VMware NSX VxLAN to VLAN L2 Bridging with DellEMC Networking S5048-ON ToR Switches – Part 2

Hello everyone, hope the Part 1 was useful. Lets move on to the Hardware VTEP Gateway configuration on the S5048-ON ToR switches and validation.

Setting up the NSX Replication Cluster for ToR VTEPs

We need to set up a Replication Cluster in NSX which will take care of the BUM (Broadcast, Unknown Unicat and Multicast) traffic generated by the Hardware VTEPs. This is because NSX requires that the BUM traffic is handled in a compatible way like the Hypervisor VTEPs. Any BUM traffic generated by the Hypervisor VTEPs will be handled by the transport zone or logical switch control plane replication mode.



Enabing BFD on the ToR switches and NSX




VxLAN Instance configuration on S5048-ToR

Enable the VxLAN feature on the ToR switches using “feature vxlan” command. Configure the instance as below:

  • Gateway IP refers to the VTEP IP Address which need to be reachable. Make sure that this IP is on a different network than the NSX Hypervisor VTEP IPs.
  • Specify a controller instance IP and the port number (6640) for the ToR VTEP to establish a connection with the NSX Controllers.


Advertising VxLAN Access Ports to the Controller

Specify the VLAN ports on the ToR switch to be presented to NSX Controller. NSX Controller will then manage the VLAN mapping of these ports on ToR and as well as the VxLAN to VLAN mapping. For this demonstration, I will present a single port on ToR1 (orphan port)


Generating Self-Signed Certificate on the ToR VTEPs

Communication between the NSX Controller and Hardware VTEPs are via a secure channel. This requires a self-signed certificate to establish the connection

Use this command to generate a self-signed certificate: crypto cert generate self-signed cert-file flash://vtep-cert.pem key-file flash://vtep-privkey.pem



Repeat the procedure on ToR2 as well.

Adding ToR VTEPs to NSX

Navigate to the UI location as shown in the image. Add both the ToR VTEPs using the certificate thumbprint that you generated in the above step.


Once the connection is established, the status should change to up.

Verifying the Connection with Controller Cluster


This shows that both ToR VTEPs established secure connections with all the 3 controller nodes.

Verifying the BFD status with the replication cluster


This shows the VxLAN Tunnels established with the replication cluster nodes and the BFD status.

Verifying the NSX Manager state information

These are some of the commands to be executed from inside the NSX Manager.





Verifying the Controller state information

These are some additional commands to be executed from a node in the controller cluster.






Managing Hardware Bindings on the Logical Switch

On the logical switch which was created as a shared bridged segment, add the ToR switchports that were earlier advertised to the NSX Controllers.



Now we have this logical switch L2 stretched over to VLAN 60 on ports Tf1/20 on the ToR switches. This means that any VMs on the virtual cluster on this logical VxLAN segment will have L2 connectivity to the physical storage lake connected over to ports Tf1/20 on the ToR switches.

Verifying the VxLAN VNID – VLAN mapping on the S5048-ON ToR switches


Hope the article was informative. Thanks for reading.

Part 1 -> https://vxplanet.com/2019/04/16/vmware-nsx-vxlan-to-vlan-l2-bridging-with-dellemc-networking-s5048-on-tor-switches-part-1/



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s