Cisco Nexus vPC:
The Virtual Port-Channel (vPC) feature available on Cisco Nexus switches allows you to connect a single device to two separate switches while forming a logical Port-Channel. This approach boosts redundancy, load balancing, and performance without relying on Spanning Tree Protocol.
vPC Prerequisites:
- Both Nexus switches must run the same NX-OS software version and have a consistent configuration (VLANs, STP, port-channel settings, etc.).
- Use at least two high-speed interfaces (10G or higher) for the vPC peer link. Port speed and duplex settings must match on both switches.
- Use a separate Layer 3 interface (such as a management or routed port) for the keepalive link. The recommended minimum speed is 1 Gbps.
- The keepalive link should be in a separate VRF (e.g., management) to ensure control-plane separation.
- Ensure IP reachability between the management interfaces used for the keepalive.
Steps to configure vPC:
- Enabling Features – Turn on required features (vpc and lacp) on both switches
- Keep Alive Link – Configure a management-based heartbeat between the switches
- vPC Domain – Define the vPC domain ID and set keep-alive and priority settings
- Peer Link – Establish a trunk port-channel used to exchange control information
- Member Ports – Configure the actual device-facing vPC Port-Channel
- Orphan Ports – Identify any ports that are not part of a vPC
- Downstream Device - Configure port channel on downstream device
- Verification – Confirm the vPC setup using operational commands
1. Enabling Features:
Begin by enabling the necessary functions on both Nexus switches. These include vpc and lacp, which are essential for port-channel formation and synchronization.
Nexus-1:
Nexus-1(config)# feature vpc Nexus-1(config)# feature lacp
Nexus-2:
Nexus-2(config)# feature vpc Nexus-2(config)# feature lacp
Make sure both devices are running the same NX-OS version and have aligned global configurations to avoid compatibility issues later.
2. Keep Alive Link:
The keep-alive mechanism helps both switches monitor each other’s status. This typically runs over the management network.
Nexus-1:
Nexus-1(config)# interface mgmt 0 Nexus-1(config-if)# ip address 10.1.1.1/30 Nexus-1(config-if)# no shutdown
Nexus-2:
Nexus-2(config)# interface mgmt 0 Nexus-2(config-if)# ip address 10.1.1.2/30 Nexus-2(config-if)# no shutdown
As the switches are connected through their management ports, we can check the connection by pinging the management IP of Nexus-2 from Nexus-1.
Nexus-1# ping 10.1.1.2 vrf management PING 10.1.1.2 (10.1.1.2): 56 data bytes 64 bytes from 10.1.1.2: icmp_seq=0 ttl=254 time=2.65 ms 64 bytes from 10.1.1.2: icmp_seq=1 ttl=254 time=2.278 ms 64 bytes from 10.1.1.2: icmp_seq=2 ttl=254 time=2.066 ms 64 bytes from 10.1.1.2: icmp_seq=3 ttl=254 time=2.792 ms 64 bytes from 10.1.1.2: icmp_seq=4 ttl=254 time=2.264 ms --- 10.1.1.2 ping statistics --- 5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min/avg/max = 2.066/2.409/2.792 ms Nexus-1#
Consider placing the keep-alive traffic in its own VRF for added isolation from other management functions.
3. vPC Domain:
Define a unique vPC domain ID on both switches. Also set each switch's role priority; the one with the lower value becomes primary in case of a tie.
Nexus-1:
Nexus-1(config)# vpc domain 1 Nexus-1(config-vpc-domain)# role priority 20 Nexus-1(config-vpc-domain)# peer-keepalive destination 10.1.1.2 source 10.1.1.1 vrf management
Nexus-2:
Nexus-2(config)# vpc domain 1 Nexus-2(config-vpc-domain)# role priority 30 Nexus-2(config-vpc-domain)# peer-keepalive destination 10.1.1.1 source 10.1.1.2 vrf management
Always configure the keep-alive connection before setting up the peer-link to ensure smooth domain formation.
4. Peer Link:
This is a crucial part of the vPC setup, as it carries control plane information and synchronizes state between switches. Use two or more interfaces bundled into a port-channel.
Nexus-1:
Nexus-1(config)# interface ethernet 1/1-2 Nexus-1(config-if-range)# channel-group 20 mode active Nexus-1(config-if-range)# no shutdown Nexus-1(config)# interface port-channel 20 Nexus-1(config-if)# no shutdown Nexus-1(config-if)# switchport Nexus-1(config-if)# switchport mode trunk Nexus-1(config-if)# vpc peer-link
Nexus-2:
Nexus-2(config)# interface ethernet 1/1-2 Nexus-2(config-if-range)# channel-group 20 mode active Nexus-2(config-if-range)# no shutdown Nexus-2(config)# interface port-channel 20 Nexus-2(config-if)# no shutdown Nexus-2(config-if)# switchport Nexus-2(config-if)# switchport mode trunk Nexus-2(config-if)# vpc peer-link
Always distribute peer-link connections across different line cards if available. This helps maintain availability in case of hardware failure.
5. Member Ports:
These are the actual interfaces that connect to end devices or downstream switches. They are bundled into a port-channel, which is then added to the vPC.
Nexus-1:
Nexus-1(config)# interface ethernet 1/3 Nexus-1(config-if)# channel-group 30 mode active Nexus-1(config)# interface port-channel 30 Nexus-1(config-if)# switchport Nexus-1(config-if)# switchport mode trunk Nexus-1(config-if)# vpc 30
Nexus-2:
Nexus-2(config)# interface ethernet 1/3 Nexus-2(config-if)# channel-group 30 mode active Nexus-2(config)# interface port-channel 30 Nexus-2(config-if)# switchport Nexus-2(config-if)# switchport mode trunk Nexus-2(config-if)# vpc 30
Make sure both switches have exactly the same configurations like port-channel number, port mode, and allowed VLANs so that vPC works properly without errors.
Basic vPC configuration between the Nexus switches is complete. Next, configure the downstream device to connect using a port-channel.
6. Orphan Ports:
Ports that do not participate in a vPC are known as orphan ports. These may behave differently during certain failure scenarios.
To view them:
show vpc orphan-ports
Monitor orphan ports regularly and document their purpose to avoid configuration gaps or unexpected behaviors.
7. Configuring the Downstream Switch:
To complete the vPC setup, configure the downstream switch (SW01) to form a Port-Channel towards the Nexus pair. This ensures link redundancy and load balancing.
SW01 Configuration:
SW01(config)# interface range ethernet 0/1 - 2 SW01(config-if-range)# channel-group 30 mode active Creating a port-channel interface Port-channel 30 SW01(config-if-range)# no shutdown SW01(config)# interface port-channel 30 SW01(config-if)# switchport trunk encapsulation dot1q SW01(config-if)# switchport mode trunk
Ensure each physical link in the Port-Channel connects to a different Nexus switch to benefit from vPC's redundancy.
8. Verification:
Once the setup is complete, confirm that the vPC is functioning as expected:
Nexus-1 vPC status:
Nexus-1# show vpc role
vPC Role status
----------------------------------------------------
vPC role : primary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:01
vPC system-priority : 32667
vPC local system-mac : 50:02:00:00:1b:08
vPC local role-priority : 20
vPC local config role-priority : 20
vPC peer system-mac : 50:03:00:00:1b:08
vPC peer role-priority : 30
vPC peer config role-priority : 30
Nexus-1#
Nexus-1# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po20 up 1
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
30 Po30 up success success 1
Please check "show vpc consistency-parameters vpc " for the
consistency reason of down vpc and for type-2 consistency reasons for
any vpc.
Nexus-1#
Nexus-2# show vpc role
vPC Role status
----------------------------------------------------
vPC role : secondary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:01
vPC system-priority : 32667
vPC local system-mac : 50:03:00:00:1b:08
vPC local role-priority : 30
vPC local config role-priority : 30
vPC peer system-mac : 50:02:00:00:1b:08
vPC peer role-priority : 20
vPC peer config role-priority : 20
Nexus-2# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po20 up 1
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
30 Po30 up success success 1
Please check "show vpc consistency-parameters vpc " for the
consistency reason of down vpc and for type-2 consistency reasons for
any vpc.
Nexus-2#
This command provides a summary of vPC status, including peer state, role, and consistency information.
Summary:
feature vpc feature lacp interface mgmt 0 ip address 10.1.1.1/30 no shutdown vpc domain 1 role priority 20 peer-keepalive destination 10.1.1.2 source 10.1.1.1 vrf management interface ethernet 1/1-2 channel-group 20 mode active no shutdown interface port-channel 20 no shutdown switchport switchport mode trunk vpc peer-link interface ethernet 1/3 channel-group 30 mode active interface port-channel 30 switchport switchport mode trunk vpc 30 end
feature vpc feature lacp interface mgmt 0 ip address 10.1.1.2/30 no shutdown vpc domain 1 role priority 30 peer-keepalive destination 10.1.1.1 source 10.1.1.2 vrf management interface ethernet 1/1-2 channel-group 20 mode active no shutdown interface port-channel 20 no shutdown switchport switchport mode trunk vpc peer-link interface ethernet 1/3 channel-group 30 mode active interface port-channel 30 switchport switchport mode trunk vpc 30 end
interface range ethernet 0/0 - 1 channel-group 30 mode active no shutdown interface port-channel 30 switchport trunk encapsulation dot1q switchport mode trunk end