Cisco Nexus 5010 & Cisco 3560G Native Vlan 55 ?

Similar Messages

• Native vlan for a 3550XL swtich

  hello
  i have the follow dilemma. a 3550XL has a voice vlan 10 , a data vlan 20 and an management vlan 99. assinging the vlan 10 as native wil remove its tagg across the trunk ports. also cisco recomends native vlan not be the same as management vlan . but when i made the vlan 99 the vlan 1 goes in shutdown situation . so what is the best practice about tha native vlan into a voice switch ?
  thanks

  IEEE 802.1Q Configuration Considerations
  IEEE 802.1Q trunks impose these limitations on a network:
  In a network of Cisco switches connected through IEEE 802.1Q trunks, the switches maintain one instance of spanning tree for each VLAN allowed on the trunks. Non-Cisco devices might support one spanning-tree instance for all VLANs.
  When you connect a Cisco switch to a non-Cisco device through an IEEE 802.1Q trunk, the Cisco switch combines the spanning-tree instance of the VLAN of the trunk with the spanning-tree instance of the non-Cisco IEEE 802.1Q switch. However, spanning-tree information for each VLAN is maintained by Cisco switches separated by a cloud of non-Cisco IEEE 802.1Q switches. The non-Cisco IEEE 802.1Q cloud separating the Cisco switches is treated as a single trunk link between the switches.
  Make sure the native VLAN for an IEEE 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning-tree loops might result.
  Disabling spanning tree on the native VLAN of an IEEE 802.1Q trunk without disabling spanning tree on every VLAN in the network can potentially cause spanning-tree loops. We recommend that you leave spanning tree enabled on the native VLAN of an IEEE 802.1Q trunk or disable spanning tree on every VLAN in the network. Make sure your network is loop-free before disabling spanning tree.
  http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_sec/configuration/guide/swvlan.html

• Connecting a WS-C4948 to a Nexus 5010

  is it possible to connect a WS-C4948 switch to a Nexus 5010? I have a flat network with no vlans.I know you are suppose to use the first 8 ports of the Nexus to get it to be on a 1GB port. What gbic am i to use on the ws-c4948 switch? if using a fiber cable or a rj45 cable?

  I was able to get it to work.....thank  you for the guys who responded!!
  configuration on the WS-C4948:
  interface GigabitEthernet1/48
  description connection to nexus5010
  media-type rj45
  interface Vlan1
  ip address 10.x.x.226 255.0.0.0
  ip default-gateway 10.x.x.1
  configuration on the Nexus 5010:
  vrf context management
  vlan 1
  interface Vlan1
    no shutdown
    ip address 10.x.x.223/8
  interface Ethernet1/1
    switchport mode trunk
    speed 1000
  steps on adding vlan 1 and adding an IP address on the Nexus 5010:
  - remove int mgmt 0, ip address and vrf context management
  nexus5010(config)# int mgmt 0
  nexus5010(config-if)# no ip address
  nexus5010(config-if)# vrf context management
  nexus5010(config-vrf)# no ip route 0.0.0.0/0 10.x.x.1
  nexus5010(config-vrf)# exit
  - turn on feature interface-vlan, create int vlan 1, add IP address, no shut, add vrf context default
  nexus5010(config)# feature interface-vlan
  nexus5010(config)# int vlan 1
  nexus5010(config-if)# ip address 10.x.x.223/8
  nexus5010(config-if)# no shut
  nexus5010(config-if)# exit
  nexus5010(config)# vlan 1
  nexus5010(config-vlan)# exit
  nexus5010(config)# vrf context default
  nexus5010(config)# ip route 0.0.0.0/0 10.x.x.1
  nexus5010(config)# exit

• Cisco Nexus 5010 FCOE Interconnection

  Hi, i would really apreciate your help on this  doubt.
  Is it possible to create a link between two cisco nexus 5010
  using  CNA interfaces ?
  I've already configured the ethernet interfaces(where the cna is plugged in),
  i've binded the E1/2, mapped the vsan, created specific traffic vlan, and so on ...
  I have  tried everything what's written in the manual but the vcf interface won't set up, keeps telling me "vcf is down" .
  What am i doing wrong ? or this connection is imposible ...
  Thanks in advance.

  5020A.1# show vlan fcoe
  Original VLAN ID        Translated VSAN ID      Association State
        100                       100              Operational
  5020A.1# sho feature | grep np
  npiv                  1         disabled
  npv                   1         enabled
  5020A.1# sho interface brief | grep -i fc
  fc2/3      100    NP     off     up               swl    NP      4    --
  fc2/4      100    NP     off     up               swl    NP      4    --
  vfc15      100    F      on      trunking         --     TF      auto --
  !!!here's vfc15 and it's associated interface
  5020A.1# sho run int vf15
  !Command: show running-config interface vfc15
  !Time: Thu Feb 17 12:45:29 2011
  version 5.0(2)N2(1)
  interface vfc15
    bind interface Ethernet1/15
    no shutdown
  5020A.1# show inter e1/15 status
  Port          Name               Status    Vlan      Duplex  Speed   Type
  Eth1/15       FCoE ports  connected trunk     full    10G     1/10g     
  5020A.1# sho run int e1/15
  !Command: show running-config interface Ethernet1/15
  !Time: Thu Feb 17 12:45:33 2011
  version 5.0(2)N2(1)
  interface Ethernet1/15
    description FCoE ports
    switchport mode trunk
    switchport trunk allowed vlan 1,10,30,100
    spanning-tree port type edge trunk
    load-interval counter 2 30
    load-interval counter 3 30
  5020A.1#
  5020A.1#
  5020A.1#
  I'd use this to get a look at FIP
  ethanalyzer local sniff-interface inbound-hi detailed-dissection display-filter vlan.etype==0x8914 limit-captured 200 write bootflash:fipcap1.pcap
  This is assuming that your eth1/2 is working and up.
  reply w/your associated show commands
  show fcoe vlan
  show feature | grep np
  show interface brief | grep -i fc
  show vsan
  sho run inter vfc x
  show run inter eth x/y
  show inter eth x/y status
  other questions
  1. what OS?
  2. what vendor of CNA card?
  Joe

• Cisco SF302-08P пропадает с порта trunk native vlan, когда подключаю IP PHONE.

  Здравствуйте!
  У меня возникла проблема с коммутатором Cisco SF302-08P. В частности проблема заключается в настройке порта для IP phone и ПК.
  Как известно это PoE коммутатор.
  vlan database
  vlan 47,147
  exit
  voice vlan id 147
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  hostname DepGrajdIniciativ
  ip ssh server
  snmp-server server
  ip telnet server
  interface vlan 47
   ip address 172.27.47.253 255.255.255.0
   no ip address dhcp
  interface fastethernet1
   storm-control broadcast enable
   storm-control broadcast level 10
   storm-control include-multicast
   port security max 10
   port security mode max-addresses
   port security discard trap 60
   spanning-tree portfast
   switchport trunk allowed vlan add 147
   switchport trunk native vlan 47                 <-----               
   macro description ip_phone_desktop
   !next command is internal.
   macro auto smartport dynamic_type ip_phone_desktop
  147 влан для Ip phone. 47 влан для компьютера.
  Дело в том, что когда, например, на 1 порт подключаю IP phone (cisco 6921), с порта пропадает настройка  "switchport trunk native vlan 47", соотвественно, на компьютере, который подключен к телефону на порт "computer", пропадает связь (теряется vlan 47?).  Приходится по новой прописывать, но он сохраняется до следующей перезагрзуки коммутатора или телефона.
  P.S. настройки на коммутаторе сохраняем командой "copy run start" или "wr". На телефоне "admin vlan" указан 147. 
  P.S.S. телефон питается по PoE.
  В чем может быть проблема? я работал со многими cisco коммутаторами, но нигде такой картины не видел....

• Native VLAN on Cisco 3750x vs Cisco 2960S

  Hi,
  I have a scenario where I connect my Cisco switch 2960s with Cisco router 1941 as photo below
  My question is when i connect router with cisco 2960s I config interface Gi1/0/1 as a trunk. everything work fine, I can ping from router to switch(172.16.29.2).
  But when I changed to cisco 3750x, i config interface Gi1/0/1 as a trunk, it cannot ping from router to switch(172.16.29.2). But after I add native vlan 30 on interface Gi1/0/1 I can ping from router to switch (172.16.29.2)
  Any idea why ? is there any different of native vlan on cisco 2960s and 3750x ?
  Thank you for your kind answer
  John

  Hi John
  It seems for me that the 3750 is doing what it should do, if the router do not have subinterfaces and dot1q, it will send traffic without dot1q tag, and the 3750 will drop these packets because they arrive without a tag. That's why native vlan fixes the problem.
  The 2960 should work the same way that 3750 do, so I wonder if there is some differences in the config between the switches.
  Can You share the config for gi0/1 on the router and also the switchportconfig for both switches.
  Also a "show interface gi1/0/1 switchport" for both switches.
  /Mikael

• Native VLAN on Cisco Switches

  I have a question regarding the default native  vlan, I have a cisco based environment and I set vlan XXX on a native on  trunk links, I also running Multiple Spanning Tree on my switches &  create instances for vlan segregation.
  My question is here could I put vlan 1 (default) in any of instance or not?
  Thanks & Regards,

  With MST, it is not running per VLAN spanning tree, it sends all BPDUs via instance 0 which is called the CIST. These frames are sent untagged via the native VLAN. Normally this is VLAN 1 but if you change it to another VLAN then the BPDUs are sent untagged on that native VLAN.
  Regarding if to use instance 0 or not, it is often recommended to create as many instances as you need to create the desired topology (usually two) and put your VLANs in those instances. It's a good pratice to map all your VLANs straight away because changing the instance to VLAN mapping makes the MST region become multi region until they all have the same instance to VLAN mapping.
  I would keep all VLANs out of instance 0 but it's definitely possible to have VLANs mapped in instance 0 as well.
  Daniel Dib
  CCIE #37149
  Please rate helpful posts.

• Default/native vlan- voip data question- cisco sf300

  hi everybody,
  I have to set up voip and data vlans on cisco sf 300-24P. I will set up phones over LLDP and
  on the same port (on switch) I will have untagged vlan 10 for data, so PC will be connected
  through IP phones on network.
  So what confuses me that on SF 300 under VLAN mgmt--> Default VLAN settings you got
  options to change default VLAN id (which is of course VLAN1) which will be active after reboot.
  How come that you can change default vlan? Isnt that default vlan is always vlan 1 and you can
  change native vlan to be something else- let say vlan 10 which will be untagged vlan for data?
  So what is best practise- should I just leave default vlan 1 and use it for data also or I sholud
  change it to let say VLAN 10 to be native and use it for data.
  And what will be with default VLAN 1 if I change it with above mentioned procedure?
  Thx!

  Hi,
  Best Practice is to leave Vlan 1 for management purposes only. Create yourself a DATA and VOICE vlan. Usually Management vlan does not have DHCP enabled and have to static assigned pc within your management vlan for access. I would say that it really depends on how the rest of your network is configured depending on configuration of switch now. Unless this is a clean install. 
  Hope this helps,
  Jasbryan

• How to get info over snmp on cisco switch whether native vlan on a port is tagged or not?

  Hi!
  I want to know which oid(s) should I query to know whether native vlan on trunk port on cisco switch is tagged or not?
  I am querying the oid .1.3.6.1.4.1.9.9.46.1.6.3.0 (vlanTrunkPortsDot1qTag) on cisco 3560 (E Series) and I am getting global value. Also, this OID is showing as deprecated. So I query .1.3.6.1.4.1.9.9.246.1.6 (cltcDot1qAllTagged) and its subtree, but no value is returned.
  Switch Version is
  Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(50)SE2

  Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
  Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
  That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
  HTH,
  Steve

• Nexus 5010 vlan supported limits

  Hi,
  Just wanted to know whether the configuration  limits of 512 vlan on Nexus 5010 specified in the document below are software limitation which can be removed by adding enhanced image etc or hard limits which cannot be removed.
  http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration_limits/limits_503/nexus_5000_config_limits_503_n1_1b.html
  Regards
  Vijay Sequeira

  Hard limits. There is no special license that can increase the numbers. Nexus doesnt have the concept of enhanced images either there is a single OS image and you just unlock specific features (eg fibre channel/fcoe  features) by applying licences.

• Private Vlan, Etherchannel and Isolated Trunk on Nexus 5010

  I'm not sure if I'm missing something basic here however i though that I'd ask the question. I recieved a request from a client who is trying to seperate traffic out of a IBM P780 - one set of VIO servers/clients (Prod) is tagged with vlan x going out LAG 1 and another set of VIO server/clients (Test) is tagged with vlan y and z going out LAG 2. The problem is that the management subnet for these devices is on one subnet.
  The infrastructure is the host device is trunked via LACP etherchannel to Nexus 2148TP(5010) which than connects to the distribution layer being a Catalyst 6504 VSS. I have tried many things today, however I feel that the correct solution to get this working is to use an Isolated trunk (as the host device does not have private vlan functionality) even though there is no requirement for hosts to be segregated. I have configured:
  1. Private vlan mapping on the SVI;
  2. Primary vlan and association, and isolated vlan on Distribution (6504 VSS) and Access Layer (5010/2148)
  3. All Vlans are trunked between switches
  4. Private vlan isolated trunk and host mappings on the port-channel interface to the host (P780).
  I haven't had any luck. What I am seeing is as soon as I configure the Primary vlan on the Nexus 5010 (v5.2) (vlan y | private-vlan primary), this vlan (y) does not forward on any trunk on the Nexus 5010 switch, even without any other private vlan configuration. I believe this may be the cause to most of the issues I am having. Has any one else experienced this behaviour. Also, I haven't had a lot of experience with Private Vlans so I might be missing some fundamentals with this configuration. Any help would be appreciated.

  Hello Emcmanamy, Bruce,
  Thanks for your feedback.
  Just like you, I have been facing the same problematic last months with my customer.
  Regarding PVLAN on FEX, and as concluded in Bruce’s previous posts I understand :
  You can configure a host interface as an isolated or community access port only.
  We can configure “isolated trunk port” as well on a host interface. Maybe this specific point could be updated in the documentation.  
  This ability is documented here =>
  http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/layer2/513_N2_1/b_Cisco_n5k_layer2_config_gd_rel_513_N2_1_chapter_0101.html#task_1170903
  You cannot configure a host interface as a promiscuous  port.
  You cannot configure a host interface as a private  VLAN trunk port.
  Indeed a pvlan is not allowed on a trunk defined on a FEX host interface.
  However since NxOS 5.1(3)N2(1), the feature 'PVLAN on FEX trunk' is supported. But a command has to be activated before => system private-vlan fex trunk . When entered a warning about the presence of ‘FEX isolated trunks’ is prompted.
  http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/layer2/513_N2_1/b_Cisco_n5k_layer2_config_gd_rel_513_N2_1_chapter_0101.html#task_16C0869F1B0C4A68AFC3452721909705
  All these conditions are not met on a N5K interface.
  Best regards.
  Karim

• Cisco ACE default vlan

  Hello everybody,
  I am installing a ACE 4700 in a customer but when i started to work and saw their topology, then i realized that i had a problem. The problem is that i cannot create the interface vlan 1 and assign an ip address to it. I saw some documments is cisco.com site that the ACE hide this vlan.
  Follows my topology:
  Servers vlan are the vlan 1
  Clients vlans are 5
  Management vlan is 8
  As i undertood, the ACE has to have at least one interface in the servers vlan, but i cant create the VLAN 1. So my problem is, how do i unhide the vlan 1 in the ACE so i can configure an ip address on it.
  Leandro

  If you can't have the customer migrate the servers into a different VLAN, you need to trick a bit, as VLAN1 is not usable on the ACE.
  Pick a VLAN number that you will use inside the ACE for the outer VLAN1. Say, VLAN101.
  If you have an access port connecting to the server segment, just set it to 101:
       switchport access vlan 101
  If you connect via a trunk, set your native VLAN to 101:
       switchport trunk native vlan 101

• Cisco 2950 dual Vlans

  I have 2 Cisco 2950 switches one for each network in my office. One switch is full the other only has 8 ports used. Since both swithches are 24 port I though I might be able to split the switch on the underused network and allocate 12 ports on it to the other busy network.
  I assume I have to create 2 Vlans on the switch, but can I assign 1 vlan with the same IP as the other switch and simply patch them together.

  Hi Mark,
  first of all i have a question.... Why do u need ip adresses on your switch? just to manage them?
  If so here is my suggestion...
  u should assign 3 vlans not 2... make one of them your management vlan and assing an ip addresses from a diffent subnet than your nodes. Then configure a trunk between the two switches. Remember to make your management vlan the native vlan (switchport trunk native vlan ).
  Next u assign each port to the appropriate vlan and your done.
  If u manage the switches via console port, forget about ip adresses... u dont need one. just make two vlans and assign the ports (dont forget the trunk).
  Regards,
  Sebastian

• Cisco 3560G and max MTU Size

  Hello
  I have an Cisco 3560G with an version 15.0(1)SE2 IOS. I want to forward Jumbo frames (ISCSI packets) through this switch.
  On my SAN, each interface have been configured on 9000 bytes.
  On this switch, I have this output :
  Sw1#sh system mtu
  System MTU size is 1500 bytes
  System Jumbo MTU size is 9000 bytes
  System Alternate MTU size is 1500 bytes
  Routing MTU size is 1500 bytes
  Sw1#
  I would like to know how to increase, if possible, the Jumbo MTU to 9198 bytes. I want to do that because the 9000 bytes ISCSI packets normally will been encapsuled using vlan so the ethernet packet will increase to 9022 (Ethernet 18bytes and extra 4 bytes for vlan).
  If the Jumbo MTU reconfiguration is not possible, the ISCSI packets will be fragmented each time it forwarded through the switch isn't it ??
  Thanks in advance for your help.
  Have a nice day
  Matt

  Hi Bilal
  Thanks for your reply.
  In the document, Cisco add note on the top of the webpage on the Components Used : "Note: In all the examples in this document, unless specifically mentioned, all values that quote MTU in bytes omit the 18 bytes for the Ethernet header and Frame Check Sequence (FCS)."
  So In my mind, the 3560G switch will not drop 9018 ethernet bytes but will normally drop the vlan Jumbo frames (9022 ethernet bytes).
  I think Cisco will included the Ethernet header and FCS on the document because networks admins included it and not think to on payload data.
  Matt

• Nexus 7k and native vlan 1

  Hi, is it recommended to use a native vlan other than 1 on the trunks connecting Nexus box's. It used to be that you should not use native vlan 1 on the trunks between switches. Is this not an issue anymore.
  Thanks

  Hi Chuck,
  It is recomended to use a different vlan other than vlan 1 as your default vlan.
  This is one of the best practices for secure the overall network.
  For eg.
  In a switch spoofing attack, an attacking host imitates a trunking  switch by speaking the tagging and trunking protocols (e.g. Multiple  VLAN Registration Protocol, IEEE 802.1Q, VLAN Trunking Protocol) used in  maintaining a VLAN. Traffic for multiple VLANs is then accessible to  the attacking host. 
  HTH,
  Aman