Configuring Fabric In a Box for Wired Devices
How to Configure Fabric in a Box
Configuration Example for a Fabric in a Box Device
Verify Fabric in a Box

Configuring Fabric In a Box for Wired Devices

A remote office or a branch office necessitates the design of a small fabric site. It could be a site with less than 200 endpoints and less than five virtual networks. In such cases, use a fabric in a box design. Fabric in a box is a single device that is configured as a border node, a control plane node and an edge node. This single device can be a switch with hardware stacking, or with StackWise Virtual deployment.

The following platforms support fabric in a box:

Cisco Catalyst 9300 Series Switches
Cisco Catalyst 9400 Series Switches
Cisco Catalyst 9500 Series Switches

This section describes the configuration of a fabric in a box for small sites.

How to Configure Fabric in a Box

Use the Fabric in a box construct for smaller sites or remote branch deployments.

Note

Before you begin, ensure that the underlay network links are configured for routed access connectivity.


Step	Task	Purpose
Step 1	Configure Virtual Routing and Forwarding (VRF)	Configure a VRF to support IPv4 and IPv6 routing tables. VRF maintains the routing and forwarding information for devices within a virtual network. A VRF instance has its own IP routing table, a forwarding table, and one or more interfaces assigned to it. The VRF tables help the routing device reach the locator address space.
Step 2	Configure Layer 3 Handoff	Configure the interface on the device for external connectivity and Layer 3 handoff.
Step 3	Configure Device Tracking	Configure Switch Integrated Security Features based (SISF-based) device tracking to track the presence, location, and movement of endpoints in the fabric. SISF snoops traffic received by the device, extracts device identity (MAC and IP address), and stores them in a binding table.
Step 4	Configure VLANs	Configure VLANs to segment your network and achieve traffic isolation between the segments.
Step 5	Configure SVI Interfaces	Configure an SVI interface for each VLAN. A Switched Virtual Interface (SVI) interface is a VLAN interface that allows traffic to be routed between the VLANs. DHCP Snooping on a VLAN enables DT-PROGRAMMATIC policy that supports onboarding of DHCPv4 hosts.
Step 6	Configure DHCP Relay and Snooping	Configure the fabric in a box device as a DHCP relay agent to relay the DHCP traffic between fabric endpoints and DHCP server.
Step 7	Configure LISP	Set up the Ingress Tunnel Router (ITR) and Proxy Ingress Tunnel Router (PITR) functionalities for both IPv4 and IPv6 address families. An ITR or PITR encapsulates and forwards the incoming packets across the overlay either to a fabric edge node or to the external network, depending on the destination. Set up the Egress Tunnel Router (ETR) and Proxy Egress Tunnel Router (PETR) functionalities for both IPv4 and IPv6 address families. An ETR or PETR decapsulates the LISP VXLAN-encapsulated packets and sends them to the endpoint. Configure a Map Server to receive and store the endpoint registrations. Configure a Map Resolver to resolve a lookup request for route to destination endpoints. Define this border node as a default ETR and map the default route for each VRF.
Step 8	Configure Layer 3 VNI for Default Instance Configure Layer 3 VNI for User-Defined VRF	In a LISP VXLAN fabric, the VXLAN-GPO header has a VNI field that serves as an identifier of a specific virtual network. VXLAN VNI helps carry the macro segmentation information within the fabric site. A Layer 3 VNI identifies a Layer 3 overlay segment. Configure Layer 3 VNI for the Default Instance. The default instance is used to connect the network infrastructure elements like Access Points and Layer 2 switches to the fabric access layer. Configure Layer 3 VNI for VLANs in user-defined VRF.
Step 8	Configure Layer 2 VNI for Default Instance Configure Layer 2 VNI for User-Defined VRF	A Layer 2 VNI identifies a Layer 2 overlay segment. Configure Layer 2 VNI for the Default Instance. Configure Layer 2 VNI for the User-Defined VRF. Configuring Layer 2 VNI programmatically enables these first-hop-security policies on the VLANs: LISP-DT-GUARD-VLAN and LISP-AR-RELAY-VLAN. LISP-DT-GUARD-VLAN policy mitigates IP theft, MAC theft and DOS attacks. LISP-AR-RELAY policy helps in converting ARP broadcast and Neighbor Solicitation (NS) multicast packets to unicast.
Step 9	Configure BGP	Configure Border Gateway Protocol (BGP) for route exchange with the external network.
Step 10	Configure Prefix List and Route-Map	Configure a prefix list and route map for redistribution and route leaking between the global routing table (GRT) and the VRF.
Step 11	Verify the configurations on the fabric in a box device using these show commands:
	show lisp session	Displays the details of the LISP sessions that are established on the device.
	show lisp locator-set	Displays the locator set information.
	show ip interface brief	Displays the usability status of all the interfaces that are configured on the device. Filter the output to view the dynamically created LISP interfaces, using the show ip interface brief \| i LISP command.
	show lisp instance-id instance-id ipv4 show lisp instance-id instance-id ipv6	Displays the details of each of the LISP IPv4 or IPv6 instances that are configured on the device. Use this command to view the operational status of the IPv4 or the IPv6 address family under each instance-id. This includes the status of the database, map-cache, publication entries, site registration entries, and so on.
	show lisp instance-id instance-id ethernet server	Displays the LISP site registration information such as the site name, the node that registered last, status of the site, and the EID prefixes that are associated with the site.
	show lisp instance-id instance-id ethernet database	Displays the database mappings on the device Use this command to check EID table for a given VLAN
	show ip route vrf vrf	Displays the route table that is created on the node for a given VRF.
	show lisp platform	Displays the limits of the given platform or the device. This command shows the LISP instance limits, Layer 3 limits, Layer 2 limits, and the supported configuration style on the device. Use this command to understand the limits of the device and plan its usage and role in the fabric.

Configure VRFs

To configure VRFs on the fabric in a box device, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	vrf definition `vrf-name` Example: `Device(config)# vrf definition VN3`	Configures a VRF table, and enters VRF configuration mode.
Step 4	rd `route-distinguisher` Example: `Device(config-vrf)# rd 1:4099`	Creates routing and forwarding tables for a VRF instance.
Step 5	address-family {ipv4 \| ipv6} Example: `Device(config-vrf)# address-family ipv4` `Device(config-vrf)# address-family ipv6`	Specifies the address family, and enters address family configuration mode. ipv4 : Specifies the address family as IPv4. ipv6 : Specifies the address family as IPv6.
Step 6	route-target export `route-target-ext-community` Example: `Device(config-vrf-af)# route-target export 1:4099`	Creates a list of export route target communities for the specified VRF. Enter either an AS system number and an arbitrary number (xxx:y) or an IP address and an arbitrary number (A.B.C.D:y). The `route-target-ext-community` value should be the same as the `route-distinguisher` value entered in the earlier step.
Step 7	route-target import `route-target-ext-community` Example: `Device(config-vrf-af)# route-target import 1:4099`	Creates a list of import route target communities for the specified VRF.
Step 8	exit-address-family Example: `Device(config-vrf-af)# exit-address-family`	Exits address family configuration mode, and enters VRF configuration mode.
Step 9	end Example: `Device(config-vrf)# end`	Returns to privileged EXEC mode.

Configure Layer 3 Handoff

To configure Layer 3 handoff on a fabric in a box device, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	vlan `vlan-id` Example: `Device(config)# vlan 222`	Places you into the VLAN configuration submode. If the VLAN does not exist, the system creates the specified VLAN and then enters the VLAN configuration submode.
Step 4	name `vlan-name` Example: `Device(config-vlan)# name 222`	Names the VLAN.
Step 5	exit Example: `Device(config)# exit`	Returns to global configuration mode.
Step 6	interface `interface-name` Example: `Device(config)# interface Vlan222`	Specifies the VLAN interface and enters the interface configuration mode.
Step 7	description `interface-description` Example: `Device(config-if)# description vrf-external`	Adds a description for the interface
Step 8	vrf forwarding `vrf-name` Example: `Device(config-if)# vrf forwarding VN3`	Associates the VRF instance with the interface.
Step 9	ip address `ip_address subnet_mask` Example: `Device(config-if)# ip address 10.20.1.1 255.255.255.252`	Configures the IP address and IP subnet.
Step 10	no ip redirects Example: `Device(config-if)# no ip redirects`	Disables sending of Internet Control Message Protocol (ICMP) redirect messages.
Step 11	ipv6 address `address` Example: `Device(config-if)# ipv6 address 2001:DB8:20::1/126`	Configures an IPv6 address on the interface.
Step 12	ipv6 enable Example: `Device(config-if)# ipv6 enable`	Enables IPv6 on the interface.
Step 13	exit Example: `Device(config-if)# exit`	Returns to global configuration mode.
Step 14	interface `interface-number` Example: `Device(config)# interface TenGigabitEthernet1/0/4`	Specifies the interface and enters the interface configuration mode.
Step 15	switchport mode trunk Example: `Device(config-if)# switchport mode trunk`	Configures the interface as a VLAN trunk port. Configures the physical interface toward Fusion router.
Step 16	end Example: `Device(config-if)# end`	Returns to privileged EXEC mode.

Configure Device Tracking

To configure device-tracking on a fabric in a box device, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	device-tracking policy `policy-name` Example: `Device(config)# device-tracking policy IPDT_POLICY`	Creates a device-tracking policy with the specified name, and enters the device-tracking configuration mode.
Step 4	tracking enable Example: `Device(config-device-tracking)# tracking enable`	Enables polling for the specified policy.
Step 5	exit Example: `Device(config-device-tracking)# exit`	Exits device-tracking configuration mode, and enters global configuration mode.
Step 6	interface `interface-id` Example: `Device(config)# interface TenGigabitEthernet1/0/5`	Specifies an interface and enters interface configuration mode.
Step 7	device-tracking attach-policy `policy-name` Example: `Device(config-if)# device-tracking attach-policy IPDT_POLICY`	Attaches the device tracking policy to the interface.
Step 8	end Example: `Device(config-if)# end`	Returns to privileged EXEC mode.

Configure VLAN

To configure VLAN on a FiaB, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	ipv6 nd raguard Example: `Device(config)# ipv6 nd raguard`	Configures the default Router Advertisement (RA) Guard policy on the VLAN. The RA Guard feature analyzes the RAs and filters out bogus RAs sent by unauthorized devices. In host mode, all router advertisement and router redirect messages are disallowed on the port.
Step 4	ipv6 dhcp guard Example: `Device(config)# ipv6 dhcp guard`	Configures the default DHCP Guard policy on the VLAN. The IPv6 DHCP Guard feature blocks reply and advertisement messages that come from unauthorized DHCPv6 servers and relay agents.
Step 5	vlan `vlan-id` Example: `Device(config)# vlan 50`	Specifies a VLAN ID, and enters VLAN configuration mode.
Step 6	name `vlan-name` Example: `Device(config-vlan)# name AVlan50`	Specifies a name for the VLAN.
Step 7	exit Example: `Device(config-vlan)# exit`	Exits VLAN configuration mode, and enters global configuration mode.
Step 8	vlan `vlan-id` Example: `Device(config)# vlan 91`	Specifies a VLAN ID, and enters VLAN configuration mode.
Step 9	name `vlan-name` Example: `Device(config-vlan)# name AVlan91`	Specifies a name for the VLAN.
Step 10	exit Example: `Device(config-vlan)# exit`	Exits VLAN configuration mode, and enters global configuration mode.
Step 11	end Example: `Device(config)# end`	Returns to privileged EXEC mode.

Configure SVI Interface

To configure SVI interface for a VLAN, perform this task.

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	interface `vlan-id` Example: `Device(config)# interface Vlan50`	Specifies the interface for which you are adding a description, and enters interface configuration mode.
Step 4	description `string` Example: `Device(config-if)# description conf-vrf`	Adds a description for an interface.
Step 5	mac-address `address` Example: `Device(config-if)# mac-address 0000.0c9f.f18e`	Specifies the MAC address for the VLAN interface (SVI). We recommend that you use a MAC address starting from the base range value of 0000.0C9F.F05F.
Step 6	vrf forwarding `name` Example: `Device(config-if)# vrf forwarding VN3`	Associates the VRF instance with the interface.
Step 7	ip address `ip_address subnet_mask` Example: `Device(config-if)# ip address 10.50.1.1 255.255.255.0`	Configures the IP address and IP subnet.
Step 8	ip helper-address `ip_address` Example: `Device(config-if)# ip helper-address 172.16.2.2`	Configures the IP helper address.
Step 9	no ip redirects Example: `Device(config-if)# no ip redirects`	Disables sending of Internet Control Message Protocol (ICMP) redirect messages.
Step 10	ipv6 address `address` Example: `Device(config-if)# ipv6 address 2001:DB8:2050::1/64`	Configures an IPv6 address on the interface.
Step 11	ipv6 enable Example: `Device(config-if)# ipv6 enable`	Enables IPv6 on the interface.
Step 12	ipv6 nd {dad attempts \| prefix \| managed-config-flag \| other-config-flag \| router-preference \| } Example: `Device(config-if)# ipv6 nd dad attempts 0 Device(config-if)# ipv6 nd prefix 2001:DB8:2050::/64 2592000 604800 no-autoconfig Device(config-if)# ipv6 nd managed-config-flag Device(config-if)# ipv6 nd other-config-flag Device(config-if)# ipv6 nd router-preference High`	Configures IPv6 neighbor discovery on the interface. dad attempts : Specifies the number of consecutive neighbor solicitation messages that are sent on an interface while duplicate address detection is performed on the unicast IPv6 addresses of the interface. prefix : Specifies IPv6 prefixes that are included in IPv6 neighbor discovery router advertisements. managed-config-flag : Specifies IPv6 interfaces neighbor discovery to allow the hosts to uses DHCP for address configuration. other-config-flag : Specifies IPv6 interfaces neighbor discovery to allow the hosts to uses DHCP for non-address configuration. router-preference : Specifies a default router preference (DRP) for the router on a specific interface.
Step 13	ipv6 dhcp relay {destination \| source-interface \| trust} Example: `Device(config-if)# ipv6 dhcp relay destination 2001:DB8:2::2 Device(config-if)# ipv6 dhcp relay source-interface Vlan50 Device(config-if)# ipv6 dhcp relay trust`	Configures Dynamic Host Configuration Protocol (DHCP) for IPv6 relay service on the interface. destination : Specifies a destination address to which client messages are forwarded. source-interface : Specifies an interface to use as the source when relaying messages received on this interface. trust : Specifies the interface to be trusted to process relay-replies.
Step 14	no lisp mobility liveness test Example: `Device(config-if)# no lisp mobility liveness test`	Removes mobility liveness settings discovered on this interface.
Step 15	lisp mobility `dynamic-eid-name` Example: `Device(config-if)# lisp mobility AVlan50-IPV4` `Device(config-if)# lisp mobility AVlan50-IPV6`	Specifies the name of the LISP dynamic-EID policy to apply to this interface.
Step 16	no autostate Example: `Device(config-if)# no autostate`	Brings up the VLAN even if there is no trunk or physical link that is up on that device.
Step 17	end Example: `Device(config-if)# end`	Returns to privileged EXEC mode.

Configure DHCP Relay and Snooping

To configure DHCP relay and snooping on a fabric in a box device, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	ip dhcp relay information option Example: `Device(config)# ip dhcp relay information option`	Enables the system to insert the DHCP relay agent information option (option-82 field) in forwarded BOOTREQUEST messages to a DHCP server.
Step 4	ip dhcp snooping vlan {`vlan id` \| `vlan range`} Example: `Device(config)# ip dhcp snooping vlan 50,91`	Enables DHCP snooping on a VLAN or VLAN range.
Step 5	ip dhcp snooping Example: `Device(config)# ip dhcp snooping`	Enables DHCP snooping globally.
Step 6	end Example: `Device(config)# end`	Returns to privileged EXEC mode.

Configure LISP

To configure LISP on a fabric in a box device, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	router lisp Example: `Device(config)# router lisp`	Enters LISP configuration mode.
Step 4	locator-table default Example: `Device(config-router-lisp)# locator-table default`	Selects the default (global) routing table for association with the routing locator address space.
Step 5	locator-set `loc-set-name` Example: `Device(config-router-lisp)# locator-set default_etr_locator`	Specifies a locator-set, and enters the locator-set configuration mode.
Step 6	ipv4-interface Loopback `loopback-interface-id` priority `locator-priority` weight `locator-weight` Example: `Device(config-router-lisp-locator-set)# IPv4-interface Loopback0 priority 10 weight 10`	Configures the loopback IP address to ensure the device is reachable.
Step 7	exit-locator-set Example: `Device(config-router-lisp-locator-set)# exit-locator-set`	Exits locator-set configuration mode, and enters LISP configuration mode.
Step 8	locator-set `loc-set-name` Example: `Device(config-router-lisp)# locator-set rloc_set`	Specifies a locator-set, and enters the locator-set configuration mode. Ensure that this locator set is different from the default locator.
Step 9	ipv4-interface Loopback `loopback-interface-id` priority `locator-priority` weight `locator-weight` Example: `Device(config-router-lisp-locator-set)# IPv4-interface Loopback0 priority 10 weight 10`	Specifies that the IPv4 address of the loopback interface should be used to reach the locator.
Step 10	auto-discover-rlocs Example: `Device(config-router-lisp-locator-set)# auto-discover-rlocs`	Auto discover the locators registered by other ingress or egress tunnel routers (xTRs).
Step 11	exit-locator-set Example: `Device(config-router-lisp-locator-set)# exit-locator-set`	Exits locator-set configuration mode, and enters LISP configuration mode.
Step 12	locator default-set `loc-set-name` Example: `Device(config-router-lisp)# locator default-set rloc_set`	Specifies a default locator-set.
Step 13	service `{` ipv4`\|` ipv6`}` Example: `Device(config-router-lisp)# service ipv4` `Device(config-router-lisp)# service ipv6`	Enables network services for the default instance. service ipv4 : Enables Layer 3 network services for the IPv4 address family. service ipv6 : Enables Layer 3 network services for the IPv6 address family.
Step 14	encapsulation vxlan Example: `Device(config-router-lisp-serv-ipv4)# encapsulation vxlan` `Device(config-router-lisp-serv-ipv6)# encapsulation vxlan`	Specifies VXLAN-based encapsulation.
Step 15	map-cache publications Example: `Device(config-router-lisp-serv-ipv4)# map-cache publications` `Device(config-router-lisp-serv-ipv6)# map-cache publications`	Exports the publication entries to the map cache. These entries are used for forwarding the traffic.
Step 16	import publication publisher `publisher-address` Example: `Device(config-router-lisp-serv-ipv4)# import publication publisher 172.16.1.68` `Device(config-router-lisp-serv-ipv6)# import publication publisher 172.16.1.68`	Imports the publications from the publisher that is specified by the `publisher-address` . `publisher-address` is the IP address of the Loopback 0 interface of the control plane node.
Step 17	itr map-resolver `map-resolver-address` Example: `Device(config-router-lisp-serv-ipv4)# itr map-resolver 172.16.1.68` `Device(config-router-lisp-serv-ipv6)# itr map-resolver 172.16.1.68`	Configures a locator address for the LISP map resolver. To resolve the EID-to-RLOC mappings, this router sends map request messages to the map resolver. A control plane node is the LISP map resolver. Specify the IP address of the Loopback 0 interface on control plane node as the `map-resolver-address` .
Step 18	etr map-server `map-server-address` key `authentication-key` Example: `Device(config-router-lisp-serv-ipv4)# etr map-server 172.16.1.68 key 7 auth-key` `Device(config-router-lisp-serv-ipv6)# etr map-server 172.16.1.68 key 7 auth-key`	Configures a map server to be used by the Egress Tunnel Router (ETR), and specifies the key type. A control plane node is the LISP map server. Specify the IP address of the Loopback 0 interface on control plane node as the `map-server-address` .
Step 19	etr map-server `map-server-address` proxy-reply Example: `Device(config-router-lisp-serv-ipv4)# etr map-server 172.16.1.68 proxy-reply` `Device(config-router-lisp-serv-ipv6)# etr map-server 172.16.1.68 proxy-reply`	Configures a locator address for the LISP map server and an authentication key. This device acting as a LISP ETR, uses the authetication key to register with the LISP mapping system.
Step 20	etr Example: `Device(config-router-lisp-serv-ipv4)# etr` `Device(config-router-lisp-serv-ipv6)# etr`	Configures the device as an Egress Tunnel Router (ETR).
Step 21	sgt Example: `Device(config-router-lisp-serv-ipv4)# sgt` `Device(config-router-lisp-serv-ipv6)# sgt`	Enables the Security Group Tag (SGT) function for SGT tag propagation.
Step 22	route-export publications Example: `Device(config-router-lisp-serv-ipv4)# route-export publications` `Device(config-router-lisp-serv-ipv6)# route-export publications`	Exports the LISP publications into the routing information base (RIB).
Step 23	distance publications 250 Example: `Device(config-router-lisp-serv-ipv4)# distance publications 250` `Device(config-router-lisp-serv-ipv6)# distance publications 250`	Specifies the administrative distance to RIB when the LISP publications are exported to the RIB.
Step 24	proxy-etr Example: `Device(config-router-lisp-serv-ipv4)# proxy-etr` `Device(config-router-lisp-serv-ipv6)# proxy-etr`	Enables Proxy Egress Tunnel Router (PETR) functionality for the EIDs.
Step 25	proxy-itr `address` Example: `Device(config-router-lisp-serv-ipv4)# proxy-itr 172.16.1.68` `Device(config-router-lisp-serv-ipv6)# proxy-itr 172.16.1.68`	Enables Proxy Ingress Tunnel Router (PITR) functionality for the EIDs. For `address` , specify the Loopback 0 IP address of this device.
Step 26	map-server Example: `Device(config-router-lisp-serv-ipv4)# map-server` `Device(config-router-lisp-serv-ipv6)# map-server`	Configures the locator address of the LISP map server.
Step 27	map-resolver Example: `Device(config-router-lisp-serv-ipv4)# map-resolver` `Device(config-router-lisp-serv-ipv6)# map-resolver`	Configures the locator address of the LISP map resolver.
Step 28	Do one of the following: exit-service-ipv4 exit-service-ipv6 Example: `Device(config-router-lisp-serv-ipv4)# exit-service-ipv4` `Device(config-router-lisp-serv-ipv6)# exit-service-ipv4`	Exits service configuration mode, and enters LISP configuration mode. Use the appropriate command, depending on which service mode you are exiting from (IPv4 or IPv6 service mode).
Step 29	service ethernet Example: `Device(config-router-lisp)# service ethernet`	Enables Layer 2 network services for the default instance.
Step 30	itr map-resolver `map-resolver-address` Example: `Device(config-router-lisp-serv-eth)# itr map-resolver 172.16.1.68`	Configures a locator address for the LISP map resolver to which this router will send map request messages for IPv4 EID-to-RLOC mapping resolutions.
Step 31	itr Example: `Device(config-router-lisp-serv-eth)# itr`	Configures the device as an Ingress Tunnel Router (ETR).
Step 32	etr map-server `map-server-address` key `authentication-key` Example: `Device(config-router-lisp-serv-eth)# etr map-server 172.16.1.68 key 7 auth-key`	Configures a map server to be used by the Egress Tunnel Router (ETR), and specifies the key type. `map-server-address` is the IP address of the Loopback 0 interface on the control plane node. In this step, specify the Loopback 0 IP address of the device because the control plane node, border node, and edge node are all configured on a single device.
Step 33	etr map-server `map-server-address` proxy-reply Example: `Device(config-router-lisp-serv-eth)# etr map-server 172.16.1.68 proxy-reply`	Configures a locator address for the LISP map server and an authentication key for which this router, acting as an IPv4 LISP ETR, will use to register with the LISP mapping system. `map-server-address` is the IP address of the Loopback 0 interface on the control plane node. In this step, specify the Loopback 0 IP address of the device because the control plane node, border node, and edge node are all configured on a single device.
Step 34	etr Example: `Device(config-router-lisp-serv-eth)# etr`	Configures the device as an Egress Tunnel Router (ETR).
Step 35	map-server Example: `Device(config-router-lisp-serv-eth)# map-server`	Configures the device as a Map Server.
Step 36	map-resolver Example: `Device(config-router-lisp-serv-eth)# map-resolver`	Configures the device as a Map Resolver.
Step 37	exit Example: `Device(config-router-lisp-serv-eth)# exit`	Exits service Ethernet configuration mode and enters LISP configuration mode.
Step 38	site `site-name` Example: `Device(config-router-lisp)# site site_uci`	Specifies a LISP site named site-name and enters LISP site configuration mode. A LISP site name is locally significant to the map server on which it is configured. It has no relevance anywhere else. This name is used solely as an administrative means of associating one or more EID prefixes with an authentication key and other site-related mechanisms
Step 39	description `description` Example: `Device(config-router-lisp-site)# desription map-server1`	Provides a description for the LISP site.
Step 40	authentication-key `{` `key-type}` `authentication-key` Example: `Device(config-router-lisp-site)# authentication-key 7 auth-key`	Configures the authentication key associated with this site.
Step 41	eid-record instance-id `instance-id` [`eid-prefix`] [ accept-more-specifics] Example: `Device(config-router-lisp-site)# eid-record instance-id 4097 10.91.1.0/24 accept-more-specifics Device(config-router-lisp-site)# eid-record instance-id 8197 any-mac`	Configures an IPv4 or IPv6 EID prefix associated with this LISP instance. `eid-prefix` can be IPv4 or IPv6 or MAC EID prefixes. accept-more-specifics allows the site to accept registrations for more specific EID prefixes Repeat this step as necessary to configure additional EID prefixes under the LISP site.
Step 42	allow-locator-default-etr instance-id `instance-id` { ipv4 \| ipv6 } Example: `Device(config-router-lisp-site)# allow-locator-default-etr instance-id 4097 ipv4`	Configures the LISP site to accept default egress tunnel router (ETR) registrations for a particular instance-id and a given service level (IPv4 or IPv6) within that instance-id. A default ETR handles the unknown EID prefixes, which are the EID prefixes that are not present in the control plane database. A border node that registers with the control plane node as a default ETR tracks the unknown EID prefixes in each of their VRF tables (a given service level within an instance ID).
Step 43	exit Example: `Device(config-router-lisp-site)# exit`	Exits the LISP Site configuration mode, and enters LISP configuration mode.
Step 44	ipv4 locator reachability minimum-mask-length `length` Example: `Device(config-router-lisp)# ipv4 locator reachability minimum-mask-length 32`	Specifies the shortest mask prefix to accept when looking up a remote RLOC in the RIB. LISP checks the host reachability from the routing locator.
Step 45	ipv4 source-locator Loopback `loopback-interface-number` Example: `Device(config-router-lisp)# ipv4 source-locator Loopback 0`	Specifies the interface whose IPv4 address should be used as the source locator address for outbound LISP encapsulated packets.
Step 46	exit-router-lisp Example: `Device(config-router-lisp)# exit-router-lisp`	Exits LISP configuration mode, and enters global configuration mode.
Step 47	end Example: `Device(config)# end`	Returns to privileged EXEC mode.

Configure Layer 3 VNI and Segment for Default Instance

To configure Layer 3 VNI on fabric in a box device, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	instance-id `id` Example: `Device(config)# instance-id 4097`	Specifies the instance ID.
Step 4	remote-rloc-probe on-route-change Example: `Device(config-inst)# remote-rloc-probe on-route-change`	Configures parameters for probing of remote local routing locators (RLOCs).
Step 5	dynamic-eid `eid-name` Example: `Device(config-inst)# dynamic-eid AVlan91-IPV4`	Creates a dynamic End Point Identifier (EID) policy, and enters the dynamic-eid configuration mode on an xTR.
Step 6	database-mapping `eid-prefix/prefix-length` locator-set `RLOC_name` Example: `Device(config-inst-dynamic-eid)# database-mapping 10.91.1.0/24 locator-set rloc_set`	Configures an IPv4 endpoint identifier-to-routing locator (EID-to-RLOC) mapping relationship and an associated traffic policy for LISP.
Step 7	exit-dynamic-eid Example: `Device(config-inst-dynamic-eid)# exit-dynamic-eid`	Exits dynamic-eid configuration mode, and enters instance configuration mode.
Step 8	dynamic-eid `eid-name` Example: `Device(config-inst)# dynamic-eid CAMPUS-DATA-FZ3-IPV4`	Creates a dynamic End Point Identifier (EID) policy, and enters the dynamic-eid configuration mode on an xTR.
Step 9	service {ipv4 \| ipv6} Example: `Device(config-inst)# service ipv4`	Enables Layer 3 network services for the IPv4 or IPv6 address family.
Step 10	eid-table default Example: `Device(config-inst-serv-ipv4)# eid-table default`	Configures the default (global) routing table for association with the configured instance-service.
Step 11	map-cache `address` map-request Example: `Device(config-inst-serv-ipv4)# map-cache 10.91.1.0/24 map-request`	Sends map-request for LISP destination EID.
Step 12	Do one of the following: exit-service-ipv4 exit-service-ipv6 Example: `Device(config-inst-serv-ipv4)# exit-service-ipv4`	Exits service configuration mode, and enters instance configuration mode.
Step 13	exit-instance-id Example: `Device(config-inst)# exit-instance-id`	Exits instance configuration mode, and enters global configuration mode.
Step 14	end Example: `Device(config)# end`	Returns to privileged EXEC mode.

Configure Layer 3 VNI for User-Defined VRF

To configure a Layer 3 VNI for user-defined VRF, perform this task.

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	router lisp Example: `Device(config)# router lisp`	Enters LISP configuration mode.
Step 4	instance-id `id` Example: `Device(config-router-lisp)# instance-id 4099`	Specifies the instance ID.
Step 5	remote-rloc-probe on-route-change Example: `Device(config-router-lisp-inst)# remote-rloc-probe on-route-change`	Configures parameters for probing of remote local routing locators (RLOCs).
Step 6	dynamic-eid `eid-name` Example: `Device(config-router-lisp-inst)# dynamic-eid AVlan50-IPV4`	Creates a dynamic End Point Identifier (EID) policy, and enters the dynamic-eid configuration mode on an xTR.
Step 7	database-mapping `eid-prefix/prefix-length` locator-set `RLOC_name` Example: `Device(config-router-lisp-inst-dynamic-eid)# database-mapping 10.50.1.0/24 locator-set rloc_set`	Configures an IPv4 endpoint identifier-to-routing locator (EID-to-RLOC) mapping relationship and an associated traffic policy for LISP.
Step 8	exit-dynamic-eid Example: `Device(config-router-lisp-inst-dynamic-eid)# exit-dynamic-eid`	Exits dynamic-eid configuration mode, and enters LISP instance configuration mode.
Step 9	dynamic-eid `eid-name` Example: `Device(config-router-lisp-inst)# dynamic-eid AVlan50-IPV6`	Creates a dynamic End Point Identifier (EID) policy, and enters the dynamic-eid configuration mode on an xTR.
Step 10	database-mapping `eid-prefix/prefix-length` locator-set `RLOC_name` Example: `Device(config-router-lisp-inst-dynamic-eid)# database-mapping 2001:DB8:2050::/64 locator-set rloc_set`	Configures an IPv4 endpoint identifier-to-routing locator (EID-to-RLOC) mapping relationship and an associated traffic policy for LISP.
Step 11	exit-dynamic-eid Example: `Device(config-router-lisp-inst-dynamic-eid)# exit-dynamic-eid`	Exits dynamic-eid configuration mode, and enters LISP instance configuration mode.
Step 12	service ipv4 Example: `Device(config-router-lisp-inst)# service ipv4`	Enables Layer 3 network services for the IPv4 address family.
Step 13	eid-table vrf `vrf-name` Example: `Device(config-router-lisp-inst-serv-ipv4)# eid-table vrf VN3`	Configures the VRF table for association with the configured instance-service.
Step 14	database-mapping `eid-prefix/prefix-length` locator-set `RLOC_name` default-etr local Example: `Device(config-router-lisp-inst-serv-ipv4)# database-mapping 0.0.0.0/0 locator-set default_etr_locator default-etr local`	Configures an IPv4 endpoint identifier-to-routing locator (EID-to-RLOC) mapping relationship and an associated traffic policy for LISP.
Step 15	exit-service-ipv4 Example: `Device(config-router-lisp-inst-serv-ipv4)# exit-service-ipv4`	Exits service IPv4 configuration mode, and enters LISP instance configuration mode.
Step 16	service ipv6 Example: `Device(config-router-lisp-inst)# service ipv6`	Enables Layer 3 network services for the IPv6 address family.
Step 17	eid-table vrf `vrf-name` Example: `Device(config-router-lisp-inst-serv-ipv6)# eid-table vrf VN3`	Configures the VRF table for association with the configured instance-service.
Step 18	database-mapping `eid-prefix/prefix-length` locator-set `RLOC_name` default-etr local Example: `Device(config-router-lisp-inst-serv-ipv6)# database-mapping ::/0 locator-set default_etr_locator default-etr local`	Configures an IPv6 endpoint identifier-to-routing locator (EID-to-RLOC) mapping relationship and an associated traffic policy for LISP.
Step 19	exit-service-ipv6 Example: `Device(config-router-lisp-inst-serv-ipv6)# exit-service-ipv6`	Exits service IPv6 configuration mode, and enters LISP instance configuration mode.
Step 20	exit-instance-id Example: `Device(config-router-lisp-inst)# exit-instance-id`	Exits instance configuration mode, and enters LISP configuration mode.
Step 21	end Example: `Device(config-router-lisp)# end`	Returns to privileged EXEC mode.

Configure Layer 2 VNI for Default Instance

To configure a Layer 2 VNI for a default instance on fabric in a box device, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	router lisp Example: `Device(config)# router lisp`	Enters LISP configuration mode.
Step 4	instance-id `id` Example: `Device(config-router-lisp)# instance-id 8194`	Specifies the instance ID.
Step 5	remote-rloc-probe on-route-change Example: `Device(config-router-lisp-inst)# remote-rloc-probe on-route-change`	Specifies that the probing of remote routing locators (RLOCs) should be done when there is a route change for the remote RLOCs.
Step 6	service ethernet Example: `Device(config-router-lisp-inst)# service ethernet`	Enables Layer 2 network services.
Step 7	eid-table vlan `vlan-id` Example: `Device(config-router-lisp-inst-serv-ethernet)# eid-table vlan 91`	Configures the specified VLAN table for association with the configured instance.
Step 8	database-mapping `eid-prefix/prefix-length` locator-set `RLOC_name` Example: `Device(config-inst-serv-ethernet-eid-table)# database-mapping mac locator-set rloc_set`	Configures an IPv4 endpoint identifier-to-routing locator (EID-to-RLOC) mapping relationship and an associated traffic policy for LISP.
Step 9	exit Example: `Device(config-inst-serv-ethernet-eid-table)# exit`	Exits EID table configuration mode.
Step 10	exit-service-ethernet Example: `Device(config-inst-serv-ethernet)# exit-service-ethernet`	Exits service Ethernet configuration mode, and enters instance configuration mode.
Step 11	exit-instance-id Example: `Device(config-inst)# exit-instance-id`	Exits instance configuration mode, and enters global configuration mode.
Step 12	exit-router-lisp Example: `Device(config-router-lisp)# exit-router-lisp`	Exits LISP configuration mode, and enters global configuration mode.
Step 13	end Example: `Device(config)# end`	Returns to privileged EXEC mode.

Configure Layer 2 VNI for User-Defined VRF

To configure Layer 2 VNI for user-defined VRF on a fabric in a box device, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	router lisp Example: `Device(config)# router lisp`	Enters LISP configuration mode.
Step 4	instance-id `id` Example: `Device(config-router-lisp)# instance-id 8197`	Specifies the instance ID of the user-defined instance.
Step 5	remote-rloc-probe on-route-change Example: `Device(config-router-lisp-inst)# remote-rloc-probe on-route-change`	Specifies that the probing of remote local routing locators (RLOCs) should be done when there are routing changes for remote RLOCs.
Step 6	service ethernet Example: `Device(config-router-lisp-inst)# service ethernet`	Enables Layer 2 network services.
Step 7	eid-table vlan `vlan-id` Example: `Device(config-router-lisp-inst-serv-ethernet)# eid-table vlan 50`	Configures the specified VLAN table for association with the configured instance.
Step 8	database-mapping `eid-prefix/prefix-length` locator-set `RLOC_name` Example: `Device(config-inst-serv-ethernet-eid-table)# database-mapping mac locator-set rloc_set`	Configures an IPv4 endpoint identifier-to-routing locator (EID-to-RLOC) mapping relationship and an associated traffic policy for LISP.
Step 9	exit Example: `Device(config-inst-serv-ethernet-eid-table)# exit`	Exits EID table configuration mode.
Step 10	exit-service-ethernet Example: `Device(config-router-lisp-inst-serv-ethernet)# exit-service-ethernet`	Exits service Ethernet configuration mode, and enters instance configuration mode.
Step 11	exit-instance-id Example: `Device(config-router-lisp-inst)# exit-instance-id`	Exits instance configuration mode, and enters global configuration mode.
Step 12	exit-router-lisp Example: `Device(config-router-lisp)# exit-router-lisp`	Exits LISP configuration mode, and enters global configuration mode.
Step 13	end Example: `Device(config)# end`	Returns to privileged EXEC mode.

Configure BGP

To configure BGP on a fabric in a box device, perform this task:

Procedure

Command or Action Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

router bgp autonomous-system-number

Example:

Device(config)# router bgp 700

Configures a BGP routing process, and enters router configuration mode for the specified routing process.

Use the autonomous-system-number argument to specify an integer, from 0 and 65534, that identifies the device to other BGP speakers.

Step 4

bgp router-id ip-address

Example:

Device(config-router)# bgp router-id interface Loopback0

(Optional) Configures a fixed 32-bit router ID as the identifier of the local device running BGP.

Use the ip-address argument to specify a unique router ID within the network.

Note

Configuring a router ID using the bgp router-id command resets all active BGP peering sessions.

Step 5

bgp log-neighbor-changes

Example:

Device(config-router)# bgp log-neighbor-changes

(Optional) Enables logging of BGP neighbor status changes (up or down) and neighbor resets.

Use this command for troubleshooting network connectivity problems and measuring network stability. Unexpected neighbor resets might indicate high error rates or high packet loss in the network and should be investigated.

Step 6

bgp graceful-restart

Example:

Device(config-router)# bgp graceful-restart

Enables the BGP graceful restart capability globally for all BGP neighbors.

Step 7

address-family {ipv4 | ipv6}

Example:

Device(config-router)# address-family ipv4

Specifies the address family, and enters address family configuration mode.

ipv4 : Specifies the address family as IPv4.
ipv6 : Specifies the address family as IPv6.

Step 8

bgp aggregate-timer seconds

Example:

Device(config-router-af)# bgp aggregate-timer 0

Sets the interval at which BGP routes will be aggregated or to disable timer-based route aggregation.

Step 9

network network-number mask network-mask

Example:

Device(config-router-af)# network 10.91.1.0 mask 255.255.255.0

Device(config-router-af)# network 172.16.1.68 mask 255.255.255.255

Specifies a network as local to this autonomous system and adds it to the BGP routing table.

Step 10

aggregate-address address mask summary-only

Example:

Device(config-router-af)# aggregate-address 10.91.1.0 255.255.255.0 summary-only

Creates an aggregate entry in a BGP database.

summary-only : Filters all more-specific routes from updates.

Step 11

exit-address-family

Example:

Device(config-router-af)# exit-address-family

Exits address family configuration mode, and enters router configuration mode.

Step 12

address-family { ipv4| ipv6} [ vrf vrf-name]

Example:


Device(config-router)# address-family ipv4 vrf VN3
Device(config-router)# address-family ipv6 vrf VN3

Enters address family configuration mode to configure routing sessions that use address family-specific command configurations.

Use the vrf option to specify the VRF instance with which the subsequent address family configuration commands are associated.

Step 13

bgp aggregate-timer seconds

Example:


Device(config-router-af)# bgp aggregate-timer 0

Configures the interval at which the BGP routes are aggregated.

A value of 0 (zero) disables timer-based aggregation and starts aggregation immediately.

Step 14

network network-number [mask network-mask ] [route-map route-map-name ]

Example:


Device(config-router-af)# network 10.20.1.0 mask 255.255.255.252
Device(config-router-af)# network 10.50.1.0 mask 255.255.255.0


Device(config-router-af)# network 2001:DB8:20::/126
Device(config-router-af)# network 2001:DB8:2050::/64

Specifies the network to be advertised by BGP and adds it to the BGP routing table.

For exterior protocols, the network command controls which networks are advertised. Interior protocols use the network command to determine where to send updates.

Step 15

aggregate-address address mask summary-only

Example:

Device(config-router-af)# aggregate-address 10.50.1.0 255.255.255.0 summary-only

Device(config-router-af)# aggregate-address 2001:DB8:2050::/64 summary-only

Creates an aggregate entry in a BGP database.

summary-only : Filters all more-specific routes from updates.

Step 16

exit-address-family

Example:

Device(config-router-af)# exit-address-family

Exits address family configuration mode, and enters router configuration mode.

Step 17

end

Example:

Device(config-router)# end

Returns to privileged EXEC mode.

Configure Route-Map

To configure a route-map for a fabric in a box device, perform this task:

Procedure

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password, if prompted.
Step 2	configure terminal Example: `Device# configure terminal`	Enters global configuration mode.
Step 3	route-map `map-name` [permit \| deny ] [`sequence-number`] Example: `Device(config)# route-map LISP_TO_BGP permit 10`	Configures a route map for the BGP and enters route map configuration mode. Route map entries are read in order. You can identify the order using the sequence_number argument.
Step 4	description `description` Example: `Device(config-route-map)# description prefixes_learnt`	Adds a description for the route map.
Step 5	set as-path tag Example: `Device(config-route-map)# set as-path tag`	Modifies an autonomous system path for BGP routes.
Step 6	end Example: `Device(config-route-map)# end`	Returns to privileged EXEC mode.

Configuration Example for a Fabric in a Box Device

This example shows a sample configuration for a fabric in a box construct in the LISP VXLAN fabric depicted in the topology.

The topology has a fabric in a box containing an edge node, control plane node, and border node on the same device. The fabric in a box device connects to an upstream router.

Fabric in a Box

vrf definition VN3
 rd 1:4099
 !
 address-family ipv4
  route-target export 1:4099
  route-target import 1:4099
 exit-address-family
 !
 address-family ipv6
  route-target export 1:4099
  route-target import 1:4099
 exit-address-family

vlan 222
 name 222
!
interface Vlan222
 description vrf-external
 vrf forwarding VN3
 ip address 10.20.1.1 255.255.255.252
 no ip redirects
 ipv6 address 2001:DB8:20::1/126
 ipv6 enable
   
!
interface TenGigabitEthernet1/0/4
 switchport mode trunk

device-tracking tracking
!
device-tracking policy IPDT_POLICY
 no protocol udp
 tracking enable
!

interface TenGigabitEthernet1/0/5
 device-tracking attach-policy IPDT_POLICY
!
 ipv6 nd raguard
 ipv6 dhcp guard
!
vlan 50
 name AVlan50
!
vlan 91
 name AVlan91
!
interface Vlan50
 description server1
 mac-address 0000.0c9f.f18e
 vrf forwarding VN3
 ip address 10.50.1.1 255.255.255.0
 ip helper-address 172.16.2.2
 no ip redirects
 ipv6 address 2001:DB8:2050::1/64
 ipv6 enable
 ipv6 nd dad attempts 0
 ipv6 nd prefix 2001:DB8:2050::/64 2592000 604800 no-autoconfig
 ipv6 nd managed-config-flag
 ipv6 nd other-config-flag
 ipv6 nd router-preference High
 ipv6 dhcp relay destination 2001:DB8:2::2
 ipv6 dhcp relay source-interface Vlan50
 ipv6 dhcp relay trust
 no lisp mobility liveness test
 lisp mobility AVlan50-IPV4
 lisp mobility AVlan50-IPV6
 no autostate
!
interface Vlan91
 description default-interface
 mac-address 0000.0c9f.f984
 ip address 10.91.1.1 255.255.255.0
 ip helper-address 172.16.2.2
 no ip redirects
 no lisp mobility liveness test
 lisp mobility AVlan91-IPV4
 no autostate
!
ip dhcp relay information option
ip dhcp snooping vlan 50,91
ip dhcp snooping

router lisp
 locator-table default
 locator-set default_etr_locator
  IPv4-interface Loopback0 priority 10 weight 10
  exit-locator-set
 !
 locator-set rloc_set
  IPv4-interface Loopback0 priority 10 weight 10
  auto-discover-rlocs
  exit-locator-set
 !
 locator default-set rloc_set
 service ipv4
  encapsulation vxlan
  map-cache publications
  import publication publisher 172.16.1.68
  itr map-resolver 172.16.1.68
  etr map-server 172.16.1.68 key 7 auth-key
  etr map-server 172.16.1.68 proxy-reply
  etr
  sgt
  route-export publications
  distance publications 250
  proxy-etr
  proxy-itr 172.16.1.68
  map-server
  map-resolver
  exit-service-ipv4
 !
 service ipv6
  encapsulation vxlan
  map-cache publications
  import publication publisher 172.16.1.68
  itr map-resolver 172.16.1.68
  etr map-server 172.16.1.68 key 7 auth-key
  etr map-server 172.16.1.68 proxy-reply
  etr
  sgt
  route-export publications
  distance publications 250
  proxy-etr
  proxy-itr 172.16.1.68
  map-server
  map-resolver
  exit-service-ipv6
 !
 service ethernet
  itr map-resolver 172.16.1.68
  itr
  etr map-server 172.16.1.68 key 7 auth-key
  etr map-server 172.16.1.68 proxy-reply
  etr
  map-server
  map-resolver
  exit-service-ethernet
 !
 
 instance-id 4097
  remote-rloc-probe on-route-change
  dynamic-eid AVlan91-IPV4
   database-mapping 10.91.1.0/24 locator-set rloc_set
   exit-dynamic-eid
  !
  service ipv4
   eid-table default
   map-cache 10.91.1.0/24 map-request
   exit-service-ipv4
  !
  exit-instance-id
 !
 

 instance-id 4099
  remote-rloc-probe on-route-change
  dynamic-eid AVlan50-IPV4
   database-mapping 10.50.1.0/24 locator-set rloc_set
   exit-dynamic-eid
  !
  dynamic-eid AVlan50-IPV6
   database-mapping 2001:DB8:2050::/64 locator-set rloc_set
   exit-dynamic-eid
  !
  service ipv4
   eid-table vrf VN3
   database-mapping 0.0.0.0/0 locator-set default_etr_local default-etr local
   exit-service-ipv4
  !
  service ipv6
   eid-table vrf VN3
   database-mapping ::/0 locator-set default_etr_local default-etr local
   exit-service-ipv6
  !
  exit-instance-id
 !
 !
 

 instance-id 8194
  remote-rloc-probe on-route-change
  service ethernet
   eid-table vlan 91
   database-mapping mac locator-set rloc_set
   exit-service-ethernet
  !
  exit-instance-id
 !
 !
 instance-id 8197
  remote-rloc-probe on-route-change
  service ethernet
   eid-table vlan 50
   database-mapping mac locator-set rloc_set
   exit-service-ethernet
  !
  exit-instance-id
 !
 !
 site site_uci
  description map-server1
  authentication-key 7 auth-key
  eid-record instance-id 4097 0.0.0.0/0 accept-more-specifics
  eid-record instance-id 4097 10.91.1.0/24 accept-more-specifics
  eid-record instance-id 4099 0.0.0.0/0 accept-more-specifics
  eid-record instance-id 4099 10.50.1.0/24 accept-more-specifics
  eid-record instance-id 4099 ::/0 accept-more-specifics
  eid-record instance-id 4099 2001:DB8:2050::/64 accept-more-specifics
  eid-record instance-id 8194 any-mac
  eid-record instance-id 8197 any-mac
  allow-locator-default-etr instance-id 4097 ipv4
  allow-locator-default-etr instance-id 4099 ipv4
  allow-locator-default-etr instance-id 4099 ipv6
  exit-site
 !
 ipv4 locator reachability minimum-mask-length 32
 ipv4 source-locator Loopback0
 exit-router-lisp
!
router bgp 700
 bgp router-id interface Loopback0
 bgp log-neighbor-changes
 bgp graceful-restart
 !
 address-family ipv4
  bgp redistribute-internal
  bgp aggregate-timer 0
  network 10.91.1.0 mask 255.255.255.0
  network 172.16.1.68 mask 255.255.255.255
  aggregate-address 10.91.1.0 255.255.255.0 summary-only
  redistribute lisp metric 10 route-map LISP_TO_BGP
 exit-address-family
 !
 !
 address-family ipv4 vrf VN3
  bgp aggregate-timer 0
  network 10.20.1.0 mask 255.255.255.252
  network 10.50.1.0 mask 255.255.255.0
  aggregate-address 10.50.1.0 255.255.255.0 summary-only
  redistribute lisp metric 10 route-map LISP_TO_BGP
 exit-address-family
 !
 address-family ipv6 vrf VN3
  redistribute lisp metric 10 route-map LISP_TO_BGP
  bgp aggregate-timer 0
  network 2001:DB8:20::/126
  network 2001:DB8:2050::/64
  aggregate-address 2001:DB8:2050::/64 summary-only
 exit-address-family
!
!
route-map LISP_TO_BGP permit 10
 description prefixes_learnt
 set as-path tag
!

Verify Fabric in a Box

This section provides sample outputs for the show commands on the fabric edge nodes in the topology shown above. In the topology, 172.16.1.68 is the loopback0 of the fabric in a box device. VLAN 50 has a subnet of 10.50.1.0/24 and VLAN 91 has a subnet of 10.91.1.0/24.

FabricInABox# show ip interface brief | i LISP
L2LISP0                172.16.1.68        YES unset  up                    up      
L2LISP0.8194           172.16.1.68        YES unset  up                    up      
L2LISP0.8197           172.16.1.68        YES unset  up                    up      
LISP0                  unassigned         YES unset  up                    up      
LISP0.4097             172.16.1.68        YES unset  up                    up      
LISP0.4099             10.50.1.1          YES unset  up                    up      
FabricInABox#

FabricInABox# show lisp session 

Sessions for VRF default, total: 3, established: 2
Peer                           State      Up/Down        In/Out    Users
172.16.1.68:4342                  Up         03:37:52       38/23     11
172.16.1.68:24737

FabricInABox# show lisp session 172.16.1.68 port 4342

Peer address:     172.16.1.68:4342
Local address:    172.16.1.68:24737
Session Type:     Active
Session State:    Up (03:40:02)
Messages in/out:  38/23
Bytes in/out:     1830/1676
Fatal errors:     0
Rcvd unsupported: 0
Rcvd invalid VRF: 0
Rcvd override:    0
Rcvd malformed:   0
Sent deferred:    0
SSO redundancy:   N/A
Auth Type:        None 

Accepting Users:  0
Users:            11
  Type                      ID                                      In/Out    State
  Pubsub subscriber         lisp 0 IID 4097 AFI IPv4                 3/2      Established
  ETR Reliable Registration lisp 0 IID 16777214 AFI IPv4             2/2      TCP
  ETR Reliable Registration lisp 0 IID 4099 AFI IPv4                 3/3      TCP
  Pubsub subscriber         lisp 0 IID 4099 AFI IPv4                 6/2      Established
  ETR Reliable Registration lisp 0 IID 4099 AFI IPv6                 3/3      TCP
  Pubsub subscriber         lisp 0 IID 4099 AFI IPv6                 6/2      Established
  ETR Reliable Registration lisp 0 IID 8194 AFI MAC                  2/4      TCP
  Pubsub subscriber         lisp 0 IID 8194 AFI MAC                  2/0      Off
  ETR Reliable Registration lisp 0 IID 8197 AFI MAC                  2/4      TCP
  Pubsub subscriber         lisp 0 IID 8197 AFI MAC                  2/0      Off
  Capability Exchange       N/A                                      1/1      waiting
FabricInABox#

FabricInABox#show lisp session 172.16.1.68 port 24737

Peer address:     172.16.1.68:24737
Local address:    172.16.1.68:4342
Session Type:     Passive
Session State:    Up (03:44:54)
Messages in/out:  23/38
Bytes in/out:     1676/1830
Fatal errors:     0
Rcvd unsupported: 0
Rcvd invalid VRF: 0
Rcvd override:    0
Rcvd malformed:   0
Sent deferred:    1
SSO redundancy:   synchronized
Auth Type:        None 

Accepting Users:  1
Users:            9
  Type                      ID                                      In/Out    State
  Capability Exchange       N/A                                      1/1      waiting
  Pubsub publisher          lisp 0 IID 4097 AFI IPv4                 2/2      working
  Pubsub publisher          lisp 0 IID 4099 AFI IPv4                 2/5      working
  Pubsub publisher          lisp 0 IID 4099 AFI IPv6                 2/5      working
  MS Reliable Registration  lisp 0 IID 16777214 AFI IPv4             2/2      waiting
    WLC subscription received
  MS Reliable Registration  lisp 0 IID 4099 AFI IPv4                 2/3      waiting
    WLC subscription received
  MS Reliable Registration  lisp 0 IID 4099 AFI IPv6                 2/3      waiting
    WLC subscription received
  MS Reliable Registration  lisp 0 IID 8194 AFI MAC                  2/2      waiting
    WLC subscription received
  MS Reliable Registration  lisp 0 IID 8197 AFI MAC                  2/2      waiting
    WLC subscription received
FabricInABox#

FabricInABox# show lisp site   
LISP Site Registration Information
* = Some locators are down or unreachable
# = Some registrations are sourced by reliable transport

Site Name      Last      Up     Who Last             Inst     EID Prefix
               Register         Registered           ID       
site_uci       never     no     --                   4097     0.0.0.0/0
               never     no     --                   4097     10.91.1.0/24
               never     no     --                   4099     0.0.0.0/0
               never     no     --                   4099     10.50.1.0/24
               never     no     --                   4099     ::/0
               never     no     --                   4099     2001:DB8:2050::/64
FabricInABox#

FabricInABox# show lisp site name site_uci 
Site name: site_uci
Description: <description>
Allowed configured locators: any
Allowed EID-prefixes:

  EID-prefix: 0.0.0.0/0 instance-id 4097 
    First registered:     never
    Last registered:      never
    Routing table tag:    0
    Origin:               Configuration, accepting more specifics
    Merge active:         No
    Proxy reply:          No
    Skip Publication:     No
    Force Withdraw:       No
    TTL:                  00:00:00
    State:                unknown
    Extranet IID:         Unspecified
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    No registrations.

  EID-prefix: 10.91.1.0/24 instance-id 4097 
    First registered:     never
    Last registered:      never
    Routing table tag:    0
    Origin:               Configuration, accepting more specifics
    Merge active:         No
    Proxy reply:          No
    Skip Publication:     No
    Force Withdraw:       No
    TTL:                  00:00:00
    State:                unknown
    Extranet IID:         Unspecified
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    No registrations.

  EID-prefix: 0.0.0.0/0 instance-id 4099 
    First registered:     never
    Last registered:      never
    Routing table tag:    0
    Origin:               Configuration, accepting more specifics
    Merge active:         No
    Proxy reply:          No
    Skip Publication:     No
    Force Withdraw:       No
    TTL:                  00:00:00
    State:                unknown
    Extranet IID:         Unspecified
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    No registrations.

  EID-prefix: 10.50.1.0/24 instance-id 4099 
    First registered:     never
    Last registered:      never
    Routing table tag:    0
    Origin:               Configuration, accepting more specifics
    Merge active:         No
    Proxy reply:          No
    Skip Publication:     No
    Force Withdraw:       No
    TTL:                  00:00:00
    State:                unknown
    Extranet IID:         Unspecified
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    No registrations.
          
  EID-prefix: ::/0 instance-id 4099 
    First registered:     never
    Last registered:      never
    Routing table tag:    0
    Origin:               Configuration, accepting more specifics
    Merge active:         No
    Proxy reply:          No
    Skip Publication:     No
    Force Withdraw:       No
    TTL:                  00:00:00
    State:                unknown
    Extranet IID:         Unspecified
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    No registrations.

  EID-prefix: 2001:DB8:2050::/64 instance-id 4099 
    First registered:     never
    Last registered:      never
    Routing table tag:    0
    Origin:               Configuration, accepting more specifics
    Merge active:         No
    Proxy reply:          No
    Skip Publication:     No
    Force Withdraw:       No
    TTL:                  00:00:00
    State:                unknown
    Extranet IID:         Unspecified
    Registration errors:  
      Authentication failures:   0
      Allowed locators mismatch: 0
    No registrations.
FabricInABox#


FabricInABox# show lisp instance-id 4099 ipv4 database 
LISP ETR IPv4 Mapping Database for LISP 0 EID-table vrf VN3 (IID 4099), LSBs: 0x1
Entries total 2, no-route 1, inactive 0, do-not-register 1

0.0.0.0/0, locator-set DEFAULT_ETR_LOCATOR *** NO ROUTE TO EID PREFIX ***, default-ETR
  Uptime: 03:48:45, Last-change: 03:48:45
  Domain-ID: local
  Metric: -
  Service-Insertion: N/A
  Locator   Pri/Wgt  Source     State
  172.16.1.68   10/10   cfg-intf   site-self, reachable
10.50.1.1/32, dynamic-eid AVlan50-IPV4, do not register, inherited from default locator-set rloc_set1, auto-discover-rlocs
  Uptime: 03:33:23, Last-change: 03:33:23
  Domain-ID: local
  Service-Insertion: N/A
  Locator   Pri/Wgt  Source     State
  172.16.1.68   10/10   cfg-intf   site-self, reachable
FabricInABox#

FabricInABox# show lisp instance-id 4099 ipv4 map-cache 
LISP IPv4 Mapping Cache for LISP 0 EID-table vrf VN3 (IID 4099), 4 entries

0.0.0.0/0, uptime: 00:00:00, expires: 00:00:59, via away, send-map-request
  Negative cache entry, action: send-map-request
10.0.0.0/11, uptime: 03:47:45, expires: 00:09:16, via map-reply, forward-native
  Negative cache entry, action: forward-native
10.50.1.0/24, uptime: 03:49:03, expires: never, via dynamic-EID, send-map-request
  Negative cache entry, action: send-map-request
128.0.0.0/1, uptime: 03:48:45, expires: 00:09:03, via map-reply, forward-native
  Negative cache entry, action: forward-native
FabricInABox#

FabricInABox# show lisp instance-id 8194 ethernet database 
LISP ETR MAC Mapping Database for LISP 0 EID-table Vlan 91 (IID 8194), LSBs: 0x1
Entries total 2, no-route 0, inactive 0, do-not-register 2

0000.0c9f.f984/48, dynamic-eid Auto-L2-group-8194, do not register, inherited from default locator-set rloc_set1, auto-discover-rlocs
  Uptime: 03:39:05, Last-change: 03:39:05
  Domain-ID: local
  Service-Insertion: N/A
  Locator   Pri/Wgt  Source     State
  172.16.1.68   10/10   cfg-intf   site-self, reachable
ec1d.8b0a.b6d9/48, dynamic-eid Auto-L2-group-8194, do not register, inherited from default locator-set rloc_set1, auto-discover-rlocs
  Uptime: 03:39:07, Last-change: 03:39:07
  Domain-ID: local
  Service-Insertion: N/A
  Locator   Pri/Wgt  Source     State
  172.16.1.68   10/10   cfg-intf   site-self, reachable
FabricInABox#

FabricInABox# show lisp instance-id 8197 ethernet database
LISP ETR MAC Mapping Database for LISP 0 EID-table Vlan 50 (IID 8197), LSBs: 0x1
Entries total 2, no-route 0, inactive 0, do-not-register 2

0000.0c9f.f18e/48, dynamic-eid Auto-L2-group-8197, do not register, inherited from default locator-set rloc_set1, auto-discover-rlocs
  Uptime: 03:39:48, Last-change: 03:39:48
  Domain-ID: local
  Service-Insertion: N/A
  Locator   Pri/Wgt  Source     State
  172.16.1.68   10/10   cfg-intf   site-self, reachable
ec1d.8b0a.b6e8/48, dynamic-eid Auto-L2-group-8197, do not register, inherited from default locator-set rloc_set1, auto-discover-rlocs
  Uptime: 03:39:50, Last-change: 03:39:50
  Domain-ID: local
  Service-Insertion: N/A
  Locator   Pri/Wgt  Source     State
  172.16.1.68   10/10   cfg-intf   site-self, reachable
FabricInABox#

FabricInABox# show lisp vrf VN3 route 
 Route prefix                             In RIB Sources
 10.50.1.1/32                             No     Dynamic EID
 2001:DB8:2050::1/128                     No     Dynamic EID
FabricInABox#

LISP VXLAN Fabric Configuration Guide, Cisco IOS XE Cupertino 17.9.x (Catalyst 9000 Series Switches)

Bias-Free Language

Results

Chapter: Configuring Fabric In a Box for Wired Devices

Configuring Fabric In a Box for Wired Devices

How to Configure Fabric in a Box

Configure VRFs

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Configure Layer 3 Handoff

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Configure Device Tracking

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Configure VLAN

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Configure SVI Interface

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Configure DHCP Relay and Snooping

Procedure

Example: