Archive for March, 2009

Nexus 7000 Virtual Portchannel Part 2

Monday, March 30th, 2009

Wow, last week I was swamped preparing for a domestic MPLS migration in India (more on that later). I wanted to post this sooner…

In Part 1 of configuring virtual port channels on the Nexus, I talked about what may be needed to enable the vpc feature. Here’s a continuation of the process.

Between your two nexus boxes, you’re going to have a vpc peer link and a vpc peer keep-alive link. Without the keep-alive link, your vpc peer link wont come up.

Cisco vpc config guide

See Diagram


! Again, the first thing you want to do is enable vpc

Nexus1(config)# feature vpc

The vpc peer link between switches is going to be your traditional layer 2 trunk. There are some other minor configurations you will need regarding your vpc peer link.


Nexus 7000 Virtual Portchannel Part 1

Monday, March 16th, 2009

This past week, I configured our 2 Nexus 7000 boxes to take advantage of the new Virtual Portchannel (vPC) feature.

Here’s some info on this feature ::

Config Guide

If you read my article about VSS technology, then the benefits with virtual portchannels are pretty much the same. One major difference is that the two Nexus boxes are still very much separate unlike using VSS. You still no longer need to worry about Spanning-tree. One thing that wont change from how you are probably doing things today is the HSRP configuration. You will still have your active and standby HSRP devices. The trick here is that when you dual home to the distribution, you use only one portchannel at the access side. Your access switch will dynamically load balance across both links using standard portchannel load balancing algorithms. The thing to remember is that packets received by the standby HSRP device are actually forwarded. So in a sense, you have a “active-active” HSRP state in the background.


Book Review – CCENT Network Simulator

Friday, March 13th, 2009

CCENT network simulator


Well, the days of using the Boson network simulator for your CCNA studies is over (thankfully!). I have used simulators quite often over the years and have had mixed feelings about them. I think the new CCENT network simulator will surprise a lot of people out there with mixed feelings about using simulators. You have to remember that simulators are scripted and pretty linear so don’t expect to be able to configure your own network scenarios and use any IOS command you can think of. The purpose of this simulator is to provide hands-on practice being able to master all the objectives on the CCNA exam. It simply runs from your PC once installed.


Cisco Virtual Switching Systems (VSS)

Monday, March 9th, 2009

Last week I converted our new distribution to VSS. If you haven’t heard anything about Cisco VSS yet, you should check it out. VSS is used on the 6500 chassis if you have the new VS-S720-10G-3C supervisor. The concept of VSS is pretty easy to understand. If you are familiar with stacking 3750 switches, you will understand VSS. Basically, you take two 6500s and make them look like only a single switch to anything that connects to them.

Some reasons to use VSS are to get rid of spanning-tree between the distribution and access layers. You also no longer need to use HSRP. For example, an access switch connecting to your distribution would usually be dual-homed, meaning connecting to two separate distribution switches. With spanning-tree, in most cases, one of the uplinks will be unused for a given vlan. That means if you use 10 Gig uplinks, one is unused and only for redundancy (you can balance vlans to even things out, but that has to be configured). With VSS your access switch would have only one port channel that would actually connect to both distribution switches. From the perspective of the access switch, it’s only connecting to a single switch (even though it’s physically two separate switches). Since we only have one port-channel to the distribution, HSRP or VRRP is not needed. One vlan IP is assigned to the VSS distribution switch, and clients use that as default gw. Load balancing across links is done using the traditional etherchannel hashing algorithm.

Check out


Book Review – CCNA Security Cert Flash Cards Online

Monday, March 2nd, 2009

CCNA Security flash cards online

Continuing my recent trend of reviewing some of the new CCNA material, my friends over at Pearson were kind enough to let me review the new online flash cards for the CCNA Security exam.


The first thing I want to point out is that this material is online only, so don’t expect to receive a printed copy. Unlike the CCNx flash cards of the past, this is online based which is the best way to go. The flash cards cover the exam blueprint objectives of the CCNA Security 640-553 exam.

Exam blueprint link