5428-2 , brocade switches and ql2200 with fcip
I keep on getting these messages when I connect a Qlogic ql2200 adapter to 5428 that's using FCIP between two SAN's that are using Brocade 3800 switches:
Mar 13 08:21:06: %FC-5-PortOperChange: PortOperChange;2959;0;0;1
I assume that I don't have the 5428 setup correctly for the ql2200 and I understand that there's a CISCO white paper describing how to set up the 5428 for interoperability with the Brocade switches and Adapaters. Could I please get a copy. Thanks
I'm trying the vary basics. I disconnected the GE ports from each 5428. I cleared the configuration on one of the 5428's with the "clear conf" command. I then setup the basic information and did a "setup". I plug the fibre cable from the ql2200 into fibre channel port 1. Here's what I get when I run the nameserver command:
[sm542802]# show fcswitch nameserver all
0 entries found
[sm542802]#
So my problem is that the qlogic adapter is just not seen by the 5428 when I use the default settings.
If I set the 5428 fc1 port to 1Gb/sec, then I get the following messages...
Mar 15 17:14:22: %FC-5-PortOperChange: PortOperChange;670;0;0;1
Mar 15 17:14:24: %FC-5-PortOperChange: PortOperChange;671;0;0;1
Mar 15 17:14:26: %FC-5-PortOperChange: PortOperChange;672;0;0;1
Mar 15 17:14:28: %FC-5-PortOperChange: PortOperChange;673;0;0;1
Mar 15 17:14:30: %FC-5-PortOperChange: PortOperChange;674;0;0;1
Mar 15 17:14:32: %FC-5-PortOperChange: PortOperChange;675;0;0;1
Mar 15 17:14:34: %FC-5-PortOperChange: PortOperChange;676;0;0;1
Mar 15 17:14:36: %FC-5-PortOperChange: PortOperChange;677;0;0;1
Mar 15 17:14:45: %FC-5-PortOperChange: PortOperChange;678;0;0;1
Similar Messages
-
Branch office setup with L3 switch and router with IOS security
Hello,
I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
Any input would be appreciated.
Thanks,
AustinThanks for the input.
1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3.
3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid. -
X-Fi Xtereme Music mode switching and troubles with channels redirection
Good Day.
I have bought a X-Fi sound card and now I have troubles with my speaker system. I have analog stereo system and headphones, I connect them using my amplifier. All cables are connected properly.
When I use entertainment mode there are no problems with speaker system if 2.0/2.1 is set. But if I set headphones channels become redirected: left becomes right and right becomes left.
When i use game mode channels are redirected both in 2.0/2.1 and headphones modes.
If I connect my headphones to sound card directly there are no problems excepting entertainment mode 2.0/2.1 when channels are redirected.
Please halp me to resolve the problem.
Thank you.Don`t care. I have found the way. Now all clear.:smileyvery-happy:
-
AAA TACACS with Brocade Switches
We are testing authentication on Brocade switches with our AAA TACACS+ server. It seems that after authenicating to enable mode, you can type "exit" and be dropped back to level 7 mode. From this point you can type "enable" and authenticate to the switch using the local "enable" password, not from TACACS. Has anyone run across this and is there a way to correct it? Is there something that needs to be configured in TACACS on the server to recognise the Brocade switch and make this work?
RayHi Ray,
What ACS version you are using?
On a cisco switch the following command is used:
switch(config)# aaa authentication enable default tacacs+ enable
The above command is used to set the TACACS+ as the default check for the enable password. If TACACS+ is not available it will fall back to the local enable password.
You need to look into such option in the Brocade switch.
HTH
Amjad
Rating useful replies is more useful than saying "Thank you" -
Connecting a 3500 through a Brocade Switch to Hitachi SAN
I have a E3500 with a x6730A fiber card attached to a Brocade Switch and that switch to a Hitachi SAN. I wanted to find out where I need to start? I can see that E3500 recognizes the HBA card, but unsure as to where to go from here. Do I need to get Veritas FS or can I create volumes through Solstice? Any advice would be appreciated. I have all 3 components configured separatly but have never connected any of them together.
# ls -la /dev/cfg
total 18
drwxr-xr-x 2 root root 512 Mar 1 12:10 .
drwxr-xr-x 14 root sys 3072 Mar 9 13:52 ..
lrwxrwxrwx 1 root root 51 Mar 1 12:10 c0 -> ../../devices/sbus@2,0/SUNW,socal@d,10000/sf@0,0:fc
lrwxrwxrwx 1 root root 51 Mar 1 12:10 c1 -> ../../devices/sbus@2,0/SUNW,socal@d,10000/sf@1,0:fc
lrwxrwxrwx 1 root root 46 Mar 1 12:10 c2 -> ../../devices/sbus@3,0/SUNW,fas@3,8800000:scsi
lrwxrwxrwx 1 root root 47 Mar 1 12:10 c3 -> ../../devices/sbus@3,0/SUNW,socal@0,0/sf@0,0:fc
lrwxrwxrwx 1 root root 47 Mar 1 12:10 c4 -> ../../devices/sbus@3,0/SUNW,socal@0,0/sf@1,0:fc
c3 and c4 are the addresses of the HBA cardI am currently running Solaris 8 and will be using a Hitachi SAN to put an Oracle 9 database on it. Currently the Brocade switch can see our Hitachi SAN, but we are stuck on how to connect E3500 through x6730A to the Brocade.
SunOS morrison 5.8 Generic_117350-23 sun4u sparc SUNW,Ultra-Enterprise
# luxadm probe
No Network Array enclosures found in /dev/es
Found Fibre Channel device(s):
Node WWN:20000020378f9154 Device Type:Disk device
Logical Path:/dev/rdsk/c0t0d0s2
Node WWN:20000020379c5e10 Device Type:Disk device
Logical Path:/dev/rdsk/c1t4d0s2
Node WWN:20000020375cca44 Device Type:Disk device
Logical Path:/dev/rdsk/c1t5d0s2
Node WWN:20000020371ae3ef Device Type:Disk device
Logical Path:/dev/rdsk/c0t1d0s2
# format
Searching for disks...done
AVAILABLE DISK SELECTIONS:
0. c0t0d0 <SUN18G cyl 7506 alt 2 hd 19 sec 248>
/sbus@2,0/SUNW,socal@d,10000/sf@0,0/ssd@w21000020378f9154,0
1. c0t1d0 <SUN36G cyl 24620 alt 2 hd 27 sec 107> /u04
/sbus@2,0/SUNW,socal@d,10000/sf@0,0/ssd@w21000020371ae3ef,0
2. c1t4d0 <SUN18G cyl 7506 alt 2 hd 19 sec 248> /u02
/sbus@2,0/SUNW,socal@d,10000/sf@1,0/ssd@w21000020379c5e10,0
3. c1t5d0 <SUN36G cyl 24620 alt 2 hd 27 sec 107> /u03
/sbus@2,0/SUNW,socal@d,10000/sf@1,0/ssd@w21000020375cca44,0 -
Fabric with two Nexus-5548 and a brocade switch does not get fabric updates
We have a fabric containing two Nexus 5548 and a Brocade 5000 switch in interop mode 2. When i make changes to the zoning, the first nexus (the fabric principal) and the brocade switch see the zone changes. The second Nexus switch does not see it. There are no error messages but the change just can't be seen. What can i do to find out, what goes wrong ?
Ouch, deprecated is not the word i wanted to read
We are using 5.1(3)N1(1a) on nexus-rz1-a
and 6.0(2)N1(2) on nexus-rz2-a.
The fabric can be seen :
nexus-rz2-a# show fcs ie vsan 10
IE List for VSAN: 10
IE-WWN IE Mgmt-Id Mgmt-Addr (Switch-name)
10:00:00:05:1e:90:57:27 S(Rem) 0xfffc01 10.88.133.110 (bc-san1)
20:0a:00:2a:6a:72:ba:01 S(Loc) 0xfffc1c 10.88.133.105 (nexus-rz2-a)
20:0a:54:7f:ee:7f:dc:01 S(Adj) 0xfffc0b 10.88.133.100 (nexus-rz1-a)
[Total 3 IEs in Fabric]
nexus-rz1-a# show fcs ie vsan 10
IE List for VSAN: 10
IE-WWN IE Mgmt-Id Mgmt-Addr (Switch-name)
10:00:00:05:1e:90:57:27 S(Adj) 0xfffc01 10.88.133.110 (bc-san1)
20:0a:00:2a:6a:72:ba:01 S(Adj) 0xfffc1c 10.88.133.105 (nexus-rz2-a)
20:0a:54:7f:ee:7f:dc:01 S(Loc) 0xfffc0b 10.88.133.100 (nexus-rz1-a)
[Total 3 IEs in Fabric]
I try to distribute the zoneset this way:
zoneset distribute vsan 10
Zoneset distribution initiated. check zone status
nexus-rz1-a# show zone status
VSAN: 10 default-zone: deny distribute: full Interop: 2
mode: basic merge-control: allow
session: none
hard-zoning: enabled broadcast: disabled
Default zone:
qos: none broadcast: disabled ronly: unsupported
Full Zoning Database :
DB size: 6291 bytes
Zonesets:1 Zones:62 Aliases: 44
Active Zoning Database :
DB size: 10243 bytes
Name: FABRIC1 Zonesets:1 Zones:60
Status: Zoneset distribution completed at 08:06:00 UTC Dec 3 2013
nexus-rz2-a# show zone status
VSAN: 1 default-zone: deny distribute: active only Interop: default
mode: basic merge-control: allow
session: none
hard-zoning: enabled broadcast: disabled
Default zone:
qos: none broadcast: disabled ronly: unsupported
Full Zoning Database :
DB size: 4 bytes
Zonesets:0 Zones:0 Aliases: 0
Active Zoning Database :
Database Not Available
Status:
VSAN: 10 default-zone: deny distribute: full Interop: 2
mode: basic merge-control: allow
session: none
hard-zoning: enabled broadcast: disabled
Default zone:
qos: none broadcast: disabled ronly: unsupported
Full Zoning Database :
DB size: 6291 bytes
Zonesets:1 Zones:62 Aliases: 44
Active Zoning Database :
DB size: 10243 bytes
Name: FABRIC1 Zonesets:1 Zones:60
Status: Activation completed at 13:03:42 UTC Dec 2 2013 -
Problems with SRW224G4 switch and Bridged Network Cards
Hello,
We have recently installed a SRW224G4 switch and have discovered that when we plug our DELL PowerEdge 2900 server into the switch, the switch loses all network connectivity and all of the LED's on the switch start flashing.
The server works perfectly well plugged into another switch, but as soon as we introduce the SRW224G4 into the network, either with the server plugged into that switch or any other, the problem re-occurs.
The only way we found we could eliminate this issue was if we disabled the Bridged Network connection on the two network cards on the server. If we do that, everything is fine, except the network performance of the server has dropped significantly.
The server is plugged into the 1GB ports on the switch, although we tried it on the 100MB ports and received the same problems. The switch reports that the ports are running at full-duplex.
Has anyone noticed this behavior before, and more importantly been able to rectify it.
Thanks in advance for your assistance,
PaulI had this problem as well with any Linksys 2024 or rackmountable switch.. The trick is, you need to use the network cards management software to "team" or bridged the 2 NIC's otherwise the switch detects a loop and the whole thing locks up. So lame... Windows built in bridge mode stinks dont use it. When you use the Intel management software or Dell or HP's NIc management software you have the option to actually choose "redundant mode" where you can pick a Nic to be the primary, or you can choose Load Balancing where you can essentially double your throughput by joining the 2 nics.
In Windows 2008 Server, you actually do this by going to the Properties on the NIC in Device Manger. the software controls are now built right into the driver. pretty neat. 2003 you can check Device Manager the same way but not sure if it's the same as 2008, you might need to run the actual NIC management app.
Hope this helps
fdigi -
Not Working-central web-authentication with a switch and Identity Service Engine
on the followup the document "Configuration example : central web-authentication with a switch and Identity Service Engine" by Nicolas Darchis, since the redirection on the switch is not working, i'm asking for your help...
I'm using ISE Version : 1.0.4.573 and WS-C2960-24PC-L w/software 12.2(55)SE1 and image C2960-LANBASEK9-M for the access.
The interface configuration looks like this:
interface FastEthernet0/24
switchport access vlan 6
switchport mode access
switchport voice vlan 20
ip access-group webauth in
authentication event fail action next-method
authentication event server dead action authorize
authentication event server alive action reinitialize
authentication order mab
authentication priority mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
spanning-tree portfast
end
The ACL's
Extended IP access list webauth
10 permit ip any any
Extended IP access list redirect
10 deny ip any host 172.22.2.38
20 permit tcp any any eq www
30 permit tcp any any eq 443
The ISE side configuration I follow it step by step...
When I conect the XP client, e see the following Autenthication session...
swlx0x0x#show authentication sessions interface fastEthernet 0/24
Interface: FastEthernet0/24
MAC Address: 0015.c549.5c99
IP Address: 172.22.3.184
User-Name: 00-15-C5-49-5C-99
Status: Authz Success
Domain: DATA
Oper host mode: single-host
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
URL Redirect ACL: redirect
URL Redirect: https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC16011F000000490AC1A9E2
Acct Session ID: 0x00000077
Handle: 0xB7000049
Runnable methods list:
Method State
mab Authc Success
But there is no redirection, and I get the the following message on switch console:
756005: Mar 28 11:40:30: epm-redirect:IP=172.22.3.184: No redirection policy for this host
756006: Mar 28 11:40:30: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
I have to mention I'm using an http proxy on port 8080...
Any Ideas on what is going wrong?
Regards
NunoOK, so I upgraded the IOS to version
SW Version: 12.2(55)SE5, SW Image: C2960-LANBASEK9-M
I tweak with ACL's to the following:
Extended IP access list redirect
10 permit ip any any (13 matches)
and created a DACL that is downloaded along with the authentication
Extended IP access list xACSACLx-IP-redirect-4f743d58 (per-user)
10 permit ip any any
I can see the epm session
swlx0x0x#show epm session ip 172.22.3.74
Admission feature: DOT1X
ACS ACL: xACSACLx-IP-redirect-4f743d58
URL Redirect ACL: redirect
URL Redirect: https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
And authentication
swlx0x0x#show authentication sessions interface fastEthernet 0/24
Interface: FastEthernet0/24
MAC Address: 0015.c549.5c99
IP Address: 172.22.3.74
User-Name: 00-15-C5-49-5C-99
Status: Authz Success
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Authorized By: Authentication Server
Vlan Group: N/A
ACS ACL: xACSACLx-IP-redirect-4f743d58
URL Redirect ACL: redirect
URL Redirect: https://ISE-ip:8443/guestportal/gateway?sessionId=AC16011F000000510B44FBD2&action=cwa
Session timeout: N/A
Idle timeout: N/A
Common Session ID: AC16011F000000160042BD98
Acct Session ID: 0x0000001B
Handle: 0x90000016
Runnable methods list:
Method State
mab Authc Success
on the logging, I get the following messages...
017857: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_qualify ...
017858: Mar 29 11:27:04: epm-redirect:epm_redirect_cache_gen_hash: IP=172.22.3.74 Hash=271
017859: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: CacheEntryGet Success
017860: Mar 29 11:27:04: epm-redirect:IP=172.22.3.74: Ingress packet on [idb= FastEthernet0/24] matched with [acl=redirect]
017861: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Enqueue the packet with if_input=FastEthernet0/24
017862: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: In epm_host_ingress_traffic_process ...
017863: Mar 29 11:27:04: epm-redirect:IDB=FastEthernet0/24: Not an HTTP(s) packet
What I'm I missing? -
Has anyone deployed converged access with 3850 switches and 5760 WLCs?
Has anyone deployed a converged access network architecture with 3850 switches and 5760 WLCs? I have done lots of projects with the 5508 WLCs In a centralized deployment. Basically with this design, I manage 2 logical networks as the wireless network is an overlay over the wired network. I can design firewall to segregate traffic between the wired and wireless hence I can carry both staff and guest traffic.
Now Cisco is telling us that there is new design such that the dats plane traffic can be dropped locally through the 3850 switched. I am not sold on this and have not found any recommended best practices on when should we use a converged access architecture.
Pros
With converged access, data traffic is terminated at the MA which is on the switches, hence the WLC will not be a bottleneck? This is to prepare adoption for 802.11ac?
Less hops for voice calls from user A to user B as data control traffic is dropped locally.
Cons
Now how do I segregate guest and staff traffic if my security folks say I need a firewall?
Troubleshooting wireless client mobility will be a nightmare as the 3850 switches are MA.
Pushing and upgrading code for the Code will mean upgrading the stack of switches in the LAN riser. This will be painful in a huge campus environment like an university.
Can someone convince me why would a customer choose converged access?
Sent from Cisco Technical Support iPad AppThey choose CA because of the capwap termination at the switch. You can still use a 5508 and tunnel guest to a DMZ segment if you wish. You will need a 5508 though is you want to tunnel traffic to an anchor WLC.
Sent from Cisco Technical Support iPhone App -
Ask the Expert: Different Flavors and Design with vPC on Cisco Nexus 5000 Series Switches
Welcome to the Cisco® Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Cisco® NX-OS.
The biggest limitation to a classic port channel communication is that the port channel operates only between two devices. To overcome this limitation, Cisco NX-OS has a technology called virtual port channel (vPC). A pair of switches acting as a vPC peer endpoint looks like a single logical entity to port channel attached devices. The two devices that act as the logical port channel endpoint are actually two separate devices. This setup has the benefits of hardware redundancy combined with the benefits offered by a port channel, for example, loop management.
vPC technology is the main factor for success of Cisco Nexus® data center switches such as the Cisco Nexus 5000 Series, Nexus 7000 Series, and Nexus 2000 Series Switches.
This event is focused on discussing all possible types of vPC along-with best practices, failure scenarios, Cisco Technical Assistance Center (TAC) recommendations and troubleshooting
Vishal Mehta is a customer support engineer for the Cisco Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in TAC for the past 3 years with a primary focus on data center technologies, such as the Cisco Nexus 5000 Series Switches, Cisco Unified Computing System™ (Cisco UCS®), Cisco Nexus 1000V Switch, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching, and service provider.
Nimit Pathak is a customer support engineer for the Cisco Data Center Server Virtualization TAC team based in San Jose, California, with primary focus on data center technologies, such as Cisco UCS, the Cisco Nexus 1000v Switch, and virtualization. Nimit holds a master's degree in electrical engineering from Bridgeport University, has CCNA® and CCNP® Nimit is also working on a Cisco data center CCIE® certification While also pursuing an MBA degree from Santa Clara University.
Remember to use the rating system to let Vishal and Nimit know if you have received an adequate response.
Because of the volume expected during this event, Vishal and Nimit might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure Community, under the subcommunity LAN, Switching & Routing, shortly after the event. This event lasts through August 29, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.Hello Gustavo
Please see my responses to your questions:
Yes almost all routing protocols use Multicast to establish adjacencies. We are dealing with two different type of traffic –Control Plane and Data Plane.
Control Plane: To establish Routing adjacency, the first packet (hello) is punted to CPU. So in the case of triangle routed VPC topology as specified on the Operations Guide Link, multicast for routing adjacencies will work. The hellos packets will be exchanged across all 3 routers and adjacency will be formed over VPC links
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999181
Now for Data Plane we have two types of traffic – Unicast and Multicast.
The Unicast traffic will not have any forwarding issues, but because the Layer 3 ECMP and port channel run independent hash calculations there is a possibility that when the Layer 3 ECMP chooses N5k-1 as the Layer 3 next hop for a destination address while the port channel hashing chooses the physical link toward N5k-2. In this scenario,N5k-2 receives packets from R with the N5k-1 MAC as the destination MAC.
Sending traffic over the peer-link to the correct gateway is acceptable for data forwarding, but it is suboptimal because it makes traffic cross the peer link when the traffic could be routed directly.
For that topology, Multicast Traffic might have complete traffic loss due to the fact that when a PIM router is connected to Cisco Nexus 5500 Platform switches in a vPC topology, the PIM join messages are received only by one switch. The multicast data might be received by the other switch.
The Loop avoidance works little different across Nexus 5000 and Nexus 7000.
Similarity: For both products, loop avoidance is possible due to VSL bit
The VSL bit is set in the DBUS header internal to the Nexus.
It is not something that is set in the ethernet packet that can be identified. The VSL bit is set on the port asic for the port used for the vPC peer link, so if you have Nexus A and Nexus B configured for vPC and a packet leaves Nexus A towards Nexus B, Nexus B will set the VSL bit on the ingress port ASIC. This is not something that would traverse the peer link.
This mechanism is used for loop prevention within the chassis.
The idea being that if the port came in the peer link from the vPC peer, the system makes the assumption that the vPC peer would have forwarded this packet out the vPC-enabled port-channels towards the end device, so the egress vpc interface's port-asic will filter the packet on egress.
Differences: In Nexus 5000 when it has to do L3-to-L2 lookup for forwarding traffic, the VSL bit is cleared and so the traffic is not dropped as compared to Nexus 7000 and Nexus 3000.
It still does loop prevention but the L3-to-L2 lookup is different in Nexus 5000 and Nexus 7000.
For more details please see below presentation:
https://supportforums.cisco.com/sites/default/files/session_14-_nexus.pdf
DCI Scenario: If 2 pairs are of Nexus 5000 then separation of L3/L2 links is not needed.
But in most scenarios I have seen pair of Nexus 5000 with pair of Nexus 7000 over DCI or 2 pairs of Nexus 7000 over DCI. If Nexus 7000 are used then L3 and L2 links are required for sure as mentioned on above presentation link.
Let us know if you have further questions.
Thanks,
Vishal -
How do I temporairily stop using Fire Fox? I'd like to switch back and forth with IOE.
When I first got FF, I had to click on the icon to turn it on. That was great. Now it seems to have taken over as my only operating system. I'd like to be able to switch back and forth with IE as I have lots of info located on the hard drive in places which seem easier to get to with IE. When I turn off my computer I click on the FF icon and turn it off, but to no avail. Not only is it there when I start up my machine again, it has saved some of the items which I worked on prior to shuting it down. It's becoming a real pain!!!!
Just open Internet Explorer! You can even use Firefox and IE at the same time, if you care to - Firefox doesn't stop you from using another browser, either ny itself or when Firefox is running.
-
my mobile switches off automatically with "no service " and then i get message to restore my iphone 3 .. what should i do?
Hey jayashri,
I'd give restoring a shot, but I'd make sure to back up your content first. You can read about how to do both things in the following article:
iOS: How to back up and restore your content
http://support.apple.com/kb/HT1766
Best,
Delgadoh -
Can you control switch and router access with AD (Kerberos)
I am standing up a small environment with less than 20 switches and I want to configure the authentication so that dedicated Active Directory accounts provide access to the switches. We are not going to be able to put up an ACS box, and I don't want to use RADIUS unless I have to. Since both AD and Cisco support Kerberos, is it possible to us an AD group to control access to my switches and routers?
Sam,
Have you looked at these at Cisco?
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_kerberos.html
Section "Login Authentication Using Kerberos"
http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfindx.html
or these
http://www.techrepublic.com/article/configure-cisco-routers-to-use-active-directory-authentication-the-windows-side/6180954
HTH,
Arnold -
ACS and brocade switch support!!!!
Hi Experts,
I have two queries:-
1) Does Broacade switch supports ACS ?
2) I am trying to configure a Brocade switch to get Radius authentification on an ACS server. But get the user right and not a admin right ?
Can you please tell me how do i assign the admin right for brocade switch??
Thanks in advance.
Regards
Neha.Hi,
Follow these instructions even if the ACS is already running in detailed logging mode. This will ensure that all the proper service startup information is included in the package.cab file.
System Configuration --> Service Control --> Level of detail - Full At this point, we need to duplicate the issue.
Do whatever is causing the problem, or wait for the problem to occur again if it's not triggered by a direct sequence of events. Once that's done, we need to gather the verbose logs created. To do so, follow the instructions below AFTER the problem has been recreated and recorded:
System Configuration --> Support -->Enable generate logs and Collect last x day logs and Collect Log Files
Run Support Now. Please save this file and unzip it. You will see a file called rds.log
This file contains all of the log information from ACS.
Regards -
I just purchased an ibook for my mac for the first time and it started with two pages then switched to one with notes and i can't change it back. Anyone else having this problem?
Up the top where the three buttons are (red yellow green) are three images. Click on the third image that looks like a notepad (not the first which is a library book), and that should get rid of 'Notes'. To read using two pages make the window bigger.
Maybe you are looking for
-
HP 3511 all in one won't connect to my wireless modem
I just switched providers and now can not get my printer to connect to my modem. I have tried the WPS button but it is not finding the modem I guess. I do know that my modem has two different addresses (its the new one from Grande) the tech support s
-
Ok I'm using win xp, i have the iphone 3G and when i go to back it up it starts backing up and stops Half way and thats it, I can't seem to get the 3.0 on here because of this, theres not little X where when i click it to cancel the backing up it the
-
How do i enable spanish in the safari dictionary?
I understand from the last sentence on description of the safari dictionary on the Apple website, Spanish should be supported. But no definitions for Spanish words come up. How do I enable Spanish? Is it possible to obtain translations to English
-
How to get a scroll bar for nodes?
How to get the scroll bar to work with the javafx.scene.layout.container. I tried putting in one but the SwingScrollPane requires SwingComponent. How do I put my fx nodes inside it. I could not find any way to cast the node objects into SwingComponen
-
I get a message every time I truro sync it says iTunes has stopped working windows will contact you if a solution is found.