5428-2 , brocade switches and ql2200 with fcip

Similar Messages

• Branch office setup with L3 switch and router with IOS security

  Hello,
  I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
  I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
  Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
  I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
  If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
  Any input would be appreciated.
  Thanks,
  Austin

  Thanks for the input.
  1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
  2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3. 
  3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
  Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid.  

• X-Fi Xtereme Music mode switching and troubles with channels redirection

  Good Day.
  I have bought a X-Fi sound card and now I have troubles with my speaker system. I have analog stereo system and headphones, I connect them using my amplifier. All cables are connected properly.
  When I use entertainment mode there are no problems with speaker system if 2.0/2.1 is set. But if I set headphones channels become redirected: left becomes right and right becomes left.
  When i use game mode channels are redirected both in 2.0/2.1 and headphones modes.
  If I connect my headphones to sound card directly there are no problems excepting entertainment mode 2.0/2.1 when channels are redirected.
  Please halp me to resolve the problem.
  Thank you.

  Don`t care. I have found the way. Now all clear.:smileyvery-happy:

• AAA TACACS with Brocade Switches

  We are testing authentication on Brocade switches with our AAA TACACS+ server.  It seems that after authenicating to enable mode, you can type "exit" and be dropped back to level 7 mode.  From this point you can type "enable" and authenticate to the switch using the local "enable" password, not from TACACS.  Has anyone run across this and is there a way to correct it?  Is there something that needs to be configured in TACACS on the server to recognise the Brocade switch and make this work?
  Ray

  Hi Ray,
  What ACS version you are using?
  On a cisco switch the following command is used:
  switch(config)# aaa authentication enable default tacacs+ enable
  The above command is used to set the TACACS+ as the default check for the enable password. If TACACS+ is not available it will fall back to the local enable password.
  You need to look into such option in the Brocade switch.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• Connecting a 3500 through a Brocade Switch to Hitachi SAN

  I have a E3500 with a x6730A fiber card attached to a Brocade Switch and that switch to a Hitachi SAN. I wanted to find out where I need to start? I can see that E3500 recognizes the HBA card, but unsure as to where to go from here. Do I need to get Veritas FS or can I create volumes through Solstice? Any advice would be appreciated. I have all 3 components configured separatly but have never connected any of them together.
  # ls -la /dev/cfg
  total 18
  drwxr-xr-x 2 root root 512 Mar 1 12:10 .
  drwxr-xr-x 14 root sys 3072 Mar 9 13:52 ..
  lrwxrwxrwx 1 root root 51 Mar 1 12:10 c0 -> ../../devices/sbus@2,0/SUNW,socal@d,10000/sf@0,0:fc
  lrwxrwxrwx 1 root root 51 Mar 1 12:10 c1 -> ../../devices/sbus@2,0/SUNW,socal@d,10000/sf@1,0:fc
  lrwxrwxrwx 1 root root 46 Mar 1 12:10 c2 -> ../../devices/sbus@3,0/SUNW,fas@3,8800000:scsi
  lrwxrwxrwx 1 root root 47 Mar 1 12:10 c3 -> ../../devices/sbus@3,0/SUNW,socal@0,0/sf@0,0:fc
  lrwxrwxrwx 1 root root 47 Mar 1 12:10 c4 -> ../../devices/sbus@3,0/SUNW,socal@0,0/sf@1,0:fc
  c3 and c4 are the addresses of the HBA card

  I am currently running Solaris 8 and will be using a Hitachi SAN to put an Oracle 9 database on it. Currently the Brocade switch can see our Hitachi SAN, but we are stuck on how to connect E3500 through x6730A to the Brocade.
  SunOS morrison 5.8 Generic_117350-23 sun4u sparc SUNW,Ultra-Enterprise
  # luxadm probe
  No Network Array enclosures found in /dev/es
  Found Fibre Channel device(s):
  Node WWN:20000020378f9154 Device Type:Disk device
  Logical Path:/dev/rdsk/c0t0d0s2
  Node WWN:20000020379c5e10 Device Type:Disk device
  Logical Path:/dev/rdsk/c1t4d0s2
  Node WWN:20000020375cca44 Device Type:Disk device
  Logical Path:/dev/rdsk/c1t5d0s2
  Node WWN:20000020371ae3ef Device Type:Disk device
  Logical Path:/dev/rdsk/c0t1d0s2
  # format
  Searching for disks...done
  AVAILABLE DISK SELECTIONS:
  0. c0t0d0 <SUN18G cyl 7506 alt 2 hd 19 sec 248>
  /sbus&#64;2,0/SUNW,socal&#64;d,10000/sf&#64;0,0/ssd&#64;w21000020378f9154,0
  1. c0t1d0 <SUN36G cyl 24620 alt 2 hd 27 sec 107> /u04
  /sbus&#64;2,0/SUNW,socal&#64;d,10000/sf&#64;0,0/ssd&#64;w21000020371ae3ef,0
  2. c1t4d0 <SUN18G cyl 7506 alt 2 hd 19 sec 248> /u02
  /sbus&#64;2,0/SUNW,socal&#64;d,10000/sf&#64;1,0/ssd&#64;w21000020379c5e10,0
  3. c1t5d0 <SUN36G cyl 24620 alt 2 hd 27 sec 107> /u03
  /sbus&#64;2,0/SUNW,socal&#64;d,10000/sf&#64;1,0/ssd&#64;w21000020375cca44,0

• Fabric with two Nexus-5548 and a brocade switch does not get fabric updates

  We have a fabric containing two Nexus 5548 and a Brocade 5000 switch in interop mode 2. When i make changes to the zoning, the first nexus (the fabric principal) and the brocade switch see the zone changes. The second Nexus switch does not see it. There are no error messages but  the change just can't be seen.  What can i do to find out, what goes wrong ?

  Ouch, deprecated is not the word i wanted to read
  We are using 5.1(3)N1(1a) on nexus-rz1-a
  and 6.0(2)N1(2) on nexus-rz2-a.
  The fabric can be seen :
  nexus-rz2-a# show fcs ie vsan 10
  IE List for VSAN: 10
  IE-WWN                   IE     Mgmt-Id  Mgmt-Addr (Switch-name)
  10:00:00:05:1e:90:57:27  S(Rem) 0xfffc01 10.88.133.110 (bc-san1)
  20:0a:00:2a:6a:72:ba:01  S(Loc) 0xfffc1c 10.88.133.105 (nexus-rz2-a)
  20:0a:54:7f:ee:7f:dc:01  S(Adj) 0xfffc0b 10.88.133.100 (nexus-rz1-a)
  [Total 3 IEs in Fabric]
  nexus-rz1-a# show fcs ie vsan 10
  IE List for VSAN: 10
  IE-WWN                   IE     Mgmt-Id  Mgmt-Addr (Switch-name)
  10:00:00:05:1e:90:57:27  S(Adj) 0xfffc01 10.88.133.110 (bc-san1)
  20:0a:00:2a:6a:72:ba:01  S(Adj) 0xfffc1c 10.88.133.105 (nexus-rz2-a)
  20:0a:54:7f:ee:7f:dc:01  S(Loc) 0xfffc0b 10.88.133.100 (nexus-rz1-a)
  [Total 3 IEs in Fabric]
  I try to distribute the zoneset this way:
  zoneset distribute vsan 10
  Zoneset distribution initiated. check zone status
  nexus-rz1-a# show zone status
  VSAN: 10 default-zone: deny distribute: full Interop: 2
      mode: basic merge-control: allow
      session: none
      hard-zoning: enabled broadcast: disabled
  Default zone:
      qos: none broadcast: disabled ronly: unsupported
  Full Zoning Database :
      DB size: 6291 bytes
      Zonesets:1  Zones:62 Aliases: 44
  Active Zoning Database :
      DB size: 10243 bytes
      Name: FABRIC1  Zonesets:1  Zones:60
  Status: Zoneset distribution completed at 08:06:00 UTC Dec  3 2013
  nexus-rz2-a# show zone status
  VSAN: 1 default-zone: deny distribute: active only Interop: default
      mode: basic merge-control: allow
      session: none
      hard-zoning: enabled broadcast: disabled
  Default zone:
      qos: none broadcast: disabled ronly: unsupported
  Full Zoning Database :
      DB size: 4 bytes
      Zonesets:0  Zones:0 Aliases: 0
  Active Zoning Database :
      Database Not Available
  Status:
  VSAN: 10 default-zone: deny distribute: full Interop: 2
      mode: basic merge-control: allow
      session: none
      hard-zoning: enabled broadcast: disabled
  Default zone:
      qos: none broadcast: disabled ronly: unsupported
  Full Zoning Database :
      DB size: 6291 bytes
      Zonesets:1  Zones:62 Aliases: 44
  Active Zoning Database :
      DB size: 10243 bytes
      Name: FABRIC1  Zonesets:1  Zones:60
  Status: Activation completed at 13:03:42 UTC Dec  2 2013

• Problems with SRW224G4 switch and Bridged Network Cards

  Hello,
  We have recently installed a SRW224G4 switch and have discovered that when we plug our DELL PowerEdge 2900 server into the switch, the switch loses all network connectivity and all of the LED's on the switch start flashing.
  The server works perfectly well plugged into another switch, but as soon as we introduce the SRW224G4 into the network, either with the server plugged into that switch or any other, the problem re-occurs.
  The only way we found we could eliminate this issue was if we disabled the Bridged Network connection on the two network cards on the server. If we do that, everything is fine, except the network performance of the server has dropped significantly.
  The server is plugged into the 1GB ports on the switch, although we tried it on the 100MB ports and received the same problems. The switch reports that the ports are running at full-duplex.
  Has anyone noticed this behavior before, and more importantly been able to rectify it.
  Thanks in advance for your assistance,
  Paul

  I had this problem as well with any Linksys 2024 or rackmountable switch..  The trick is, you need to use the network cards management software to "team" or bridged the 2 NIC's otherwise the switch detects a loop and the whole thing locks up. So lame...  Windows built in bridge mode stinks dont use it.  When you use the Intel management software or Dell or HP's NIc management software you have the option to actually choose "redundant mode" where you can pick a Nic to be the primary, or you can choose Load Balancing where you can essentially double your throughput by joining the 2 nics.
  In Windows 2008 Server, you actually do this by going to the Properties on the NIC in  Device Manger.  the software controls are now built right into the driver.  pretty neat.  2003 you can check Device Manager the same way but not sure if it's the same as 2008, you might need to run the actual NIC management app.
  Hope this helps
  fdigi 

• Not Working-central web-authentication with a switch and Identity Service Engine

  on the followup the document "Configuration example : central web-authentication with a switch and Identity Service Engine" by Nicolas Darchis, since the redirection on the switch is not working, i'm asking for your help...
  I'm using ISE Version : 1.0.4.573 and WS-C2960-24PC-L w/software 12.2(55)SE1 and image C2960-LANBASEK9-M for the access.
  The interface configuration looks like this:
  interface FastEthernet0/24
  switchport access vlan 6
  switchport mode access
  switchport voice vlan 20
  ip access-group webauth in
  authentication event fail action next-method
  authentication event server dead action authorize
  authentication event server alive action reinitialize
  authentication order mab
  authentication priority mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  authentication violation restrict
  mab
  spanning-tree portfast
  end
  The ACL's
  Extended IP access list webauth
      10 permit ip any any
  Extended IP access list redirect
      10 deny ip any host 172.22.2.38
      20 permit tcp any any eq www
      30 permit tcp any any eq 443
  The ISE side configuration I follow it step by step...
  When I conect the XP client, e see the following Autenthication session...
  swlx0x0x#show authentication sessions interface fastEthernet 0/24
             Interface:  FastEthernet0/24
            MAC Address:  0015.c549.5c99
             IP Address:  172.22.3.184
              User-Name:  00-15-C5-49-5C-99
                 Status:  Authz Success
                 Domain:  DATA
         Oper host mode:  single-host
       Oper control dir:  both
          Authorized By:  Authentication Server
             Vlan Group:  N/A
       URL Redirect ACL:  redirect
           URL Redirect: https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  AC16011F000000490AC1A9E2
        Acct Session ID:  0x00000077
                 Handle:  0xB7000049
  Runnable methods list:
         Method   State
         mab      Authc Success
  But there is no redirection, and I get the the following message on switch console:
  756005: Mar 28 11:40:30: epm-redirect:IP=172.22.3.184: No redirection policy for this host
  756006: Mar 28 11:40:30: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
  I have to mention I'm using an http proxy on port 8080...
  Any Ideas on what is going wrong?
  Regards
  Nuno

  OK, so I upgraded the IOS to version
  SW Version: 12.2(55)SE5, SW Image: C2960-LANBASEK9-M
  I tweak with ACL's to the following:
  Extended IP access list redirect
      10 permit ip any any (13 matches)
  and created a DACL that is downloaded along with the authentication
  Extended IP access list xACSACLx-IP-redirect-4f743d58 (per-user)
      10 permit ip any any
  I can see the epm session
  swlx0x0x#show epm session ip 172.22.3.74
       Admission feature:  DOT1X
       ACS ACL:  xACSACLx-IP-redirect-4f743d58
       URL Redirect ACL:  redirect
       URL Redirect:  https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
  And authentication
  swlx0x0x#show authentication sessions interface fastEthernet 0/24
       Interface:  FastEthernet0/24
       MAC Address:  0015.c549.5c99
       IP Address:  172.22.3.74
       User-Name:  00-15-C5-49-5C-99
       Status:  Authz Success
       Domain:  DATA
       Oper host mode:  multi-auth
       Oper control dir:  both
       Authorized By:  Authentication Server
       Vlan Group:  N/A
       ACS ACL:  xACSACLx-IP-redirect-4f743d58
       URL Redirect ACL:  redirect
       URL Redirect:  https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
       Session timeout:  N/A
       Idle timeout:  N/A
       Common Session ID:  AC16011F000000160042BD98
       Acct Session ID:  0x0000001B
       Handle:  0x90000016
       Runnable methods list:
       Method   State
       mab      Authc Success
  on the logging, I get the following messages...
  017857: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
  017858: Mar 29 11:27:04: epm-redirect:epm_redirect_cache_gen_hash: IP=172.22.3.74 Hash=271
  017859: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: CacheEntryGet Success
  017860: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: Ingress packet on [idb= FastEthernet0/24] matched with [acl=redirect]
  017861: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Enqueue the packet with if_input=FastEthernet0/24
  017862: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_process ...
  017863: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Not an HTTP(s) packet
  What I'm I missing?

• Has anyone deployed converged access with 3850 switches and 5760 WLCs?

  Has anyone deployed a converged access network architecture with 3850 switches and 5760 WLCs? I have done lots of projects with the 5508 WLCs In a centralized deployment. Basically with this design, I manage 2 logical networks as the wireless network is an overlay over the wired network. I can design firewall to segregate traffic between the wired and wireless hence I can carry both staff and guest traffic.
  Now Cisco is telling us that there is new design such that the dats plane traffic can be dropped locally through the 3850 switched. I am not sold on this and have not found any recommended best practices on when should we use a converged access architecture.
  Pros
  With converged access, data traffic is terminated at the MA which is on the switches, hence the WLC will not be a bottleneck? This is to prepare adoption for 802.11ac?
  Less hops for voice calls from user A to user B as data control traffic is dropped locally.
  Cons
  Now how do I segregate guest and staff traffic if my security folks say I need a firewall?
  Troubleshooting wireless client mobility will be a nightmare as the 3850 switches are MA.
  Pushing and upgrading code for the Code will mean upgrading the stack of switches in the LAN riser. This will be painful in a huge campus environment like an university.
  Can someone convince me why would a customer choose converged access?
  Sent from Cisco Technical Support iPad App

  They choose CA because of the capwap termination at the switch. You can still use a 5508 and tunnel guest to a DMZ segment if you wish. You will need a 5508 though is you want to tunnel traffic to an anchor WLC.
  Sent from Cisco Technical Support iPhone App

• Ask the Expert: Different Flavors and Design with vPC on Cisco Nexus 5000 Series Switches

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about Cisco® NX-OS.
  The biggest limitation to a classic port channel communication is that the port channel operates only between two devices. To overcome this limitation, Cisco NX-OS has a technology called virtual port channel (vPC). A pair of switches acting as a vPC peer endpoint looks like a single logical entity to port channel attached devices. The two devices that act as the logical port channel endpoint are actually two separate devices. This setup has the benefits of hardware redundancy combined with the benefits offered by a port channel, for example, loop management.
  vPC technology is the main factor for success of Cisco Nexus® data center switches such as the Cisco Nexus 5000 Series, Nexus 7000 Series, and Nexus 2000 Series Switches.
  This event is focused on discussing all possible types of vPC along-with best practices, failure scenarios, Cisco Technical Assistance Center (TAC) recommendations and troubleshooting
  Vishal Mehta is a customer support engineer for the Cisco Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in TAC for the past 3 years with a primary focus on data center technologies, such as the Cisco Nexus 5000 Series Switches, Cisco Unified Computing System™ (Cisco UCS®), Cisco Nexus 1000V Switch, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching, and service provider.
  Nimit Pathak is a customer support engineer for the Cisco Data Center Server Virtualization TAC team based in San Jose, California, with primary focus on data center technologies, such as Cisco UCS, the Cisco Nexus 1000v Switch, and virtualization. Nimit holds a master's degree in electrical engineering from Bridgeport University, has CCNA® and CCNP® Nimit is also working on a Cisco data center CCIE® certification While also pursuing an MBA degree from Santa Clara University.
  Remember to use the rating system to let Vishal and Nimit know if you have received an adequate response. 
  Because of the volume expected during this event, Vishal and Nimit might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure Community, under the subcommunity LAN, Switching & Routing, shortly after the event. This event lasts through August 29, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Gustavo
  Please see my responses to your questions:
  Yes almost all routing protocols use Multicast to establish adjacencies. We are dealing with two different type of traffic –Control Plane and Data Plane.
  Control Plane: To establish Routing adjacency, the first packet (hello) is punted to CPU. So in the case of triangle routed VPC topology as specified on the Operations Guide Link, multicast for routing adjacencies will work. The hellos packets will be exchanged across all 3 routers and adjacency will be formed over VPC links
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999181
  Now for Data Plane we have two types of traffic – Unicast and Multicast.
  The Unicast traffic will not have any forwarding issues, but because the Layer 3 ECMP and port channel run independent hash calculations there is a possibility that when the Layer 3 ECMP chooses N5k-1 as the Layer 3 next hop for a destination address while the port channel hashing chooses the physical link toward N5k-2. In this scenario,N5k-2 receives packets from R with the N5k-1 MAC as the destination MAC.
  Sending traffic over the peer-link to the correct gateway is acceptable for data forwarding, but it is suboptimal because it makes traffic cross the peer link when the traffic could be routed directly.
  For that topology, Multicast Traffic might have complete traffic loss due to the fact that when a PIM router is connected to Cisco Nexus 5500 Platform switches in a vPC topology, the PIM join messages are received only by one switch. The multicast data might be received by the other switch.
  The Loop avoidance works little different across Nexus 5000 and Nexus 7000.
  Similarity: For both products, loop avoidance is possible due to VSL bit
  The VSL bit is set in the DBUS header internal to the Nexus.
  It is not something that is set in the ethernet packet that can be identified. The VSL bit is set on the port asic for the port used for the vPC peer link, so if you have Nexus A and Nexus B configured for vPC and a packet leaves Nexus A towards Nexus B, Nexus B will set the VSL bit on the ingress port ASIC. This is not something that would traverse the peer link.
  This mechanism is used for loop prevention within the chassis.
  The idea being that if the port came in the peer link from the vPC peer, the system makes the assumption that the vPC peer would have forwarded this packet out the vPC-enabled port-channels towards the end device, so the egress vpc interface's port-asic will filter the packet on egress.
  Differences:  In Nexus 5000 when it has to do L3-to-L2 lookup for forwarding traffic, the VSL bit is cleared and so the traffic is not dropped as compared to Nexus 7000 and Nexus 3000.
  It still does loop prevention but the L3-to-L2 lookup is different in Nexus 5000 and Nexus 7000.
  For more details please see below presentation:
  https://supportforums.cisco.com/sites/default/files/session_14-_nexus.pdf
  DCI Scenario:  If 2 pairs are of Nexus 5000 then separation of L3/L2 links is not needed.
  But in most scenarios I have seen pair of Nexus 5000 with pair of Nexus 7000 over DCI or 2 pairs of Nexus 7000 over DCI. If Nexus 7000 are used then L3 and L2 links are required for sure as mentioned on above presentation link.
  Let us know if you have further questions.
  Thanks,
  Vishal

• How do I temporairily stop using Fire Fox? I'd like to switch back and forth with IOE.

  When I first got FF, I had to click on the icon to turn it on. That was great. Now it seems to have taken over as my only operating system. I'd like to be able to switch back and forth with IE as I have lots of info located on the hard drive in places which seem easier to get to with IE. When I turn off my computer I click on the FF icon and turn it off, but to no avail. Not only is it there when I start up my machine again, it has saved some of the items which I worked on prior to shuting it down. It's becoming a real pain!!!!

  Just open Internet Explorer! You can even use Firefox and IE at the same time, if you care to - Firefox doesn't stop you from using another browser, either ny itself or when Firefox is running.

• HT4623 my mobile switches off automatically with "no service " and then i get message to restore my iphone 3 .. what should i do?

  my mobile switches off automatically with "no service " and then i get message to restore my iphone 3 .. what should i do?

  Hey jayashri,
  I'd give restoring a shot, but I'd make sure to back up your content first. You can read about how to do both things in the following article:
  iOS: How to back up and restore your content
  http://support.apple.com/kb/HT1766
  Best,
  Delgadoh

• Can you control switch and router access with AD (Kerberos)

  I am standing up a small environment with less than 20 switches and I want to configure the authentication so that dedicated Active Directory accounts provide access to the switches. We are not going to be able to put up an ACS box, and I don't want to use RADIUS unless I have to. Since both AD and Cisco support Kerberos, is it possible to us an AD group to control access to my switches and routers?

  Sam,
  Have you looked at these at Cisco?
  http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_kerberos.html
  Section "Login Authentication Using Kerberos"
  http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfindx.html
  or these
  http://www.techrepublic.com/article/configure-cisco-routers-to-use-active-directory-authentication-the-windows-side/6180954
  HTH,
  Arnold

• ACS and brocade switch support!!!!

  Hi Experts,
  I have two queries:-
  1) Does Broacade switch supports ACS ?
  2) I am trying to configure a Brocade switch to get Radius authentification on an ACS server. But get the user right and not a admin right ?
  Can you please tell me how do i assign the admin right for brocade switch??
  Thanks in advance.
  Regards
  Neha.

  Hi,
  Follow these instructions even if the ACS is already running in detailed logging mode. This will ensure that all the proper service startup information is included in the package.cab file.
  System Configuration --> Service Control --> Level of detail - Full At this point, we need to duplicate the issue.
  Do whatever is causing the problem, or wait for the problem to occur again if it's not triggered by a direct sequence of events. Once that's done, we need to gather the verbose logs created. To do so, follow the instructions below AFTER the problem has been recreated and recorded:
  System Configuration --> Support -->Enable generate logs and Collect last x day logs and Collect Log Files
  Run Support Now. Please save this file and unzip it. You will see a file called rds.log
  This file contains all of the log information from ACS.
  Regards

• I just purchased an ibook for my mac for the first time and it started with two pages then switched to one with notes and i can't change it back. Anyone else having this problem?

  I just purchased an ibook for my mac for the first time and it started with two pages then switched to one with notes and i can't change it back. Anyone else having this problem?

  Up the top where the three buttons are (red yellow green) are three images. Click on the third image that looks like a notepad (not the first which is a library book), and that should get rid of 'Notes'. To read using two pages make the window bigger.