Configure VXLAN

Note: Be sure to review the Objectives and

Job Aids links above for required
information. Password Information and
Command Lists for Detailed Lab Steps are
in the Job Aids link.

Task 1: Configure the Control Plane Protocol

Hide Steps

• Step 1:

Launch the terminal window application from your jumphost and connect to the Spine-A device. Open another
terminal window and connect to Spine-B device.

Tip:
Use the telnet 10.10.1.1 2001 command to connect to Spine-A and the telnet 10.10.1.1. 2002 command to connect
to Spine-B. Use the admin username and the 1234QWer password for both devices.
• Step 2:

From Spine-A, verify connectivity to the IP address of Spine-B Loopback 0 IP address—192.168.31.2.

Tip:
Use the ping 192.168.31.2 command.
Spine-A# ping 192.168.31.2
PING 192.168.31.2 (192.168.31.2): 56 data bytes
64 bytes from 192.168.31.2: icmp_seq=0 ttl=254 time=1.38 ms
64 bytes from 192.168.31.2: icmp_seq=1 ttl=254 time=0.841 ms
64 bytes from 192.168.31.2: icmp_seq=2 ttl=254 time=0.856 ms
64 bytes from 192.168.31.2: icmp_seq=3 ttl=254 time=0.838 ms
64 bytes from 192.168.31.2: icmp_seq=4 ttl=254 time=0.866 ms

--- 192.168.31.2 ping statistics ---

5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.838/0.956/1.38 ms

Your connectivity test should succeed. So, you have Layer 3 connectivity between Spine switches; in your case,
Layer 3 connectivity is direct, but in reality, it could be any Layer 3 cloud.

• Step 3:

On Spine-A and Spine-B, configure the PIM rendezvous point of 192.168.31.1 and use the multicast group
224.0.0.0/4.

Tip:
Multicast between Spine switches will serve as the control plane for VXLAN configuration. The VXLAN standard
does not dictate which control plane protocol you should use, so different platforms offer different protocols as the
control plane. Multicast, BGP, and controller-based solutions are the most common options. In this activity, you will
use multicast.

Use the ip pim rp-address IP_address group-list multicast_group command to configure a PIM rendezvous point.
However, you will first have to enable the PIM feature using the feature pim command.

The IP address of 192.168.31.1 belongs to the loopback 0 interface on Spine-A.

Spine-A# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Spine-A(config)# feature pim
Spine-A(config)# ip pim rp-address 192.168.31.1 group-list 224.0.0.0/4

Spine-B# configure terminal

 Enter configuration commands, one per line. End with CNTL/Z.
Spine-B(config)# feature pim
Spine-B(config)# ip pim rp-address 192.168.31.1 group-list 224.0.0.0/4

• Step 4:

On Spine-A and Spine-B, enable the PIM sparse mode on interfaces Ethernet 1/1 and Loopback 0.

Tip:
To enable an interface for the PIM sparse mode, enter the interface configuration mode and then use the ip pim
sparse-mode command.

You will use Loopback interfaces for configuration of VXLANs.

Spine-A(config)# interface eth 1/1

Spine-A(config-if)# ip pim sparse-mode
Spine-A(config-if)# interface loopback 0
Spine-A (config-if)# ip pim sparse-mode

Spine-B(config)# interface eth 1/1

Spine-B(config-if)# ip pim sparse-mode
Spine-B(config-if)# interface loopback 0
Spine-B(config-if)# ip pim sparse-mode

• Step 5:

On Spine-A, verify that the switch has one PIM neighbor.

Tip:
Use the show ip pim neighbor command.
Spine-A(config-if)# show ip pim neighbor
PIM Neighbor Status for VRF "default"
Neighbor Interface Uptime Expires DR Bidir- BFD ECMP Redirect
Priority Capable State Capable
172.16.10.2 Ethernet 1/1 00:01:53 00:01:21 1 yes n/a no

You should see that Spine-A has one PIM neighbor; that is the Spine-B. So, at this point you have Layer 3
connectivity between the Spine switches and functioning control plane protocol for the VXLAN which in your case is
multicast. In the next procedure, you lay a VXLAN over the Layer 3 network between the Spine switches.

Task 2: Configure VXLAN

Show Steps

• Step 1:

Launch the terminal window application from your jumphost and connect to the Leaf-A device. Open another
terminal window and connect to the Leaf-B device.

Tip:
Use the telnet 10.10.1.1 2003 command to connect to Leaf-A and the telnet 10.10.1.1 2004 command to connect to
Leaf-B. Use the admin username and the 1234QWer password for both devices.
• Step 2:

On Leaf-A and Leaf-B, verify that VLAN 101 interfaces are operational.

Tip:
Use the show ip interface brief command.
Leaf-A# show ip interface brief
IP Interface Status for VRF "default"(1)
Interface IP Address Interface Status
Vlan101 192.168.41.3 protocol-up/link-up/admin-up

Leaf-B# show ip interface brief

IP Interface Status for VRF "default"(1)
Interface IP Address Interface Status
 Vlan101 192.168.41.4 protocol-up/link-up/admin-up

Both Leaf switches should have operational interfaces in VLAN 101.

• Step 3:

From the Leaf-A device, ping IP address 192.168.41.4, which is the IP address of SVI VLAN 101 on the Leaf-B
device. These two leaf switches will be connected in the same Layer 2 segment.

Tip:
Use the ping 192.168.41.4 command.
Leaf-A# ping 192.168.41.4
PING 192.168.41.4 (192.168.41.4): 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out

--- 192.168.41.4 ping statistics ---

5 packets transmitted, 0 packets received, 100.00% packet loss

As you can see, the ping is not successful. The goal of this task is to enable connectivity between these two
switches on VLAN 101.

• Step 4:

Go back to Spine-A and Spine-B and enable VLAN-based VXLAN features.

Tip:
Use the following commands.
Spine-A(config-if)# feature nv overlay
Spine-A(config)# feature vn-segment-vlan-based

Spine-B(config-if)# feature nv overlay

Spine-B(config)# feature vn-segment-vlan-based

The feature vn-segment-vlan-based command enables VLAN-based VXLAN. This command will allow you to map
VLAN to VNI segment. The feature nv overlay command will enable VXLAN feature.

• Step 5:

On Spine-A and Spine-B, map VLAN 101 to the VNI segment 10101.

Tip:
Use the following commands.
Spine-A(config)# vlan 101
Spine-A(config-vlan)# vn-segment 10101
Spine-A(config-vlan)# exit

Spine-B(config)# vlan 101

Spine-B(config-vlan)# vn-segment 10101
Spine-B(config-vlan)# exit

The vn-segment command maps a VLAN to a specific VNI. This mapping is locally significant, which means that
you can have different VLAN ID on other switches. The VNI ID is the only parameter that is globally significant.

• Step 6:

On Spine-A, create the network virtualization endpoint (NVE) interface. Use the Loopback 0 interface as a source.

Tip:
Use the following commands.
Spine-A(config)# interface nve 1
Spine-A(config-if-nve)# no shutdown
Spine-A(config-if-nve)# source-interface loopback 0
 Spine-A(config-if-nve)# end

• Step 7:

Check the nve 1 interface status on Spine-A.

Tip:
Use the show nve interface command.
Spine-A# show nve interface
Interface: nve1, State: Up, encapsulation: VXLAN
VPC Capability: VPC-VIP-Only [not-notified]
Local Router MAC: 00b3.28a1.1b08
Host Learning Mode: Data-Plane
Source-Interface: loopback0 (primary: 192.168.31.1, secondary: 0.0.0.0)

The interface should be up. Now that you have the new interface, you can add VNIs to the interface.

• Step 8:

On Spine-A, add VNI 10101 to the interface. Use multicast for BUM traffic. Configure the 225.1.1.1 multicast group.

Tip:
Use the following commands.
Spine-A# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Spine-A(config)# interface nve 1
Spine-A(config-if-nve)# member vni 10101
Spine-A(config-if-nve-vni)# mcast-group 225.1.1.1
Spine-A(config-if-nve-vni)# end

• Step 9:

Repeat the same commands on Spine-B. Create the nve 1 interface. Use the Loopback 0 interface as a source.

Tip:
Use the following commands.
Spine-B(config)# interface nve 1
Spine-B(config-if-nve)# no shutdown
Spine-B(config-if-nve)# source-interface loopback 0
Spine-B(config-if-nve)# end

• Step 10:

Add VNI 10101 to the nve 1 interface. Map multicast traffic to the multicast group 225.1.1.1.

Tip:
Use the following commands.
Spine-B# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Spine-B(config)# interface nve 1
Spine-B(config-if-nve)# member vni 10101
Spine-B(config-if-nve-vni)# mcast-group 225.1.1.1
Spine-B(config-if-nve-vni)# end

• Step 11:

On Spine-A, verify the status of the NVE interface.

Tip:
Use the show nve vni command.
Spine-A# show nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP

Interface VNI Multicast-group State Mode Type [BD/VRF] Flags

--------- -------- ----------------- ----- ---- ------------------ -----
 nve1 10101 225.1.1.1 Up DP L2 [101]

You should see that the NVE that you previously configured is operational. VNI type is Layer 2. You can also the
multicast group for BUM traffic. If you performed verification on the Spine-B, you should see similar results.

• Step 12:

On Spine-A, verify that the switch has one NVE peer.

Tip:
Use the show nve peers command.
Spine-A# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 192.168.31.2 Up DP 00:00:54 n/a

On the Spine-A, you should see one NVE peer, which is Spine-B. As you can see the peer is up. So, at this point,
you have a VXLAN built over the Layer 3 cloud (in your case only a link) between Spine switches.

• Step 13:

On Leaf-A, again test connectivity to the SVI VLAN 101 of Leaf-B, which has the IP address 192.168.41.4.

Tip:
Use the ping 192.168.41.4 command.
Leaf-A# ping 192.168.41.4
PING 192.168.41.4 (192.168.41.4): 56 data bytes
36 bytes from 192.168.41.3: Destination Host Unreachable
Request 0 timed out
64 bytes from 192.168.41.4: icmp_seq=1 ttl=254 time=5.594 ms
64 bytes from 192.168.41.4: icmp_seq=2 ttl=254 time=3.324 ms
64 bytes from 192.168.41.4: icmp_seq=3 ttl=254 time=3.361 ms
64 bytes from 192.168.41.4: icmp_seq=4 ttl=254 time=3.357 ms

--- 192.168.41.4 ping statistics ---

5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 3.324/3.909/5.594 ms

Your connectivity test should now be successful (you might get Destination Host Unreachable on the first few ping
requests).

• Step 14:

Examine the MAC address table on all four devices.

Tip:
Use the following commands.
Leaf-A# show interface vlan 101
Vlan101 is up, line protocol is up, autostate enabled
Hardware is EtherSVI, address is 00b3.2ac9.1b08
Internet Address is 192.168.41.3/24
<... output omitted ...>

Leaf-B# show interface vlan 101

Vlan101 is up, line protocol is up, autostate enabled
Hardware is EtherSVI, address is 00b3.7a2f.1b08
Internet Address is 192.168.41.4/24
<... output omitted ...>

Leaf-A# show mac address-table dynamic

Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan,
(NA)- Not Applicable A – ESI Active Path, S – ESI Standby Path
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 101 00b3.28a1.1b08 dynamic NA F F Eth1/1
* 101 00b3.7a2f.1b08 dynamic NA F F Eth1/1
 * 101 00b3.fd47.1b08 dynamic NA F F Eth1/1

Spine-A# show mac address-table dynamic

Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan,
(NA)- Not Applicable A – ESI Active Path, S – ESI Standby Path
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 101 00b3.2ac9.1b08 dynamic NA F F Eth1/3
* 101 00b3.7a2f.1b08 dynamic NA F F nve1(192.168.31.2)
* 101 00b3.fd47.1b08 dynamic NA F F nve1(192.168.31.2)

You can observe that two MAC addresses were learned via nve1 overlay interface, one of them belongs to Leaf B
(00b3.7a2f.1b08).

Spine-B# show mac address-table dynamic

Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan,
(NA)- Not Applicable A – ESI Active Path, S – ESI Standby Path
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 101 00b3.28a1.1b08 dynamic NA F F nve1(192.168.31.1)
* 101 00b3.2ac9.1b08 dynamic NA F F nve1(192.168.31.1)
* 101 00b3.7a2f.1b08 dynamic NA F F Eth1/3

You can observe that two MAC addresses were learned via nve1 overlay interface, one of them belongs to Leaf A
(00b3.2ac9.1b08).

Leaf-B# show mac address-table dynamic

Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan,
(NA)- Not Applicable A – ESI Active Path, S – ESI Standby Path
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 101 00b3.28a1.1b08 dynamic NA F F Eth1/1
* 101 00b3.2ac9.1b08 dynamic NA F F Eth1/1
* 101 00b3.fd47.1b08 dynamic NA F F Eth1/1

Lab Completion Instructions

You have now completed this lab exercise.
Please click 'End Session'.

Choose 'Exit'.