0/2

  switchport mode trunk

  spanning-tree port type network

  channel-group 709 mode active

  no shutdown

interface Ethernet3/44

  no shutdown

interface Ethernet3/45

  no shutdown

interface Ethernet3/46

  no shutdown

interface Ethernet3/47

  no shutdown

interface Ethernet3/48

  no shutdown

interface mgmt0

  description Connected to SUK-Core-SW2 Port Gig0/11

  vrf member management

  ip address 192.168.77.73/24

logging logfile messages 6

logging server 10.10.50.3 5 use-vrf management

line vty

Regards,

Maher

580
Views
0
Helpful
0
Replies