UC Valley: Implement Cisco OTV between DC1 and DC2

You must now perform Cisco Data Center Interconnect (DCI) DC1 between DC2. The WAN core is enabled for multicast. During this task, you will make that DC2-N7K-1,DC2-N7K-3,and DC2-N7K-4 are configured appropriately to support OTV in DC2.

VLAN 4001 and VLAN 4002 must be extended between DC1 and DC2. All other VLANs will stay local to the data center. Do not create additional VLANs for this task. You are allowed to use any multicast address range to archive the task.

The RP address is 20.0.0.1. PIM spares mode is running in the WAN core

In Data Center 1, Perform these tasks:

On the layer 2 trunk port between DC1-N7K-1(E4/9) and DC1-N7K-3(E4/1), only allow VLANs that must be extended
On the layer 2 trunk port between DC1-N7K-2(E4/2) and DC1-N7K-4(E4/28), only allow VLANs that must be extended
Use the loopback 0 address as the router ID. 4.Use VLAN 90 as the site VLAN.

In Data Center 2, Perform these tasks:

1.On the layer 2 trunk port between DC2-N7K-1(E4/12) and DC2-N7K-3(E4/20), only allow VLANs that must be extended 2.Use VLAN 90 as the site VLAN.

After completing these infrastructure tasks, configure the necessary DCI tasks

DC1-N7K-3(config)# feature pim

DC1-N7K-3(config)# ip pim rp-address 20.0.0.1

DC1-N7K-4(config-if)# ip igmp version 3 DC1-N7K-4(config-if)#

DC1-N7K-1(config)# feature otv DC1-N7K-1(config)# int e4/11

DC1-N7K-1(config-if)# ip igmp version 3 DC1-N7K-1(config-if)# exit

DC1-N7K-1(config)# otv site-vlan 90

DC1-N7K-1(config-site-vlan)# otv site-identifier 0x1

% Site Identifier mismatch will prevent overlays from forwarding traffic. DC1-N7K-1(config)# interface overlay 0

DC1-N7K-1(config-if-overlay)# otv join-interface e4/11

OTV needs join interfaces to be configured for IGMP version 3 DC1-N7K-1(config-if-overlay)# otv control-group 239.1.1.1 DC1-N7K-1(config-if-overlay)# otv data-group 232.1.1.0/24 DC1-N7K-1(config-if-overlay)# otv extend-vlan 401,402

// use " otv extend-vlan 4001,4002" in real lab DC1-N7K-1(config-if-overlay)# no shutdown

ip access-list ALL_IPs permit ip any any

mac access-list ALL_MACs permit any any

ip access-list HSRP_IP

permit udp any 224.0.0.2/32 eq 1985 permit udp any 224.0.0.102/32 eq 1985

mac access-list HSRP_VMAC

permit 0000.0c07.ac00 0000.0000.00ff any permit 0000.0c9f.f000 0000.0000.0fff any

arp access-list HSRP_VMAC_ARP

deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00 deny ip any mac 0000.0c9f.f000 ffff.ffff.f000 permit ip any mac any

vlan access-map HSRP_Localization 10 match mac address HSRP_VMAC match ip address HSRP_IP

action drop

vlan access-map HSRP_Localization 20 match mac address ALL_MACs

match ip address ALL_IPs

action forward

feature dhcp

ip arp inspection filter HSRP_VMAC_ARP vlan 401,402 vlan filter HSRP_Localization vlan-list 401,402

// use the following two command in real lab

"ip arp inspection filter HSRP_VMAC_ARP vlan 4001,4002 vlan filter HSRP_Localization vlan-list 4001,4002"

mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00 mac-list OTV_HSRP_VMAC_deny seq 11 deny 0000.0c9f.f000 ffff.ffff.f000 mac-list OTV_HSRP_VMAC_deny seq 20 permit 0000.0000.0000

0000.0000.0000

route-map OTV_HSRP_filter permit 10

match mac-list OTV_HSRP_VMAC_deny

otv-isis default vpn Overlay0

redistribute filter route-map OTV_HSRP_filter

DC1-N7K-2(config)# feature otv DC1-N7K-2(config)# int e4/4

DC1-N7K-2(config-if)# ip igmp version 3 DC1-N7K-2(config-if)# exit

DC1-N7K-2(config)# otv site-vlan 90

DC1-N7K-2(config-site-vlan)# otv site-identifier 0x01

% Site Identifier mismatch will prevent overlays from forwarding traffic. DC1-N7K-2(config)# int overlay 0

DC1-N7K-2(config-if-overlay)# otv join-interface e4/4

OTV needs join interfaces to be configured for IGMP version 3 DC1-N7K-2(config-if-overlay)# otv control-group 239.1.1.1 DC1-N7K-2(config-if-overlay)# otv data-group 232.1.1.0/24 DC1-N7K-2(config-if-overlay)# otv extend-vlan 401,402

// use " otv extend-vlan 4001,4002" in real lab DC1-N7K-2(config-if-overlay)# no shutdown

DC1-N7K-2(config-if-overlay)#

ip access-list ALL_IPs permit ip any any

mac access-list ALL_MACs permit any any

ip access-list HSRP_IP

permit udp any 224.0.0.2/32 eq 1985 permit udp any 224.0.0.102/32 eq 1985

mac access-list HSRP_VMAC

permit 0000.0c07.ac00 0000.0000.00ff any permit 0000.0c9f.f000 0000.0000.0fff any

arp access-list HSRP_VMAC_ARP

deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00 deny ip any mac 0000.0c9f.f000 ffff.ffff.f000 permit ip any mac any

vlan access-map HSRP_Localization 10 match mac address HSRP_VMAC

match ip address HSRP_IP

action drop

vlan access-map HSRP_Localization 20 match mac address ALL_MACs match ip address ALL_IPs

action forward

feature dhcp

ip arp inspection filter HSRP_VMAC_ARP vlan 401,402 vlan filter HSRP_Localization vlan-list 401,402

// use the following two command in real lab

"ip arp inspection filter HSRP_VMAC_ARP vlan 4001,4002 vlan filter HSRP_Localization vlan-list 4001,4002"

mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00

mac-list OTV_HSRP_VMAC_deny seq 11 deny 0000.0c9f.f000 ffff.ffff.f000 mac-list OTV_HSRP_VMAC_deny seq 20 permit 0000.0000.0000

0000.0000.0000

route-map OTV_HSRP_filter permit 10 match mac-list OTV_HSRP_VMAC_deny

otv-isis default vpn Overlay 0

redistribute filter route-map OTV_HSRP_filter

Device Name	Ports	Type
DC2-N7K-1	e4/10,e4/12,e4/14,e4/16	ethernet
DC2-N7K-3	E4/18,E4/20,E4/22,E4/24	ethernet

DC1-N7K-1(config)# no vdc Dc1-N7K-2
DC1-N7K-1(config)# no vdc Dc1-N7K-4 DC1-N7K-1(config)# vdc Dc2-N7K-1 DC1-N7K-1(config)# vdc Dc2-N7K-3

DC1-N7K-1(config-vdc)# vdc dc2-N7K-1

DC1-N7K-1(config-vdc)# limit-resource module-type f1 m1xl

This will cause all ports of unallowed types to be removed from this vdc. Continue (y/n)? [yes]

DC1-N7K-1(config-vdc)# allocate interface e4/10,e4/12,e4/14,e4/16

Moving ports will cause all config associated to them in source vdc to be removed. Are you sure you want to move the ports (y/n)? [yes]

DC1-N7K-1(config-vdc)# vdc dc2-N7K-3

DC1-N7K-1(config-vdc)# limit-resource module-type f1 m1xl

This will cause all ports of unallowed types to be removed from this vdc. Continue (y/n)? [yes]

DC1-N7K-1(config-vdc)# allocate interface e4/18,e4/20,e4/22,e4/24

Moving ports will cause all config associated to them in source vdc to be removed. Are you sure you want to move the ports (y/n)? [yes]

DC1-N7K-1# switchto vdc dc2-N7K-1

DC2-N7K-1# conf t

Enter configuration commands, one per line. End with CNTL/Z. DC2-N7K-1(config)#

DC2-N7K-1(config)# int mgmt 0

DC2-N7K-1(config-if)# ip address 10.1.1.32/24 DC2-N7K-1(config-if)# no shutdown

DC2-N7K-1(config)#end DC2-N7K-1#switchback

DC1-N7K-1# switchto vdc dc2-N7K-3

DC2-N7K-3# conf t

Enter configuration commands, one per line. End with CNTL/Z. DC2-N7K-3(config)#

DC2-N7K-3(config)# int mgmt 0

DC2-N7K-3(config-if)# ip address 10.1.1.34/24 DC2-N7K-3(config-if)# no shutdown

DC2-N7K-3(config)#end DC2-N7K-3#switchback

DC2-N7K-1(config)# vlan 90

DC2-N7K-1(config-vlan)# name dci-site

DC2-N7K-1(config-vlan)# vlan 401 //use vlan 4001 in real lab DC2-N7K-1(config-vlan)# name dci-data1

DC2-N7K-1(config-vlan)# vlan 402 //use vlan 402 in real lab DC2-N7K-1(config-vlan)# name dci-data2

DC2-N7K-1(config-if)# int e4/12 DC2-N7K-1(config-if)# switchport

DC2-N7K-1(config-if)# sw mode trunk

DC2-N7K-1(config-if)# sw trunk native vlan 1

DC2-N7K-1(config-if)# sw trunk allowed vlan 90,401,402

//use " sw trunk allowed vlan 90,4001,4002" in real lab DC2-N7K-1(config-if)# no shutdown

DC2-N7K-3(config-vlan)# vlan 401 //use vlan 4001 in real lab DC2-N7K-3(config-vlan)# name dci-data1

DC2-N7K-3(config-vlan)# vlan 402 //use vlan 402 in real lab DC2-N7K-3(config-vlan)# name dci-data2

DC2-N7K-3(config)# int e4/20 DC2-N7K-3(config-if)# switchport

DC2-N7K-3(config-if)# sw mode trunk

DC2-N7K-3(config-if)# sw trunk native vlan 1

DC2-N7K-3(config-if)# sw trunk allowed vlan 90,401,402

//use " sw trunk allowed vlan 90,4001,4002" in real lab DC2-N7K-3(config-if)# no shutdown

--------------------------------------------------------------------------------------------------

DC2-N7K-3(config)# feature bfd DC2-N7K-3(config)# feature eigrp DC2-N7K-3(config)# int lo0

DC2-N7K-3(config-if)# ip address 10.0.2.3/32 DC2-N7K-3(config-if)# no shutdown

DC2-N7K-3(config-if)# no switchport DC2-N7K-3(config-if)#interface e4/22

DC2-N7K-3(config-if)# ip address 10.4.1.9/30 DC2-N7K-3(config-if)# no shutdown

DC2-N7K-3(config-if)# mtu 9100 DC2-N7K-3(config-if)# no ip redirects

DC2-N7K-3(config-if)# no ipv6 redirects

DC2-N7K-3(config-if)# ping 10.4.1.10

PING 10.4.1.10 (10.4.1.10): 56 data bytes

36 bytes from 10.4.1.9: Destination Host Unreachable Request 0 timed out

64 bytes from 10.4.1.10: icmp_seq=1 ttl=254 time=1.167 ms 64 bytes from 10.4.1.10: icmp_seq=2 ttl=254 time=2.01 ms

64 bytes from 10.4.1.10: icmp_seq=3 ttl=254 time=2.066 ms 64 bytes from 10.4.1.10: icmp_seq=4 ttl=254 time=2.154 m

DC2-N7K-3(config)# int e4/24

DC2-N7K-3(config-if)# no switchport

DC2-N7K-3(config-if)# ip address 10.4.1.21/30 DC2-N7K-3(config-if)# no shutdown

DC2-N7K-3(config-if)# no ip redirects DC2-N7K-3(config-if)# no ipv6 redirects DC2-N7K-3(config-if)#

DC2-N7K-3(config-if)# ping 10.4.1.22

PING 10.4.1.22 (10.4.1.22): 56 data bytes

36 bytes from 10.4.1.21: Destination Host Unreachable

Request 0 timed out

64 bytes from 10.4.1.22: icmp_seq=1 ttl=254 time=1.062 ms 64 bytes from 10.4.1.22: icmp_seq=2 ttl=254 time=0.847 ms 64 bytes from 10.4.1.22: icmp_seq=3 ttl=254 time=0.753 ms 64 bytes from 10.4.1.22: icmp_seq=4 ttl=254 time=0.828 ms

DC2-N7K-3(config-if)# router eigrp 1

DC2-N7K-3(config-router)# ROUter-id 10.0.2.3

DC2-N7K-3(config-router)# AUTOnomous-system 1 DC2-N7K-3(config-router)# bfd

DC2-N7K-3(config-router)# int e4/22,e4/24 DC2-N7K-3(config-if-range)# ip router eigrp 1

DC2-N7K-3(config)# feature interface-vlan DC2-N7K-3(config)# int vlan 401

DC2-N7K-3(config-if)# ip address 10.2.41.252/24

DC2-N7K-3(config-if)# no shutdown

DC2-N7K-3(config-if)# int vlan 402

DC2-N7K-3(config-if)# ip address 10.2.42.252/24 DC2-N7K-3(config-if)# no shutdown

DC2-N7K-3(config-if)#

DC2-N7K-3(config)# feature pim

DC2-N7K-3(config)# ip pim rp-address 20.0.0.1 DC2-N7K-3(config)#

DC2-N7K-3(config)# int e4/22

DC2-N7K-3(config-if)# ip pim sparse-mode DC2-N7K-3(config-if)# int e4/24

DC2-N7K-3(config-if)# ip pim sparse-mode

DC2-N7K-3(config-if)# ip igmp version 3

DC2-N7K-1(config)# feature bfd DC2-N7K-1(config)# feature eigrp DC2-N7K-1(config)# int lo0

DC2-N7K-1(config-if)# ip address 10.0.2.1/32 DC2-N7K-1(config-if)# no shutdown

DC2-N7K-1(config-if)# int e4/10 DC2-N7K-1(config-if)# no switchport

DC2-N7K-1(config-if)# ip address 10.4.1.22/30 DC2-N7K-1(config-if)# no shutdown

DC2-N7K-1(config-if)# no ip redirects

DC2-N7K-1(config-if)# no ipv6 redirects DC2-N7K-1(config)# router eigrp 1

DC2-N7K-1(config-router)# router-id 10.0.2.1

DC2-N7K-1(config-router)# autonomous-system 1 DC2-N7K-1(config-router)# bfd

DC2-N7K-1(config-router)# DC2-N7K-1(config-router)#

DC2-N7K-1(config-router)# int e4/10 DC2-N7K-1(config-if)# ip router eigrp 1

DC2-N7K-1(config-if)# feature otv DC2-N7K-1(config-if)# int e4/10

DC2-N7K-1(config-if)# ip igmp version 3 DC2-N7K-1(config)# otv site-vlan 90

DC2-N7K-1(config-site-vlan)# otv site-identifier 0x02

% Site Identifier mismatch will prevent overlays from forwarding traffic. DC2-N7K-1(config)# interface overlay 0

DC2-N7K-1(config-if-overlay)# otv join-interface e4/10

OTV needs join interfaces to be configured for IGMP version 3 DC2-N7K-1(config-if-overlay)# otv control-group 239.1.1.1 DC2-N7K-1(config-if-overlay)# otv data-group 232.1.1.0/24 DC2-N7K-1(config-if-overlay)# otv extend-vlan 401,402

//use "otv extend-vlan 4001,4002" in real lab DC2-N7K-1(config-if-overlay)# no shutdown

DC2-N7K-1(config-if-overlay)#

ip access-list ALL_IPs permit ip any any

mac access-list ALL_MACs permit any any

ip access-list HSRP_IP

permit udp any 224.0.0.2/32 eq 1985 permit udp any 224.0.0.102/32 eq 1985

mac access-list HSRP_VMAC

permit 0000.0c07.ac00 0000.0000.00ff any permit 0000.0c9f.f000 0000.0000.0fff any

arp access-list HSRP_VMAC_ARP

deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00 deny ip any mac 0000.0c9f.f000 ffff.ffff.f000 permit ip any mac any

vlan access-map HSRP_Localization 10 match mac address HSRP_VMAC match ip address HSRP_IP

action drop

vlan access-map HSRP_Localization 20 match mac address ALL_MACs match ip address ALL_IPs

action forward

feature dhcp

ip arp inspection filter HSRP_VMAC_ARP vlan 401,402 vlan filter HSRP_Localization vlan-list 401,402

// use the following two command in real lab

"ip arp inspection filter HSRP_VMAC_ARP vlan 4001,4002

vlan filter HSRP_Localization vlan-list 4001,4002"

mac-list OTV_HSRP_VMAC_deny seq 10 deny 0000.0c07.ac00 ffff.ffff.ff00 mac-list OTV_HSRP_VMAC_deny seq 11 deny 0000.0c9f.f000 ffff.ffff.f000 mac-list OTV_HSRP_VMAC_deny seq 20 permit 0000.0000.0000

0000.0000.0000

route-map OTV_HSRP_filter permit 10 match mac-list OTV_HSRP_VMAC_deny

otv-isis default vpn Overlay 0

redistribute filter route-map OTV_HSRP_filter
$Description: C:\Users\WanJinzhou\AppData\Roaming\Tencent\Users\200756582\QQ\WinTemp\RichOle\642@QYS8J[C``8J9RR%XQPV.png$

UC Valley

Thursday 2 June 2016

Implement Cisco OTV between DC1 and DC2

--------------------------------------------------------------------------------------------------

No comments:

Post a Comment