Archive of Ciscoskills
Inter-VLAN Routing on the Nexus 5k

Inter-VLAN Routing on the Nexus 5k

March 13, 2014·Ryan
Ryan

I previously had the chance to play around with the 5596UP switch, and made some notes on how to configure inter-vlan routing. Since this was a 5596UP switch I needed a layer 3 card to take advantage of it. The next-generation units the 5600 include layer 3 without a card required along with introducing 40GB uplinks! However in this post let’s go back to the basics and configure inter-vlan routing on a nexus switch and in this case I am using a 5596UP.  In this example I have already configured a FEX port with a 2k check out the my earlier post Connecting FEX (5k to 2k) so let’s start right after that and login into the 5k.

User Access Verification
demo5k login: admin
Password:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2013, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
demo5k# config t

Now in configuration mode we have to turn on a feature in the NX-OS to enable VLAN Routing, we do this by issuing the “feature interface-vlan” command. The Nexus runs on efficiency and only loads what it needs or configured. This is familiar approach that Linux uses which loads what is installed and nothing else. In the output below we can see all the features that the NX-OS supports followed by the command to turn on Inter-VLAN Routing.

demo5k(config)# feature ?
  bgp             Enable/Disable Border Gateway Protocol (BGP)
  cts             Enable/Disable CTS
  dhcp            Enable/Disable DHCP Snooping
  dot1x           Enable/Disable dot1x
  eigrp           Enable/Disable Enhanced Interior Gateway Routing Protocol
                  (EIGRP)
  fcoe            Enable/Disable FCoE/FC feature
  fcoe-npv        Enable/Disable FCoE NPV feature
  fex             Enable/Disable FEX
  flexlink        Enable/Disable Flexlink
  hsrp            Enable/Disable Hot Standby Router Protocol (HSRP)
  http-server     Enable/Disable http-server
  interface-vlan  Enable/Disable interface vlan
  lacp            Enable/Disable LACP
  msdp            Enable/Disable Multicast Source Discovery Protocol (MSDP)
  ntp             Enable/Disable NTP
  ospf            Enable/Disable Open Shortest Path First Protocol (OSPF)
  ospfv3          Enable/Disable Open Shortest Path First Version 3 Protocol
                  (OSPFv3)
  pim             Enable/Disable Protocol Independent Multicast (PIM)
  port-security   Enable/Disable port-security
  private-vlan    Enable/Disable private-vlan
  privilege       Enable/Disable IOS type privilege level support
  ptp             Enable/Disable PTP
  rip             Enable/Disable Routing Information Protocol (RIP)
  scp-server      Enable/Disable SCP server
  sftp-server     Enable/Disable SFTP server
  ssh             Enable/Disable ssh
  tacacs+         Enable/Disable tacacs+
  telnet          Enable/Disable telnet
  udld            Enable/Disable UDLD
  vpc             Enable/Disable VPC (Virtual Port Channel)
  vrrp            Enable/Disable Virtual Router Redundancy Protocol (VRRP)
  vtp             Enable/Disable Vlan Trunking Protocol (VTP)

demo5k(config)# feature interface-vlan
demo5k(config)#

Just like the Catalyst line we are in configuration mode and let’s create two vlans 50 and 60 with IP addresses.

demo5k(config)# vlan 50
demo5k(config-vlan)# name SERVER-A-VLAN
demo5k(config-vlan)# exit
demo5k(config)# interface vlan 50
demo5k(config-if)# description SERVER-A-NETWORK
demo5k(config-if)# ip address 192.168.50.1 255.255.255.0
demo5k(config-if)# no shutdown
demo5k(config-if)# exit
! Create another Interface VLAN!
demo5k(config)# interface vlan 60
demo5k(config-if)# description SERVER-B-NETWORK
demo5k(config-if)# ip address 192.168.60.1 255.255.255.0
demo5k(config-if)# no shutdown
demo5k(config-if)# exit
demo5k(config)#exit

Let’s verify our creation by doing a show interface vlan 60

demo5k# show interface vlan 60
Vlan60 is down (VLAN does not exist), line protocol is down
  Hardware is EtherSVI, address is  547f.ee59.a2c1
  Description: SERVER-B-NETWORK
  Internet Address is 192.168.60.1/24
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec\[/code\]

Let’s look at VLAN 50:

demo5k# show interface vlan 50
Vlan60 is down (VLAN is down), line protocol is down
  Hardware is EtherSVI, address is  547f.ee59.a2c1
  Description: SERVER-A-NETWORK
  Internet Address is 192.168.50.1/24
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec\[/code\]

We can also look at the interface brief:

demo5k# show ip interface brief
IP Interface Status for VRF "default"(1)
Interface            IP Address      Interface Status
Vlan50               192.168.50.1    protocol-down/link-down/admin-up
Vlan60               192.168.60.1    protocol-down/link-down/admin-up\[/code\]

VLANs have been created and IP addresses assigned to the interfaces, now let’s configure the 2k. In this example I’ve configured two access ports on the 2k one is in VLAN 50 and another is in VLAN 60. Starting with VLAN 50 on port 1 on the 2k

demo5k(config)# interface ethernet 100/1/1
demo5k(config-if)# switchport access vlan 50
demo5k(config-if)# spanning-tree port type edge
Warning: Edge port type (portfast) should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 interface  when edge port type (portfast) is enabled, can cause temporary bridging loops.
 Use with CAUTION

Edge Port Type (Portfast) has been configured on Ethernet100/1/1 but will only
 have effect when the interface is in a non-trunking mode.
demo5k(config-if)# no shutdown
demo5k(config-if)# exit\[/code\]

You’ll notice the warning when we configure the port as an edge port, in the Catalyst world this is the same as spanning-tree portfast. Let’s next configure port 25 on the same 2k into VLAN 60.

demo5k(config)# interface ethernet 100/1/25
demo5k(config-if)# switchport access vlan 60
demo5k(config-if)# spanning-tree port type edge
Warning: Edge port type (portfast) should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 interface  when edge port type (portfast) is enabled, can cause temporary bridging loops.
 Use with CAUTION

Edge Port Type (Portfast) has been configured on Ethernet100/1/25 but will only
 have effect when the interface is in a non-trunking mode.
demo5k(config-if)# no shutdown
demo5k(config-if)# exit\[/code\]

Done and Done, If you hook-up two PCs with correct IP address scheme in the separate VLANs you would be able to ping them. To verify the routing table you would do a show ip route, just like the IOS world :) Like always I hope this information is helpful and comment below if you have any questions.

640-911 (Chapter 7)640-911 (Chapter 8 & 9)