Lompat ke konten Lompat ke sidebar Lompat ke footer
Beranda / Cisco | Nexus vPC Part-1

Cisco | Nexus vPC Part-1

Oleh Hasugian Posting Komentar


N7K-01
--------
feature vpc
vrf context VPC_KA2

interface eth1/1
no switchport
vrf member VPC_KA2
ip address 10.1.1.1/30
no shutdown
exit

vpc domain 1
 peer-keepalive destination 10.1.1.2 source 10.1.1.1 vrf VPC_KA2
 peer-switch
 peer-gateway
exit
!----------
feature lacp
interface eth1/2
no shut
 channel-group 1 mode active
exit

interface eth1/3
no shut
 channel-group 1 mode active
exit

interface port-channel1
no shut
  switchport mode trunk
  spanning-tree port type adge
  vpc peer-link
exit
!---------------------
interface eth1/5
no shut
desc LINK-FW-01
 channel-group 2 force mode active
exit

interface eth1/6
no shut
desc LINK-FW-02
 channel-group 2 force mode active
exit
!
interface port-channel 2
no shut
desc LINK-FW-02
spanning-tree port type network
switchport trunk allowed vlan all
 switchport mode trunk
vpc 2
exit
!
interface eth1/4
no shut
 channel-group 3 forece mode active
 no shutdown

interface port-channel 3
no shut
 switchport mode trunk
 switchport trunk allowed vlan all
 vpc 3
 no shutdown
===============================
N7K-02
feature vpc
vrf context VPC_KA2

interface eth1/1
no switchport
vrf member VPC_KA2
ip address 10.1.1.2/30
no shutdown
exit
!
vpc domain 1
 peer-keepalive destination 10.1.1.1 source 10.1.1.2 vrf VPC_KA2
 peer-switch
 peer-gateway
exit
!----------
feature lacp
interface eth1/2
no shut
 channel-group 1 mode active
exit

interface eth1/3
no shut
 channel-group 1 mode active
exit
!
interface port-channel1
no shut
  switchport mode trunk
  spanning-tree port type adge
  vpc peer-link
exit
!---------------------
interface eth1/5
no shut
desc LINK-FW-01
 channel-group 2 force mode active
exit

interface eth1/6
no shut
desc LINK-FW-02
 channel-group 2 force mode active
exit

interface port-channel 2
no shut
desc LINK-FW-02
spanning-tree port type network
switchport trunk allowed vlan all
 switchport mode trunk
vpc 2
exit
--------------
interface eth1/4
no shut
 channel-group 3 force mode active
 no shutdown

interface port-channel 3
no shut
 switchport mode trunk
 switchport trunk allowed vlan all
 vpc 3
 no shutdown=================
IOSv-L2

hostname SW-IOS-01
interface range eth0/0-1
channel-group 2 mode active
no shutdown
exit

interface port-channel 2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan all
no shutdown
exit

vlan 10
interface range eth0/3
no shutdown
switch mode access
switch access vlan 10
exit
=========================
hostname R-INET-01
!
interface Loopback0
 ip address 10.10.10.1 255.255.255.255
exit
!
interface eth0/1
 ip address 192.168.31.10 255.255.255.0
 ip nat outside
  no shut
 exit
!
interface eth0/2
 ip address 10.5.5.1 255.255.255.252
 no shut
 exit
!
interface eth0/0
no shut
ip nat inside
 description FW-PA-01
 ip address 202.191.13.67 255.255.255.248
 standby 1 ip 202.191.13.65
 standby 1 preempt
 standby 1 version 2
no shut
!
ip route 0.0.0.0 0.0.0.0 192.168.31.2
access-list 1 permit any
!
ip nat inside source list 1 interface eth0/1 overload
!
===========================
hostname R-INET-02
!
interface Loopback0
 ip address 10.10.10.2 255.255.255.255
exit
!
interface eth0/1
 ip address 192.168.31.11 255.255.255.0
 ip nat outside
  no shut
 exit
!
interface eth0/2
 ip address 10.5.5.2 255.255.255.252
 no shut
 exit
!
interface eth0/0
no shut
ip nat inside
 description FW-PA-01
 ip address 202.191.13.66 255.255.255.248
 standby 1 ip 202.191.13.65
 standby 1 priority 90
 standby 1 preempt
 standby 1 version 2
no shut
!
ip route 0.0.0.0 0.0.0.0 192.168.31.2
access-list 1 permit any
!
ip nat inside source list 1 interface eth0/1 overload
!
------------------------------
Konfigurasi Firewall
 CATATAN: Jika Konfigurasi Link dari N7k-01 dan N7K-02 seperti ini
n7K-01

interface Ethernet1/5
  description LINK-TO FW-FG-01
  switchport access vlan 100
exit
interface Ethernet1/5
  description LINK-TO FW-FG-01
  switchport access vlan 100
exit
!
interface Vlan100
  description LINK-TO-FW-T1-01
  no shutdown
  ip address 12.12.12.2/29
  ip router ospf 1 area 0.0.0.0
  hsrp 1
    preempt
    priority 110
    ip 12.12.12.1
exit
----
interface Vlan10
  description PRODUCTION-1
  no shutdown
  ip address 10.87.10.2/29
  ip router ospf 1 area 0.0.0.0
  ip ospf passive-interface
  hsrp 1
    preempt
    priority 110
    ip 10.87.10.1
 exit
--
interface Vlan20
  description PRODUCTION-2
  no shutdown
  ip address 10.87.20.2/29
ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 1
    preempt
  priority 110
    ip 10.87.20.1
 exit

n7K-02

interface Ethernet1/5
  description LINK-TO FW-FG-01
  switchport access vlan 100
exit
interface Ethernet1/6
  description LINK-TO FW-FG-01
  switchport access vlan 100
exit
!
interface Vlan100
  description LINK-TO-FW-T1-01
  no shutdown
  ip address 12.12.12.3/29
 ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0
  hsrp 1
    preempt
    ip 12.12.12.1
 exit
--
interface Vlan10
  description PRODUCTION-1
  no shutdown
  ip address 10.87.10.2/29
  ip router ospf 1 area 0.0.0.0
ip ospf passive-interface
  hsrp 1
    preempt
   ip 10.87.10.1
 exit
--
interface Vlan20
  description PRODUCTION-2
  no shutdown
  ip address 10.87.20.3/29
  ip router ospf 1 area 0.0.0.0
  hsrp 1
  ip 10.87.20.1
 exit
Maka Konfigurasi Interface Firewall Fortigate mengarah ke LAN sbb:







VERIFIKASI:
ping p2p dari N7K-01 ke Firewall


Posting Komentar untuk "Cisco | Nexus vPC Part-1"

Posting Komentar