Hi guys, I’m back for my annual post.:/

I’ve been working with a good amount of Nexus gear lately. Today we’ll configure Configuration Synchronization offered on the Nexus 5K platform. This feature allows one to create a switch profile on a vPC member and push the profile’s configuration to the peer. This is crucial as vPC configurations need to match exactly on both peers. If configurations don’t match, the channel could be suspended. Here’s our topology:


We’re using an Enhanced vPC (EvPC) here (supported in 5.1(3)N1(1) and up) topology – the FEXes are dual-homed and connected to the 5Ks via vPC and we’re also running a vPC to the host. Config Sync is almost a necessity here. We’re using for the IPs Peer Keepalive links (stole this practice from Chris Marget). It’s important to note that CFS (Cisco Fabric Services – this is the magic that makes config sync work) communicates over the Managment 0/peer-keepalive interface.


This is the base config which is entered on both peers:

N5k-1(config)# cfs ipv4 distribute
N5k-1(config)# conf sync
N5k-1(config-sync)# switch-profile 5k-Profile
Switch-Profile started, Profile ID is 1
N5k-1(config-sync-sp)# sync-peers destination
N5k-2(config)# cfs ipv4 distribute
N5k-2(config)# conf sync
N5k-2(config-sync)# switch-profile 5k-Profile
Switch-Profile started, Profile ID is 1
N5k-2(config-sync-sp)# sync-peers destination

We’ve enabled CFS and created the 5k-Profile on both peers. We also had to tell the switches to sync with each other. Again, this will be done over the management/keepalive interface.


The following should be entered on the peer you’re using as the configuration point. I’ve chosen 5k-1 here:

N5k-1(config-sync-sp)# int e101/1/1, e102/1/1
N5k-1(config-sync-sp-if-range)# channel-group 50 mode active
N5k-1(config-sync-sp-if-range)# interface po50
N5k-1(config-sync-sp-if)# description Server-1
N5k-1(config-sync-sp-if)# switchport mode access
N5k-1(config-sync-sp-if)# switchport access vlan 100
N5k-1(config-sync-sp-if)# vpc 50
N5k-1(config-sync-sp-if)# verify
Verification successful...
N5k-1(config-sync-sp-if)# commit
Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Commit Successful

Here we’ve picked a range of ports and joined them to a port-channel. Then we enter the port-channel and configure our settings – notice that we’ve made this “vpc 50″. Before committing we run the “verify” command. This command should run through the config and ensure that it can be applied to both peers. Finally we commit the changes. The switch pauses for a bit and then tells us we’ve succeeded. A couple notes on this. I’ve seen the switch return a successful verification but still fail on the commit. This is typically due to pre-existing commands that will cause the range or port-channel config to fail. The other note is if you do fail your commit, you can run a “show switch-profile status” on the peer to determine why it’s failing.


Now we will do some verification:

N5k-2# sh run int e101/1/1
interface Ethernet101/1/1
  switchport access vlan 100
  channel-group 50 mode active
N5k-2# sh run int e102/1/1
interface Ethernet102/1/1
  switchport access vlan 100
  channel-group 50 mode active
N5k-2# sh run int po50
interface port-channel50
  description Server-1
  switchport access vlan 100
  vpc 50

Everything looks good on the 5k-2 ports. We can see the configuration came through as expected. Keep in mind that if a port is configured using a profile you will not be able to configure it manually; all additions/changes need to be made through the profile.


That’s the basics for config sync. You can do quite a bit with this and it is definitely helpful in vPC environments. I made this post mostly because I was unable to find this information posted in a way I liked. Hopefully this is helpful to some.

Disclaimer: This is a new feature to me. It’s working well in the lab, but please let me know if I have anything wrong or there is a better way to accomplish something.


Colby Glass has been in IT since 2002. He is currently a network engineer with a Cisco Gold partner and holds the CCNP R/S, CCNP DC, CCDP, CCIP, JNCIA-ER and ITILv3: Foundations certifications.

More Posts