MGTM0 Interface only in Admin VDC in Nexus 7010

   Hi guys,
      I created two new VDCs in a Nexus 7010 (NX-OS 6.2.6) and I can see the MGTM0 interface only in the Admin VDC
      I wanted to see the MGTM0 in all VDCs.
    Does someone get this problem too ?
    My Best Regards,
    Andre Gustavo Lomonaco

 Hi Reza,
      Thanks for your reply.
      If the user run the setup wizard, the interface mgtm0 will be created in VDC.
      If the user don't run the setup wizard, the interface mgtm0 will not be created and you will need
      to only use the interface mgtm 0 command to create the interface.
      Thanks a lot

Similar Messages

  • VDC 1 - is this for admin vdc only?

    Hi,
    I would like to ask expert's opinion about this: We are implementing OTV at our N7K at the distribution layer. Documentations says that OTV and SVI routing cannot happen at the same time, so we allocated 1 vdc just for the OTV functionality. My question however is this: can we use vdc 1 as the OTV vdc, instead of allocating a new vdc (vdc4 for example), so as not to waste any vdcs. We have heard from our colleagues that vdc1 should only be used as admin vdc and not do the routing/switching stuff, so we always left vdc1 not a part of the production network, but serves only as administration vdc. We just like to know how true is this?
    Many Thanks,
    Sonny

    Sonny-
    Best practices is to use one VDC for Admin. Functionally speaking you can use it for routing traffic, so if you have to do it you can.
    FYI - The new Supervisors now come with a "built-in" Admin VDC

  • ERSPAN from vDC on Nexus 7k

    Hey All,
    I'm trying to setup an ERSPAN on our Nexus 7010 and running into some trouble. I want to span the data from a VLAN in our DMZ vDC and have the source configuration setup correctly (i believe).
    monitor session 1 type erspan-source
      erspan-id 22
      vrf default
      destination ip 10.5.10.198
      source vlan 129 both
      no shut
    the problem is occuring when i try to setup the ERSPAN origin. Documentation states that "The global origin IP address can be configured only in the default VDC. The value that is configured in the default VDC is valid across all VDCs. Any change made in the default VDC is applied across all nondefault VDCs." And sure enough if you try to configure the origin in the non-default vDC you get the following:
    HZN-N7K-1-DMZ(config)# monitor erspan origin ip-address 10.12.1.231
    ERROR: Per VDC origin IP not supported. Please use global mode
    HZN-N7K-1-DMZ(config)# monitor erspan origin ip-address 10.12.1.231 global
    ERROR: This config allowed ONLY in default VDC
    So i drop to the ADMIN vDC and can then setup my erspan origin:
    HZN-N7K-1-DMZ(config)# end
    HZN-N7K-1-DMZ# exit
    HZN-N7K-1# conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    HZN-N7K-1(config)# monitor erspan origin ip-address 10.5.11.41
    ERROR: Per VDC origin IP not supported. Please use global mode
    HZN-N7K-1(config)# monitor erspan origin ip-address 10.5.11.41 global
    HZN-N7K-1(config)#
    So that config takes and i guess everything looks correct. the ADMIN vDC shows no sessions running, as i would expect:
    HZN-N7K-1# sh monitor
    Note: No sessions configured
    HZN-N7K-1#
    The DMZ vDC shows that is has an active session:
    HZN-N7K-1-DMZ# sh monitor
    Session  State        Reason                  Description
    1        up           The session is up                                      
    HZN-N7K-1-DMZ# sh monitor session 1
       session 1
    type              : erspan-source
    state             : up
    erspan-id         : 22
    vrf-name          : default
    acl-name          : acl-name not specified
    ip-ttl            : 255
    ip-dscp           : 0
    destination-ip    : 10.5.10.198
    origin-ip         : 10.5.11.41 (global)
    source intf       :
        rx            :
        tx            :
        both          :
    source VLANs      :
        rx            : 129
        tx            : 129
        both          : 129
    filter VLANs      : filter not specified
    Feature       Enabled   Value   Modules Supported       Modules Not-Supported
    Rate-limiter  No
    MTU-Trunc     No
    Sampling      No
    MCBE          No
    L3-TX         -           -     1  2  5  10             - 
    ERSPAN-ACL    -           -     1  2  10                5 
    ERSPAN-V2     Yes       -       1  2  10                5 
    Legend:
      MCBE  = multicast best effort
      L3-TX = L3 Multicast Egress SPAN
    HZN-N7K-1-DMZ#
    Yet i am not seeing my erspan data on my NAM (the 10.5.10.198 listed as the erspan destination).
    Now i can get to the NAM from both the DMZ vDC and from the ADMIN vDC so it's not a routing or firewall issue.
    Anyone have any tips or ideas? Which vDC would this ERSPAN source the GRE tunnel from. Knowing what I do about vDCs it amazes me that it would source from the ADMIN vDC, but if you configure the origin information from ADMIN and you need to specify a source IP that would live in the DMZ vDC, how would that work if you wanted to send ERSPAN data from a different, third vDC???
    Thanks,
    Ben Posner

    I'm curious to know what other device you used.  I bought two new 4551X and was/am a bit dismayed at the ERSPAN peer limitations. I do have 2 7010s and was planning to end-point the sessions there until I crossed this thread on the forum.
    What do you have (or not) working?  I was able to get ERSPAN to work across my 4551Xs but that's only to prove the concept.  Going to production for my McAffee IDSs I was planning to connect them to the 7010s in a non-admin VDC.

  • How do I create a specific packages for users where in only the admin has the access of which software the user can download?

    Is there any possibilities that the admin of the team can limit the packages of the user? Only the admin can add and remove software to be downloaded for specific users.

    You can include single app plans in team packages, but otherwise no. This will exclusively depend on the users' local permissions on the computer - if the can install one app, they can install all of them, be it only as a trial.
    Mylenium

  • Shadow Copy on 2012 R2 Only for Admins or dedicated Users

    Hi,
    is this possible? That only dedicated Users, or Admins are eligible to use Shadow Copy Restore?
    we have many home office users (not in Domain...) connected with VPN and they see the the right click and previos Versions.
    Now im Afraid that someone could set back the whole data directory a feew days back or more...
    would can be done?
    Shadow copy only for admins would be nice 

    there seems no such permission to control previous version...
    this may be helpful...
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/b78896ee-8364-4a02-a082-7f22e6417dc7/server-2008-and-shadow-copy-permissions?forum=winservergen
    Best,
    Howtodo

  • Only the Admin can view the data in the Discoverer Reports

    Hello,
    Discoverer Version Info:
    OracleBI Discoverer 10g (10.1.2.3)
    Oracle Business Intelligence Discoverer Plus 10g (10.1.2.55.26)
    Discoverer Model - 10.1.2.55.26
    Discoverer Server - 10.1.2.55.26
    End User Layer - 5.1.1.0.0.0
    End User Layer Library - 10.1.2.55.26
    Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
    Everything was working fine until we applied some database patches.
    Users cannot see any data in the discoverer reports. Only the Admin can see data. Even the LOVs do not populate any values for the regular users.
    Can someone please advise as to what is happening?
    Thanks.
    Thanks.

    Hi Akshaj,
    It would certainly be hard for me to replicate (I am on 10g), but perhaps you could identify the patches that were applied and this would help people discern the problem.
    I would narrow down this problem to one business area. Next, identify what users or responsibilities have been granted access using the Discoverer admin tool. Has anything changed?
    Confirm which users have been granted access. Has this changed because of the patch?
    I would look at the session sql to see if there is some change after the patch (something like this):
    select
    from
    v$sql
    where
    parsing_schema_name = 'APPS'
    and module in ('Disco10, DISCOADMIN:Discoverer_login_responsibility','dis51ws@apps_server_url (TNS V1-V3)')
    order by first_load_time desc;
    Hopefully you have a test or development environment which has not received this patch and you can juxtapose the authentication behavior.
    Patrick
    Edited by: Patrick Bacon on Oct 3, 2011 12:55 PM

  • I can start the Bridge in cs6 only as admin

    Hello,
    I can start the Bridge in cs6 only as admin, does not work because the worklfow.
    I work with limited user rights. Photoshop works not together with the bridge.
    What can I do.
    Please answer in German.
    Thank you
    teceasy

    Hi Teceasy,
    You can post your question to adobe lightroom forum( "http://forums.adobe.com/community/lightroom" ). They might give you some suggestions. Thanks.
    Sie können Ihre Fragen an Adobe Lightroom Forum posten( "http://forums.adobe.com/community/lightroom" ). Sie könnte Ihnen einige Anregungen. Dank.

  • Only Content Admins are able to perform search

    Hi,
    I created an index on a File System Repository and the indexing completed successfully. I have enabled W2KSecurityManager on the Repository. Only Content Admins are able to perform search.
    When I conduct search it returns results (I am an Content Administrator), but when another user conducts the same search does not return any results. When I assign any user with content admin role he is able to perform search (with successful results).
    It does not look like an permission issue. Everyone have access to the Windows Fileserver; also everyone has access to the index (I checked it in index permissions). Any idea where else the problem could be?
    Regards,
    Deepak

    Hi Umesh,
    We had this same problem where only admins had access, that was because
    content/system/user admin roles are set as system principals and bypass w2kSecurityManager
    functionality
    Check if users without these privileges have read access (http://server:port/irj/go/km/navigation/folder)
    if you get access denied error it's probably a problem with user mapping
    check on log files (defaultTrace) for w2k related errors, you might find something like
    No user mapping data for user <user_name> and system <system_name>#
    or similar entry
    if that's the case check sap note 615479 and
    http://help.sap.com/saphelp_nw04/helpdata/en/54/39c53dba21f750e10000000a114084/content.htm
    kr,
    Rafael

  • Is Interface only an alternative on for mutiple inheritance?

    Last night i read Java Hand Book that shows that interface is used only for alternative for multiple inheritance.
    But i disagree with it.Am i right?

    JosAH wrote:
    BigDaddyLoveHandles wrote:
    jverd wrote:
    JoachimSauer wrote:
    I don't quite understand your question. Are you asking:
    "Are Interfaces the only alternative for multiple inheritance?" (i.e. is that the only possible way to get the same functionality)If this is your question, the answer is yes.
    "Are Interfaces only used as an alternative for multiple inheritance?" (i.e. is that the only use of interfaces).If this is your question, the answer is no.So in general the answer is yes and no.I'd say the answer is yes or no.
    kind regards,
    JosPedantic boolsniffer.

  • NEXUS 7010

    Hi Folks!
    I´m working on Nexus 7000 and I need to move two interfaces to another vdc,  when I applied the configuration I get a message error, with this information. " Invalid command (too many ranges) at '^' marker. " I checked the commands and seem to be fine,  I did the same  before with another interfaces and I had not any problem:
    TM11-NX7010-EX(config)# vdc TM11-NX7010-DC
    TM11-NX7010-EX(config-vdc)# allocate interface Ethernet8/17-18
                                                     ^
    Invalid command (too many ranges) at '^' marker.
    TM11-NX7010--EX(config-vdc)# 
    TM11-NX7010--EX(config-vdc)# 
    TM11-NX7010--EX(config-vdc)# allocate interface Ethernet8/17
                                                     ^
    Invalid command (too many rang

    Are you in the ADMIN VDC to define the interfaces? I think you are in the child VDC and trying to allocate the interface.

  • Nexus 7010 mgmt0 useage opinion

    As a Senior Network Engineer I have entered into a bit of a debate with our Architect about the use of the mgmt0 interfaces on the nexus 7010 switch (dual-sups, M2 and F2 linecards).
    I would like to know opinion of the Cisco support network.
    I believe the mgmt0 interface should left alone for control plane traffic only and Out Of Band management access (ie ssh).  At the moment I have made a subnet for all VDCs with the mgmt0 (vrf management) sitting in a common subnet.  The physical mgmt0 interfaces from both SUPs are connected a management hand off switch.  The mgmt0s also serves as our control plane for VPCs. The VPC peer-link however is using main interfaces of the line-cards.
    The opinions;
    - The Architect thinks we should use all the mgmt0 interfaces for snmp, ntp, tacacs netflow-analysis and switch management.
    - However, I think I should use a traditional Loopback to perform these functions within the linecards.  The mgmt0 should only be used if traditional restricted switch access has failed.
    My Basis;
    the Loopback never goes down, uses multiple paths (the OOB hand off switch could fail closing switch management access completely).  The mgmt0 should be used as a last resort of management access to CMP.
    Thoughts please - Cheers

    I see your point about wanting to mitigate the impact of losing the OOB switch. I don't think the mgmt0 interface going down is considered the level of failure that will trigger a Supervisor switchover though. That's the way I read the Nexus 7000 HA whitepaper (and what I've seen based on some limited experience with taking apart a 7k pair).
    So, no the 7k can't send you an SNMP trap or syslog message if it's configured management path is offline. Mitigation of that could be via your NMS polling the devices's mgmt0 addresses. No response = trouble in paradise. Investigation step would be to log into the 7ks using the loopback IP and local authentication since your TACACS source-interface (mgmt0) is offline and going from there.
    The handful I've built (mostly 5k setups) I go for a Cat 3k switch with dual power supplies as the OOB switch. Once one of those is setup and seen not to be DOA, it's generally going to stay up until someone goes in and uplugs it or initiates a system reload.

  • Nexus 7010 - redistribute host routes in to OSPF

    In my Nexus 7010 infrastructure, I have a requirement to redistribute host routes in to OSPF so that the other connected sites receive the host routes through OSPF.
    These hosts are part of the connected network (192.168.100.0/24) on Nexus, I dont want this network to be advertised in to OSPF but I want the hosts inside this subnet (192.168.100.11 and 192.168.100.12) to be advertised.
    I tried to create a prefix list with these two hosts and added them to a route-map and then using the "redistribute direct" command called this route-map in to OSPF, but this is not working.
    However, if I add the entire subnet (the connected network) in to this route-map, it shows up in OSPF.
    Is there a way I could have only the hosts to be part of the OSPF database?

    Hello, There is no need for VDC or VRF I think. are we missing a trick here. I also just tested for my own sanity. (Or am I completely under-thinking this)
    N7K-1 has vlan 24 and the host route will be to 172.25.24.20
    N7K-1 Config:
    conf t
    ip route 172.25.24.20/32 Vlan24
    ip prefix-list TEST seq 5 permit 172.25.24.20/32
    route-map STATIC_TO_OSPF permit 10
      match ip address prefix-list TEST
    router ospf 1
      bfd
      router-id 192.168.101.1
      redistribute static route-map STATIC_TO_OSPF
    here is what I see on its neighbour N7K2:
    DC1-N7K2# show ip route 172.25.24.20
    IP Route Table for VRF "default"
    '*' denotes best ucast next-hop
    '**' denotes best mcast next-hop
    '[x/y]' denotes [preference/metric]
    '%<string>' in via output denotes VRF <string>
    172.25.24.20/32, ubest/mbest: 1/0
        *via 192.168.102.5, Eth8/1, [110/20], 00:00:07, ospf-1, type-2
    DC1-N7K2#
                    Type-5 AS External Link States
    Link ID         ADV Router      Age        Seq#       Checksum Tag
    172.25.24.20    192.168.101.1   479        0x80000002 0x0eed    0
    So in essence point the host routes statically to the directly connected interface.
    hth.
    Bilal

  • Configuring NTP on the nexus 7010

    Hi All,
    I'm a little confused about how to configure NTP on the nexus 7010.  I have an admin VDC and four working VDCs.  I read that you can only configure NTP on the admin VDC but the commands are also available on the other VDCs.  As the admin VDC is setup as an admin VDC it doesn't allow any commands other than those used to configure the other VDCs.  If I configure 'clock protocol ntp vdc X' from the admin vdc conf t cli it doesn't appear to apply that command to the individual VDCs.  If I try that command on each of the VDCs I get an error message.  If I do a 'show ntp peer-status' I get a message stating 'the clock is not controlled by ntp' with an explanation teling me to use the 'clock protocol ntp vdc X' command however as already explained that doesn't appear to work. I'm running nxos 6.2
    Any help, documentation etc would be greatly appreciated.

    An update.
    I have now configured NTP.  The 'clock protocol ntp vdc X' command is accessed from the conf t Cli within the admin VDC. From my reading of the NXOS documentation from 6.2 you should be able to run NTP in multiple VDCs however this does not appear to be the case.  I've configured the admin VDC as the NTP master.

  • Port-channel L2 problem with Fabric Interconnect and Nexus 7010

    Hi,
    i using port-channel from both fabric interconnect to N7k with 3 cables per Fabric Interconnect.
    but, my problem is when i creating port-channel, Fabric Interconnect don't support mode ON dan rate-mode share in Interface 10G Nexus 7010.
    I was trying :
    1. I using non dedicated port in Nexus 7010.
          - rate-mode share
          - channel-group 1 mode active
          - switchport mode trunk
    when i using this option, the port-channel in Nexus 7010 was suspended
    2. I using non dedicated port in Nexus 7010
         - rate-mode share
         - channel group 1 mode on
         - switchport mode trunk
    when i using this option, the port-channel in Nexus 7010 was came up, but in Fabric interconnect was failed.
    3. I using dedicated port in Nexus 7010
         - rate-mode share
         - channel group 1 mode active
         - switchport mode trunk
    when i using this option, the port-channel in Nexus 7010 was suspended
    4. I using dedicated port in Nexus 7010
         - rate-mode dedicated
         - channel group 1 mode active
         - switchport mode trunk
    when i using this option, the port-channel in Nexus 7010 was came up and running well.
    but, the problem is my costumer do not want using a dedicated rate-mode. if i using dedicated mode the only available port is 8 interfaces instead of 32 ports. i want to using rate-mode share in nexus 7010.
    is there any way to configuring port-channel using mode on in fabric interconnect ? i was trying using CLI to create port-channel in Fabric interconect but i cannot configure the channel group protocol.
    i attach the topology of N7K with Fabric interconnect.
    regards,
    Berwin H

    Hi Manish,
    the issue was solved, i was fix it last week.
    the solution is:
    i enable the license grace-priode (since my license is Enterprise so cannot create VDC) then i create a VDC (ex: VDC 2)  so i allocate the interface on all module
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin-top:0cm;
    mso-para-margin-right:0cm;
    mso-para-margin-bottom:10.0pt;
    mso-para-margin-left:0cm;
    line-height:115%;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    N7K-M132XP-12 to VDC 2. after that i delete VDC 2 then all interface back to VDC 1 (default vdc). then i enable the rate-mode share in dedicated port and bundle into port-channel and its working.
    i dont know why it must move to VDC first then it will working, maybe cisco can explain the reasons.
    So here the result of my port-channel :
    SVRN7KFARM-HO-01# show port-channel summary
    Flags:  D - Down        P - Up in port-channel (members)
            I - Individual  H - Hot-standby (LACP only)
            s - Suspended   r - Module-removed
            S - Switched    R - Routed
            U - Up (port-channel)
    Group Port-       Type     Protocol  Member Ports
          Channel
    1     Po1(SU)     Eth      LACP      Eth1/1(P)    Eth1/2(P)    Eth1/3(P)
                                         Eth1/4(P)    Eth1/25(P)  
    2     Po2(SU)     Eth      LACP      Eth1/9(P)    Eth1/10(P)   Eth1/11(P)
                                         Eth1/12(P)   Eth1/26(P)  
    3     Po3(SU)     Eth      LACP      Eth1/17(P)   Eth1/18(P)  
    4     Po4(SU)     Eth      NONE      Eth10/32(P)  Eth10/34(P)  Eth10/35(P)
                                         Eth10/36(P)
    Thanks.
    Berwin H

  • Disruptive ISSU 6.1.4a- 6.2.8 on Nexus 7010 sup1 because of LACP timers.

    Hi all.
    The problem.
    Today I updated my Nexus 7010 sup1 from 6.1.4a to 6.2.8.
    I want did it in ISSU mode, but after impact check I got this:
    Compatibility check is done:
    Module  bootable          Impact  Install-type  Reason
         1       yes  non-disruptive       rolling  
         2       yes  non-disruptive       rolling  
         3       yes  non-disruptive       rolling  
         4       yes  non-disruptive       rolling  
         5       yes      disruptive         reset  Some LACP ports not in steady state or operating in 'rate fast' mode.
         6       yes      disruptive         reset  Some LACP ports not in steady state or operating in 'rate fast' mode.
         7       yes  non-disruptive       rolling  
         8       yes  non-disruptive       rolling  
         9       yes  non-disruptive       rolling  
        10       yes  non-disruptive       rolling  
    Additional info for this installation:
    Service "lacp" in vdc 1: LACP: Upgrade will be disruptive as 6 switch ports and 0 fex ports are not upgrade ready!!
          Issue the "show lacp issu-impact" cli for more details.
    (modified the impact to <Hitful>  for module <6>)
    Do you want to continue with the installation (y/n)?  [n] y
    I went on with yes and update script reboot both sups after updated all modules.
    It was quite a surprise for me (yes I know I must see word "disruptive" opposite my sups 5 and 6). Because I already had done two ISSU updates on two nexuses (from 5.1.* ->5.2.7 and 5.2.7 -> 6.1.4a) and didn`t have any trouble with LACP timers. Is it a new feature of the 6.* train?
    I have another Nexus that I want to update. And it also has same problem with LACP timers.
    show install all impact give me the same disruptive result because of LACP.
    Can I somehow suppress such ISSU behavior? In case of LACP. I don`t have vPC, just ordinal PC.
    It is a way better if some LACP interfaces flap in process, than an almost 14 minutes of all 7010 chassis reboot that I had.
    Although problem with LACP timers is that they must be the same on the switch side and on the other side. And in case of switches, linux boxes or HP VCs changing LACP timers isn`t a big problem. IT is a biggg problem in case of the Windows Server.
    sh lacp interface ethernet 8/13
    Interface Ethernet8/13 is up
      Channel group is 13 port channel is Po13
    Local Port: Eth8/13   MAC Address= 40-55-39-23-1e-c1
      System Identifier=0x8000,  Port Identifier=0x8000,0x80d
      Operational key=12
      LACP_Activity=active
      LACP_Timeout=Long Timeout (30s)
    Neighbor: 0x1
      MAC Address= ac-16-2d-a4-f2-54
      System Identifier=0xffff,  Port Identifier=0xff,0x1
      Operational key=17
      LACP_Activity=active
      LACP_Timeout=short Timeout (1s)
    They must be the same and equal 30s for successful ISSU

    You probably need to dig a little deeper to get a definitive answer (sup1 or 2, type of cards, etc..) but here is a diagram in the release notes for 6.1 found here:
    http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/release/notes/61_nx-os_release_note.html
    If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

Maybe you are looking for