Campus 3.0 Virtual Switching System Design Guide
VSS-Enabled Campus Best Practice Configuration Example
Download this chapter
Download the complete book
Table Of Contents
VSS-Enabled Campus Best Practice Configuration Example
End-to-End Device Configurations
VSS-Enabled Campus Best Practice Configuration Example
Figure A-1 illustrates the baseline best practice configuration required to set up basic VSS enabled network. The circle indicates the essential steps required to create the VSS systems from standalone. The red text highlights the important CLI information with VSS configuration. Comments are provided in blue italic font.
Figure A-1 Overall VSS-Enabled Campus Best Practice Configuration Summary
End-to-End Device Configurations
The end-to-end devices configuration is categorized into three major sections. Each section configuration contains specific CLI which is a required as part of best practice configuration and corresponding explanation.
•
VSS and L2 Domain- Includes above base configuration as well as L2 domain configuration
•
•
VSS Specific
VSS Global Configuration
switch virtual domain 10 ! Must configure unique domain IDswitch mode virtualswitch 1 priority 110 ! Not needed, helps in operational mgmtswitch 2 priority 100 ! Not needed, helps in operational mgmtdual-active exclude interface GigabitEthernet1/5/3 ! Connectivity to VSS during dual activemac-address use-virtual ! Required for consistent MAC addressdual-active detection pagp trust channel-group 202 ! Enhanced PAgP based dual active detectionredundancy ! Default SSO Enabledmain-cpuauto-sync running-configmode ssoSwitch 1
interface Port-channel1 ! Unique port-channel number for SW 1description VSL Link from Switch 1no switchportno ip addressswitch virtual link 1 ! Defines switch ID for SW 1mls qos trust cosno mls qos channel-consistencyinterface ten 1/5/4channel-group 1 mode on ! EC mode is ON - EtherChannel Managemeent Protocol offinterface ten 1/1/1channel-group 1 mode onSwitch 2
interface Port-channel2 ! Unique port-channel number for SW 1description VSL Link from Switch 2no switchportno ip addressswitch virtual link 2 ! Defines switch ID for SW 2mls qos trust cosno mls qos channel-consistencyinterface ten 2/5/4channel-group 2 mode on ! EC mode is ON - EtherChannel Managemeent Protocoloffinterface ten 2/1/1channel-group 2 mode onLayer-2 Domain
VSS
udld enablevtp domain campus-testvtp mode transparentspanning-tree mode rapid-pvstno spanning-tree optimize bpdu transmissionspanning-tree extend system-idspanning-tree vlan 2-999 priority 24576 ! STP Rootport-channel load-balance src-dst-mixed-ip-port ! Enhanced hash algorithemvlan 400 ! VLANs spanning multiple access-layer SWsname L2_ Spaned_VLAN _400vlan 450name L2_ Spaned_VLAN _450vlan 500name L2_ Spaned_VLAN _500vlan 550name L2_ Spaned_VLAN _550vlan 600name L2_ Spaned_VLAN _600vlan 650name L2_Spaned_VLAN_650vlan 900name NetMgmt_VLAN_900vlan 999name Unused_Port_VLAN_999vlan 2name cr7-3750-Stack-Data-VLAN!vlan 102name cr7-3750-Stack-Voice-VLANinterface Vlan2 ! Sample VLAN interface configurationip address 10.120.2.1 255.255.255.0no ip redirectsno ip unreachablesip flow ingressip pim sparse-modelogging event link-statushold-queue 150 inhold-queue 150 out!VSS—Multi-Chassis EtherChannel
PAgP
interface GigabitEthernet1/8/23 ! Interface on SW 1description Access Switch Facing Interfaceswitchportswitchport trunk encapsulation dot1qswitchport trunk native vlan 202switchport mode dynamic desirable ! Trunk mod dynamic and desirableswitchport trunk allowed vlan 2,102,400,450,500,550,600,650,900 ! Only allow need VLANs for a given trunklogging event link-status ! Logging for link statuslogging event trunk-status ! Logging for trunk statuslogging event bundle-status ! Logging for port-channel statusload-interval 30mls qos trust dscpchannel-protocol pagpchannel-group 202 mode desirable ! Define Port-channel, PAgP mode desirableinterface GigabitEthernet2/8/23 ! Interface on SW 2description Access Switch Facing Interfaceswitchportswitchport trunk encapsulation dot1qswitchport trunk native vlan 202switchport mode dynamic desirableswitchport trunk allowed vlan 2,102,400,450,500,550,600,650,900logging event link-statuslogging event trunk-statuslogging event bundle-statusload-interval 30mls qos trust dscpload-interval 30channel-protocol pagpchannel-group 202 mode desirableinterface Port-channel202 ! Automatically created by defining at interfacesdescription Access Switch MECswitchportswitchport trunk encapsulation dot1qswitchport trunk native vlan 202switchport trunk allowed vlan 2,102,400,450,500,550,600,650,900logging event link-statuslogging event spanning-tree status ! STP logging enabled on port-channelload-interval 30mls qos trust dscpspanning-tree portfast ! Optional - helps during initializationhold-queue 2000 outLACP
LACP Sample Configuration
interface GigabitEthernet1/8/23description Access Switch Facing Interfaceswitchportswitchport trunk encapsulation dot1qswitchport trunk native vlan 202switchport mode dynamic desirableswitchport trunk allowed vlan 2,102,400,450,500,550,600,650,900logging event link-statuslogging event trunk-statuslogging event bundle-statusload-interval 30mls qos trust dscpchannel-protocol lacpchannel-group 202 mode activehold-queue 2000 outinterface GigabitEthernet2/8/23description Access Switch Facing Interfaceswitchportswitchport trunk encapsulation dot1qswitchport trunk native vlan 202switchport mode dynamic desirableswitchport trunk allowed vlan 2,102,400,450,500,550,600,650,900logging event link-statuslogging event trunk-statuslogging event bundle-statusload-interval 30mls qos trust dscpchannel-protocol lacpchannel-group 202 mode activehold-queue 2000 outinterface Port-channel202 ! Automatically created by defining at interfacesdescription Access Switch MECswitchportswitchport trunk encapsulation dot1qswitchport trunk native vlan 202switchport trunk allowed vlan 2,102,400,450,500,550,600,650,900logging event link-statuslogging event spanning-tree statusload-interval 30mls qos trust dscpspanning-tree portfast ! Optional - helps during initializationhold-queue 2000 outAccess-Layer Switch
Sample Configuration (Platform Specific Configuration Varies)
interface GigabitEthernet0/27description Uplink to VSS Switch Gig 1/8/24switchport trunk encapsulation dot1qswitchport trunk native vlan 203switchport mode dynamic desirableswitchport trunk allowed vlan 3,103,400,450,500,550,600,650,900logging event link-statuslogging event trunk-statuslogging event bundle-statuscarrier-delay msec 0srr-queue bandwidth share 1 70 25 5srr-queue bandwidth shape 3 0 0 0priority-queue outmls qos trust dscpchannel-protocol pagpchannel-group 1 mode desirableinterface GigabitEthernet0/28description Uplink to VSS Switch Gig 2/8/24switchport trunk encapsulation dot1qswitchport trunk native vlan 203switchport trunk allowed vlan 3,103,400,450,500,550,600,650,900switchport mode dynamic desirablelogging event link-statuslogging event trunk-statuslogging event bundle-statuscarrier-delay msec 0srr-queue bandwidth share 1 70 25 5srr-queue bandwidth shape 3 0 0 0priority-queue outmls qos trust dscpchannel-protocol pagpchannel-group 1 mode desirableinterface Port-channel1 ! Automatically created by defining at interfacesdescription EC Uplink to VSSswitchport trunk encapsulation dot1qswitchport trunk native vlan 203switchport trunk allowed vlan 3,103,400,450,500,550,600,650,900switchport mode dynamic desirablelogging event link-statuslogging event spanning-tree statuscarrier-delay msec 0spanning-tree portfast ! Optional - helps during initializationLayer-3 Domain
The Layer 3 domain represents VSS interconnection to the core-layer. The core-layer devices configuration shown below are standalone router/switch.
Global Configuration
mls ip cef load-sharing <option> ! Apply Campus Best PracticesMulticast
VSS
ip multicast-routingip pim rp-address 10.122.100.1 GOOD-IPMC override ! RP mapping with filterip access-list standard GOOD-IPMCpermit 224.0.1.39permit 224.0.1.40permit 239.192.240.0 0.0.3.255permit 239.192.248.0 0.0.3.255Core 1 Standalone Router (No VSS)
Core RP ANYCAST - Primary
ip multicast-routinginterface Loopback0description MSDP PEER INT ! MSDP Loopbackip address 10.122.10.1 255.255.255.255interface Loopback1description ANYCAST RP ADDRESS (PRIMARY) ! Anycast RP Primaryip address 10.122.100.1 255.255.255.255interface Loopback2description Garbage-CAN RPip address 2.2.2.2 255.255.255.255interface Port-channel1 ! Core 1- Core2 L3 for MSDPdescription Channel to Peer Core Nodedampeningip address 10.122.0.18 255.255.255.254ip pim sparse-modeload-interval 30carrier-delay msec 0mls qos trust dscpip access-list standard GOOD-IPMCpermit 224.0.1.39permit 224.0.1.40permit 239.192.240.0 0.0.3.255permit 239.192.248.0 0.0.3.255ip msdp peer 10.122.10.2 connect -source Loopback0 ! MSDP Configurationip msdp description 10.122.10.2 ANYCAST-PEER-6k-core-2ip msdp cache -sa-stateip msdp originator-id Loopback0Core 2 Standalone Router (No VSS)
ip multicast-routinginterface Loopback0description MSDP PEER INTip address 10.122.10.2 255.255.255.255interface Loopback1description ANYCAST RP ADDRESSip address 10.122.100.1 255.255.255.255 ! Secondary ANYCAST RPdelay 600interface Loopback2description Garbage-CAN RPip address 2.2.2.2 255.255.255.255interface Port-channel1description Channel to Peer Core nodedampeningip address 10.122.0.19 255.255.255.254ip pim sparse-modeload-interval 30carrier-delay msec 0mls qos trust dscpip pim rp-address 10.122.100.1 GOOD-IPMC overrideip access-list standard GOOD-IPMCpermit 224.0.1.39permit 224.0.1.40permit 239.192.240.0 0.0.3.255permit 239.192.248.0 0.0.3.255ip msdp peer 10.122.10.1 connect-source Loopback0ip msdp description 10.122.10.1 ANYCAST-PEER-6k-core-1ip msdp cache-sa-stateip msdp originator-id Loopback0EIGRP MEC
VSS
router eigrp 100passive-interface defaultno passive-interface Port-channel200no passive-interface Port-channel201network 10.0.0.0eigrp log-neighbor-warningseigrp log-neighbor-changesno auto-summaryeigrp router-id 10.122.102.1eigrp event-log-size 3000nsf ! Enable NSF Capabilityinterface Port-channel200 ! Create L3 MEC Interface firstdescription 20 Gig MEC to CORE-1 (cr2-6500-1 4/1-4/3)no switchportdampeningip address 10.122.0.26 255.255.255.254ip flow ingressip pim sparse-modeip summary-address eigrp 100 10.125.0.0 255.255.0.0 5 ! Summarization for Access-subnetsip summary-address eigrp 100 10.120.0.0 255.255.0.0 5logging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 out!interface Port-channel201description 20 Gig to CORE-2 (cr2-6500-1 4/1-4/3)no switchportdampeningip address 10.122.0.21 255.255.255.254ip flow ingressip pim sparse-modeip summary-address eigrp 100 10.125.0.0 255.255.0.0 5ip summary-address eigrp 100 10.120.0.0 255.255.0.0 5logging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 outinterface TenGigabitEthernet1/2/1description 10 GigE to Core 1no switchportno ip addresslogging event link-statuslogging event bundle-statusload-interval 30carrier-delay msec 0mls qos trust dscpchannel-protocol pagpchannel-group 200 mode desirablehold-queue 2000 inhold-queue 2000 out!interface TenGigabitEthernet1/2/2description 10 GigE to Core 2no switchportno ip addresslogging event link-statuslogging event bundle-statusload-interval 30carrier-delay msec 0mls qos trust dscpchannel-protocol pagpchannel-group 201 mode desirablehold-queue 2000 inhold-queue 2000 outinterface TenGigabitEthernet2/2/1description to core 1no switchportno ip addresslogging event link-statuslogging event bundle-statuslogging event spanning-tree statusload-interval 30mls qos trust dscpchannel-protocol pagpchannel-group 200 mode desirablehold-queue 2000 inhold-queue 2000 outinterface TenGigabitEthernet2/2/2description 10 GigE to Core 2no switchportno ip addresslogging event link-statuslogging event bundle-statusload-interval 30mls qos trust dscpchannel-protocol pagpchannel-group 201 mode desirablehold-queue 2000 inhold-queue 2000 outCore 1 Standalone Router (No VSS)
router eigrp 100passive-interface defaultno passive-interface Port-channel1no passive-interface Port-channel20no passive-interface Port-channel221network 10.0.0.0no auto-summaryeigrp log-neighbor-warningseigrp log-neighbor-changeseigrp event-log-size 3000interface Port-channel20description 20 Gig MEC to VSS 1/2/1 2/2/1dampeningip address 10.122.0.27 255.255.255.254ip flow ingressip pim sparse-modelogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 outCore 2 Standalone Router (No VSS)
router eigrp 100passive-interface defaultno passive-interface Port-channel1no passive-interface Port-channel20no passive-interface Port-channel221network 10.0.0.0no auto-summaryeigrp log-neighbor-warningseigrp log-neighbor-changeseigrp event-log-size 3000interface Port-channel21description 20 Gig to VSS 1/2/2-2/2/2dampeningip address 10.122.0.20 255.255.255.254ip flow ingressip pim sparse-modelogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 outEIGRP ECMP
VSS
router eigrp 100passive-interface defaultno passive-interface TenGigabitEthernet1/2/1no passive-interface TenGigabitEthernet1/2/2no passive-interface TenGigabitEthernet2/2/1no passive-interface TenGigabitEthernet2/2/2network 10.0.0.0no auto-summaryeigrp router-id 10.122.102.1eigrp log-neighbor-warningseigrp log-neighbor-changeseigrp event-log-size 3000nsf ! Enable NSF Capabilityinterface TenGigabitEthernet1/2/1description 10 GigE to Core 1no switchportdampeningip address 10.122.0.26 255.255.255.254ip flow ingressip pim sparse-modeip summary-address eigrp 100 10.120.0.0 255.255.0.0 5logging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 out!interface TenGigabitEthernet1/2/2description 10 GigE to Core 2no switchportdampeningip address 10.122.0.23 255.255.255.254ip flow ingressip pim sparse-modeip summary-address eigrp 100 10.120.0.0 255.255.0.0 5logging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 outinterface TenGigabitEthernet2/2/1description to Core 1no switchportdampeningip address 10.122.0.32 255.255.255.254ip flow ingressip pim sparse-modeip summary-address eigrp 100 10.120.0.0 255.255.0.0 5logging event link-statusload-interval 30mls qos trust dscphold-queue 2000 inhold-queue 2000 out!interface TenGigabitEthernet2/2/2description 10 GigE to Core 2no switchportdampeningip address 10.122.0.20 255.255.255.254ip flow ingressip pim sparse-modeip summary-address eigrp 100 10.120.0.0 255.255.0.0 5logging event link-statusload-interval 30mls qos trust dscphold-queue 2000 inhold-queue 2000 outCore 1 Standalone Router (No VSS)
router eigrp 100passive-interface defaultno passive-interface TenGigabitEthernet4/1no passive-interface TenGigabitEthernet4/3network 10.0.0.0no auto-summaryeigrp log-neighbor-warningseigrp log-neighbor-changeseigrp event-log-size 3000interface TenGigabitEthernet4/1description To VSS Ten1/2/1dampeningip address 10.122.0.27 255.255.255.254ip flow ingressip pim sparse-modelogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 outinterface TenGigabitEthernet4/3description To VSS Ten2/2/1dampeningip address 10.122.0.33 255.255.255.254ip flow ingressip pim sparse-modelogging event link-statuslogging event bundle-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 outCore 2 Standalone Router (No VSS)
router eigrp 100passive-interface defaultno passive-interface TenGigabitEthernet4/1no passive-interface TenGigabitEthernet4/3network 10.0.0.0no auto-summaryeigrp log-neighbor-warningseigrp log-neighbor-changeseigrp event-log-size 3000interface TenGigabitEthernet4/1description To VSS Ten 1/2/2dampeningip address 10.122.0.22 255.255.255.254ip flow ingressip pim sparse-modelogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 outinterface TenGigabitEthernet4/3description To VSS Ten 2/2/2dampeningip address 10.122.0.21 255.255.255.254ip flow ingressip pim sparse-modelogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 outOSPF MEC
VSS
router ospf 100router-id 10.122.0.235log-adjacency-changes detailauto-cost reference-bandwidth 20000 ! Optionalnsf ! Enable NSF Capabilityarea 120 stub no-summaryarea 120 range 10.120.0.0 255.255.0.0 cost 10area 120 range 10.125.0.0 255.255.0.0 cost 10passive-interface defaultno passive-interface Port-channel200no passive-interface Port-channel201network 10.120.0.0 0.0.255.255 area 120network 10.122.0.0 0.0.255.255 area 0network 10.125.0.0 0.0.255.255 area 120interface Port-channel200description 20 Gig MEC to VSS (cr2-6500-1 4/1-4/3)no switchportdampeningip address 10.122.0.26 255.255.255.254ip flow ingressip pim sparse-modeip ospf network point-to-pointlogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 out!interface Port-channel201description 20 Gig to VSS (cr2-6500-1 4/1-4/3)no switchportdampeningip address 10.122.0.21 255.255.255.254ip flow ingressip pim sparse-modeip ospf network point-to-pointlogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 outCore 1 Standalone Router No VSS)
router ospf 100router-id 10.254.254.7log-adjacency-changes detail ! Helps in NSF Restart Activitiesauto-cost reference-bandwidth 20000 ! Optionalpassive-interface defaultno passive-interface Port-channel1no passive-interface Port-channel20network 10.122.0.0 0.0.255.255 area 0interface Port-channel20description 20 Gig MEC to VSS 1/2/1 2/2/1dampeningip address 10.122.0.27 255.255.255.254ip flow ingressip pim sparse-modeip ospf network point-to-pointlogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 outCore 2 Standalone Router (No VSS)
router ospf 100router-id 10.254.254.7log-adjacency-changes detailauto-cost reference-bandwidth 20000 ! Optionalpassive-interface defaultno passive-interface Port-channel1no passive-interface Port-channel20network 10.122.0.0 0.0.255.255 area 0interface Port-channel21description 20 Gig to VSS 1/2/2-2/2/2dampeningip address 10.122.0.20 255.255.255.254ip flow ingressip pim sparse-modeip ospf network point-to-pointlogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 outOSPF ECMP
VSS
router ospf 100router-id 10.122.0.235log-adjacency-changes detailauto-cost reference-bandwidth 20000 ! Optionalnsf ! Enable NSF Capabilityarea 120 stub no-summaryarea 120 range 10.120.0.0 255.255.0.0 cost 10area 120 range 10.125.0.0 255.255.0.0 cost 10passive-interface defaultno passive-interface TenGigabitEthernet1/2/1no passive-interface TenGigabitEthernet1/2/2no passive-interface TenGigabitEthernet2/2/1no passive-interface TenGigabitEthernet2/2/2network 10.120.0.0 0.0.255.255 area 120network 10.122.0.0 0.0.255.255 area 0network 10.125.0.0 0.0.255.255 area 120interface TenGigabitEthernet1/2/1description 10 GigE to Core 1no switchportdampeningip address 10.122.0.26 255.255.255.254ip flow ingressip pim sparse-modeip ospf network point-to-pointlogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 out!interface TenGigabitEthernet1/2/2description 10 GigE to Core 2no switchportdampeningip address 10.122.0.23 255.255.255.254ip flow ingressip pim sparse-modeip ospf network point-to-pointlogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 out!interface TenGigabitEthernet2/2/1description to Core 1no switchportdampeningip address 10.122.0.32 255.255.255.254ip flow ingressip pim sparse-modeip ospf network point-to-pointlogging event link-statusload-interval 30mls qos trust dscphold-queue 2000 inhold-queue 2000 out!interface TenGigabitEthernet2/2/2description 10 GigE to Core 2no switchportdampeningip address 10.122.0.20 255.255.255.254ip flow ingressip pim sparse-modeip ospf network point-to-pointlogging event link-statusload-interval 30mls qos trust dscphold-queue 2000 inhold-queue 2000 outCore 1 Standalone Router (No VSS)
router ospf 100router-id 10.254.254.7log-adjacency-changes detailauto-cost reference-bandwidth 20000 ! Optionalpassive-interface defaultno passive-interface GigabitEthernet2/5no passive-interface TenGigabitEthernet4/1no passive-interface TenGigabitEthernet4/3no passive-interface Port-channel1network 10.122.0.0 0.0.255.255 area 0interface TenGigabitEthernet4/1description To VSS Ten1/2/1dampeningip address 10.122.0.27 255.255.255.254ip flow ingressip pim sparse-modeip ospf network point-to-pointlogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 out!!interface TenGigabitEthernet4/3description To VSS Ten2/2/1dampeningip address 10.122.0.33 255.255.255.254ip flow ingressip pim sparse-modeip ospf network point-to-pointlogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 outCore 2 Standalone Router (No VSS)
router ospf 100router-id 10.254.254.7log-adjacency-changes detailauto-cost reference-bandwidth 20000 ! Optionalpassive-interface defaultno passive-interface GigabitEthernet2/5no passive-interface TenGigabitEthernet4/1no passive-interface TenGigabitEthernet4/3no passive-interface Port-channel1network 10.122.0.0 0.0.255.255 area 0interface TenGigabitEthernet4/1description To VSS Ten 1/2/2dampeningip address 10.122.0.22 255.255.255.254ip flow ingressip pim sparse-modeip ospf network point-to-pointlogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 out!!interface TenGigabitEthernet4/3description To VSS Ten 2/2/2dampeningip address 10.122.0.21 255.255.255.254ip flow ingressip pim sparse-modeip ospf network point-to-pointlogging event link-statusload-interval 30carrier-delay msec 0mls qos trust dscphold-queue 2000 inhold-queue 2000 out
