// Guide · Networking & infrastructure

VCF Network Config Generator

A switch config generator built for VCF. Plan your L3 gateways, ESXi-facing trunk interfaces, NSX TEP VLANs, BGP peering for edge uplinks, and dual-switch redundancy — then export production-ready CLI for Cisco NX-OS, Cisco IOS-XE, Arista EOS, or Juniper.

Layer 3 GatewaysESXi TrunksMTU 9000BGP UnderlayNSX TEP VLANsLACPDual Switch

Open the tool Jump to walkthrough

Quick start

Pick your switch vendor — Cisco NX-OS, Cisco IOS-XE, Arista EOS, or Juniper.
Set L3 gateway addresses — gateway and (optional) HSRP/VRRP VIP per VLAN. Common pattern: .1 physical, .2 VIP.
Configure ESXi-facing ports — trunk allowed VLANs, jumbo MTU, native VLAN, LACP if using port-channels.
Add BGP peering — for NSX edge uplinks, configure ASN, peer IPs, and route-map filters.
Copy or download the config — paste into your switch CLI or use as a Jinja-style template for automation.

On this page

When to use this tool
How it works
Step-by-step walkthrough
Examples
Common mistakes
Related tools
FAQ

When to use this tool

Use this tool when you need to:

Configure new ToR switches for a VCF deployment — bootstrap from blank to production-ready.
Generate consistent configs across multiple racks of identical switches.
Build BGP underlay for NSX edge BGP peering with the physical fabric.
Validate jumbo MTU is set everywhere it should be (system-wide and per-interface).
Hand off a config to the network team for review/audit.

Less suited for:

Modifying live production configs (the tool emits full configs, not deltas)
Spine-leaf fabric overlay (focused on ToR edge configs, not VXLAN/EVPN fabrics)

How it works

The tool walks through the layers a VCF deployment needs from the physical network:

VLANs — mgmt, vMotion, vSAN, host TEP, edge TEP, edge uplinks, VM traffic
L3 SVIs — gateway IPs for each VLAN that needs routing (mgmt, VM, sometimes vMotion)
HSRP/VRRP — VIPs for redundant gateways across switch pairs
Trunk interfaces — facing ESXi hosts, with allowed VLANs + native VLAN + jumbo MTU
LACP / port-channel — if hosts use multi-NIC LAG to switches
BGP — peering on the edge uplink VLANs for NSX north-south

Each section adapts to your vendor choice — Cisco NX-OS uses vlan + interface Vlan, Arista uses near-identical syntax, Juniper uses set vlans + set interfaces irb.

Step-by-step walkthrough

1. Choose vendor and platform

Pick the closest match to your switch:

Cisco NX-OS — Nexus 9000/7000/5000
Cisco IOS-XE — Catalyst 9000 series
Arista EOS — 7050/7060/7280 series
Juniper — QFX/EX series with set-style config

2. Define VLANs and SVIs

Add each VLAN you need (or import from your VLAN Allocation Planner output). For each, decide:

Does it need an L3 gateway? (Yes for mgmt/VM, no for vMotion/vSAN/TEP unless routed)
Is it redundant via HSRP/VRRP? (Yes for production with switch pairs)
What's the gateway IP and VIP IP?

3. Configure ESXi-facing trunk ports

Specify how ESXi hosts connect:

Allowed VLANs — typically all your VCF VLANs (mgmt, vMotion, vSAN, TEP, VM)
Native VLAN — usually 999 or some unused tag (NEVER 1)
MTU — 9216 (jumbo) for any port carrying TEP/vSAN/vMotion
Spanning tree — typically edge or portfast + bpduguard
LACP — if you're using multi-NIC LAG; set the port-channel ID per host

4. Add BGP for NSX edge peering

If you're using NSX edges with BGP north-south:

Local ASN — your fabric ASN (often a private ASN like 65001)
NSX edge ASN — typically a different private ASN (65002)
Peer IPs — the edge uplink IPs on each BGP session
Route maps — filter what you advertise (don't leak VCF mgmt to the internet) and what you receive (only accept legit VM CIDRs)

5. Generate and review

The full switch config appears in the output panel. Review it against your operational standards (logging, AAA, NTP — those are out of scope for this tool but you'll need to add them). Copy or download.

Examples

Example · Cisco NX-OS ToR pair for VCF management cluster

Two Nexus 9300 switches in vPC pair, dual-attached ESXi hosts via LACP, BGP to NSX edges.

The generated config includes: VLANs 100/110/120/130/140, SVIs with HSRP, jumbo MTU on uplinks and host-facing ports, vPC peer-link, port-channels per ESXi host, and BGP neighbor sessions to the two NSX edges.

Common mistakes

🚨

Native VLAN = 1 The tool defaults native VLAN to 999. Don't change it to 1 thinking that's safer — VLAN 1 is the worst choice for native because it's the default everywhere and creates security risk + L2 loops.

⚠

Jumbo MTU only on some interfaces Jumbo MTU must be set system-wide (system jumbomtu 9216 on Cisco) AND on every interface in the path: host-facing, uplinks to spine, and the SVI if routing jumbo. The tool's output handles host-facing and uplinks; verify spine MTU separately.

⚠

Forgetting to enable LACP system MAC priority In a vPC/MLAG pair, both switches need to share the same LACP system ID for hosts to see one logical partner. Cisco vPC handles this automatically once vPC is configured; Arista MLAG and Juniper MC-LAG have similar mechanisms. The tool emits the right snippets but verify the peer is configured to match.

⚠

BGP route-maps too permissive If you accept all routes NSX advertises, your fabric will receive every overlay segment. Use route-maps to accept only the CIDRs you expect (typically just the workload egress range). Same applies the other direction — don't advertise VCF mgmt to NSX.

Tools that pair well with VCF Network Config Generator:

FAQ

Does it generate configs for spine/super-spine switches?

No — focus is on ToR edge switches that ESXi hosts connect to. Spine config (BGP underlay, EVPN fabric) is highly site-specific and not included.

Can I use this with Aruba CX or Mellanox/NVIDIA switches?

Not currently. Arista EOS is closest to Mellanox Onyx if you're willing to translate; full Aruba CX support is on the roadmap.

How do I handle a single-switch (no redundancy) deployment?

Skip the HSRP/VRRP VIP fields — the gateway IP becomes the SVI directly. Skip vPC/MLAG. The tool emits valid single-switch configs.

Does it include AAA, logging, or NTP config?

No — those are operational standards specific to your environment. Add them to the generated config before deployment.

Can I use this for ESXi hosts that aren't VCF (vanilla vSphere)?

Mostly yes — the trunk port configs are the same. Skip BGP and TEP VLANs if you're not using NSX overlay.