This is an old revision of the document!

Cisco Catalyst 9500 Series Manual

Cisco Catalyst 9500 Series Switches Manuals

Switch#show running-config interface Port-channel2
Switch#show interfaces status
Switch#show mac address-table
Switch#show ip igmp snooping
Switch#show lldp
Switch#show lldp neighbors
Switch#show lldp neighbors detail
Switch#show system mtu
Switch#show platform hardware capacity
Switch#show interfaces | include MTU
Switch#show running-config |  begin TwentyFiveGigE1/0/1

On the Cisco switch, you need to edit the interface, then use the command -fec off

On the Aruba switch, you need to edit the interface, then use the command -error-control none

Cisco Catalyst 9500 Series Switches Hardware Installation Guide

CommandReference, Cisco IOS XE 17.15.x (Catalyst 9500 Switches)

Password

enable
configure terminal
enable password NEW_PASSWORD
enable secret NEW_PASSWORD
exit
configure terminal
line console 0
password NEW_PASSWORD
login
exit
configure terminal
username USERNAME password NEW_PASSWORD
exit
write mem
show running-config | include username

Note:For enhanced security, enable password encryption on the switch: service password-encryption

Basic cli

Switch# configure terminal
Switch(config)#
Switch(config)#hostname <switch_name>
Switch(config)#hostname Cisco_switch_x
Switch(config)#interface vlan1
Switch(config)#no shutdown
Switch(config-if)#ip address<ipaddress><mask>
Switch(config-if)#ip address 172.16.29.10 255.255.0.0
Switch(config)#enable secret <password>
Switch(config)#enable secret P@$$w0^d
Switch(config)# username admin privilege 15 password <PASSWORD>
Switch(config)# username admin privilege 15 password P@$$w0^d
Switch(config)# ip default-gateway <IP-address>
Switch(config)# ip default-gateway 172.16.29.1
Switch# show ip route
Switch(config)# line con 0
Switch(config-line)# password p@$$w0^d
Switch(config-line)# login
Switch(config)# exit
Switch(config)# line vty 0 4
Switch(config-line)# password p@$$w0^d
Switch(config-line)# login
Switch(config)# exit
Switch(config)# line aux 0
Switch(config-line)# password p@$$w0^d
Switch(config-line)# login
Switch(config)# exit
Switch(config)# ip route <dest_IP_address> <mask>
Switch(config)# ip route 172.16.29.59 255.255.0.0
Switch# show running-config
Switch(config)#interface fastethernet 0/1
Switch(config-if)#description Development VLAN
Switch(config-if)#duplex full
Switch#write memory
Building configuration... [OK]
Switch#

Allow IP Forwarding Globally

configure terminal
ip routing
ip forward-protocol udp

interface Vlan10
ip address 192.168.1.1 255.255.255.0
no shutdown

interface Vlan20
ip address 192.168.2.1 255.255.255.0
no shutdown

Enable Multicast Routing

enable
configure terminal
ip multicast-routing
ip pim sparse-mode

interface INTERFACE_ID
ip pim sparse-mode

ip pim rp-address RP_IP_ADDRESS
ip pim send-rp-announce INTERFACE scope TTL
ip pim send-rp-discovery INTERFACE scope TTL

ip igmp snooping
vlan VLAN_ID
ip igmp snooping
exit

show ip mroute
show ip pim neighbor
show ip pim rp
show ip igmp groups

Example Configuration

Scenario:
Multicast source: 192.168.1.10
RP: 192.168.1.1
VLAN 10 and VLAN 20 are participating in multicast.
Configuration:

ip multicast-routing
ip pim rp-address 192.168.1.1

interface Vlan10
ip address 192.168.1.1 255.255.255.0
ip pim sparse-mode

interface Vlan20
ip address 192.168.2.1 255.255.255.0
ip pim sparse-mode

Example

enable
configure terminal
ip igmp snooping

vlan 1
ip igmp snooping
vlan 500
ip igmp snooping
vlan 501
ip igmp snooping
vlan 502
ip igmp snooping
vlan 503
ip igmp snooping
vlan 504
ip igmp snooping
vlan 505
ip igmp snooping
vlan 506
ip igmp snooping
vlan 507
ip igmp snooping
vlan 508
ip igmp snooping
vlan 509
ip igmp snooping
vlan 510
ip igmp snooping
vlan 511
ip igmp snooping
vlan 512
ip igmp snooping
vlan 513
ip igmp snooping
vlan 514
ip igmp snooping
vlan 515
ip igmp snooping
vlan 516
ip igmp snooping
vlan 517
ip igmp snooping
vlan 518
ip igmp snooping
vlan 519
ip igmp snooping
vlan 520
ip igmp snooping
vlan 521
ip igmp snooping
vlan 522
ip igmp snooping
vlan 523
ip igmp snooping
vlan 524
ip igmp snooping
vlan 525
ip igmp snooping
vlan 526
ip igmp snooping
vlan 527
ip igmp snooping

Enable LLDP Globally

enable
configure terminal
lldp run

interface INTERFACE_ID
lldp transmit
lldp receive
exit

show lldp
show lldp neighbors
show lldp neighbors detail

lldp timer 60
lldp holdtime 180

write memory

Example

configure terminal
lldp run
lldp timer 60
lldp holdtime 180

interface GigabitEthernet1/0/1
lldp transmit
lldp receive

interface GigabitEthernet1/0/2
lldp transmit
lldp receive
write memory

Example

enable
configure terminal
lldp run

interface TwentyFiveGigE1/0/1
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/2
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/3
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/4
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/5
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/6
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/7
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/8
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/9
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/10
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/11
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/12
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/13
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/14
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/15
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/16
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/17
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/18
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/19
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/20
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/21
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/22
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/23
lldp transmit
lldp receive
interface TwentyFiveGigE1/0/24
lldp transmit
lldp receive
interface HundredGigE1/0/25
lldp transmit
lldp receive
interface HundredGigE1/0/26
lldp transmit
lldp receive
interface HundredGigE1/0/27
lldp transmit
lldp receive
interface HundredGigE1/0/28
lldp transmit
lldp receive

Verify MTU Support

show system mtu
show platform hardware capacity

configure terminal
system mtu jumbo 9100
exit
write memory
reload
  
show system mtu
show interfaces | include MTU

interface INTERFACE_ID
mtu 9100
exit

Example

configure terminal
system mtu jumbo 9100
system mtu 9100
interface GigabitEthernet1/0/1
mtu 9100
exit
write memory
reload

If you don't see VLAN information in the running configuration on a Cisco switch, it could be because the default VTP mode is causing the VLAN database information to appear in another file. To force the configuration to appear in the running configuration, you can use the command vtp mode transparent.

Explanation

To display VLAN information on a Cisco switch, you can use the show switch vlan command in privileged EXEC mode. The show run command displays the complete configuration of a Cisco router or switch, which can be very long and have thousands of lines.

The default VTP mode causes VLAN database information to appear in the vlan.dat file

Port-channel

enable
configure terminal
interface range GigabitEthernet1/0/1 - 2
channel-group 1 mode active

interface Port-channel1
switchport
switchport mode trunk
switchport trunk allowed vlan 10,20,30

For Layer 3 (used for routing):
no switchport
ip address 192.168.1.1 255.255.255.0
exit


show etherchannel summary
show lacp neighbor
show running-config interface Port-channel1

Port-channel Example 1

interface range GigabitEthernet1/0/1 - 2
channel-group 1 mode active

interface Port-channel1
switchport
switchport mode trunk
switchport trunk allowed vlan 10,20,30

Port-channel Example 2

!
interface Port-channel1
 description *** Port-Channel to XYZ***
 switchport
 switchport mode trunk
 switchport nonegotiate
 logging event bundle-status
!

!
interface TwentyFiveGigE1/0/5
 description *** Port-Channel to XYZ***
 switchport
 switchport mode trunk
 switchport nonegotiate
 logging event link-status
 logging event trunk-status
 logging event bundle-status
 udld port aggressive
 channel-protocol lacp
 channel-group 1 mode active
 service-policy input AutoQos-4.0-Trust-Cos-Input-Policy
 service-policy output AutoQos-4.0-Output-Policy
!

Port-channel Example 3

interface Port-channel1
 description Link to Juniper Networks EX2300-24P
 switchport mode trunk
 mtu 9100
 logging event bundle-status
!
interface TwentyFiveGigE1/0/1
 description Link to Juniper Networks EX2300-24P
 switchport mode trunk
 mtu 9100
 logging event trunk-status
 logging event bundle-status
 udld port aggressive
 channel-protocol lacp
 channel-group 1 mode active 
!
interface TwentyFiveGigE1/0/2
 description Link to Juniper Networks EX2300-24P
 switchport mode trunk
 mtu 9100
 logging event trunk-status
 logging event bundle-status
 udld port aggressive
 channel-protocol lacp
 channel-group 1 mode active 
!

Basic cli example

configure terminal
hostname cisco_switch_x
interface vlan ip address 172.16.29.10 255.255.0.0
no shutdown
exit
enable secret P@$$w0^d
username admin privilege 15 password P@$$w0^d
ip default-gateway 172.16.29.1
show ip route
ip route 172.16.29.59 255.255.0.0
show running-config
interface fastethernet 0/1
description Development VLAN
duplex full
exit
write memory

Stop Cisco console messages

enable
configure terminal
terminal no monitor
no logging console
logging console warnings
show logging
write memory

Disable STP on a Specific VLAN

configure terminal
vlan VLAN_ID
no spanning-tree vlan VLAN_ID
write memory
show spanning-tree vlan VLAN_ID
show spanning-tree

no spanning-tree vlan 1-4094

interface INTERFACE_ID
spanning-tree portfast

Example

no spanning-tree vlan 1
no spanning-tree vlan 500
no spanning-tree vlan 501
no spanning-tree vlan 502
no spanning-tree vlan 503
no spanning-tree vlan 504
no spanning-tree vlan 505
no spanning-tree vlan 506
no spanning-tree vlan 507
no spanning-tree vlan 508
no spanning-tree vlan 509
no spanning-tree vlan 510
no spanning-tree vlan 511
no spanning-tree vlan 512
no spanning-tree vlan 513
no spanning-tree vlan 514
no spanning-tree vlan 515
no spanning-tree vlan 516
no spanning-tree vlan 517
no spanning-tree vlan 518
no spanning-tree vlan 519
no spanning-tree vlan 520
no spanning-tree vlan 521
no spanning-tree vlan 522
no spanning-tree vlan 523
no spanning-tree vlan 524
no spanning-tree vlan 525
no spanning-tree vlan 526
no spanning-tree vlan 527

FEC on an SFP port refers to Forward Error Correction (FEC), which is a technique used in fiber optic and Ethernet networks to enhance data transmission reliability by detecting and correcting errors without the need for retransmission.

FEC (Forward Error Correction): FEC is a mechanism that adds redundant information to the transmitted data. This redundancy allows the receiving end to detect and correct errors caused by signal degradation or noise during transmission.

Purpose: FEC is essential for high-speed data links (e.g., 10G, 25G, 40G, 100G Ethernet) to improve link quality and performance.

Types: Different FEC modes can be used depending on the standard and speed of the connection (e.g., Reed-Solomon FEC).

auto Enable FEC Auto-Neg
cl108 Enable clause108 with 25G
cl74 Enable clause74 with 25G
off Turn FEC off, FEC is mandatory for speeds 50G or higher

Benefits of FEC on SFP Ports:

Error Correction: FEC can correct errors due to signal attenuation or interference.
Better Link Performance: Allows for longer cable runs or higher speeds by improving signal integrity.
No Retransmissions: Unlike other error correction methods, FEC works proactively without needing retransmissions, which is important for low-latency environments.

C9500 Cisco Catalyst

C9500-N#show ver

Cisco IOS XE Software, **Version 17.12.03**
Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.12.3, RELEASE SOFTWARE (fc7)

interface TwentyFiveGigE1/0/3
 description VLAN 526 PTP A.B.C.D/EF X30
 switchport access vlan 526
 switchport mode access
 mtu 9100
 logging event trunk-status
 logging event bundle-status
 udld port aggressive
 fec cl74

C9500-N(config-if)#interface TwentyFiveGigE1/0/3

C9500-N(config-if)#fec ?
  auto   Enable FEC Auto-Neg
  cl108  Enable clause108 with 25G
  cl74   Enable clause74 with 25G
  off    Turn FEC off, FEC is mandatory for speeds 50G or higher

SSH

SSH Configuration on Cisco IOS XE 17.12.03

configure terminal
hostname MyRouter
ip domain-name mynetwork.local
crypto key generate rsa modulus 2048
username admin privilege 15 secret MyStrongPassword
ip ssh version 2
line vty 0 4
transport input ssh
exec-timeout 10 0   ! 10 minutes, 0 seconds
login local
exit

configure terminal
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr
end

write memory

show ip ssh
show run | include ssh

!
ip access-list extended OSPF-MULTICAST
 10 permit ospf any any
 20 permit ip any host 224.0.0.5
 30 permit ip any host 224.0.0.6
 40 permit ip any any
!
interface Port-channel1
 description Link to Juniper Networks EX2300-24P
 switchport mode trunk
 mtu 9100
 ip access-group OSPF-MULTICAST in
 logging event bundle-status 
!
interface Port-channel2
 description Link to Core Aruba 6400 switch connection IP: 172.16.28.1
 switchport mode trunk
 mtu 9100
 ip access-group OSPF-MULTICAST in
 logging event bundle-status
 speed nonegotiate
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 negotiation auto
!
interface TwentyFiveGigE1/0/1
 description Link to Juniper Networks EX2300-24P
 switchport mode trunk
 mtu 9100
 logging event trunk-status
 logging event bundle-status
 udld port aggressive
 channel-protocol lacp
 channel-group 1 mode active
!
interface TwentyFiveGigE1/0/2
 description Link to Juniper Networks EX2300-24P
 switchport mode trunk
 mtu 9100
 logging event trunk-status
 logging event bundle-status
 udld port aggressive
 channel-protocol lacp
 channel-group 1 mode active
!
interface TwentyFiveGigE1/0/3
 description VLAN 1019 PTP A.B.C.D/EF X30
 switchport access vlan 1019
 switchport mode access
 mtu 9100
 fec cl74
!
interface TwentyFiveGigE1/0/4
 mtu 9100 
!
interface TwentyFiveGigE1/0/5
 description VLAN 517 GUEST A.B.C.D/EF X28
 switchport access vlan 517
 switchport mode access
 mtu 9100
 fec cl74
!
interface TwentyFiveGigE1/0/6
 mtu 9100 
!
interface TwentyFiveGigE1/0/7
 description VLAN 1015 ISP1  A.B.C.D/EF X26
 switchport access vlan 1015
 switchport mode access
 mtu 9100
 fec cl74
!
interface TwentyFiveGigE1/0/8
 mtu 9100
!
interface TwentyFiveGigE1/0/9
 description VLAN 505 LAN-UTM 172.16.32.4/29 X24
 switchport access vlan 505
 switchport mode access
 mtu 9100
 fec cl74
!
interface TwentyFiveGigE1/0/10
 mtu 9100 
!
interface TwentyFiveGigE1/0/11
 description Link to Juniper Networks EX2300-24P
 switchport access vlan 1015
 switchport mode access
 mtu 9100
!
interface TwentyFiveGigE1/0/12
 mtu 9100 
!
interface TwentyFiveGigE1/0/13
 description Link to Port Wan Arista UTM
 switchport access vlan 1015
 switchport mode access
 mtu 9100
 fec cl74
!
interface TwentyFiveGigE1/0/14
 mtu 9100 
!
interface TwentyFiveGigE1/0/15
 mtu 9100
!
interface TwentyFiveGigE1/0/16
 mtu 9100
!
interface TwentyFiveGigE1/0/17
 mtu 9100
!
interface TwentyFiveGigE1/0/18
 mtu 9100
!
interface TwentyFiveGigE1/0/19
 mtu 9100
!
interface TwentyFiveGigE1/0/20
 mtu 9100
!
interface TwentyFiveGigE1/0/21
 mtu 9100
!
interface TwentyFiveGigE1/0/22
 mtu 9100
!
interface TwentyFiveGigE1/0/23
 description Link to Core Aruba 6400 switch connection IP: 172.16.28.1
 switchport mode trunk
 mtu 9100
 logging event trunk-status
 logging event bundle-status
 udld port aggressive
 channel-protocol lacp
 channel-group 2 mode active
!
interface TwentyFiveGigE1/0/24
 description Link to Core Aruba 6400 switch connection IP: 172.16.28.1
 switchport mode trunk
 mtu 9100
 logging event trunk-status
 logging event bundle-status
 udld port aggressive
 channel-protocol lacp
 channel-group 2 mode active
!
 interface HundredGigE1/0/25
 mtu 9100
!
interface HundredGigE1/0/26
 mtu 9100
!
interface HundredGigE1/0/27
 mtu 9100
!
interface HundredGigE1/0/28
 mtu 9100

Troubleshooting PVST Inconsistency between Cisco 9500 and Aruba 6400

🧭 Context

Connectivity issue between:

Cisco Catalyst 9500 → IP: `172.20.28.37`
Aruba 6400 → IP: `172.20.28.1`

Connected via: Port-channel 2 (Po2)

⚠️ Symptom on Cisco

Output from `show spanning-tree mst`:

Po2 Root BKN*400 P2p Bound(PVST) *PVST_Inc

Meaning:

BKN → Port is blocked (Broken)
*PVST_Inc → PVST Inconsistency (STP mismatch detected)

Cisco is running MST, but receives BPDUs from PVST+ or RSTP on the peer → risk of loop → port auto-blocked.

🔍 Root Cause

Cisco MST expects MST BPDUs. If a non-MST BPDU (e.g., PVST+ or RSTP) is received:

Cisco sees it as a protocol mismatch.
The port is blocked to prevent potential Layer 2 loops.

✅ Solution: Switched to RSTP

On Cisco 9500

conf t
spanning-tree mode rapid-pvst
end
write memory

On Aruba 6400

conf t
spanning-tree mode rstp
write memory

Result: Port moved to FWD (Forwarding) state. Connectivity restored.

🔧 Verification Commands on Cisco

Command	Description
`show spanning-tree mst`	View STP mode, port roles, and state
`show spanning-tree inconsistentports`	Detect ports blocked due to PVST_Inc
`show spanning-tree detail`	STP root path and BPDU info
`show interfaces status`	Verify port operational state

🛠️ Key Recommendations

Prefer RSTP for mixed-vendor environments.
If using MST:
- Ensure identical:
  - `name`
  - `revision`
  - `VLAN-to-instance mapping`
Avoid mixing PVST and MST without boundary configuration.
Always verify port status using:
- `show spanning-tree inconsistentports`

Comparison: Static VXLAN vs VXLAN EVPN

The difference between Static VXLAN and VXLAN EVPN (Ethernet VPN) lies primarily in how MAC–VTEP (VXLAN Tunnel Endpoint) mappings are learned and distributed, and the scalability of the design. Here's a breakdown of key points:

🔁 Static VXLAN

📌 Definition: VXLAN using manually defined tunnels (VTEP-to-VTEP), with no control plane. All forwarding information (MAC–VNI–VTEP bindings) is learned locally or manually configured.

🛠 Key Features:

Feature	Static VXLAN
Control Plane	❌ None
MAC Learning	🌐 Flooding-based
Configuration	🛠 Manual
Scalability	🔻 Limited
BUM Traffic Handling	🌊 Multicast or static flooding
Typical Use Case	🧪 Labs, small campuses

🌐 VXLAN EVPN

📌 Definition: VXLAN with a BGP EVPN-based control plane, which dynamically distributes MAC–VNI–VTEP bindings across VTEPs.

🛠 Key Features:

Feature	VXLAN EVPN
Control Plane	✅ BGP EVPN
MAC Learning	📡 Control-plane based (BGP)
Configuration	⚙️ Dynamic and scalable
Scalability	🔺 High
BUM Traffic Handling	🚫 Minimized by control-plane
Typical Use Case	🏢 Data centers, cloud, multi-site

Summary	Static VXLAN	VXLAN EVPN
Control Plane	❌ Manual / flood-based	✅ Distributed via BGP EVPN
MAC Distribution	Locally flooded	Learned and advertised via BGP
Scalability	Low	High (multi-tenant, multi-site)
Complexity	Simple but static	Complex but automated
Use Cases	Simple links, PtP, lab networks	Large-scale DCs, EVPN fabrics

VXLAN EVPN L2VPN – CONTROL PLANE (Cisco)

❓ What is EVPN L2VPN Control Plane?

EVPN (Ethernet VPN) is a BGP-based control plane protocol that enables:

Dynamic distribution of MAC ↔ VNI ↔ VTEP bindings
Elimination of unnecessary BUM flooding
Improved scalability, mobility, and segmentation

In Cisco platforms, EVPN functionality depends on hardware, software version (IOS-XE or NX-OS), and system roles.

✅ Platforms that Support EVPN Control Plane

Platform	OS	EVPN Control Plane Support	Notes
Nexus 9000	NX-OS	✅ Yes	Full L2/L3 EVPN support via BGP
Nexus 7000/7700	NX-OS	✅ Yes (F3/M3 modules)	EVPN requires supported linecards
ASR 9000	IOS XR	✅ Yes	Carrier-grade EVPN
Catalyst 9500X	IOS-XE	✅ Yes	Requires SDM `vxlan-routing` template
Catalyst 9600	IOS-XE	✅ Yes	Requires advanced config

🚫 Platforms with Limited or No EVPN Support

Platform	OS	EVPN Control Plane Support	Notes
Catalyst 9500	IOS-XE	❌ No	Only static VXLAN supported
Catalyst 9400	IOS-XE	❌ No	No EVPN
Catalyst 9300	IOS-XE	❌ No	No VXLAN / EVPN support
Catalyst 9200	IOS-XE	❌ No	No VXLAN
Catalyst 3850	IOS-XE	❌ No	VXLAN and EVPN not supported

⚠️ EVPN Requirements on Catalyst Platforms (when applicable)

Minimum IOS-XE version: 17.9.1
Required licenses:
- `network-advantage`
- `dna-advantage`
SDM Template:
- Must be set to `vxlan-routing` (not available on non-X models)
Configuration method:
- `l2vpn evpn`, `vni`, `rd`, `route-target`, `bridge-domain`

🧱 Alternative: Static VXLAN (No Control Plane)

For platforms without EVPN, VXLAN can be deployed in static mode:

Define `interface nve1`
Assign `source-interface` (Loopback)
Configure `member vni XXXX`
Use `ingress-replication protocol static`
Add `peer-ip A.B.C.D` for each remote VTEP

Requires manual mapping and tunnel definition between all VTEPs.

📝 Useful Show Commands (Catalyst)

Check software version:

`show version`

Check license status:

`show license summary`

Check SDM template:

`show sdm prefer`

📌 Typical Error When EVPN Not Supported

Trying to configure:

`l2vpn evpn`  
`vni XXXX l2`  
`rd auto`

Returns:

`% Invalid input detected at '^' marker.`

📌 This indicates the command is not supported in this platform or SDM template.

✅ Recommendation

To deploy EVPN-based VXLAN in Cisco networks:

Use Nexus (e.g., 9300, 9500) or C9500X with `vxlan-routing`
Confirm licensing and SDM support
Use Static VXLAN on Catalyst platforms without EVPN capability

VXLAN – Core Terminology and Nomenclature

VXLAN (Virtual Extensible LAN) is a tunneling technology that enables Layer 2 overlay networks over Layer 3 IP infrastructures. Below is the essential terminology you need to master:

🔑 1. VNI – VXLAN Network Identifier

Definition: A 24-bit identifier that replaces the traditional VLAN ID.
Range: 0 to 16,777,215 (2^24 - 1)
Purpose: Uniquely identifies a VXLAN segment (like a VLAN but in overlay).
Example:

VLAN 700 → VNI 10700

🔑 2. VTEP – VXLAN Tunnel Endpoint

Definition: The device that encapsulates/decapsulates VXLAN traffic.
Purpose: Acts as the entry/exit point of VXLAN tunnels.
Key Point: Each VTEP has a loopback or logical IP (used as tunnel endpoint).
Example:

Cisco VTEP IP = `172.18.32.33`

🔑 3. NVE – Network Virtualization Edge

Definition: The logical interface that represents VXLAN capability.
Command Example (IOS-XE):

```bash

  interface nve1
   source-interface Loopback0
   member vni 10700
  ```
* **Note:** In NX-OS, you must use `feature nv overlay`; in IOS-XE it’s implicit.

🔑 4. Bridge Domain (BD)

Definition: A broadcast domain, equivalent to a VLAN at the overlay level.
In IOS-XE: Binding is done via:

```bash

  l2 vni 10700 vlan 700
  ```
* **In NX-OS:** It’s tied to a `bridge-domain` with its own config space.

🔑 5. Ingress Replication

Purpose: Defines how BUM (Broadcast, Unknown unicast, Multicast) traffic is replicated.
Modes:
1. `static`: manual peer definition
2. `multicast`: uses multicast groups in the underlay

🔑 6. Underlay vs Overlay

Underlay:
1. The physical IP network that connects VTEPs (e.g., `172.18.32.0/30`)
2. Uses IGP or static routing
Overlay:
1. The logical L2 network created by VXLAN
2. Carries tenant VLANs across routed core

🔑 7. BUM – Broadcast, Unknown Unicast, Multicast

Definition: Types of traffic replicated across all members in a segment.
Handled in VXLAN by:
1. Static `ingress-replication`
2. Multicast (if supported by underlay)

🧾 Summary Table

Element	Description	Example
VLAN	Traditional L2 segment	700
VNI	VXLAN segment identifier	10700
VTEP (Local)	Source tunnel endpoint	172.18.32.33 (Cisco C9500)
VTEP (Remote)	Destination tunnel endpoint	172.18.32.34 (Aruba 6300)
NVE Interface	VXLAN-capable logical interface	`interface nve1`
Underlay	Physical routed IP network	`172.18.32.32/30`
Overlay	Virtual network over VXLAN	VNIs mapped to VLANs

✅ VXLAN overlays

allow to:

Stretch VLANs across L3 boundaries
Enable mobility and segmentation
Scale beyond 4094 VLAN limit using 16 million VNIs

VXLAN Static Configuration Between Cisco 9500 and Aruba 6300

🔧 Network Architecture Summary

Component	Cisco Catalyst 9500 (C9500SP1)	Aruba 6300M (6300SP2)
VTEP Loopback IP	172.22.32.1	172.22.32.2
Transport IP	172.18.32.33 (to Aruba)	172.18.32.34 (to Cisco)
Transport VLAN	VLAN 1019 (routed PtP)	VLAN 1019 (routed PtP)
OSPF Area	0	0
VXLAN Type	Static (manual VTEP replication)	Static (manual VTEP replication)
VXLAN Device Interface	`interface nve1`	`interface vxlan 1`
VNI Range	10001, 10700–10732	10001, 10700–10732
Inter-VXLAN Bridging	Not used	static-all or static-evpn

—

🚀 Cisco 9500 – Configuration

1. Configure Loopback as VTEP Source

```cisco interface Loopback0 ip address 172.22.32.1 255.255.255.255

2. Transport Interface

cisco Copy Edit interface TenGigabitEthernet1/0/12 description Link to Aruba 6300 ip address 172.18.32.33 255.255.255.252 no shutdown

3. OSPF Configuration

cisco Copy Edit router ospf 100 router-id 1.1.1.1 network 172.18.32.32 0.0.0.3 area 0 network 172.22.32.1 0.0.0.0 area 0

4. Static Route (Loopback reachability)

cisco Copy Edit ip route 172.22.32.2 255.255.255.255 172.18.32.34

5. VXLAN NVE Interface

cisco Copy Edit interface nve1 no shutdown source-interface Loopback0 member vni 10001 ingress-replication 172.22.32.2 member vni 10700 ingress-replication 172.22.32.2 … member vni 10732 ingress-replication 172.22.32.2

6. Map VNIs to Bridge Domains

cisco Copy Edit bridge-domain 1 member vni 10001

bridge-domain 700 member vni 10700

bridge-domain 712 member vni 10712

bridge-domain 730 member vni 10730

bridge-domain 732 member vni 10732

🧩 Aruba 6300 – Configuration

1. Loopback for VTEP

aruba Copy Edit interface loopback 0 ip address 172.22.32.2/32

2. Transport Interface

aruba Copy Edit interface 1/1/12 description Link to Cisco 9500 ip address 172.18.32.34/30 no shutdown

3. OSPF Configuration

aruba Copy Edit router ospf router-id 2.2.2.2 area 0.0.0.0

interface 1/1/12
interface loopback 0

4. Static Route (for Cisco VTEP)

aruba Copy Edit ip route 172.22.32.1/32 172.18.32.33

5. VXLAN Tunnel

aruba Copy Edit interface vxlan 1 source 172.22.32.2 inter-vxlan-bridging-mode static-all

6. VXLAN VNI/VLAN Mapping

aruba Copy Edit vxlan vlan 1 vni 10001 vxlan vtep 172.22.32.1

vxlan vlan 700 vni 10700 vxlan vtep 172.22.32.1

vxlan vlan 712 vni 10712 vxlan vtep 172.22.32.1

vxlan vlan 730 vni 10730 vxlan vtep 172.22.32.1

vxlan vlan 732 vni 10732 vxlan vtep 172.22.32.1

✅ Verification

Cisco 9500

cisco Copy Edit show nve interface nve1 show nve vni summary show nve vni interface nve 1 show nve peers ping 172.22.32.2 source 172.22.32.1 show mac address-table vlan 712

Aruba 6300

aruba Copy Edit show interface vxlan 1 show interface vxlan vni vteps ping 172.22.32.1 source 172.22.32.2 show mac-address-table vlan 712

Table of Contents

Cisco Catalyst 9500 Series Manual

SSH

Troubleshooting PVST Inconsistency between Cisco 9500 and Aruba 6400

🧭 Context

⚠️ Symptom on Cisco

🔍 Root Cause

✅ Solution: Switched to RSTP

On Cisco 9500

On Aruba 6400

🔧 Verification Commands on Cisco

🛠️ Key Recommendations

Comparison: Static VXLAN vs VXLAN EVPN

🔁 Static VXLAN

🌐 VXLAN EVPN

VXLAN EVPN L2VPN – CONTROL PLANE (Cisco)

❓ What is EVPN L2VPN Control Plane?

✅ Platforms that **Support EVPN Control Plane**

🚫 Platforms with **Limited or No EVPN Support**

⚠️ EVPN Requirements on Catalyst Platforms (when applicable)

🧱 Alternative: Static VXLAN (No Control Plane)

📝 Useful Show Commands (Catalyst)

📌 Typical Error When EVPN Not Supported

✅ Recommendation

VXLAN – Core Terminology and Nomenclature

🔑 1. VNI – VXLAN Network Identifier

🔑 2. VTEP – VXLAN Tunnel Endpoint

🔑 3. NVE – Network Virtualization Edge

🔑 4. Bridge Domain (BD)

🔑 5. Ingress Replication

🔑 6. Underlay vs Overlay

🔑 7. BUM – Broadcast, Unknown Unicast, Multicast

🧾 Summary Table

✅ VXLAN overlays

VXLAN Static Configuration Between Cisco 9500 and Aruba 6300

🔧 Network Architecture Summary

🚀 Cisco 9500 – Configuration

1. Configure Loopback as VTEP Source

2. Transport Interface

3. OSPF Configuration

4. Static Route (Loopback reachability)

5. VXLAN NVE Interface

6. Map VNIs to Bridge Domains

🧩 Aruba 6300 – Configuration

1. Loopback for VTEP

2. Transport Interface

3. OSPF Configuration

4. Static Route (for Cisco VTEP)

5. VXLAN Tunnel

6. VXLAN VNI/VLAN Mapping

✅ Verification

Cisco 9500

Aruba 6300

✅ Platforms that Support EVPN Control Plane

🚫 Platforms with Limited or No EVPN Support