Multihoming in a BGP EVPN VXLAN Fabric Configuration Guide, Cisco IOS XE 26.x.x and Later

Verify the EVPN multihoming in fabric network configuration

Updated: April 10, 2026

Want to summarize with AI?

Overview

Displays the output of EVPN show commands that verifies the configuration.

This section provides examples to verify the hierarchical BGP peering state in both iBGP and eBGP-based EVPN multihoming in fabric networks.

To focus on critical information for day two operations and troubleshooting, command outputs may be truncated.

iBGP sessions: Verifies the two-tier hierarchical iBGP sessions between Cisco Catalyst 9000 series switches in EVPN multihoming mode and iBGP peering between a pair of spine switches in operational state.

The command output displays iBGP peering between a pair of spine switches, 10.100.255.3 and 10.100.255.4, and direct iBGP peering between ES-1 local 10.100.255.101 and ES-2 10.100.255.102 in EVPN multihoming mode and confirms these iBPG sessions are operational.


ES-1# show bgp l2vpn evpn all summary 

BGP router identifier 10.100.255.101, local AS number 65101 
<snip> 
 
Neighbor         V    AS     MsgRcvd MsgSent   TblVer  InQ  OutQ   Up/Down   State/PfxRcd 
10.100.255.3     4    65101      18    20        104    0     0    00:04:35      2 
10.100.255.4     4    65101      23    25        106    0     0    00:05:19      2 
10.100.255.102   4    65101      51    65        104    0     0    00:04:26      28

Inter-ES Layer 3 EtherChannel: Verifies the operational state of the inter-ES Layer 3 EtherChannels and each of the configured interfaces in bundled state.


ES1# show etherchannel 128 summary  
<snip>  
  
Group    Port-channel     Protocol   Ports  
------+---------------------+---------------+--------------------  
128        Po128(RU)      LACP       Twe1/0/45(P)    Twe1/0/46(P)

EVPN multihoming core tracking: Verifies the operational state of core tracking Layer 3 interfaces to ensure that all tracked IP reachability paths are operational to maintain iBGP peering with the remote ES system.

This example shows a direct inter-ES EtherChannel and two Layer 3 core network uplink connections configured with core tracking, and all interfaces in a fully operational state.


ES1# show l2vpn evpn multihoming core-tracking   
  
Core Interface           Status           Protocol  
-------------------------------------------------------  
Port-channel128            up               up  
TwentyFiveGigE1/0/47       up               up  
TwentyFiveGigE1/0/48       up               up

Ethernet Segment EtherChannel: Verifies whether the Layer 2 EtherChannel interface is operational with the local ES ports bundled in an EtherChannel group with the LACP protocol.

The output of show etherchannel 1 summary and show l2vpn evpn ethernet-segment commands display two Layer 2 ES EtherChannel interfaces mapped to auto-generated Type-1 ES identifier and implemented automatically in all-active mode.

ES1# show etherchannel 1 summary 
 
<snip>   
Group   Port-channel    Protocol     Ports  
--------+-----------------+--------------+----------
1       Po1(SU)          LACP         Twe1/0/1(P) 
2       Po2(SU)          LACP         Twe1/0/2(P)   
 
ES-1# show l2vpn evpn ethernet-segment  

ESI                        Port   Redundancy Mode    DF Time  SH Label 
----------------------------------------------------------------------- 
0152.5400.0BC2.9700.0100   Po1    all-active         0.001       0        
0152.5400.1599.0300.0100   Po2    all-active         0.001       0

The output of the show l2vpn evpn ethernet-segment forwarder command displays a pair of ES switches, ES-1 local 10.100.255.101 and ES-2 10.100.255.102, are available to forward data traffic on distributed Layer 2 ES trunk interfaces to the same Layer 2 network devices.

ES-1# show l2vpn evpn ethernet-segment forwarder
 
EVPN Ethernet Segment ID: 0152.5400.0BC2.9700.0100 
  Forwarder List:         10.100.255.101 10.100.255.102  
 
EVPN Ethernet Segment ID: 0152.5400.1599.0300.0100 
  Forwarder List:         10.100.255.101 10.100.255.102

VLAN: The command output shows that a single VLAN ID can be mapped across multiple ES EtherChannel groups stretching the bridge-domain across multiple Layer 2 access switches.

ES-1# show vlan id 2001 
 
VLAN    Name        Status    Ports  
----------------------------------------------------------------- 
2001    VLAN2001    active    Po1, Po2, Po3,…<snip>…, Po40

Designated forwarder and non-DF roles: Verifies the DF and non-DF roles for each VLAN and EVPN instance (EVI) from both the Cisco Catalyst 9000 series switches paired as a single ES EtherChannel.

The command output displays EVI 2001 mapped to VLAN 2001, the ES-1 switch dynamically elected to block the sending of BUM messages from the local ES EtherChannel; and ES-2 switch is permitted to send BUM messages.

ES-1# show l2vpn evpn evi 2001 detail  
 
EVPN instance:          2001 (VLAN Based)  
<snip>  
    Pseudoports:  
      Port-channel1 service instance 2001 (DF state: PE-to-CE BUM blocked)  
        Routes: 0 MAC, 0 MAC/IP  
        ESI: 0150.06AB.D32E.0000.0100 
 
ES-2# show l2vpn evpn evi 2001 detail  
EVPN instance:          2001 (VLAN Based)  
<snip>  
    Pseudoports:  
      Port-channel1 service instance 2001 (DF state: forwarding)  
        Routes: 0 MAC, 0 MAC/IP  
        ESI: 0150.06AB.D32E.0000.0100

MAC table: Verifies the locally learned MAC address through the standard data plane from the downstream Layer 2 access network device.

ES-1# show mac address dynamic vlan 2001  

                       Mac Address Table  
----------------------------------------------------- 
Vlan     Mac Address        Type          Ports  
-----------------------------------------------------  
2001    648f.3e42.c142      DYNAMIC       Po2  
2001    5006.abd3.2ec2      DYNAMIC       Po3  
2001    5006.abd2.76c2      DYNAMIC       Po4

L2VPN: Verifies that each MAC and IP address entry includes the VLAN ID and the remote ES peer switch loopback IP address information learned through the local ES EtherChannel.

For example, on ES-1 switch, the endpoint IP address 10.1.1.1 is only reachable through the remote ES-2 switch. Hence, all data traffic to this host is sent over a Layer 2 VXLAN tunnel from ES-1 to ES-2. However, the remaining hosts are discovered over the local ES EtherChannel, and the MAC and IP addresses are synchronized with the remote ES-2 neighbor. The ES-1 switch prefers local ES EtherChannel interface and upon local path failure it instantly re-routes to the remote ES-2 through the Layer 2 VXLAN tunnel destination loopback address 10.200.255.102.

ES1# show l2vpn evpn mac ip evi 2001 

IP Address    EVI    VLAN     MAC Address      Next Hop(s)  
----------------------------------------------------------------  
10.1.1.1      2001   2001     5006.abd3.2e42   10.200.255.102  
10.1.1.2      2001   2001     648f.3e42.c142   Po2:2001  
                                               10.200.255.102  
10.1.1.3      2001   2001     5006.abd3.2ec2   Po3:2001  
                                               10.200.255.102  
10.1.1.4      2001   2001     5006.abd2.76c2   Po4:2001  
                                               10.200.255.102

ARP table: Like the standard data plane-based learned local MAC table, the IPv4 ARP or IPv6 ND table represents the ARP and ND entries learned from the local ES EtherChannel. Data plane forwarding to unlisted endpoints reachability is managed through a secondary L2VPN table as shown in the output of the show l2vpn evpn mac ip evi command.


ES1# show ip arp vlan 2001
  
Protocol      Address       Age (min)   Hardware Addr     Type   Interface  
Internet      10.1.1.254         -      0000.5e00.0101    ARPA   Vlan2001  
Internet      10.1.1.2          17      648f.3e42.c142    ARPA   Vlan2001  
Internet      10.1.1.3          13      5006.abd3.2ec2    ARPA   Vlan2001  
Internet      10.1.1.4           4      5006.abd2.e042    ARPA   Vlan2001

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.