Cisco BGP EVPN VXLAN- Part 1

Here is an overview of the Cisco implementation for VXLAN using BGP EVPN for distributed control-plane operations. anycast gateway, and unicast head-end replication. I am using Cisco 9396PX devices for leaf switches and Cisco 9508 chassis switches for the spine using iBGP. We’ll explore the basic setup with the leaf switches being vPC enabled, including the Border Leaf switches, while also going over a few scenarios which can blackhole traffic and how to avoid this without a OSPF adjacency between the leaf switches.

**Please note, this is an older post I am using from my old blog series and I made this in 2015, new switches and newer versions of code provide cleaner configuration and significant enhancements**

Continue reading →

Object groups in Nexus

Much like on firewalls you can create object groups in Nexus, which you can utilize when you’re implementing ACLs

object-group ip address {OBJECTNAME}

ip access-list {ACL_NAME} permit ip addrgroup {OBJECTNAME} [destination]

Makes like simple, huh? What about showing the access-list that has been configured with an object group? Well, under the show access-lists summary you won’t see this, you’ll need to “expand”

show access-lists {ACL_NAME} expanded

Cisco MST 802.1s

All Cisco switches by default have PVST+ as their spanning-tree protocol (mode). PVST+ is Cisco proprietary and, in my humble opinion, should never be used in a production environment. The alternatives are: RPVST and MST. In a basic 1-3 VLAN network with little to no knowledge of spanning-tree you should run RPVST (802.1w) and be done with it. However, if you have a lot of VLANs and/or you need to ensure you’re not over utilizing the CPU resources, you should use MST (802.1s).

Continue reading →

Find CDP traffic on your Linux box

You can use tcpdump or wireshark but if you have a Linux box handy you can install: cdpr. It makes life easy like this:

cdpr -v

Just follow the prompts for selecting the interface and wait for the cdp transmission to come through. Understand that some values, like Native VLAN, are in hexidecimal and you’ll need to convert it to decimal. Otherwise, happy hunting.