Differences

This shows you the differences between two versions of the page.

--- cisco:switch:9500:cisco_catalyst_9500_series_manual [2025/01/15 12:50] – aperez
+++ cisco:switch:9500:cisco_catalyst_9500_series_manual [2025/09/11 01:08] (current) – aperez
@@ Line 7: / Line 7: @@
 ----
-Switch#**show interfaces status**
+  Switch#show running-config interface Port-channel2
-Switch#**show mac address-table**
+  Switch#show interfaces status
+  Switch#show mac address-table
+  Switch#show ip igmp snooping
+  Switch#show lldp
+  Switch#show lldp neighbors
+  Switch#show lldp neighbors detail
+  Switch#show system mtu
+  Switch#show platform hardware capacity
+  Switch#show interfaces | include MTU
+  Switch#show running-config |  begin TwentyFiveGigE1/0/1
+----
+On the **Cisco switch**, you need to edit the interface, then use the command
+-**fec off**
+On the **Aruba switch**, you need to edit the interface, then use the command
+-**error-control none**
 ----
 **{{ :cisco:switch:9500:1dc4bfad-7c8a-4b86-aa6e-bd3bd2d46fbe.pdf |Cisco Catalyst 9500 Series Switches Hardware Installation Guide}}**
@@ Line 43: / Line 61: @@
 **service password-encryption**
+----
+----
+**Basic cli**
+  Switch# configure terminal
+  Switch(config)#
+  Switch(config)#hostname <switch_name>
+  Switch(config)#hostname Cisco_switch_x
+  Switch(config)#interface vlan1
+  Switch(config)#no shutdown
+  Switch(config-if)#ip address<ipaddress><mask>
+  Switch(config-if)#ip address 172.16.29.10 255.255.0.0
+  Switch(config)#enable secret <password>
+  Switch(config)#enable secret P@$$w0^d
+  Switch(config)# username admin privilege 15 password <PASSWORD>
+  Switch(config)# username admin privilege 15 password P@$$w0^d
+  Switch(config)# ip default-gateway <IP-address>
+  Switch(config)# ip default-gateway 172.16.29.1
+  Switch# show ip route
+  Switch(config)# line con 0
+  Switch(config-line)# password p@$$w0^d
+  Switch(config-line)# login
+  Switch(config)# exit
+  Switch(config)# line vty 0 4
+  Switch(config-line)# password p@$$w0^d
+  Switch(config-line)# login
+  Switch(config)# exit
+  Switch(config)# line aux 0
+  Switch(config-line)# password p@$$w0^d
+  Switch(config-line)# login
+  Switch(config)# exit
+  Switch(config)# ip route <dest_IP_address> <mask>
+  Switch(config)# ip route 172.16.29.59 255.255.0.0
+  Switch# show running-config
+  Switch(config)#interface fastethernet 0/1
+  Switch(config-if)#description Development VLAN
+  Switch(config-if)#duplex full
+  Switch#write memory
+  Building configuration... [OK]
+  Switch#
 ----
@@ Line 60: / Line 120: @@
   ip address 192.168.2.1 255.255.255.0
   no shutdown
+----
+----
+**Enable Multicast Routing**
+  enable
+  configure terminal
+  ip multicast-routing
+  ip pim sparse-mode
+  interface INTERFACE_ID
+  ip pim sparse-mode
+  ip pim rp-address RP_IP_ADDRESS
+  ip pim send-rp-announce INTERFACE scope TTL
+  ip pim send-rp-discovery INTERFACE scope TTL
+  ip igmp snooping
+  vlan VLAN_ID
+  ip igmp snooping
+  exit
+  show ip mroute
+  show ip pim neighbor
+  show ip pim rp
+  show ip igmp groups
+  Example Configuration
+  Scenario:
+  Multicast source: 192.168.1.10
+  RP: 192.168.1.1
+  VLAN 10 and VLAN 20 are participating in multicast.
+  Configuration:
+  ip multicast-routing
+  ip pim rp-address 192.168.1.1
+  interface Vlan10
+  ip address 192.168.1.1 255.255.255.0
+  ip pim sparse-mode
+  interface Vlan20
+  ip address 192.168.2.1 255.255.255.0
+  ip pim sparse-mode
+**Example**
+  enable
+  configure terminal
+  ip igmp snooping
+  vlan 1
+  ip igmp snooping
+  vlan 500
+  ip igmp snooping
+  vlan 501
+  ip igmp snooping
+  vlan 502
+  ip igmp snooping
+  vlan 503
+  ip igmp snooping
+  vlan 504
+  ip igmp snooping
+  vlan 505
+  ip igmp snooping
+  vlan 506
+  ip igmp snooping
+  vlan 507
+  ip igmp snooping
+  vlan 508
+  ip igmp snooping
+  vlan 509
+  ip igmp snooping
+  vlan 510
+  ip igmp snooping
+  vlan 511
+  ip igmp snooping
+  vlan 512
+  ip igmp snooping
+  vlan 513
+  ip igmp snooping
+  vlan 514
+  ip igmp snooping
+  vlan 515
+  ip igmp snooping
+  vlan 516
+  ip igmp snooping
+  vlan 517
+  ip igmp snooping
+  vlan 518
+  ip igmp snooping
+  vlan 519
+  ip igmp snooping
+  vlan 520
+  ip igmp snooping
+  vlan 521
+  ip igmp snooping
+  vlan 522
+  ip igmp snooping
+  vlan 523
+  ip igmp snooping
+  vlan 524
+  ip igmp snooping
+  vlan 525
+  ip igmp snooping
+  vlan 526
+  ip igmp snooping
+  vlan 527
+  ip igmp snooping
+----
+----
+**Enable LLDP Globally**
+  enable
+  configure terminal
+  lldp run
+  interface INTERFACE_ID
+  lldp transmit
+  lldp receive
+  exit
+  show lldp
+  show lldp neighbors
+  show lldp neighbors detail
+  lldp timer 60
+  lldp holdtime 180
+  write memory
+**Example**
+  configure terminal
+  lldp run
+  lldp timer 60
+  lldp holdtime 180
+  interface GigabitEthernet1/0/1
+  lldp transmit
+  lldp receive
+  interface GigabitEthernet1/0/2
+  lldp transmit
+  lldp receive
+  write memory
+**Example**
+  enable
+  configure terminal
+  lldp run
+  interface TwentyFiveGigE1/0/1
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/2
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/3
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/4
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/5
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/6
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/7
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/8
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/9
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/10
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/11
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/12
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/13
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/14
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/15
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/16
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/17
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/18
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/19
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/20
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/21
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/22
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/23
+  lldp transmit
+  lldp receive
+  interface TwentyFiveGigE1/0/24
+  lldp transmit
+  lldp receive
+  interface HundredGigE1/0/25
+  lldp transmit
+  lldp receive
+  interface HundredGigE1/0/26
+  lldp transmit
+  lldp receive
+  interface HundredGigE1/0/27
+  lldp transmit
+  lldp receive
+  interface HundredGigE1/0/28
+  lldp transmit
+  lldp receive
+----
+----
+**Verify MTU Support**
+  show system mtu
+  show platform hardware capacity
+  configure terminal
+  system mtu jumbo 9100
+  exit
+  write memory
+  reload
+  show system mtu
+  show interfaces | include MTU
+  interface INTERFACE_ID
+  mtu 9100
+  exit
+**Example**
+  configure terminal
+  system mtu jumbo 9100
+  system mtu 9100
+  interface GigabitEthernet1/0/1
+  mtu 9100
+  exit
+  write memory
+  reload
 ----
@@ Line 139: / Line 474: @@
   !
-----
+**Port-channel Example 3**
-**Basic cli**
+  interface Port-channel1
+   description Link to Juniper Networks EX2300-24P
-  Switch# configure terminal
+   switchport mode trunk
-  Switch(config)#
+   mtu 9100
-  Switch(config)#hostname <switch_name>
+   logging event bundle-status
-  Switch(config)#hostname Cisco_switch_x
+  !
-  Switch(config)#interface vlan1
+  interface TwentyFiveGigE1/0/1
-  Switch(config)#no shutdown
+   description Link to Juniper Networks EX2300-24P
-  Switch(config-if)#ip address<ipaddress><mask>
+   switchport mode trunk
-  Switch(config-if)#ip address 172.16.29.10 255.255.0.0
+   mtu 9100
-  Switch(config)#enable secret <password>
+   logging event trunk-status
-  Switch(config)#enable secret P@$$w0^d
+   logging event bundle-status
-  Switch(config)# username admin privilege 15 password <PASSWORD>
+   udld port aggressive
-  Switch(config)# username admin privilege 15 password P@$$w0^d
+   channel-protocol lacp
-  Switch(config)# ip default-gateway <IP-address>
+   channel-group 1 mode active
-  Switch(config)# ip default-gateway 172.16.29.1
+  !
-  Switch# show ip route
+  interface TwentyFiveGigE1/0/2
-  Switch(config)# line con 0
+   description Link to Juniper Networks EX2300-24P
-  Switch(config-line)# password p@$$w0^d
+   switchport mode trunk
-  Switch(config-line)# login
+   mtu 9100
-  Switch(config)# exit
+   logging event trunk-status
-  Switch(config)# line vty 0 4
+   logging event bundle-status
-  Switch(config-line)# password p@$$w0^d
+   udld port aggressive
-  Switch(config-line)# login
+   channel-protocol lacp
-  Switch(config)# exit
+   channel-group 1 mode active
-  Switch(config)# line aux 0
+  !
-  Switch(config-line)# password p@$$w0^d
-  Switch(config-line)# login
-  Switch(config)# exit
-  Switch(config)# ip route <dest_IP_address> <mask>
-  Switch(config)# ip route 172.16.29.59 255.255.0.0
-  Switch# show running-config
-  Switch(config)#interface fastethernet 0/1
-  Switch(config-if)#description Development VLAN
-  Switch(config-if)#duplex full
-  Switch#write memory
-  Building configuration... [OK]
-  Switch#
 ----
@@ Line 261: / Line 584: @@
   no spanning-tree vlan 527
+----
 ----
+**FEC** on an SFP port refers to **Forward Error Correction (FEC)**, which is a technique used in fiber optic and Ethernet networks to enhance data transmission reliability by detecting and correcting errors without the need for retransmission.
+**FEC (Forward Error Correction)**:
+FEC is a mechanism that adds redundant information to the transmitted data. This redundancy allows the receiving end to detect and correct errors caused by signal degradation or noise during transmission.
+Purpose: FEC is essential for high-speed data links (e.g., 10G, 25G, 40G, 100G Ethernet) to improve link quality and performance.
+Types: Different FEC modes can be used depending on the standard and speed of the connection (e.g., Reed-Solomon FEC).
+  *   **auto**   Enable FEC Auto-Neg
+  *   **cl108**  Enable clause108 with 25G
+  *   **cl74**   Enable clause74 with 25G
+  *   **off**    Turn FEC off, FEC is mandatory for speeds 50G or higher
+----
+----
+**Benefits of FEC on SFP Ports**:
+  * Error Correction: FEC can correct errors due to signal attenuation or interference.
+  * Better Link Performance: Allows for longer cable runs or higher speeds by improving signal integrity.
+  * No Retransmissions: Unlike other error correction methods, FEC works proactively without needing retransmissions, which is important for low-latency environments.
+----
+**C9500 Cisco Catalyst**
+C9500-N#**show ver**
+  Cisco IOS XE Software, **Version 17.12.03**
+  Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.12.3, RELEASE SOFTWARE (fc7)
+  interface TwentyFiveGigE1/0/3
+   description VLAN 526 PTP A.B.C.D/EF X30
+   switchport access vlan 526
+   switchport mode access
+   mtu 9100
+   logging event trunk-status
+   logging event bundle-status
+   udld port aggressive
+   fec cl74
+  C9500-N(config-if)#interface TwentyFiveGigE1/0/3
+  C9500-N(config-if)#fec ?
+    auto   Enable FEC Auto-Neg
+    cl108  Enable clause108 with 25G
+    cl74   Enable clause74 with 25G
+    off    Turn FEC off, FEC is mandatory for speeds 50G or higher
+----
+----
+====== SSH ======
+**SSH Configuration on Cisco IOS XE 17.12.03**
+  configure terminal
+  hostname MyRouter
+  ip domain-name mynetwork.local
+  crypto key generate rsa modulus 2048
+  username admin privilege 15 secret MyStrongPassword
+  ip ssh version 2
+  line vty 0 4
+  transport input ssh
+  exec-timeout 10 0   ! 10 minutes, 0 seconds
+  login local
+  exit
+  configure terminal
+  ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr
+  end
+  write memory
+  show ip ssh
+  show run | include ssh
+----
+----
+  !
+  ip access-list extended OSPF-MULTICAST
+permit ospf any any
+permit ip any host 224.0.0.5
+permit ip any host 224.0.0.6
+permit ip any any
+  !
+  interface Port-channel1
+   description Link to Juniper Networks EX2300-24P
+   switchport mode trunk
+   mtu 9100
+   ip access-group OSPF-MULTICAST in
+   logging event bundle-status
+  !
+  interface Port-channel2
+   description Link to Core Aruba 6400 switch connection IP: 172.16.28.1
+   switchport mode trunk
+   mtu 9100
+   ip access-group OSPF-MULTICAST in
+   logging event bundle-status
+   speed nonegotiate
+  !
+  interface GigabitEthernet0/0
+   vrf forwarding Mgmt-vrf
+   no ip address
+   negotiation auto
+  !
+  interface TwentyFiveGigE1/0/1
+   description Link to Juniper Networks EX2300-24P
+   switchport mode trunk
+   mtu 9100
+   logging event trunk-status
+   logging event bundle-status
+   udld port aggressive
+   channel-protocol lacp
+   channel-group 1 mode active
+  !
+  interface TwentyFiveGigE1/0/2
+   description Link to Juniper Networks EX2300-24P
+   switchport mode trunk
+   mtu 9100
+   logging event trunk-status
+   logging event bundle-status
+   udld port aggressive
+   channel-protocol lacp
+   channel-group 1 mode active
+  !
+  interface TwentyFiveGigE1/0/3
+   description VLAN 1019 PTP A.B.C.D/EF X30
+   switchport access vlan 1019
+   switchport mode access
+   mtu 9100
+   fec cl74
+  !
+  interface TwentyFiveGigE1/0/4
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/5
+   description VLAN 517 GUEST A.B.C.D/EF X28
+   switchport access vlan 517
+   switchport mode access
+   mtu 9100
+   fec cl74
+  !
+  interface TwentyFiveGigE1/0/6
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/7
+   description VLAN 1015 ISP1  A.B.C.D/EF X26
+   switchport access vlan 1015
+   switchport mode access
+   mtu 9100
+   fec cl74
+  !
+  interface TwentyFiveGigE1/0/8
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/9
+   description VLAN 505 LAN-UTM 172.16.32.4/29 X24
+   switchport access vlan 505
+   switchport mode access
+   mtu 9100
+   fec cl74
+  !
+  interface TwentyFiveGigE1/0/10
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/11
+   description Link to Juniper Networks EX2300-24P
+   switchport access vlan 1015
+   switchport mode access
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/12
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/13
+   description Link to Port Wan Arista UTM
+   switchport access vlan 1015
+   switchport mode access
+   mtu 9100
+   fec cl74
+  !
+  interface TwentyFiveGigE1/0/14
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/15
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/16
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/17
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/18
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/19
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/20
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/21
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/22
+   mtu 9100
+  !
+  interface TwentyFiveGigE1/0/23
+   description Link to Core Aruba 6400 switch connection IP: 172.16.28.1
+   switchport mode trunk
+   mtu 9100
+   logging event trunk-status
+   logging event bundle-status
+   udld port aggressive
+   channel-protocol lacp
+   channel-group 2 mode active
+  !
+  interface TwentyFiveGigE1/0/24
+   description Link to Core Aruba 6400 switch connection IP: 172.16.28.1
+   switchport mode trunk
+   mtu 9100
+   logging event trunk-status
+   logging event bundle-status
+   udld port aggressive
+   channel-protocol lacp
+   channel-group 2 mode active
+  !
+   interface HundredGigE1/0/25
+   mtu 9100
+  !
+  interface HundredGigE1/0/26
+   mtu 9100
+  !
+  interface HundredGigE1/0/27
+   mtu 9100
+  !
+  interface HundredGigE1/0/28
+   mtu 9100
+----
+----
+====== Troubleshooting PVST Inconsistency between Cisco 9500 and Aruba 6400 ======
+=== 🧭 Context ===
+Connectivity issue between:
+  * **Cisco Catalyst 9500** → IP: `172.20.28.37`
+  * **Aruba 6400** → IP: `172.20.28.1`
+Connected via: **Port-channel 2 (Po2)**
+=== ⚠️ Symptom on Cisco ===
+Output from `show spanning-tree mst`:
+  Po2 Root BKN*400 P2p Bound(PVST) *PVST_Inc
+**Meaning:**
+  * ''BKN'' → Port is blocked (Broken)
+  * ''*PVST_Inc'' → PVST Inconsistency (STP mismatch detected)
+Cisco is running **MST**, but receives BPDUs from **PVST+ or RSTP** on the peer → risk of loop → port auto-blocked.
+=== 🔍 Root Cause ===
+Cisco MST expects MST BPDUs. If a non-MST BPDU (e.g., PVST+ or RSTP) is received:
+  * Cisco sees it as a protocol mismatch.
+  * The port is blocked to prevent potential Layer 2 loops.
+=== ✅ Solution: Switched to RSTP ===
+== On Cisco 9500 ==
+<code bash>
+conf t
+spanning-tree mode rapid-pvst
+end
+write memory
+</code>
+== On Aruba 6400 ==
+<code bash>
+conf t
+spanning-tree mode rstp
+write memory
+</code>
+**Result:** Port moved to ''FWD'' (Forwarding) state. Connectivity restored.
+=== 🔧 Verification Commands on Cisco ===
+^ Command ^ Description ^
+| `show spanning-tree mst` | View STP mode, port roles, and state |
+| `**show spanning-tree inconsistentports**` | **Detect ports blocked due to PVST_Inc** |
+| `show spanning-tree detail` | STP root path and BPDU info |
+| `show interfaces status` | Verify port operational state |
+=== 🛠️ Key Recommendations ===
+  * Prefer **RSTP** for mixed-vendor environments.
+  * If using **MST**:
+    * Ensure identical:
+      * `name`
+      * `revision`
+      * `VLAN-to-instance mapping`
+  * Avoid mixing PVST and MST without boundary configuration.
+  * Always verify port status using:
+    * `**show spanning-tree inconsistentports**`
+----
+----
+===== Comparison: Static VXLAN vs VXLAN EVPN =====
+The difference between **Static VXLAN** and **VXLAN EVPN (Ethernet VPN)** lies primarily in **how MAC–VTEP (VXLAN Tunnel Endpoint) mappings are learned and distributed**, and the **scalability** of the design. Here's a breakdown of key points:
+==== 🔁 Static VXLAN ====
+**📌 Definition:**
+VXLAN using manually defined tunnels (VTEP-to-VTEP), with no control plane. All forwarding information (MAC–VNI–VTEP bindings) is learned locally or manually configured.
+**🛠 Key Features:**
+^ Feature             ^ Static VXLAN                        ^
+| Control Plane       | ❌ None                             |
+| MAC Learning        | 🌐 Flooding-based                   |
+| Configuration       | 🛠 Manual                           |
+| Scalability         | 🔻 Limited                          |
+| BUM Traffic Handling| 🌊 Multicast or static flooding     |
+| Typical Use Case    | 🧪 Labs, small campuses             |
+----
+==== 🌐 VXLAN EVPN ====
+**📌 Definition:**
+VXLAN with a **BGP EVPN-based control plane**, which dynamically distributes MAC–VNI–VTEP bindings across VTEPs.
+**🛠 Key Features:**
+^ Feature             ^ VXLAN EVPN                         ^
+| Control Plane       | ✅ BGP EVPN                        |
+| MAC Learning        | 📡 Control-plane based (BGP)       |
+| Configuration       | ⚙️ Dynamic and scalable             |
+| Scalability         | 🔺 High                            |
+| BUM Traffic Handling| 🚫 Minimized by control-plane      |
+| Typical Use Case    | 🏢 Data centers, cloud, multi-site |
+----
+^ Summary             ^ Static VXLAN                        ^ VXLAN EVPN                            ^
+| Control Plane       | ❌ Manual / flood-based            | ✅ Distributed via BGP EVPN           |
+| MAC Distribution    | Locally flooded                   | Learned and advertised via BGP       |
+| Scalability         | Low                               | High (multi-tenant, multi-site)      |
+| Complexity          | Simple but static                 | Complex but automated                |
+| Use Cases           | Simple links, PtP, lab networks   | Large-scale DCs, EVPN fabrics        |
+----
+===== VXLAN EVPN L2VPN – CONTROL PLANE (Cisco) =====
+==== ❓ What is EVPN L2VPN Control Plane? ====
+EVPN (Ethernet VPN) is a BGP-based control plane protocol that enables:
+  * Dynamic distribution of MAC ↔ VNI ↔ VTEP bindings
+  * Elimination of unnecessary BUM flooding
+  * Improved scalability, mobility, and segmentation
+In Cisco platforms, EVPN functionality depends on hardware, software version (IOS-XE or NX-OS), and system roles.
+----
+==== ✅ Platforms that **Support EVPN Control Plane** ====
+^ Platform          ^ OS         ^ EVPN Control Plane Support ^ Notes                                  ^
+| Nexus 9000       | NX-OS      | ✅ Yes                      | Full L2/L3 EVPN support via BGP         |
+| Nexus 7000/7700  | NX-OS      | ✅ Yes (F3/M3 modules)      | EVPN requires supported linecards       |
+| ASR 9000         | IOS XR     | ✅ Yes                      | Carrier-grade EVPN                      |
+| Catalyst 9500X   | IOS-XE     | ✅ Yes                      | Requires SDM `vxlan-routing` template   |
+| Catalyst 9600    | IOS-XE     | ✅ Yes                      | Requires advanced config                |
+----
+==== 🚫 Platforms with **Limited or No EVPN Support** ====
+^ Platform          ^ OS         ^ EVPN Control Plane Support ^ Notes                                  ^
+| Catalyst 9500     | IOS-XE     | ❌ No                       | Only static VXLAN supported            |
+| Catalyst 9400     | IOS-XE     | ❌ No                       | No EVPN                                |
+| Catalyst 9300     | IOS-XE     | ❌ No                       | No VXLAN / EVPN support                |
+| Catalyst 9200     | IOS-XE     | ❌ No                       | No VXLAN                               |
+| Catalyst 3850     | IOS-XE     | ❌ No                       | VXLAN and EVPN not supported           |
+----
+==== ⚠️ EVPN Requirements on Catalyst Platforms (when applicable) ====
+  * Minimum IOS-XE version: **17.9.1**
+  * Required licenses:
+    * `network-advantage`
+    * `dna-advantage`
+  * SDM Template:
+    * Must be set to `vxlan-routing` (not available on non-X models)
+  * Configuration method:
+    * `l2vpn evpn`, `vni`, `rd`, `route-target`, `bridge-domain`
+----
+==== 🧱 Alternative: Static VXLAN (No Control Plane) ====
+For platforms without EVPN, VXLAN can be deployed in **static mode**:
+  * Define `interface nve1`
+  * Assign `source-interface` (Loopback)
+  * Configure `member vni XXXX`
+  * Use `ingress-replication protocol static`
+  * Add `peer-ip A.B.C.D` for each remote VTEP
+Requires manual mapping and tunnel definition between all VTEPs.
+----
+==== 📝 Useful Show Commands (Catalyst) ====
+Check software version:
+  `show version`
+Check license status:
+  `show license summary`
+Check SDM template:
+  `show sdm prefer`
+----
+==== 📌 Typical Error When EVPN Not Supported ====
+Trying to configure:
+  `l2vpn evpn`
+  `vni XXXX l2`
+  `rd auto`
+Returns:
+  `% Invalid input detected at '^' marker.`
+📌 This indicates the command is **not supported** in this platform or SDM template.
+----
+==== ✅ Recommendation ====
+To deploy EVPN-based VXLAN in Cisco networks:
+  * Use **Nexus (e.g., 9300, 9500)** or **C9500X with `vxlan-routing`**
+  * Confirm licensing and SDM support
+  * Use **Static VXLAN** on Catalyst platforms without EVPN capability
+----
+===== VXLAN – Core Terminology and Nomenclature =====
+VXLAN (Virtual Extensible LAN) is a tunneling technology that enables Layer 2 overlay networks over Layer 3 IP infrastructures. Below is the essential terminology you need to master:
+----
+==== 🔑 1. VNI – VXLAN Network Identifier ====
+  * **Definition:** A 24-bit identifier that replaces the traditional VLAN ID.
+  * **Range:** 0 to 16,777,215 (2^24 - 1)
+  * **Purpose:** Uniquely identifies a VXLAN segment (like a VLAN but in overlay).
+  * **Example:**
+    VLAN 700 → VNI 10700
+----
+==== 🔑 2. VTEP – VXLAN Tunnel Endpoint ====
+  * **Definition:** The device that encapsulates/decapsulates VXLAN traffic.
+  * **Purpose:** Acts as the entry/exit point of VXLAN tunnels.
+  * **Key Point:** Each VTEP has a loopback or logical IP (used as tunnel endpoint).
+  * **Example:**
+    Cisco VTEP IP = `172.18.32.33`
+----
+==== 🔑 3. NVE – Network Virtualization Edge ====
+  * **Definition:** The logical interface that represents VXLAN capability.
+  * **Command Example (IOS-XE):**
+    ```bash
+    interface nve1
+     source-interface Loopback0
+     member vni 10700
+    ```
+  * **Note:** In NX-OS, you must use `feature nv overlay`; in IOS-XE it’s implicit.
+----
+==== 🔑 4. Bridge Domain (BD) ====
+  * **Definition:** A broadcast domain, equivalent to a VLAN at the overlay level.
+  * **In IOS-XE:** Binding is done via:
+    ```bash
+    l2 vni 10700 vlan 700
+    ```
+  * **In NX-OS:** It’s tied to a `bridge-domain` with its own config space.
+----
+==== 🔑 5. Ingress Replication ====
+  * **Purpose:** Defines how BUM (Broadcast, Unknown unicast, Multicast) traffic is replicated.
+  * **Modes:**
+    - `static`: manual peer definition
+    - `multicast`: uses multicast groups in the underlay
+----
+==== 🔑 6. Underlay vs Overlay ====
+  * **Underlay:**
+    - The physical IP network that connects VTEPs (e.g., `172.18.32.0/30`)
+    - Uses IGP or static routing
+  * **Overlay:**
+    - The logical L2 network created by VXLAN
+    - Carries tenant VLANs across routed core
+----
+==== 🔑 7. BUM – Broadcast, Unknown Unicast, Multicast ====
+  * **Definition:** Types of traffic replicated across all members in a segment.
+  * **Handled in VXLAN by:**
+    - Static `ingress-replication`
+    - Multicast (if supported by underlay)
+----
+==== 🧾 Summary Table ====
+^ Element         ^ Description                                 ^ Example                    ^
+| VLAN            | Traditional L2 segment                      | 700                        |
+| VNI             | VXLAN segment identifier                    | 10700                     |
+| VTEP (Local)    | Source tunnel endpoint                      | 172.18.32.33 (Cisco C9500)|
+| VTEP (Remote)   | Destination tunnel endpoint                 | 172.18.32.34 (Aruba 6300) |
+| NVE Interface   | VXLAN-capable logical interface             | `interface nve1`          |
+| Underlay        | Physical routed IP network                  | `172.18.32.32/30`         |
+| Overlay         | Virtual network over VXLAN                  | VNIs mapped to VLANs      |
+----
+==== ✅ VXLAN overlays  ====
+allow to:
+  * Stretch VLANs across L3 boundaries
+  * Enable mobility and segmentation
+  * Scale beyond 4094 VLAN limit using 16 million VNIs
+----
+----
+====== VXLAN Static Configuration – Cisco 9500 ⇄ Aruba 6300 ======
+=== 📘 Architecture Summary ===
+^ Parameter               ^ Cisco 9500 (C9500SP1)         ^ Aruba 6300M (6300SP2)         ^
+| VTEP Loopback IP        | 172.22.32.1                    | 172.22.32.2                    |
+| Transport IP            | 172.18.32.33 (To Aruba)        | 172.18.32.34 (To Cisco)        |
+| Transport Interface     | Routed PtP /30 via TenG        | Routed PtP /30 via 1/1/12      |
+| OSPF Area               | 0                              | 0                              |
+| VXLAN Mode              | Static VXLAN                   | Static VXLAN                   |
+| VXLAN Interface         | `nve1`                         | `vxlan 1`                      |
+| VNIs                    | 10001, 10700–10732             | 10001, 10700–10732             |
+| Inter-VXLAN Bridging    | Not applicable                 | `static-all` or `static-evpn`  |
+----
+=== 🚀 Cisco 9500 Configuration ===
+==== 🔹 1. VTEP Loopback ====
+  interface Loopback0
+   ip address 172.22.32.1 255.255.255.255
+==== 🔹 2. Transport Interface ====
+  interface TenGigabitEthernet1/0/12
+   description Link to Aruba 6300
+   ip address 172.18.32.33 255.255.255.252
+   no shutdown
+==== 🔹 3. OSPF ====
+  router ospf 100
+   router-id 1.1.1.1
+   network 172.18.32.32 0.0.0.3 area 0
+   network 172.22.32.1 0.0.0.0 area 0
+==== 🔹 4. Static Route ====
+  ip route 172.22.32.2 255.255.255.255 172.18.32.34
+==== 🔹 5. NVE Interface ====
+  interface nve1
+   no shutdown
+   source-interface Loopback0
+   member vni 10001 ingress-replication 172.22.32.2
+   member vni 10700 ingress-replication 172.22.32.2
+   member vni 10712 ingress-replication 172.22.32.2
+   member vni 10730 ingress-replication 172.22.32.2
+   member vni 10732 ingress-replication 172.22.32.2
+==== 🔹 6. Bridge Domains ====
+  bridge-domain 1
+   member vni 10001
+  bridge-domain 700
+   member vni 10700
+  bridge-domain 712
+   member vni 10712
+  bridge-domain 730
+   member vni 10730
+  bridge-domain 732
+   member vni 10732
+----
+=== 🧩 Aruba 6300 Configuration ===
+==== 🔹 1. Loopback Interface ====
+  interface loopback 0
+   ip address 172.22.32.2/32
+==== 🔹 2. Transport Interface ====
+  interface 1/1/12
+   description Link to Cisco 9500
+   ip address 172.18.32.34/30
+   no shutdown
+==== 🔹 3. OSPF ====
+  router ospf
+   router-id 2.2.2.2
+   area 0.0.0.0
+     interface 1/1/12
+     interface loopback 0
+==== 🔹 4. Static Route ====
+  ip route 172.22.32.1/32 172.18.32.33
+==== 🔹 5. VXLAN Interface ====
+  interface vxlan 1
+   source 172.22.32.2
+   inter-vxlan-bridging-mode static-all
+==== 🔹 6. VNI to VLAN Mapping ====
+  vxlan vlan 1 vni 10001
+   vxlan vtep 172.22.32.1
+  vxlan vlan 700 vni 10700
+   vxlan vtep 172.22.32.1
+  vxlan vlan 712 vni 10712
+   vxlan vtep 172.22.32.1
+  vxlan vlan 730 vni 10730
+   vxlan vtep 172.22.32.1
+  vxlan vlan 732 vni 10732
+   vxlan vtep 172.22.32.1
+----
+=== 🧪 Validation Commands ===
+==== 🔸 Cisco 9500 ====
+  show nve interface nve1
+  show nve vni summary
+  show nve vni interface nve 1
+  show nve peers
+  ping 172.22.32.2 source 172.22.32.1
+  show mac address-table vlan 712
+==== 🔸 Aruba 6300 ====
+  show interface vxlan 1
+  show interface vxlan vni vteps
+  ping 172.22.32.1 source 172.22.32.2
+  show mac-address-table vlan 712
+=== ✅ Notes ===
+  * The VXLAN tunnels use **static replication** for simplicity and full control.
+  * Ensure **Loopback reachability** via static route or OSPF in both directions.
+  * For production EVPN deployment, BGP configuration will be required.
+----
+----
+{{ :aruba_networks:switch:6400:vxlan_cli_ap.pdf |}}
+{{pdfjs 46em >:aruba_networks:switch:6400:vxlan_cli_ap.pdf}}
+----
+----
+{{ :cisco:switch:9500:mtu_utm_switch_6400_9500.pdf |}}
+{{pdfjs 46em >:cisco:switch:9500:mtu_utm_switch_6400_9500.pdf}}
+----
+----