CCIE DC – 1.1.a Link Aggregation – Virtual Port Channel Example

October 2, 2018 at 11:18 pm

This post examines a sample configuration of a virtual port channel. This port channel is created between two Nexus 7K systems and downstream Nexus 5K systems. This is part of the link aggregation section of the exam requirements in CCIE Data Center. Below is the diagram you can use for reference in this example. We will only demonstrate the config of a single VPC peer since the other peer is simply a mirror of this configuration.

Virtual Port Channel

Our previous post on this subject focused on the configuration steps. You can find it here:

The Configuration

First, we will prepare the vPC keepalive link for this scenario. Do not be thrown off by the name of our VRF. This configuration does not technically fall under the vPC config (yet!).

N7K-A# configure terminal
N7K-A(config)#  vrf context VPC-KEEPALIVE
N7K-A(config-vrf)# interface ethernet 3/18
N7K-A(config-if)# no switchport
N7K-A(config-if)# vrf member VPC-KEEPALIVE
Warning: Deleted all L3 config on interface Ethernet3/18
N7K-A(config-if)# ip addr

Next, we will configure the vPC domain (after enabling the feature of course) and configure the peer-keepalive link we prepped.

N7K-A(config)# feature vpc
N7K-A(config)# vpc domain 10
N7K-A(config-vpc-domain)# peer-keepalive destination source vrf VPC-KEEPALIVE

Now, we configure a port channel between our vPC peers and configure it as the vPC peer link.

N7K-A(config-vpc-domain)# interface ethernet 3/16-17
N7K-A(config-if)# channel-group 10
N7K-A(config-if)# interface port-channel 10
N7K-A(config-if)# vpc peer-link

Next, we will head down to the N5K and configure a “plain ole” LACP port channel.

N5K-A# config t
N5K-A(config)# feature lacp
N5K-A(config)# int e 1/1-2
N5K-A(config-if-range)# channel-group 201 mode active

Now, it is time to configure the vPC on the N7K.

N7K-A(config-if)# feature lacp
N7K-A(config)# interface e 3/21
N7K-A(config-if)# channel-group 201 mode active
N7K-A(config-if)# int port-channel 201
N7K-A(config-if)# vpc 201

The Verification

You should note that you can and should perform verifications as you go along here. For example, you can verify reachability, check the port channels that are configured, and watch the progress of the vPC as you configure it. For brevity here, we will just end this post and this example with our critical show vpc command.

N7K-A(config-if)# show vpc brief
     (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                          : 10
Peer status                            : peer adjacency formed ok
vPC keep-alive status                  : peer is alive
Configuration consistency status       : success
Per-vlan consistency status            : success
Type-2 consistency status              : success
vPC role                               : secondary
Number of vPCs configured              : 1
Peer Gateway                           : Disabled
Dual-active excluded VLANs and BDs     : -
Graceful Consistency Check             : Enabled
Auto-recovery status                   : Enabled (timeout = 240 seconds)
Operational Layer3 Peer-router         : Disabled
Self-isolation                         : Disabled

vPC Peer-link status
id Port Status  Active vlans Active BDs
-- ---- ------ -------------------------------------------------------------
1  Po10 up      1,12 -

vPC status
id     Port        Status Consistency  Active VLANs
----- ------------ ------ ----------- ----------------
201    Po201       up      success     1,12

For even more information – check out this Cisco documentation at
Pearson Education (InformIT)

CCIE DC Written – 1.1.a Link Aggregation – LACP

September 20, 2018 at 2:05 am


Here are some Nexus facts to keep in mind:

  • With LACP, you can bundle up to 16 interfaces in a channel group. If the channel group has more than 8 interfaces, the remaining interfaces are in hot standby for the port channel associated with this channel group on the M-series modules.
  • From Cisco NX-OS Release 5.1, you can bundle up to 16 active links into a port channel on the F-series module.
  • When you delete the port channel, the software automatically deletes the associated channel group. All member interfaces revert to their original configuration.
  • You cannot disable LACP while any LACP configurations are present.
  • When you run static port channels with no aggregation protocol, the channel mode is always set to on.

Of course, you must globally enable LACP before you can use it on the Nexus device. There are two modes:

  • Passive – responds to negotiations, but does not initiate them – sounds like me at the High School dance
  • Active – initiates negotiations

Starting at 4.2(3) – Cisco introduced some LACP compatibility enhancements as follows:

  •  When a Cisco Nexus device is connected to a non-Nexus peer, its graceful failover defaults may delay the time taken for a disabled port to be brought down or cause traffic from the peer to be lost. To address these conditions, the lacp graceful-convergence command was added.
  • By default, LACP sets a port to the suspended state if it does not receive an LACP PDU from the peer. In some cases, although this feature helps in preventing loops created due to misconfigurations, it can cause servers to fail to boot up because they require LACP to logically bring up the port. You can put a port into an individual state by using the lacp suspend-individual command.

Starting with Release 5.1 Cisco introduced the Minimum Links feature as well as MaxBundle. The Minimum Links feature allows you to:

  • Configure the min number of links that must be in the bundle
  • Prevent low bandwidth LACP bundles from becoming available
  • Causes the port channel to go inactive if the required min bandwidth is not available

MaxBundle allows:

  • Upper limit on ports that are bundled
  • Allows the designation of ports as hot standby

Basic Configuration

  • Use feature lacp to enable the feature
  • Create the port channel interface with interface port-channel 10, use the switchport command in the interface
  • Add a Layer 2 interface to the port channel with switchport followed by channel-group 10 mode passive


Evolving Technologies 1.1 Free Study Resources – Web Links

May 6, 2018 at 9:52 pm

Evolving Technologies

Here are more excellent free resources for your pursuit of the new objectives effective August 30, 2018.


Evolving Technologies Study Guide

Cisco Cloud Overview

Cisco Cloud Blogs

Cloud Security Alliance

Cloud Security Webinar

NIST Cloud Tutorial

Workload Portability – Presentation

Service Containers – Cisco Blog

SD-WAN Overview

Cisco NFV Infrastructure – Report

Migrate Applications to AWS with Cisco CloudCenter – Video

DNA Center: Base Automation – Webinar

Kubernetes Rising – Cisco Blog

Network Programmability

Simplify and Automate the Virtualized Environment – White Paper

Virtual Topology System: Build an Agile and Programmable Data Center

SDN Recorded Seminars

Simplify by Automating and Orchestrating SDN Solutions

Internet of Things

IoT Networking

Cisco IoT System

Internet of Everything – PDF Library

IoT Security

Cisco Kinetic for Industries

Cisco Kinetic Unlocks the Power of Your IoT Data – Cisco Blog

Evolving Technologies 1.1 Free Study Resources – Cisco Live Presentations

May 5, 2018 at 1:32 pm

Evolving Technologies

Here are the free Cisco Live presentation resources for the August 30, 2018 update (1.1) to the Evolving Technologies section of the Expert Level written exams.


BRKCCIE-3352 – The Next-Generation CCIE

TNKCLD-1004 – From Convergence to Cloud

BSOGEN-1002 – Cloud Security Lessons Learned

BRKCLD-2000 – Cloud Types and Security – What They Mean to You and Your Company

BRKSEC-2404 – Effective Cloud Security Made Simple – Cloud Security Reimagined with Cloudlock

BRKCLD-2008 – Multi-Cloud and Application Centric Modeling, Deployment and Management with Cisco CloudCenter

DEVNET-1179 – Migrating Cloud Applications with CloudCenter

BRKSDN-2115 – Introduction to Containers and Container Networking

BRKCRS-3811 – Cisco SD-Access – Policy Driven Manageability

BRKNMS-2309 – Introduction to NFV Orchestration Using ETSI Standard

DEVNET-1198 – CloudCenter for Developers

DEVNET-1651 – Hybrid Cloud Automation using Cisco CloudCenter API

BRKCLD-2235 – Deploy a Hybrid, Multi-Cloud Container Environment in Less than an Hour

BRKCLD-2091 – Introduction to Kubernetes on UCS

BRKNMS-2031 – APIC-EM: Evolution from Traditional Management to SDN-Led, Policy-Based Automation

SOLCLD-2012 – Journey to an Agile Cloud Infrastructure with Open Source

BRKDCN-2390 – Kubernetes Container Networking

Network Programmability

BRKDEV-2003 – Programming the Network: Let’s Get Started

BRKRST-2051 – SDN – From Concepts to Reality

BRKSDN-1903 – A Model-Driven Approach to Software Defined Networks with Yang, Netconf/Restconf

BRKNMS-2030 – Onboard Automation with Cisco IOS Embedded Event Manager

BRKRST-1014 – Introduction to Software-Defined Networking (SDN) and Network Programmability

BRKCDN-1005 – Better Network Management Through Network Programmability

Internet of Things

BRKSPM-2007 – Cisco IoT in a 5G World

BRKCRS-2116 – Know How to Deploy Enterprise IoT with Your Catalyst Switches

BRKIOT-2113 – Internet of Things for the Enterprise

BRKCRS-2444 – The Internet of Things: An Architectural Foundation and Its Protocols

BRKIOT-2020 – The Evolution from Machine-to-Machine (M2M) to the Internet of Everything: Technologies and Standards

BRKIOT-2115 – Industrial Security: IT vs. OT Deployment Practices

SOLSEC-1004 – Securing the IoT

BRKIOT-2112 – Architecting Security for the Internet of Things

BRKIOT-1432 – Cisco Kinetic – The Horizontal IoT Data Platform

DEVNET-1068 – Introduction to Developing for Cisco Kinetic – Data Control Module

BRKIOT-2129 – Understanding and Troubleshooting Edge and Fog Fabric Solution

Evolving Technologies Section to Change On August 30, 2018!

May 3, 2018 at 12:09 pm

Evolving Technologies

As promised, the Evolving Technologies section that all expert-level Cisco Certification written exams share will get an update. The version number moves from 1.0 to 1.1. The three major domains remain exactly the same – Cloud, Programmability, and IoT. It is what is covered inside those domains that change.

In this post, I share the new objectives. I will be back tomorrow with your verified list of resources to prep for them!

Here are the new objectives:

A.1    Cloud

A.1.a        Compare and contrast public, private, hybrid, and multi-cloud design considerations
A.1.a.i      Infrastructure, platform, and software as a service (XaaS)
A.1.a.ii      Performance, scalability, and high availability
A.1.a.iii    Security implications, compliance, and policy
A.1.a.iv    Workload migration

A.1.b        Describe cloud infrastructure and operations
A.1.b.i      Compute virtualization (containers and virtual machines)
A.1.b.ii      Connectivity (virtual switches, SD-WAN and SD-Access)
A.1.b.iii      Virtualization functions (NFVi, VNF, and L4/L1)
A.1.b.iv      Automation and orchestration tools (cloud center, DNA-center, and Kubernetes)

A.2 Network Programmability

A.2.a Describe architectural and operational considerations for a programmable network
A.2.a.i Data models and structures (YANG, JSON and XML)
A.2.a.ii Device programmability (gRPC, NETCONF and RESTCONF)
A.2.a.iii Controller based network design (policy driven configuration and northbound/ southbound APIs)
A.2.a.iv Configuration management tools (agent and agent-less) and version control systems (Git and SVN)

A.3 Internet of Things

A.3.a Describe architectural framework and deployment considerations for Internet of Things (IoT)
A.3.a.i IoT technology stack (IoT Network Hierarchy, data acquisition and flow)
A.3.a.ii IoT standards and protocols (characteristics within IT and OT environment)
A.3.a.iii IoT security (network segmentation, device profiling, and secure remote access)
A.3.a.iv IoT edge and fog computing (data aggregation and edge intelligence)