Cisco Nexus Switches in High Availability, VPC, VTP, STP, HSRP Practically

1. Introduction: Hello and welcome to my course on access switches in high availability. My name is Habib that Korea. And in this course I'll be teaching you all the network services required to configure and implement high availability between two coordinate axes switches. The course is practical in nature, and I'll be showing you step-by-step configuration and testing of high availability features. In my design. My design is simple but yet very practical, and it's being used in all data centers as well as enlarge organization might design will comprise of a core switch one and of course switch to and connecting down will be an excess, excess switch that we will be using for testing reason. I'll be talking about virtual private or port channel, which is VPC. And I will be talking about the steps that are required to configure VPC and the network. The features I'll be discussing about VTE P, S VI implementation. And I will also talk about rapid spanning tree. And I will show you how to configure rapid spanning tree, imbalanced the V lands between the two core switches. And finally, I'll be showing you how to configure MSRP and real sense. Thank you and I hope you will enjoy the course. See you in my class. 2. Chapter 1 - VPC Design: Let's look at our design here we have two core switches. As you can see, a core switch, one core switch to, in order for them to behave as one entity, there is something known as VPC, and this is what we will configure a VPC configuration for the two core switches. And we will link them together using pair lengths. And there will be a link as well known as peer keep alive link. We will do this configuration. This configuration will apply. And eventually, when t is two, pair switches behave as one entity for the access naught switches. Then you can basically connect the access nodes which is in this image are in this design. You have another Nexus switch. This link that's going down to the nexus to K5, K or even seven case, which is our known as fabric extenders. So one link will come from one core and another link will come from the second core, giving it a back bone link of 20 gig. As you can see. It's very fast connection, which is great. You can also replace this switch if you don't have an access which directly with the server. So the server will have one connection to the core, another connection to the second core. And this way, this server will have 20 gig connection. User will always connect to an access switch. As you know, that's why I proposed an access switch here. And this makes it easy for us to understand this topology. Let's say you are an ISP and you have, you have a data center. So what you do is you give one switch to one client and then you can extend this network by adding more access, which is an extending the links to those other access switches and growing your environment that way. I hope this clarifies the design here. So let's proceed. So we will proceed with chapter one, which is basically above virtual port channel VPC. And here in the picture is the same type of network design that I proposed. Vpc primary, VPC secondary, these are the roles that these switches. Once you establish the VPC and you establish the roles for these switches, the only link that you would see is the peer keep alive. That will be basically acknowledging and sinking the database of the control plane between the two. Now this type of technology has something known as split-brain. In order to avoid this brain, there is a synchronization that happens from the primary to secondary. As I mentioned also part of the VPC is also extending the fabric to other nexus switches by making those ports that are connecting down to the switches in the downstream as member VPC ports and creating an EtherChannel here, or a port channel at the length of the access node switches. Same thing if you look at a, at a server and if you want to connect to server, then you can do dual links. The server to do primary and the secondary switch. You can also have single link to either of the servers. So it all depends on how much Ethernet connections you'll need to plug to the node. And this will be the design of data center environment. So we did look at the design and we do understand the components. And we did talk about the core switches and access is definitely this, which is that we will be using. We need to create a VPC channel, VPC domain, and VPC link between the two core switches. For successful implementation, VPC need to be defined and VPC domain will need to be defined. Peer link will need to be defined and peer keep alive and need to be configured. This is a multi-channel says EtherChannel technology, and it only supports ten gig ethernet ports. It's a layer to stand. 3. Nexus Lab Part 1: Hello again. This is your host Habib that Korea, and this is our first lab in our next course. Now in front of you is the design that I have already mentioned. And I have shared with you the details. So we have to core switches and I'm assuming course which one could be in the same data center or it could be in a different indifferent server room and course which two could be in another server room. Sometimes when it comes to manufacturing environment. One course which will be actually at the office site, and another course which will be at the plant side, for example, there will be a fiber link between the two core switches. And those fiber links will be using either single mode or multi-mode connections with SFP transceivers. Please do look into those details in and you can find a lot of information of the type of the transceiver that you could be using for nexus, the ones that I use are the SFPE with ten connections and those are LC to LC connection. So, and so for the purpose of this course, I have already selected the interfaces. The red line here is basically a connection to the management port from course which one to course which two? And management port is usually also known as the heartbeat link. And this link could be RJ45, cat sex or cat six a. That's what's recommended. And if you don't have an Ethernet connection between the two, then you have fiber, then you can choose any of the other fiber ports. But for the purpose of this course, I'm going to use in the management port for, for the VPC, keep alive appear keep a live link. The two blue cables will be Ethernet one and eating it too. That's what the connections are going to go from. And also encode two. So I will bring up the course one and course which two side-by-side and we will configure them together. Sounds good. Okay, let's start. So this is course which one? I think it's a may have already rebooted. And this is core switch to we just have to give it a name and configured them side-by-side. This way, it's clear what we're doing is happening at the same time between the two. You don't have to do them side-by-side. If you are on-site trying to configure it, you can complete one configuration on one switch and then go to the second switch and configure it the same way. The other point I wanted to tell you is because right now we don't know what V land. Are we going to assign the server, the servers, and the users. So I will be giving a VLAN 102999 V lands to pass through the ether channel ports between the two course, which is VLAN ten, I will make it to be the villain for the domain controller. Villa Antoinette will be the villain for the users. And V land 999 will be basically the native VLAN. Okay, so let's start with course which one? The first screen. The first message that comes when you boot an access switch is if you want to go into auto provisioning. So make sure you always say you want to abort it here. And same thing on the other switch as well here I'll say yes, please abort that. Then after that, it asks you to give a password to the admin account that it has it has built in. And please make sure that you give it a password that is suitable, up to eight characters long. And it shouldn't be based on based on a dictionary password, please. It asks you if you want to enter the basic configuration, just say No. Alright, so we will login into the course, which now we have the password with us and mean the same thing, the other one too. Okay. Let's give it a host name. Now one thing you have to know is in excess switches, you have to add the features that you want to use. These features are usually enabled through base license and you have to basically activate those features. And the way you, they are disabled actually. But as long as your base license supports it, then you will be able to enable those features. So the first feature that we will enable is feature VPC. Let's go ahead and enable it on boat. And the second feature that I like to enable is the LACP. The both features are enabled. Now we have already, according to our design, we have already have a VPC domain designed here, and we have given it a number which is VPC domain one. And that's exactly what we can put in here. Apologize, I have to basically have this up here so it's a line of sight for me. So let's add the VPC domain. Now that part is done. Now, let's actually exit this for a bit. I just wanted to give an IP address to the management interface and so that we are clear. So we have, so show interface status. If you look at the interfaces, we have a management interface 0, which shows it is connected because the link is connected and this interface is routed, right? So same thing here, show interface status. Can say it's, it's, it's connected and routed. But that doesn't mean this interface will be part of the overall routing table of the, of the, of the campus network. But because if you do show run interface, MGMT 0, you will see it's under a different VRF member contexts member, which is the VRF member management. That's the, that's the VRF that It's part of. So we will leave it as it is. It's good to know that it's part of a VRF contexts called management. So let's go into the interface and let's assign it an IP address of slashed 30, which is, let's give it a slash 30. The good thing about next as is you can actually give it a slash t instead of typing the whole subnet mask. Let's do a normal shot. Now this part is done. Exit out. Now we will configure the peer keep alive. So let's go back to the VPC domain. So the command is peer, keep alive. And then you will put the destination. The destination will be the management IP of or switch two, which is going to be a hundred, two hundred, two hundred da2. Here. We'll do the same. Here. Keep alive destination. Now, there's something that you need to put in here which is the priorities. So there's a system priority check-in system. So it is actually, there is a system priority command, but there is a role priority as well. Let's give it a role priority. The system priority is, should be always the same. And the role priority is different, the lower is better. The switch that has a lower role priority becomes the VPC primary. Let's first deal with the row priority here rule. So I'm assuming that the core switch two, we'll assume the secondary role. So that part is done. So let's exit. Let's exit here. So right now we configured the peer keep alive link and we have actually put in the IP address on the management interface, and we have done the configuration of the peer keep alive. Now, the next step is to go into the peer links and configured them as as a port channel, and then add the pore channel into and add the pore channel into VPC pair link. I hope that I'm explaining it properly here. But let's do this steps interface. Let me try to confirm this, this right. So we went into the poor chap there today, interfaces that will be part of the peer link and we made them trunk and we have allowed these V lands into that trunk. Channel group. We'll call it one mode, active. Same thing here. We can say no shot, can see non-shared. That's exit. Let's exit. Now we have to go into the interface PO 100, which is the pore channel 100. And what we will do is we can say VPC peering link. Vpc Link, don't forget the hyphen. Same thing here. In our shot. Let's save the running config. As we will need more configuration in these two switches. So now that we configured the VPC between the two core switches, there are certain commands that you need to know how to check on the Nexus switches. One is basically show feature. Show feature will show you all the features that are disabled in the Nexus switch, which features enabled, right? So show feature. If you do so, so feature we enable to two features, the VPC and T, LACP. So let's look into the VPC if that is enabled already our LACP. So if you look here, VPC is actually enabled, that's good. And the other one that's usually enabled is the SSH SSH server. That's enabled by default. And I think I saw LACP is enabled. Now if you go through the list of all the protocols that are enabled, these are part of layer two as well as layer three protocols, as you know, the course which can function as a layer two as well as the three switch. So you can see these are i, i as Protocol, LLDP protocol and so forth, OSPF routing protocols and VRP. You will have also MSRP. And all these protocols will need to be enabled if you want to, if you want to use them basically. And the way to do is just put feature name of the protocol. Similarly here on the switch, if I do show feature, the same thing, we have enabled all the features here, not all the features. I mean, LACP as well as VPC is enabled. So that's one. The other command to basically test our check VPC is going to be show VPC brief. This is a very good command. Here you will notice that it says the VPC information will be given here it says configuration consistency failed. Pa link is down. There could be a reason. I don't know what's the reason maybe the port channel 100, I have not enabled that. Show VPC brief. That always happens. But we can basically look at the interfaces and confirm what's the problem. From where p 0, Kim. Let me check the issue and basically investigate a little bit and come back. Okay, So I do see here like the ether Ethernet port one slash one here, we didn't specify the mode is trunk. That happens if you try to do side-by-side configuration? I think I do. I did miss that. Sorry. 4. Nexus Lab Part 2: Okay, I apologize. I have decided actually to reload that switch and put it back into a default settings. The reason is with that previous which I had a switch number two, I had some other configuration into it that was causing the problem, like port channel one was already configured for some other link and pore channel a 100 was configured with some other link with the default trunking. And what I wanted was an LACP. A trunk links or pore channel links that have caused little bit of an issue here. But let's reconfigure switch number two. And hopefully this works this time. Yeah. So let's go ahead. I mean, it's even better this way that we will, we will do it this again, feature LACP. And then let's add feature LACP and feature VPC is added. And now let's go to the interface management 0. Give it an IP address. Let's say No, shut. Give it a VPC domain. Let me, it's a good practice to always exit and just go to the domain VPC, domain one and still appear. Keep alive. Destination. Now, roll. Priority will make it higher than the other one because this switch needs to be secondary in our design. Let's go to the two interfaces here. So these are the two interfaces for the peer links. First thing we will do is give, make them trunk. I always like to save my configuration before proceeding even to the testing. Let's now double-check the interfaces, show interface status just makes sure that the, you can see here the Ethernet one, Ethernet two are now showing us trunk, which is good news. If you look here under pore channel one, It's also trunk, which is good. So that's what we were not getting previously when we configure. 5. Nexus Lab Part 3: Okay, So I have the two switches in front of me now. Now that we recovered the second core switch and we have the VPC configuration redone. Once again, if we look at the configuration of the, of the interfaces show run interface MGMT 0. We only configured an IP address on this interface on both of these switches. And then if you look at interface for channel one, and this will be the configuration interfaces. Ethernet 12 have the same configuration except the pore channel here is assigned role, which is known as VPC peering link and same in core switch to as well. Let's check it. You can see they both have the same interfaces here and the same VPC Link role. We have allowed V land 1102099. Again here below 1102999 is allowed. You don't have to allow VLAN one. If you don't want to. I just added V land one because I have all the interfaces still own VLAN one, so I decided to add it anyway. Now we will go through the through the show features of VPC and just to make sure we are, we are having some good results when it comes to consistency of the VPC. So the first command that's really important is to type show vpc brief. And in here you can see the status of the of the VPC domain. Show VPC brief. And you can see we are getting the same results on both sides. So what's telling us is that the same V lands are in both switches. There is basically a configuration of the VPC here that tells you the result of everything. First thing is the VPC domain on both switches is one, the peer status, which is the adjacency is formed. Okay, That's good. Peer is alive. That's what it's showing. The peer keep alive. Status is alive. Configuration consistencies successful per VLAN consistency successful. Type two consistencies successful VPC role on the first switch is primary. Vpc role on the second switches secondary, which is exactly what we wanted. And peer gateway is disabled and here is also disabled. Graceful consistency check is enabled, auto recovery is enabled, and so on. We will basically keep this as a standard everywhere we go two, and this will be it for VPC and this is done. The other command I wanted to show you is if you type show VPC consistency parameters v Lane. And you can see that all the V lands are here listed and they are all showing success. Results here are successful. Another command that you need to use is show VPC. Statistics. Pair, keep alive. This tells you how much it received inflammation and how much it's been sand. And same thing here, show VPC statistics. Here, keep-alive. You can see that the core switch two is actually averaging around this number. The reason is basically course which one is sending a lot of inflammation to core switch to. That's the reason. But the difference in the the RX and TX is basically the same. The other one is show VPC peer keep alive. This tells you show VPC. Keep alive. This shows you the intervals that timeout intervals to hold time interval, which management is the peer? Keep alive interfaces on which port does it use? It uses the UDP port 3200. And this data is, is successful. This is a very important command to learn and to practice. With this. Actually, we have completed the lab number one. I hope you have enough information to create a VPC domain between two core Nexus switches. And I think I covered pretty much all the configuration that's needed for VPC. 6. Chapter 2 VTP Implementation: Hi again, this is your host Habib, say Korea. And we are starting with Chapter two, which is basically configuration of the next steps that we wanted to do after the VPC. One is basically to configure a BTP domain. V TP domain is basically used to manage V lands. There are different modes of VBP domain. As you know. There is a server mode, there's a client mode and there's a transparent mode. For best practices, we will be using transparent mode. And we will also bring in our third switch, which is going to be our access switch into the picture. And I will apply the same settings for BTP domain and make sure it's also a transparent transparent mode. The other thing we will do is we will configure the trunk links and the access ports. So here in front of the picture we have two links to trunk links for the axis, which one that's going to call one. One is going to quote two, and these will be trunk links for now. And we will also configure the access port. This port will be an access port. This port will be also an access port. So for your convenience, what we will be using from core one is Ethernet port one slash three from here, one slash three from here. And also we will be using on this, which 2s two slash 12 slash two. So we will configure that and we will use any port on this switch. We can use any port. We will give it the access, an access port configuration for the domain controller, server, and also another port for the user. It could be, it can be any port we will see. And I will show you which port we can configure those steps here are going to be also. After that we will be we will be coming up with the SPI configuration, which is the layer three interfaces for the two core switches. And I will show you how you can do this and real real situation. Okay? So let's proceed. I will bring up the console is for course which one? This is course which one? I was just checking if the VPC is good, it's still good. And we have the valence already added, as you know from before. So let's do this. The first thing we need to do is really add a feature which is known as V tp feature, as I mentioned in Nexus switches, you need to keep adding these features that you want to use. So there you go, we added the feature. The other thing we need to do is named the VBP domain. So BTP domain, I will name it CCS, which is basically my company. And the GTP mode, vdp mode is going to be transparent. Maybe it's already transparent. Yes, it's already transparent here. Now, let's bring up the core switch to I change the background color just to have better contrast, white with black. I think it's better that way. It's already transparent. Some of the Nexus switches, you don't have to really mention the BTP operating mode. It's always transfer transparent for best practices reason. Let's bring the access switch and do the same. As you can see, I've already logged in and change the host name to an x underscore access. And now let's add the feature V tp. Now, as you can see in this switch, which is basically a lower-end switch off of Nexus. It it takes the transparent command. And yes, so all the, all the three switches have the same have the same mode, and the domain name is CCS as you can see. So we're good here. I think this is done. We have to add the V lands as well and this switch, so VLAN 102999. That's done. Now that the villains are added in all the switches from SON core one and core two. We have already added the V lands when we were doing the VPC configuration between the two cores and the axis which I just added, the V lands. Now on the course, we want to choose the port that's connecting down to the access switch. So as I mentioned, I will use Ethernet one slash three because that port is available. So let's take that. We have to do the same settings on core switch two. And we have to now move down to the axis, which I believe we chosen the interface to slash 12 slash tools. So in this switch, if you do show interface status, I'm getting different Ethernet port numbering here. It's just how my my NX operating system is and how many modules are added into this switch. Now this is done. We will choose an interface that will be used by user as well as by server. So we can use interface ethernet, two slash 32 slash three, switch port mode. Access. We will use another interface and we can use interface internet to slash ten. This switches little bit different. You have to mention switch port and then enter in order for it to accept. The switch port commands. Most of the catalysts switches with 4 thousand series or 66 thousand or nine. The modular switches are in the same form. You have to basically put switch port in order for it to exit, to accept Layer two switch port commands. So, so far so good, we have completed the. So let's go back to the diagram here. So we have completed the drink links between the core and the access switch. We have completed the access port configuration. So we are done with the first three steps that were required. Now, we will move on to the SPI interfaces, which is the layer, layer three interfaces on the two core switches. So we only need the core one and core two consoles right now. So let me bring up the core one and core two. I usually like to put them side-by-side, but what can I do? This screen is small. So let me just do it this way. I can at least. Yeah. Okay. So we will start with the again, let me exit this part and also exit from the okay. So in order for us to add the SPI in Nexus switches, we have to add a feature and the feature is called interface VLAN. So let's add that. Let's do that in the other one too. So let's start adding the interfaces now. So interface VLAN one and the IP address of the interface VLAN one is going to be 190 to 168 dot one dot 253 slash 24. And over here, we'll do interface VLAN one, IP address 190 to 168 dot 1254 slash 24. And we will do no shot here as well, no shell. And now we will add interface VLAN ten with IP address of 172 dot 16, ten to 53 slash 24 meters. Do know Schadt here. Let's go and create interface VLAN 20 with IP address 72 dot 162253 slash 24. Let me save the conflict as well here. So this is completed. Now, I understand that you'll be asking why did I put 253253, add this or this switch and 254 at the other switch, the last octet of the villa. And the reason is we are going to create a virtual IP for these interfaces that will be common between the two. And the way we will do it is by using SRP, which is the most commonly used protocol to establish a virtual IP between the two core switches. And that will be our next chapter. And moving forward also, we will do something known as spanning tree configuration. And we will go along as we, as we configure this this campus network. Thank you and I'll see you in the next video. 7. Chapter 3 Rapid Spanning Tree: Hello again. This is your host heavy Zachariah, and we are starting with Chapter three, which is all about spanning tree. But before we proceed with spanning tree, we will also need to create layer to port channel between the course, which is an the, the Nexus access switch. And we will make sure that we apply the trunking configuration between the core and the access switch. The other thing we need to do is really create a rapid spanning tree on all these switches. When it comes to Nexus switches, rapid spanning tree is already enabled and it's by default. We will set the root bridge and set the priority between the two switches. And we will configure the spanning tree properly here. Now one thing before I proceed with this spanning tree, if you really want to know in depth all the details about this spanning tree, I have a course that is especially published for CCI is spanning tree that talks about different versions of a spanning tree and its utilization in the current world environment. And I hope that you can, if you have the time to actually go ahead and take that course, just search for my course name, rapid spanning tree, and you should be able to see that are spanning tree in general, CCI is spanning tree and you should able to find it in the Internet or on the web. So let's proceed. I will, just, before I proceed, I'll go back to the previous chapter configurations that we did already. And just to provide you an overview of what we have done already. So first thing first, I'll bring the console here for course, which one? As you know, I have been I've been having trouble with the with the Nexus switches because sometimes the configuration is saved and then once I come back to it, I have some error messages that come up. So It's hard to do this course in one setting and it takes really long time to, to fix any, any issues with the, with the links or with the protocols. But so far so good. So first thing first, if you want to see that show VPC brief, just to make sure that we have the adjacencies between the two core switches and we have one port channel, pore channel, one between them. That's an active. So what we will do is we will create a pore channel ten here as per the, as per the configuration here. The other thing is for best-practice reasons, when you pick up a port that's connecting downstream to an access to another switch or an access switch, either catalyst or an axis, which makes sure the port is always shut down and then apply the trunking and configuration on it. So for that reason, if you look at show run interface, ethernet one slash three, I have already configured Ethernet one slash three that's connecting down to the, to the axis, which at the bottom here. And same thing what I did here is on the course, which two? Let me bring it up. And let me just exit that. And I do show run interface ethernet one slash three. So this is already done as you can see, but it's on a shutdown state, which is good. Now, the other thing we need to check is on the, on the axis which the ports that are connecting to the core one and core two are also configured the same way. So just to make sure the VPC status is transparent and the VPC domain is CCS. So show run. This one I have not configured, I may have configured it in the previous lecture, but for some reason, as I said, I mean, I forgot to either save the configuration or I moved on to something else. But that's no problem. We will configure now Ethernet one slash 11 slash to show V lands. We do have the V lands that are needed bill and 102099 already added into this core into the Nexus switch. So let's go ahead and configure interface. Ethernet one slash one. For best practice, again, make sure it's shot. Makes sure you follow the steps. If you are following. The steps here makes sure that you follow the same steps I'm proceeding here. And what we will do first thing is we will add these two interfaces to a channel group ten, and we'll call it mode active. Now the reason why it's most active is because I added on the Nexus access, which the feature which is LACP, which I've already also done that in the course, which is that's why we have pore channel one configured. Now that this is added, there's nothing else I need to do actually on this side of the switch in terms of trunking. But on this side of the course, which is, I will make sure that the, that the configuration of the let me bring core switch to as well. The two ports here, Ethernet one slash 31 slice three on the boats which are part of a VPC configuration interface. I'm going to add it to a channel group. Ten, more active. Same thing here. So this is done. Now what I need to do is go back to interface. Etherchannel one slash 3M makes sure I do know Sharp. Same thing here. Interface. And do not shut. On this side, we're good. We'll do the same thing on the access switch. Okay, now that we have configured the length side, show interface status and just want to make sure that the interfaces that we configured Ethernet one slash three showing us trunk on this switch as well as on the core switch to I can see it's showing us trunk. The other information that you need to verify as the pore channel, pore channel ton ten is showing us drunk and it's connected as well as on this side as well, pore channel ten and it's showing us trunk and it's connected. And if you look into the Nexus switches, pore channel ten is showing us connected. And if I look into the interface is they're all showing connected. And the other thing is you need to do is show VPC brief and make sure pore channel ten is there and it's successful and it's active at the VPC level as well. So, so far so good. We completed this configuration. I know previously we may have done the configuration, but because we haven't really shut down the Ethernet ports before adding the pore channel configuration that may have caused a little bit of an issue with the VPC. So in this case, we have completed the high availability for the access switch. So let's save the course, which one is down? It's still have a connection to course which two? And that completes the high availability. We have completed the layer two port channel and configure the trunk and access ports between the axis which are, this is one thing we need to do is we configured the trunk, but not the access ports for the domain controller, for the users. I mean domain controller and the user port is just is just as an example, but this could be. This could be UCS environment, this could be attached to a store age and things like that. So let's pick up two ports. Here. I'll pick up port Ethernet, ethernet one slash one slash three for the domain controller and one slash ten for the user. It's better to give access. Vlan ten switch port. I don't think next is really cares about that shot. Interface to one slash tan x plus V line 20. Now you can see there's a lot of difference in the configuration between the nexus and the catalysts, which is WR is not, is not recommended. But you have to type the full command copy running config, startup config just to make sure your configurations always saved. Show interface status. Now, now we have ether. Ether one slash three connected to V line 1081 slash two and connected to V land 20. Okay, So this is done. It's good. So with that I have configured the axis and the trunk ports here. Now we will move on to the rapid spanning tree on the switches. So we know that the configuration of the rapid spanning tissue spanning tree, if you do that, you can tell it's the R, S, T P, which is basically the protocol for rapid spanning tree is already enabled on the access switch on the course, which however, rapid spanning tree is enabled. Show spanning tree is enabled. But one thing we need to really look is the path cost. The path, the path cost for high-speed networks is given here, but this is very high. So we will have to enable the spanning tree for a pack cost method long. So that is basically the way we do it in high-speed networks. There is a command that you need to do which is config T. And you will add spanning tree path cost method long. So we have to add that on both switches. So that's done. The other thing is we need to establish, establish the root bridge for the V lands. And because we want to make sure that the traffic passes to core one and core two and the valence have their own root bridge. What we will do is we will add the, we will make a course. Which one? The root bridge for VLAN 110999. And we will make the root for villain 20. The root bridge will be core switch to. And we'll make sure that that is set. Usually in when comes to network design and you have more than 100 V lands. You take the old V lands for primary one, and you take the even number V lands for and point them and make the a root bridge towards the course, which two? So it's in the similar manner. I'm just taking the valence and changing the priority that way. So spanning tree, VLAN 110 priority. And similarly on course, which two will configure the same way. And we'll just make sure that the, that the priorities are are interchanged. So each switch is backing up the other. That's it for here. I think we have done the configuration. Let's look at the so select the proper route bridge and set the priority. That's how we have actually completed this this configuration. Let me just say Save that. 8. Chapter 4 HSRP Implementation: Hello again and welcome back. We are starting with Chapter four on MSRP. The interesting part about MSRP is it can be configured on Nexus switches as well as on Catalyst core switches. You have seen MSRP probably in your own experience, how it's been implemented and why it is used for SSR P stands for hot standby router protocol. And it is a Cisco proprietary redundancy protocol. And it helps with establishing a unique Virtual IP for default gateway. If you recall, we actually added interface V lands on both course, which is we have given it an IP address. So each of the course which is have the same SPI is, but the interface IPs are different. Over here we have chosen the last octet to be dark to 53. And over here we have chosen the last octet to be 254. So it depends now, what do you want your virtual interface IP to be? So because I'm working in, in different networks, I would like my SVR to have a virtual IP address of the last octet to be ten. For example. You could have dot one, which is basically what everybody uses and it's a common practice. I will forsake of my continuous lab setups. I will use dark tan because I already have one in a different interface. I hope that explains my reason. The other thing is before we proceed, I updated the diagram of the network. And you can see now I have VPC ten linking down to the next as access switch port, port, channel interface of ten That's going between the two links. So this is done. We also configured the access port for the user interface as well as the access configuration for the servers. This could be a domain controller or a UCS environment or any other hardware you want to place in the network. Let's start. We have some tasks to finish your course. Which one course which to make sure our piece configured for all the SPARS. So that's what we will do. So let me bring up the course, which one? So now I have the course which one here? So let's first look at the SVA eyes. I believe it's stuck, but let me come back to it. Okay, this is better. So let's look at the interfaces, show IP interface brief. So as you can see, I have interface VLAN one and the last octet is 253253253. We did configure that. So let's first add the feature. So the feature is added. Now let's go to the interface VLAN 1 first. And we will give it an edge as our P1. You have to make sure you are in the mode of the SRP. To do these configurations. We will give it the, we will give it a unique IP, which is ten. Yeah, it's going to be 190 to 168 dot one dot ten. That's the IP, i1 to be the Virtual IP. And I enter that. Now the other requests that we have here in the task is to make sure that I set the priority on the course, which one to be active. So the priority on the MSRP should be higher than the priority on course, which two? In order for it to act as the active router. Going to give it a 100. And we will use preempt. And we will set a timer. So the reason why the timer is sent to Y is set to 1 second and the delay is three seconds because I want the Hello packets between the two switches to send each other every 1 second. So every 1 second there will be Hello packet exchange between the two switches in case one of the interfaces is down, the other interface and the second switch can become active. So let's do the same thing in the interface, VLAN ten. Now say RP ten, 1610. So now that we configured the course, which one? I'll bring up course which two. And I'm hoping we will do the same configuration. But the only difference is going to be the priority. 1610. Let's do the same thing for the last 20 interface, VLAN 20. Now that this has completed, let's look at the look at the tasks and hopefully we have completed all the tasks here. Make sure all the SVR is our app. So the way we will make sure all the SPI is our app is basically one of the commands that you want to do is show NHS, NHS RP. And you can see that the edge SRP virtual IP interface is 190 to 168 dot one dot ten. And standby router is given, the IP address is given priority, is 910 expires in this seconds. And this is the active router. That's done. The other thing is real and 20 is the same thing. I can see that the virtual IP is given here. Same thing if I go to the core switch and I do show just RP, I will be looking at it and checking if the Virtual IP is the same. The active standby is given here. And it tells you that this time by router is the local router. And same thing here on interface VLAN ten. And I think we have completed the configuration of the SRP and the virtual IP for the D field gateway for the access nodes. 9. Chapter 4 HSRP Testing: Okay, so now we move on to testing the MSRP. And as you can see, I have started testing the SPI for V land one, the virtual interface, which is 190 to 168 dot one dot ten. And I did get a reply. I will start pinging all other SPI for VLAN ten. It's 172 dot 16 dot 1010. And I am getting replies. I'll start pinging the second sci, or the third is VI, which is V line 2172 dot 16 dot 2010. Move on to the next chord, to the second core switch. And now we'll do the same. First, I will ping the SBI for villain one, which is 192168 dot one dot ten SBI for villa and ten now. And yes, I'm getting a reply back. I'll ping the SPI for viola and 20, and yes, I'm getting out of play it back. So that's good. Now I'm going to bring up the terminal here that I have configured under VLAN ten. I'm going to ping the SVR is for villain, villain 20, as you can see, I've already pink that. But I'm going to just repeat that and make sure it's binging. 172 dot 161010. And yes, I'm getting a response. So that's good. As you can see, I'm in the terminal is actually connected to the neck says access switch, which is right at the, at the VPC layer that we have configured. Now I'm just thinking about one more thing that I have forgot to bring up, which is finding out the root bridge of the different valence. Show a spanning tree, VLAN ten. As you can see, I chose the route bridge to be course which one? And you can see from the output here, it tells you this bridge is the root. Same thing here. If we do for villain one, I can see this is the route is given under Course which one output. And if I do villain 999, there is no instance for the spanning tree. And the reason is it is the native VLAN and there's no interface that's been assigned or no, no port has been assigned under VLAN 999, as you can see in the output here. And now under Course which two? You know that I have assigned V line 20 to be under course, which two to be the root bridge. I think with this, we conclude this course. I hope you have enjoyed the core services of high availability under Nexus. And I hope to bring up some more courses in the future that will enhance your knowledge. But please do follow me and.