Moblie

Monday, January 30, 2017

Policy Base Routing on Cisco Nexus

Policy Base Routing on Cisco Nexus

1. Source to Destination routing.  all traffic going via OLD Network. Only trying to change Vlan-3 Network should route Via New Network.
2. No static route need to add on Nexus.
3. Nexus Vlan-3Interface  IP will not participate in PBR , because PBR has limitation in feature. but the other IP in Vlan-3 will route to New Network Link.
4. EIGRP is using in my OLD Network. All devices have EIGRP except in Firewalls. 
5. Firewall has only static routes.


*************************START****************************


1.       Add PBR feature in NEXUS
                         feature pbr

2.       Add NEW Networ/ VLAN in ACL for Server  65.35.12.30

                                ip access-list NEW_NET

         permit ip 10.20.3.0 0.0.0.255 host 65.36.12.30

 
3.       Create Route-map  for forward the traffic of new vlan toward new Firewall

route-map NEW_NET
                        match ip address NEW_NET
set ip next-hop 10.20.3.252             // New Firewall IP

4.       Apply on the VLAN interface on Nexus

interface vlan 3
ip policy route-map NEW_NET


5.       Remove default Route  on nexus

no ip route 0.0.0.0/0 10.20.3.252    name NEW_FW1   // Removing all static route for testing



**********************************END********************************************

Wednesday, January 4, 2017

Cisco Nexus 9396 with Dell M100e & Force10 MXL Blade

1. Cisco Nexus Configuration.
2. Dell Force10 MXL Blade Switch configuration.

-------------------------Network Diagram------------------------------------------




--------------------------------------------------------------------------------------------

Nexus--10.200.30.3 Config

feature telnet
feature vrrp
feature pbr
feature private-vlan
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature vtp

vlan 1,97,100-101,130,970

vlan 97
  private-vlan primary
  private-vlan association 970
vlan 100
  name Servers
vlan 101
  name Management
vlan 130
  name NEW-MGMT
vlan 970
  private-vlan isolated

vrf context management
  ip route 10.200.22.32/30 10.200.22.34
vpc domain 1
  peer-keepalive destination 10.200.22.34

interface Vlan130
  description ** MGMT **
  no shutdown
  ip address 10.200.30.3/24
  ip router eigrp 100
  vrrp 100
    priority 200
    address 10.200.30.1
    no shutdown
interface port-channel101
  description ** 
  switchport mode trunk
  switchport trunk allowed vlan 1,97,100-101,130
  speed 10000
  vpc 101
interface port-channel102
  description ** **
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  vpc 102
interface port-channel103
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  vpc 103
interface port-channel104
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  vpc 104
interface Ethernet1/11
  description *Backup link1*
  switchport mode private-vlan trunk secondary
  switchport private-vlan trunk allowed vlan 1
  switchport private-vlan association trunk 97 970
interface Ethernet1/12
  description **
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  channel-group 101 mode active
interface Ethernet1/13
  description *
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  channel-group 101 mode active
interface Ethernet1/14
  description **
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  channel-group 102 mode active

interface Ethernet1/15
  description **
  switchport mode private-vlan trunk secondary
  switchport private-vlan trunk allowed vlan 1
  switchport private-vlan association trunk 97 970

interface Ethernet1/16
  description =
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  channel-group 104 mode active

interface Ethernet1/17
  description *2*
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  channel-group 104 mode active

interface Ethernet1/18
  description *1*
  switchport mode trunk
  speed 10000
  channel-group 103 mode active
interface Ethernet1/46
  description ** VPC link **
  switchport mode trunk
  speed 10000
  channel-group 50 mode active

interface Ethernet1/47
  description ** ( VPC link **
  switchport mode trunk
  speed 10000

  channel-group 50 mode active

interface mgmt0
  description **  **
  vrf member management
  ip address 10.200.22.33/30
-----------------------------End Nexus-1------------------

Nexus--10.200.30.4 Config
feature telnet
feature vrrp
feature pbr
feature private-vlan
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature vtp

vlan 1,97,100-101,130,970

vlan 97
  private-vlan primary
  private-vlan association 970
vlan 100
  name Servers
vlan 101
  name Management
vlan 130
  name NEW-MGMT
vlan 970
  private-vlan isolated

vrf context management
  ip route 10.200.22.32/30 10.200.22.33
vpc domain 1
  peer-keepalive destination 10.200.22.33

interface Vlan1

interface Vlan130
  description ** MGMT **
  no shutdown
  ip address 10.200.30.4/24
  ip router eigrp 100
  vrrp 100
    address 10.200.30.1
    no shutdown

interface port-channel101
  description ** C1 **
  switchport mode trunk
  switchport trunk allowed vlan 1,97,100-101,130
  speed 10000
  vpc 101

interface port-channel102
  description ** 2 **
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  vpc 102

interface port-channel103
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  vpc 103

interface port-channel104
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  vpc 104

interface Ethernet1/11
 description * BACKUP LINK-1 SAN*
  switchport mode private-vlan trunk secondary
  switchport private-vlan trunk allowed vlan 1
  switchport private-vlan association trunk 97 970

interface Ethernet1/12
  description **
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  bandwidth inherit 1
  channel-group 102 mode active

interface Ethernet1/13
  description *1*
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  channel-group 102 mode active

interface Ethernet1/14
  description **
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  bandwidth inherit 1
  channel-group 101 mode active

interface Ethernet1/15
  description *TSM BACKUP LINK-2 SAN*
  switchport mode private-vlan trunk secondary
  switchport private-vlan trunk allowed vlan 1
  switchport private-vlan association trunk 97 970

interface Ethernet1/16
 description *W2*
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  bandwidth inherit 1
  channel-group 103 mode active


interface Ethernet1/17
  description *SW1*
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  channel-group 103 mode active

interface Ethernet1/18
  description **
  switchport mode trunk
  switchport trunk allowed vlan 1,100-101,130
  speed 10000
  bandwidth inherit 1
  channel-group 104 mode active



interface Ethernet1/46
  description **  link **
  switchport mode trunk
  speed 10000
  bandwidth inherit 1
  channel-group 50 mode active

interface Ethernet1/47
  description **( VPC link **
  switchport mode trunk
  speed 10000
  bandwidth inherit 1
  channel-group 50 mode active


interface mgmt0
  description ** Nex **
  vrf member management
  ip address 10.200.22.34/30

-----------------------------END NEXUS-2-------------------



---------DELL-MXL-Switch-1------------



nterface TenGigabitEthernet 0/1
 no ip address
 portmode hybrid
 switchport
 no shutdown
!
interface TenGigabitEthernet 0/2
 no ip address
 portmode hybrid
 switchport
 no shutdown
!
interface TenGigabitEthernet 0/3
 no ip address
 portmode hybrid
 switchport
 no shutdown
!
interface TenGigabitEthernet 0/4
 no ip address
 portmode hybrid
 switchport

interface TenGigabitEthernet 0/42
 no ip address
!!!
!!

!
 port-channel-protocol LACP
  port-channel 101 mode active
 no shutdown
!
interface TenGigabitEthernet 0/43
 no ip address
!
 port-channel-protocol LACP
  port-channel 101 mode active
 no shutdown
!
interface TenGigabitEthernet 0/44
 no ip address
!
 port-channel-protocol LACP
  port-channel 101 mode active
 no shutdown


interface Port-channel 101
 no ip address
 portmode hybrid
 switchport
 no shutdown
!
interface Vlan 1
 ip address dhcp
!untagged TenGigabitEthernet 0/1,5-17,21-32
!untagged Port-channel 101
 no shutdown
!

interface Vlan 100
 no ip address
 tagged TenGigabitEthernet 0/1,5-32
 tagged Port-channel 101
 untagged TenGigabitEthernet 0/2-4
 no shutdown
!
interface Vlan 101
 no ip address
 tagged TenGigabitEthernet 0/1-32
 tagged Port-channel 101
 no shutdown
!
!
interface Vlan 130
 ip address 10.200.30.14/24
 tagged TenGigabitEthernet 0/1-32
 tagged Port-channel 101
 no shutdown
!
interface Vlan 970
 no ip address
 tagged TenGigabitEthernet 0/1-17,21-32,41
 untagged TenGigabitEthernet 0/18-20
 no shutdown
!
ip route 0.0.0.0/0 10.200.30.1

PTC-CH1-SW1#sh vlan

Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Primary, C - Community, I - Isolated
       O - Openflow
Q: U - Untagged, T - Tagged
   x - Dot1x untagged, X - Dot1x tagged
   o - OpenFlow untagged, O - OpenFlow tagged
   G - GVRP tagged, M - Vlan-stack, H - VSN tagged
   i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged

    NUM    Status    Description                     Q Ports
*   1      Active                                    U Po101(Te 0/42-44)
                                                     U Te 0/1,5-17,21-32
    100    Active                                    T Po101(Te 0/42-44)
                                                     T Te 0/1,5-32
                                                     U Te 0/2-4
    101    Active                                    T Po101(Te 0/42-44)
                                                     T Te 0/1-32
    130    Active                                    T Po101(Te 0/42-44)
                                                     T Te 0/1-32
    970    Active                                    T Te 0/1-17,21-32,41
                                                     U Te 0/18-20
-----------------END MXL-1-----------------------


--------DELL-MXL-Switch-2------------


interface TenGigabitEthernet 0/41
 no ip address
!
 port-channel-protocol LACP
  port-channel 102 mode active
 no shutdown
!
interface TenGigabitEthernet 0/42
 no ip address
 switchport
 no shutdown
!
interface TenGigabitEthernet 0/43
 no ip address
!
 port-channel-protocol LACP
  port-channel 102 mode active
 no shutdown
!
interface TenGigabitEthernet 0/44
 no ip address
!
 port-channel-protocol LACP
  port-channel 102 mode active
 no shutdown


interface Port-channel 102
 no ip address
 portmode hybrid
 switchport
 no shutdown



interface Vlan 1
 ip address dhcp
!untagged TenGigabitEthernet 0/1,5-17,21-32,49-56
!untagged Port-channel 102
 no shutdown
!
!
interface Vlan 100
 no ip address
 tagged TenGigabitEthernet 0/1,5-32
 tagged Port-channel 102
 untagged TenGigabitEthernet 0/2-4
 no shutdown
!
interface Vlan 101
 no ip address
 tagged TenGigabitEthernet 0/1-32
 tagged Port-channel 102
 no shutdown

!
interface Vlan 130
 ip address 10.200.30.15/24
 tagged TenGigabitEthernet 0/1-32
 tagged Port-channel 102
 no shutdown
!
interface Vlan 970
 no ip address
 tagged TenGigabitEthernet 0/1-17,21-32,42
 untagged TenGigabitEthernet 0/18-20
 no shutdown
!
ip route 0.0.0.0/0 10.200.30.1

------------------------END MXL-2------------------


--------DELL-MXL-Switch-3------------

interface TenGigabitEthernet 0/41
 no ip address
!
 port-channel-protocol LACP
  port-channel 103 mode active
 no shutdown
!
interface TenGigabitEthernet 0/42
 no ip address
!
 port-channel-protocol LACP
  port-channel 103 mode active
 no shutdown
!
interface TenGigabitEthernet 0/43
 no ip address
 switchport
 no shutdown
!
interface TenGigabitEthernet 0/44
 no ip address
!
 port-channel-protocol LACP
  port-channel 103 mode active
 no shutdown
!

!
interface ManagementEthernet 0/0
 no ip address
 shutdown
!
interface Port-channel 103
 no ip address
 portmode hybrid
 switchport
 no shutdown
!
interface Vlan 1
 ip address dhcp
!untagged TenGigabitEthernet 0/1,4,8-17,20,24-32
!untagged Port-channel 103
 no shutdown
!

!
interface Vlan 100
 no ip address
 tagged TenGigabitEthernet 0/1-32
 tagged Port-channel 103
 no shutdown
!
interface Vlan 101
 no ip address
 tagged TenGigabitEthernet 0/1-32
 tagged Port-channel 103
 no shutdown
!

!
interface Vlan 130
 ip address 10.200.30.16/24
 tagged TenGigabitEthernet 0/1,4,8-17,20,24-32
 tagged Port-channel 103
 untagged TenGigabitEthernet 0/2-3,5-7,18-19,21-23
 no shutdown
!
interface Vlan 970
 no ip address
 tagged TenGigabitEthernet 0/1-32,43
 no shutdown
!
ip route 0.0.0.0/0 10.200.30.1

------------------------END-MXL-3--------------------


--------DELL-MXL-Switch-4------------
!
interface TenGigabitEthernet 0/42
 no ip address
!
 port-channel-protocol LACP
  port-channel 104 mode active
 no shutdown
!
interface TenGigabitEthernet 0/43
 no ip address
!
 port-channel-protocol LACP
  port-channel 104 mode active
 no shutdown
!
interface TenGigabitEthernet 0/44
 no ip address
!
 port-channel-protocol LACP
  port-channel 104 mode active
 no shutdown
!


!
interface Port-channel 104
 no ip address
 portmode hybrid
 switchport
 no shutdown
!
interface Vlan 1
 ip address dhcp
!untagged TenGigabitEthernet 0/1,4,8-17,20,24-32,49-56
!untagged Port-channel 104
 no shutdown
!

!
interface Vlan 100
 no ip address
 tagged TenGigabitEthernet 0/1-32
 tagged Port-channel 104
 no shutdown
!
interface Vlan 101
 no ip address
 tagged TenGigabitEthernet 0/1-32
 tagged Port-channel 104
 no shutdown

interface Vlan 130
 ip address 10.200.30.17/24
 tagged TenGigabitEthernet 0/1,4,8-17,20,24-32
 tagged Port-channel 104
 untagged TenGigabitEthernet 0/2-3,5-7,18-19,21-23
 no shutdown
!
interface Vlan 970
 no ip address
 tagged TenGigabitEthernet 0/1-32,41
 no shutdown
!
ip route 0.0.0.0/0 10.200.30.1

--------------------------END-MXL-4-----------------