The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The following device configurations are relative to the setup in Figure A-1.
Figure A-1 Testbed Configuration Example
Notice how OTV is deployed on the OTV VDCs connected to the aggregation layer leveraging port channels as internal interfaces (vPC based POD). Also, the complete device configuration has been trimmered a little (removing for example the CoPP default config) to reduce the overall length of the Appendix. Finally, for the OTV Edge Devices, both configurations for multicast and unicast-only mode are shown. It is assumed that the multicast related commands applied to the aggregation layer devices won't be required when leveraging the unicast-only mode.
NR-n7k-a
version 5.1(1a)
license grace-period
hostname NR-n7k-a
!Following configuration set is not terminated by a newline
no vdc combined-hostname
vdc NR-n7k-a id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource monitor-session minimum 0 maximum 2
limit-resource monitor-session-erspan-dst minimum 0 maximum 23
limit-resource vrf minimum 2 maximum 1000
limit-resource port-channel minimum 0 maximum 768
limit-resource u4route-mem minimum 32 maximum 32
limit-resource u6route-mem minimum 16 maximum 16
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
vdc East-a id 2
allocate interface Ethernet1/26,Ethernet1/28,Ethernet1/30,Ethernet1/32
allocate interface Ethernet2/6,Ethernet2/21,Ethernet2/23,Ethernet2/25,Ethernet2/27
boot-order 3
limit-resource vlan minimum 16 maximum 4094
limit-resource monitor-session minimum 0 maximum 2
limit-resource monitor-session-erspan-dst minimum 0 maximum 23
limit-resource vrf minimum 2 maximum 1000
limit-resource port-channel minimum 0 maximum 768
limit-resource u4route-mem minimum 8 maximum 8
limit-resource u6route-mem minimum 4 maximum 4
limit-resource m4route-mem minimum 8 maximum 8
limit-resource m6route-mem minimum 2 maximum 2
feature telnet
cfs eth distribute
feature ospf
feature pim
feature udld
feature interface-vlan
feature hsrp
feature lacp
feature vpc
username adminbackup password 5 ! role network-operator
username admin password 5 $1$zOYf1VLm$Wh2/WnLdQDN894obifIpZ1 role network-admin
username adminbackup password 5 ! role network-operator
no password strength-check
ip domain-lookup
snmp-server user admin network-admin auth md5 0x88018226be1701759b4301a3c0519193 priv 0x88018226be1701759b4301a3c0
519193 localizedkey
vrf context management
ip route 0.0.0.0/0 172.26.245.1
vlan 1-4,99-199
spanning-tree vlan 99-199 priority 4096
vpc domain 1
role priority 4086
peer-keepalive destination 172.26.245.10 source 172.26.245.20
interface Vlan100
no shutdown
no ip redirects
ip address 10.100.1.4/24
ip ospf network broadcast
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
hsrp 100
preempt delay minimum 60
priority 40
timers 1 3
ip 10.100.1.1
<SNIP>
interface Vlan199
no shutdown
no ip redirects
ip address 10.199.1.4/24
ip ospf network broadcast
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
hsrp 199
preempt delay minimum 60
priority 40
timers 1 3
ip 10.199.1.1
interface port-channel1
description [ To N5K Access ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
spanning-tree port type network
vpc 1
interface port-channel10
description [ To N7K-b ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
spanning-tree port type network
vpc peer-link
interface port-channel20
description [ To this OTV VDC ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
vpc 20
interface port-channel30
description [ To this OTV VDC ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
vpc 30
interface Ethernet1/1
description [ To N7K-b ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
channel-group 10 mode active
no shutdown
interface Ethernet1/9
description [ To N5K Access ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
channel-group 1 mode active
no shutdown
interface Ethernet2/1
description [ To N7K-b ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
channel-group 10 mode active
no shutdown
interface Ethernet2/5
description [ To the OTV Join-Interface ]
udld aggressive
ip address 172.26.255.93/30
ip ospf network point-to-point
ip router ospf 2 area 0.0.0.0
ip pim sparse-mode
ip igmp version 3
no shutdown
interface Ethernet2/17
description [ To Core-A ]
ip address 172.26.255.70/30
ip ospf network point-to-point
ip router ospf 2 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface Ethernet2/18
description [ To Core B ]
ip address 172.26.255.78/30
ip ospf network point-to-point
ip router ospf 2 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface Ethernet2/20
description [ To this OTV VDC ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
channel-group 20 mode active
no shutdown
interface Ethernet2/22
description [ To other OTV VDC ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
channel-group 30 mode active
no shutdown
interface mgmt0
ip address 172.26.245.20/24
interface loopback2
ip address 172.26.255.153/32
ip router ospf 2 area 0.0.0.0
cli alias name sw switchto vdc east-a
line console
exec-timeout 0
speed 115200
line vty
exec-timeout 0
boot kickstart bootflash:/n7000-s1-kickstart.5.1.1a.gbin sup-1
boot system bootflash:/n7000-s1-dk9.5.1.1a.gbin sup-1
boot kickstart bootflash:/n7000-s1-kickstart.5.1.1a.gbin sup-2
boot system bootflash:/n7000-s1-dk9.5.1.1a.gbin sup-2
router ospf 1
auto-cost reference-bandwidth 1000000
router ospf 2
router-id 172.26.255.153
ip pim rp-address 172.26.255.101 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
************************************************************************************** ***********************
East-a (Multicast Mode)
version 5.1(1a)
hostname East-a
feature telnet
feature ospf
feature otv
feature lacp
feature dhcp
username admin password 5 $1$36p3GlAA$Pq09DfOCaBaSvfVj1Ul1d. role vdc-admin
no password strength-check
ip domain-lookup
ip access-list ALL_IPs
10 permit ip any any
mac access-list ALL_MACs
10 permit any any
ip access-list HSRPv1_IP
10 permit udp any 224.0.0.2/32 eq 1985
mac access-list HSRP_VMAC
10 permit 0000.0c07.ac00 0000.0000.00ff any
arp access-list HSRP_VMAC_ARP
10 deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00
20 permit ip any mac any
vlan access-map HSRPv1_Loc 10
match mac address HSRP_VMAC
match ip address HSRP_IP
action drop
vlan access-map HSRPv1_Loc 20
match mac address ALL_MACs
match action forward ip address ALL_IPs
vlan filter HSRPv1_Loc vlan-list 100-199
ip arp inspection filter HSRP_VMAC_ARP <100-199>
snmp-server user admin vdc-admin auth md5 0x88018226be1701759b4301a3c0519193 pri
v 0x88018226be1701759b4301a3c0519193 localizedkey
vrf context management
ip route 0.0.0.0/0 172.26.245.1
vlan 1,99-199
otv site-vlan 99
otv site-identifier 0x1
mac-list HSRP_VMAC_Deny seq 5 deny 0000.0c07.ac00 ffff.ffff.ff00
mac-list HSRP_VMAC_Deny seq 10 permit 0000.0000.0000 0000.0000.0000
route-map stop-HSRP permit 10
match mac-list HSRP_VMAC_Deny
interface port-channel2
description [ To N7K-a - Internal Interface ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
interface Overlay0
otv join-interface Ethernet2/6
otv control-group 239.1.1.1
otv data-group 232.1.1.0/28
otv extend-vlan 100-199
no shutdown
interface Ethernet2/6
description [ OTV Join-Interface ]
ip address 172.26.255.94/30
ip ospf network point-to-point
ip router ospf 2 area 0.0.0.0
ip igmp version 3
no shutdown
interface Ethernet2/21
description [ To N7K-a - Internal Interface ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-227
channel-group 2 mode active
no shutdown
interface Ethernet2/23
description [ To N7K-b - Internal Interface ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-227
channel-group 2 mode active
no shutdown
interface mgmt0
ip address 172.26.245.21/24
interface loopback0
ip address 172.26.255.151/32
ip router ospf 2 area 0.0.0.0
cli alias name his show cli hist unfo 20
line console
exec-timeout 0
line vty
exec-timeout 0
router ospf 2
router-id 172.26.255.151
timers throttle spf 10 100 500
otv-isis default
vpn Overlay0
redistribute filter route-map stop-HSRP
East-a (Unicast-only Mode)
The configuration is mostly identical to the one shown above. The only difference is in the Overlay interface configuration, as shown below.
interface Overlay0
otv join-interface Ethernet2/6
otv adjacency-server unicast-only
otv use-adjacency-server 172.26.255.94 172.27.255.94
otv extend-vlan 100-199
no shutdown
************************************************************************************** ***********************
NR-n7k-b
version 5.1(1a)
license grace-period
hostname NR-n7k-b
!Following configuration set is not terminated by a newline
no vdc combined-hostname
vdc NR-n7k-b id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource monitor-session minimum 0 maximum 2
limit-resource monitor-session-erspan-dst minimum 0 maximum 23
limit-resource vrf minimum 16 maximum 1000
limit-resource port-channel minimum 0 maximum 768
limit-resource u4route-mem minimum 32 maximum 32
limit-resource u6route-mem minimum 16 maximum 16
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
vdc East-b id 2
allocate interface Ethernet1/26,Ethernet1/28,Ethernet1/30,Ethernet1/32
allocate interface Ethernet2/6,Ethernet2/21,Ethernet2/23
boot-order 3
limit-resource vlan minimum 16 maximum 4094
limit-resource monitor-session minimum 0 maximum 2
limit-resource monitor-session-erspan-dst minimum 0 maximum 23
limit-resource vrf minimum 16 maximum 1000
limit-resource port-channel minimum 0 maximum 768
limit-resource u4route-mem minimum 8 maximum 8
limit-resource u6route-mem minimum 4 maximum 4
limit-resource m4route-mem minimum 8 maximum 8
limit-resource m6route-mem minimum 2 maximum 2
feature telnet
cfs eth distribute
feature ospf
feature pim
feature interface-vlan
feature hsrp
feature lacp
feature vpc
logging level monitor 7
username adminbackup password 5 $1$Oip/C5Ci$oOdx7oJSlBCFpNRmQK4na. role network-operator
username admin password 5 $1$T1wpkssO$4U6JRuGrh5M8WvbYXTsnV0 role network-admin
username adminbackup password 5 $1$Oip/C5Ci$oOdx7oJSlBCFpNRmQK4na. role network-operator
no password strength-check
ip domain-lookup
snmp-server user admin network-admin auth md5 0x1ef34a157db87c5884230ac8e89f4663 priv 0x1ef34a157db87c5884230ac8e89f4663 localizedkey
ntp server 171.68.10.80 use-vrf management
ntp server 171.68.10.150 use-vrf management
ntp source-interface mgmt0
vrf context management
ip route 0.0.0.0/0 172.26.245.1
vlan 1-4,99-199
spanning-tree vlan 99-199 priority 8192
vpc domain 1
role priority 8192
peer-keepalive destination 172.26.245.20 source 172.26.245.10
interface Vlan100
no shutdown
management
no ip redirects
ip address 10.100.1.5/24
ip ospf network broadcast
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
hsrp 100
preempt delay minimum 60
priority 20
timers 1 3
ip 10.100.1.1
<SNIP>
interface Vlan199
no shutdown
no ip redirects
ip address 10.199.1.5/24
ip ospf network broadcast
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
hsrp 199
preempt delay minimum 60
priority 20
timers 1 3
ip 10.199.1.1
interface port-channel1
description [ To N5K Access ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
spanning-tree port type network
vpc 1
interface port-channel10
description [ To N7K-a ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
spanning-tree port type network
vpc peer-link
interface port-channel20
description [ To this OTV VDC ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
vpc 20
interface port-channel30
description [ To this OTV VDC ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
vpc 30
interface Ethernet1/1
description [ To N7K-a ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
channel-group 10 mode active
no shutdown
interface Ethernet1/9
description [ To N5K Access ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
channel-group 1 mode active
no shutdown
interface Ethernet2/1
description [ To N7K-a ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
channel-group 10 mode active
no shutdown
interface Ethernet2/5
description [ To the OTV Join-Interface ]
ip address 172.26.255.97/30
ip ospf network point-to-point
ip router ospf 2 area 0.0.0.0
ip pim sparse-mode
ip igmp version 3
no shutdown
interface Ethernet2/17
description [ To Core A ]
ip address 172.26.255.74/30
ip ospf network point-to-point
ip router ospf 2 area 0.0.0.0
ip pim sparse-mode
ip igmp version 3
no shutdown
interface Ethernet2/18
description [ To Core B ]
ip address 172.26.255.82/30
ip ospf network point-to-point
ip router ospf 2 area 0.0.0.0
ip pim sparse-mode
ip igmp version 3
no shutdown
interface Ethernet2/20
description [ To this OTV VDC ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
channel-group 30 mode active
no shutdown
interface Ethernet2/22
description [ To other OTV VDC ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
channel-group 20 mode active
no shutdown
interface mgmt0
ip address 172.26.245.10/24
interface loopback2
ip address 172.26.255.154/32
ip router ospf 2 area 0.0.0.0
cli alias name sw switchto vdc east-b
line console
exec-timeout 0
speed 115200
line vty
exec-timeout 0
boot kickstart bootflash:/n7000-s1-kickstart.5.1.1a.gbin sup-1
boot system bootflash:/n7000-s1-dk9.5.1.1a.gbin sup-1
boot kickstart bootflash:/n7000-s1-kickstart.5.1.1a.gbin sup-2
boot system bootflash:/n7000-s1-dk9.5.1.1a.gbin sup-2
router ospf 1
auto-cost reference-bandwidth 1000000
router ospf 2
router-id 172.26.255.154
timers throttle spf 10 100 5000
ip pim rp-address 172.26.255.101 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
ip routing multicast holddown 0
logging monitor 7
logging console 7
************************************************************************************** ***********************
East-b (Multicast Mode)
version 5.1(1a)
hostname East-b
feature telnet
feature ospf
feature otv
feature lacp
feature dhcp
logging level otv 7
username admin password 5 $1$mDXdlrBj$3UtOG.HD2w.PI41n2apYe/ role vdc-admin
no password strength-check
ip domain-lookup
ip access-list ALL_IPs
10 permit ip any any
mac access-list ALL_MACs
10 permit any any
ip access-list HSRPv1_IP
10 permit udp any 224.0.0.2/32 eq 1985
mac access-list HSRP_VMAC
10 permit 0000.0c07.ac00 0000.0000.00ff any
arp access-list HSRP_VMAC_ARP
10 deny ip any mac 0000.0c07.ac00 ffff.ffff.ff00
20 permit ip any mac any
vlan access-map HSRPv1_Loc 10
match mac address HSRP_VMAC
match ip address HSRP_IP
action drop
vlan access-map HSRPv1_Loc 20
match mac address ALL_MACs
match ip address ALL_IPs
action forward
vlan filter HSRPv1_Loc vlan-list 100-199
ip arp inspection filter HSRP_VMAC_ARP <100-199>
snmp-server user admin vdc-admin auth md5 0x1ef34a157db87c5884230ac8e89f4663 pri
v 0x1ef34a157db87c5884230ac8e89f4663 localizedkey
vrf context management
ip route 0.0.0.0/0 172.26.245.1
vlan 1,99-199
otv site-vlan 99
otv site-identifier 0x1
mac-list HSRP_VMAC_Deny seq 5 deny 0000.0c07.ac00 ffff.ffff.ff00
mac-list HSRP_VMAC_Deny seq 10 permit 0000.0000.0000 0000.0000.0000
route-map stop-HSRP permit 10
match mac-list HSRP_VMAC_Deny
interface port-channel3
description [ OTV Internal Interface ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
interface Overlay0
otv join-interface Ethernet2/6
otv control-group 239.1.1.1
otv data-group 232.1.1.0/28
otv extend-vlan 100-199
no shutdown
interface Ethernet2/6
description [ OTV Join-Interface ]
ip address 172.26.255.98/30
ip ospf network point-to-point
ip router ospf 2 area 0.0.0.0
ip igmp version 3
no shutdown
interface Ethernet2/21
description [ To N7K-a - Internal Interface ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
channel-group 3 mode active
no shutdown
interface Ethernet2/23
description [ To N7K-b - Internal Interface ]
switchport
switchport mode trunk
switchport trunk allowed vlan 99-199
channel-group 3 mode active
no shutdown
interface mgmt0
ip address 172.26.245.11/24
interface loopback0
ip address 172.26.255.152/32
ip router ospf 2 area 0.0.0.0
logging monitor 7
logging console 7
line console
exec-timeout 0
line vty
exec-timeout 0
router ospf 2
router-id 172.26.255.152
otv-isis default
vpn Overlay0
redistribute filter route-map stop-HSRP
East-b (Unicast-only Mode)
The configuration is mostly identical to the one shown above. The only difference is in the Overlay interface configuration, as shown below.
interface Overlay0
otv join-interface Ethernet2/6
otv use-adjacency-server 172.26.255.94 172.27.255.94
otv extend-vlan 100-199
no shutdown