Cisco Nexus 7604

Similar Messages

• Routing issue between Cisco Nexus and Cisco 4510 R+E Chassis

  We have configured Cisco Nexus 7K9 as core and Cisco 4510 R+E as access switches for Server connectivity.
  We are experiencing problem in terms of ARP learning and Ping issues between Cisco Nexus and end hosts.

  Hi,
  So you have N7k acting as L3 with servers connected to 4510?.
  Do you see the MAC associated with failing ARP in 4510?. Is it happening with all or few servers?. Just to verify if it is connectivity issue between N7k and 4510, you can configure an SVI on 4510 and assign address from same raneg (server/core range) and perform a ping.
  This will help narrow down if issue is between server to 4510 or 4510 to N7k.
  Thanks,
  Nagendra

• FCoE with Cisco Nexus 5548 switches and VMware ESXi 4.1

  Can someone share with me what needs to be setup on the Cisco Nexus side to work with VMware in the following scenario?
  Two servers with two cards dual port FCoE cards with two ports connected to two Nexus 5548 switches that are clusterd together.  We want to team the ports together on the VMware side using IP Hash so what should be done on the cisco side for this to work? 
  Thanks...

  Andres,
  The Cisco Road Map for the 5010 and 5020 doesn't include extending the current total (12) FEX capabities.  The 5548 and 5596 will support more (16) per 55xxk, and with the 7K will support upto 32 FEX's.
  Documentation has been spotty on this subject, because the term 5k indicates that all 5000 series switches will support extended FEX's which is not the case only the 55xx will support more than 12 FEX.  Maybe in the future the terminology for the 5k series should be term 5000 series and 5500 series Nexus, there are several differences and advancements between the two series.

• Ask the Expert: Basic Introduction and Troubleshooting on Cisco Nexus 7000 NX-OS Virtual Device Context

  With Vignesh R. P.
  Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions of Cisco expert Vignesh R. P. about the Cisco® Nexus 7000 Series Switches and support for the Cisco NX-OS Software platform .
  The Cisco® Nexus 7000 Series Switches introduce support for the Cisco NX-OS Software platform, a new class of operating system designed for data centers. Based on the Cisco MDS 9000 SAN-OS platform, Cisco NX-OS introduces support for virtual device contexts (VDCs), which allows the switches to be virtualized at the device level. Each configured VDC presents itself as a unique device to connected users within the framework of that physical switch. The VDC runs as a separate logical entity within the switch, maintaining its own unique set of running software processes, having its own configuration, and being managed by a separate administrator.
  Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
  Remember to use the rating system to let Vignesh know if you have received an adequate response. 
  Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Data Center sub-community discussion forum shortly after the event. This event lasts through through January 18, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Vignesh
  Is there is any limitation to connect a N2K directly to the N7K?
  if i have a an F2 card 10G and another F2 card 1G and i want to creat 3 VDC'S
  VDC1=DC-Core
  VDC2=Aggregation
  VDC3=Campus core
  do we need to add a link between the different VDC's
  thanks

• Ask the Expert: Cisco Nexus 2000, 5000, and 6000 Series Switches

  with Cisco Expert Vinayak Sudame
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions how to configure and troubleshoot the Cisco Nexus 2000, 5000 and 6000 Series Switches with Cisco subject matter expert Vinayak Sudame. You can ask any question on configuration, troubleshooting, features, design and Fiber Channel over Ethernet (FCoE).
  Vinayak Sudame is a Technical Lead in Data Center Switching Support Team within Cisco's Technical Services in RTP, North Carolina. His current responsibilities include but are not limited to Troubleshooting Technical support problems and Escalations in the areas of Nexus 5000, Nexus 2000, FCoE. Vinayak is also involved in developing technical content for Cisco Internal as well as external. eg, Nexus 5000 Troubleshooting Guide (CCO), Nexus 5000 portal (partners), etc. This involves cross team collaboration and working with multiple different teams within Cisco. Vinayak has also contributed to training account teams and partners in CAE (Customer Assurance Engineering) bootcamp dealing with Nexus 5000 technologies. In the past, Vinayak's responsibilities included supporting MDS platform (Fiber Channel Technologies) and work with EMC support on Escalated MDS cases. Vinayak was the Subject Matter Expert for Santap Technologies before moving to Nexus 5000 support. Vinayak holds a Masters in Electrical Engineering with Specialization in Networking from Wichita State University, Kansas. He also holds Cisco Certification CCIE (#20672) in Routing and Switching.
  Remember to use the rating system to let Vinayak know if you have received an adequate response.
  Vinayak might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Data Center sub-community, Other Data Center Topics discussion forum shortly after the event.
  This event last through Friday July 12, 2013. Visit the community often to view responses to youe questions of other community members.

  Hi Vinayak,
  Output of "show cfs internal ethernet-peer database"
  Switch 1
  ETH Fabric
  Switch WWN              logical-if_index
  20:00:54:7f:ee:b7:c2:80 [Local]
  20:00:54:7f:ee:b6:3f:80 16000005
  Total number of entries = 2
  Switch 2
  ETH Fabric
  Switch WWN              logical-if_index
  20:00:54:7f:ee:b6:3f:80 [Local]
  20:00:54:7f:ee:b7:c2:80 16000005
  Total number of entries = 2
  Output of "show system internal csm info trace"
  Switch 1 in which "show cfs peers" show proper output
  Mon Jul  1 05:46:19.145339  (CSM_T) csm_sp_buf_cmd_tbl_expand_range(8604): No range command in buf_cmd_tbl.
  Mon Jul  1 05:46:19.145280  (CSM_T) csm_set_sync_status(6257): Peer RT status PSSed
  Mon Jul  1 05:46:19.145188  (CSM_T) csm_sp_handle_local_verify_commit(4291):
  Mon Jul  1 05:46:19.145131  csm_continue_verify_ac[597]: peer is not reachable over CFS so continuing with local verify/commit
  Mon Jul  1 05:46:19.145071  csm_tl_lock(766): Peer information not found for IP address: '172.16.1.54'
  Mon Jul  1 05:46:19.145011  csm_tl_lock(737):
  Mon Jul  1 05:46:19.144955  (CSM_EV) csm_sp_build_tl_lock_req_n_send(941): sending lock-request for CONF_SYNC_TL_SESSION_TYPE_VERIFY subtype 0 to Peer ip = (172.16.1.54)
  Mon Jul  1 05:46:19.143819  (CSM_T) csm_copy_image_and_internal_versions(788): sw_img_ver: 5.2(1)N1(2a), int_rev: 1
  Mon Jul  1 05:46:19.143761  (CSM_T) csm_sp_get_peer_sync_rev(329): found the peer with address=172.16.1.54 and sync_rev=78
  Mon Jul  1 05:46:19.143699  (CSM_T) csm_sp_get_peer_sync_rev(315):
  Mon Jul  1 05:46:19.143641  (CSM_EV) csm_sp_build_tl_lock_req_n_send(838): Entered fn
  Mon Jul  1 05:46:19.143582  (CSM_T) csm_set_sync_status(6257): Peer RT status PSSed
  Switch 2 in which "show cfs peers" does not show proper output
  Mon Jul  1 06:13:11.885354  (CSM_ERR) csm_pss_cmd_tree_walk_cb(2057): Parent command not found for cmd switchport mode trunk, cmd pseq 77 seq 482
  Mon Jul  1 06:13:11.884992  (CSM_ERR) csm_pss_cmd_tree_walk_cb(2057): Parent command not found for cmd channel-group 51 mode active, cmd pseq 357 seq 369
  Mon Jul  1 06:13:11.884932  (CSM_ERR) csm_pss_cmd_tree_walk_cb(2057): Parent command not found for cmd switchport trunk allowed vlan 2, 11, cmd pseq 357 seq 368
  Mon Jul  1 06:13:11.884872  (CSM_ERR) csm_pss_cmd_tree_walk_cb(2057): Parent command not found for cmd switchport mode trunk, cmd pseq 357 seq 367
  Mon Jul  1 06:13:11.884811  (CSM_ERR) csm_pss_cmd_tree_walk_cb(2057): Parent command not found for cmd description process_vpc, cmd pseq 357 seq 366
  Mon Jul  1 06:13:11.884750  (CSM_ERR) csm_pss_cmd_tree_walk_cb(2057): Parent command not found for cmd channel-group 51 mode active, cmd pseq 352 seq 365
  Mon Jul  1 06:13:11.884690  (CSM_ERR) csm_pss_cmd_tree_walk_cb(2057): Parent command not found for cmd switchport trunk allowed vlan 2, 11, cmd pseq 352 seq 364
  Mon Jul  1 06:13:11.884630  (CSM_ERR) csm_pss_cmd_tree_walk_cb(2057): Parent command not found for cmd switchport mode trunk, cmd pseq 352 seq 363
  Mon Jul  1 06:13:11.884568  (CSM_ERR) csm_pss_cmd_tree_walk_cb(2057): Parent command not found for cmd description process_vpc, cmd pseq 352 seq 362
  Mon Jul  1 06:13:11.884207  (CSM_EV) csm_sp_acfg_gen_handler(3011):  Preparing config into /tmp/csm_sp_acfg_1733916569.txt
  Mon Jul  1 06:13:11.878695  csm_get_locked_ssn_ctxt[539]: Lock not yet taken.
  Mon Jul  1 06:13:11.878638  (CSM_EV) csm_sp_acfg_gen_handler(2937): Recieved sp acfg merge request for type: running cfg
  Mon Jul  1 06:12:29.527840  (CSM_T) csm_pss_del_seq_tbl(1989): Freeing seq tbl data
  Mon Jul  1 06:12:29.513255  (CSM_T) csm_sp_acfg_gen_handler(3106): Done acfg file write
  Mon Jul  1 06:12:29.513179  (CSM_EV) csm_sp_acfg_gen_handler(3011):  Preparing config into /tmp/csm_sp_acfg_1733911262.txt
  Mon Jul  1 06:12:29.508859  csm_get_locked_ssn_ctxt[539]: Lock not yet taken.
  Mon Jul  1 06:12:29.508803  (CSM_EV) csm_sp_acfg_gen_handler(2937): Recieved sp acfg merge request for type: running cfg
  Mon Jul  1 05:53:17.651236  Collecting peer info
  Mon Jul  1 05:53:17.651181  Failed to get the argumentvalue for 'ip-address'
  Mon Jul  1 05:40:59.262736  DB Unlocked Successfully
  Mon Jul  1 05:40:59.262654  Unlocking DB, Lock Owner Details:Client:1 ID:1
  Mon Jul  1 05:40:59.262570  (CSM_T) csm_sp_del_buf_cmd(1713): Deleting comand with Id = 1
  Mon Jul  1 05:40:59.262513  DB Lock Successful by Client:1 ID:1
  Mon Jul  1 05:40:59.262435  Recieved lock request by Client:1 ID:1
  Mon Jul  1 05:40:41.741224  ssnmgr_ssn_handle_create_get: Session FSM already present, ID:1
  Mon Jul  1 05:40:41.741167  ssnmgr_handle_mgmt_request: Create/Get request received for session[process_n5kprof]
  show cfs lock gives no output.
  Just to further clarify, we have 4 5548UP switches in the same management vlan. 2 switches are in one location lets say location A and they are CFS peers and are working fine.
  These two switches which are having problem are in location B. All the switches are in the same vlan. Essentially the all CFS multicast messages will be seen by all 5548 switches as they are in the same vlan. I am assuming that this might not create any problems as we specify the peers in the respective configurations. Or do we have to change the CFSoIPv4 multicast addresses in location B or may be configure a different region.
  Regards.

• Ask the Expert: Configuration, Design, and Troubleshooting of Cisco Nexus 1000

  With Louis Watta
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about design, configuration, and troubleshooting of Cisco Nexus 1000V Series Switches operating inside VMware ESXi and Hyper-V with Cisco expert Louis Watta. Cisco Nexus 1000V Series Switches deliver highly secure, multitenant services by adding virtualization intelligence to the data center network. With Cisco Nexus 1000V Series Switches, you can have a consistent networking feature set and provisioning process all the way from the virtual machine access layer to the core of the data center network infrastructure.
  This is a continuation of the live Webcast.
  Louis Watta is a technical leader in the services organization for Cisco. Watta's primary background is in data center technologies: servers (UNIX, Windows, Linux), switches (MDS, Brocade), storage arrays (EMC, NetApp, HP), network switches (Cisco Catalyst and Cisco Nexus), and enterprise service hypervisors (VMware ESX, Hyper-V, KVM, XEN). As a Technical Leader in Technical Services, Louis currently supports beta and early field trials (EFTs) on new Cisco software and hardware. He has more than 15 years of experience in a wide variety of data center applications and is interested in data center technologies oriented toward data center virtualization and orchestration. Prior to Cisco, Louis was a system administrator for GTE Government Systems. He has a bachelor of science degree in computer science from North Carolina State University. .
  Remember to use the rating system to let Louis know if you have received an adequate response.
  Louis might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Data Center community Unified Computing shortly after the event.
  This event lasts through Friday, JUne 14, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
  Webcast related links:
  Slides
  FAQ
  Webcast Video Recording

  Right now there is only a few features that are not supported on N1Kv on Hyper-V
  They are VXLAN and QOS Fair Weighted Queuing. We are currently demoing VXLAN functionality at Microsoft TechEd Conference this week in New Orleans. So VXLAN support should be coming soon. I can't give you a specific timeline.
  For Fair Weighted Queuing I'm not sure. In the VMware world we take advantage of NETIOC infrastructure. In the MS world they do not have a NETIOC infrastructure that we can use to create a similar feature.
  Code base parity (as in VMware and Hyper-V VSMs running NXOS 5.x) will happen with the next major N1KV release for ESX.
  Let me know if that doesn't answer your question.
  thanks
  louis

• Cisco nexus 6001 not a supported device on cisco prime infrastructure 2.1?

  I have installed Cisco Prime Infrastructure 2.2 and Prime Infrastructure still doesn't seem to support the Nexus 6001 platform? Can someone tell me if Cisco Prime Infrastructure will ever support the Cisco Nexus 6001 platform or is there any plans to support it in any future device packs? 

  The Nexus 6001 isn't currently supported in PI 2.1. There's no workaround except to wait for a device or product update that adds support. Right now I know the 9000 series is on the 2.2 roadmap but I haven't seen any reference to the 6001 and PI.
  Interestingly, Prime LMS does support both the 6001 and 6004. Reference.

• HP Servers NIC Teaming with Cisco Nexus 2000/5000

  I have number of HP switches that will be connected to Cisco Nexus 2000/5000 switches.
  In  HP Servers, there are multiple options for NIC teaming.  I like to  connect each port in a NIC card to two different Nexus 2000 switches  extension to Nexus 5000 switches.  Nexus 5000 switches will be  configured as VPC for clustering.
  Wanted to know what whould be the best NIC teaming option from the followng HP Server's NIC Teaming options:
  Automatic
  802.3ad Dynamic with Fault Tolerence
  Switch-assisted load balancing with Fault Tolerance (SLB)
  Transmit load balancing with Fault Tolerance (TLB)
  Transmit Load Balancing with Fault tolerance and preference order
  Network Fault Tolerance Only (NFT)
  Network Fault Tolerance with Preference Order

  Nexus switches only support LACP (802.3ad) or ON mode.  So, to match your server config with your switch, the first option is the best one to use.  I think, SLB is a Microsoft propriety protocol.
  HTH

• Ask the Expert: Different Flavors and Design with vPC on Cisco Nexus 5000 Series Switches

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about Cisco® NX-OS.
  The biggest limitation to a classic port channel communication is that the port channel operates only between two devices. To overcome this limitation, Cisco NX-OS has a technology called virtual port channel (vPC). A pair of switches acting as a vPC peer endpoint looks like a single logical entity to port channel attached devices. The two devices that act as the logical port channel endpoint are actually two separate devices. This setup has the benefits of hardware redundancy combined with the benefits offered by a port channel, for example, loop management.
  vPC technology is the main factor for success of Cisco Nexus® data center switches such as the Cisco Nexus 5000 Series, Nexus 7000 Series, and Nexus 2000 Series Switches.
  This event is focused on discussing all possible types of vPC along-with best practices, failure scenarios, Cisco Technical Assistance Center (TAC) recommendations and troubleshooting
  Vishal Mehta is a customer support engineer for the Cisco Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in TAC for the past 3 years with a primary focus on data center technologies, such as the Cisco Nexus 5000 Series Switches, Cisco Unified Computing System™ (Cisco UCS®), Cisco Nexus 1000V Switch, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching, and service provider.
  Nimit Pathak is a customer support engineer for the Cisco Data Center Server Virtualization TAC team based in San Jose, California, with primary focus on data center technologies, such as Cisco UCS, the Cisco Nexus 1000v Switch, and virtualization. Nimit holds a master's degree in electrical engineering from Bridgeport University, has CCNA® and CCNP® Nimit is also working on a Cisco data center CCIE® certification While also pursuing an MBA degree from Santa Clara University.
  Remember to use the rating system to let Vishal and Nimit know if you have received an adequate response. 
  Because of the volume expected during this event, Vishal and Nimit might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure Community, under the subcommunity LAN, Switching & Routing, shortly after the event. This event lasts through August 29, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Gustavo
  Please see my responses to your questions:
  Yes almost all routing protocols use Multicast to establish adjacencies. We are dealing with two different type of traffic –Control Plane and Data Plane.
  Control Plane: To establish Routing adjacency, the first packet (hello) is punted to CPU. So in the case of triangle routed VPC topology as specified on the Operations Guide Link, multicast for routing adjacencies will work. The hellos packets will be exchanged across all 3 routers and adjacency will be formed over VPC links
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999181
  Now for Data Plane we have two types of traffic – Unicast and Multicast.
  The Unicast traffic will not have any forwarding issues, but because the Layer 3 ECMP and port channel run independent hash calculations there is a possibility that when the Layer 3 ECMP chooses N5k-1 as the Layer 3 next hop for a destination address while the port channel hashing chooses the physical link toward N5k-2. In this scenario,N5k-2 receives packets from R with the N5k-1 MAC as the destination MAC.
  Sending traffic over the peer-link to the correct gateway is acceptable for data forwarding, but it is suboptimal because it makes traffic cross the peer link when the traffic could be routed directly.
  For that topology, Multicast Traffic might have complete traffic loss due to the fact that when a PIM router is connected to Cisco Nexus 5500 Platform switches in a vPC topology, the PIM join messages are received only by one switch. The multicast data might be received by the other switch.
  The Loop avoidance works little different across Nexus 5000 and Nexus 7000.
  Similarity: For both products, loop avoidance is possible due to VSL bit
  The VSL bit is set in the DBUS header internal to the Nexus.
  It is not something that is set in the ethernet packet that can be identified. The VSL bit is set on the port asic for the port used for the vPC peer link, so if you have Nexus A and Nexus B configured for vPC and a packet leaves Nexus A towards Nexus B, Nexus B will set the VSL bit on the ingress port ASIC. This is not something that would traverse the peer link.
  This mechanism is used for loop prevention within the chassis.
  The idea being that if the port came in the peer link from the vPC peer, the system makes the assumption that the vPC peer would have forwarded this packet out the vPC-enabled port-channels towards the end device, so the egress vpc interface's port-asic will filter the packet on egress.
  Differences:  In Nexus 5000 when it has to do L3-to-L2 lookup for forwarding traffic, the VSL bit is cleared and so the traffic is not dropped as compared to Nexus 7000 and Nexus 3000.
  It still does loop prevention but the L3-to-L2 lookup is different in Nexus 5000 and Nexus 7000.
  For more details please see below presentation:
  https://supportforums.cisco.com/sites/default/files/session_14-_nexus.pdf
  DCI Scenario:  If 2 pairs are of Nexus 5000 then separation of L3/L2 links is not needed.
  But in most scenarios I have seen pair of Nexus 5000 with pair of Nexus 7000 over DCI or 2 pairs of Nexus 7000 over DCI. If Nexus 7000 are used then L3 and L2 links are required for sure as mentioned on above presentation link.
  Let us know if you have further questions.
  Thanks,
  Vishal

• Cisco Nexus 5596 does not boots up after NX-OS upgrade 5.1.3.N1.1 to 6.0.2.N2.5 [CSCun66310]

  Hello Friends,
  Just want to save your precious time & effort, while doing Nexus 5596 upgrades so wanted to share some useful info which you can have a look prior to your upgrades of Cisco Nexus 5596 device.
  I recently ran into trouble when upgarding one of datacenter switch Nexus 5596 does not boots up and after investigation from Cisco TAC it comes out to be Bug documented below.
  https://tools.cisco.com/bugsearch/bug/CSCun66310/?reffering_site=dumpcr
  My Upgrade path of device was : 5.1(3)N1(1)  to  6.0(2)N2(5).
  Since this upgarde involves upgrade of Bios and Power sequensor, I was having some doubts to get this succesfully upgraded,  But there was more twist involved in this upgrade which I came to know after contacting Cisco TAC for my died Nexus 5596 device and got info that if you have below impacted version in your Nexus 5596 device and you are planning to do Upgrade, then you migh RUN into this serious BUG aftre which device won't come up at all and only Option left is to replace with RMA device.
  PID                            Impacted                   Hardware versions      Updated Versions
  UCS-FI-6296UP                                            1.0                                       1.1
  N5K-C5596UP                                              1.0                                        1.1
  N5K-C5596T                                                 1.1                                         1.2
  You can check hardware version using below command from your device.
  5596# show sprom sup | inc H/W
  H/W Version     : 1.1
  So please be carefull when planning your Nexus 5596 upgrade and verify above things as this Bug is not present anywhere in Upgrade docuemntations unfortunately.
  Hope this will help and save someone's precious Time.

  Today "upgraded" our switch (N5k-C5596UP) to from 5.1(2)N1 to 7.0(5) and after reboot no life from the switch either. Even no console response. show sprom sup | inc H/W shows 1:0.
  Only thing we could do is RMA the switch. So what must I do with these switches? Have still to do 3 of them.

• Cisco Nexus 3000 ssh access

  I have a Cisco  Nexus 3172T in a small environment running System version: 6.0(2)U3(1). I am using a vlan as management access, i.e. vlan100 is on every device and is using for snmp/ssh access. On the same switch I have one non-switchport (routed) port (eth1/6 in this case) connecting to a remote datacenter. I am able to SNMP poll and ping the vlan100 interface on the switch from everywhere, and I am able to SSH login while I am connected on any of the VLANs that are known to the switch. My problem comes when trying to access (SSH) the switch from the remote datacenter location (SNMP/Ping also works from the remote location). The only way to SSH access the switch from the remote location is only if I SSH in on the routed port (i.e. eth 1/6).
  I am not using the dedicated management port on the switch (nor I have any plans in the future). I am also running very plain config, a few switchports, one routed port, and the default control-plane policy (which is only policy pps). There are the ACLs on the VTY.
  Am I running into a known bug or is there some configuration requirement to allow this ?
  thanks
  dragan

  Its not in a VRF or anything like that is it?
  Also have you tried setting the ssh source interface to be vlan 100.
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/security/6x/b_Cisco_n3k_Security_Config_6x/b_Cisco_n3k_Security_Config_6x_chapter_0110.html#task_4AFC76AF5CD04C728EF30CB15EAE2655

• Aborting the show file command ouput in cisco nexus

  Hi all ,
  In order to verify the md5 value in cisco nexus image  we need to use show file bootflash:image md5sum command. But instead of that we given show file bootflash:image . And it is continiously showing the entire file content and full junk values coming in console. I have given ctrl+shift+6 to abort the ouput. But it is not stopping and now i am not able to do anything in console. Any suggestion to abort that.
  Thanks,
  Vijay

  Hi All,
  I just cleared the console session from tty lines using the below command,
  clear line linename.
  After this , console responded and we are able to access it.
  Thanks,
  Vijay.

• Enabling ECN marking on Cisco nexus 3064

  Hi,
  I have a requirement to enable ECN marking on CIsco nexus 3064 switch. ECT(0) traffic is being switched.
  Tried the below configs, But not quite helping.
  ==================================
  n# sh policy-map type network-qos nq_pm_1
    Type network-qos policy-maps
    ===============================
    policy-map type network-qos nq_pm_1
      class type network-qos nq_cm_1
        mtu 1500
        congestion-control random-detect ecn
      class type network-qos class-default
        mtu 1500
       congestion-control random-detect ecn
  n# sh run | beg "system qos"
  system qos
    service-policy type qos input iscsi
    service-policy type network-qos nq_pm_1
  n# sh policy-map type queuing pqu
    Type queuing policy-maps
    ========================
    policy-map type queuing pqu
      class type queuing cqu
        random-detect minimum-threshold 10 packets maximum-threshold 350 packets
        bandwidth percent 50
      class type queuing class-default
        bandwidth percent 50
        random-detect minimum-threshold 5 packets maximum-threshold 5 packets
  n# sh run int e1/21
  !Command: show running-config interface Ethernet1/21
  !Time: Tue Apr 29 09:04:35 2014
  version 5.0(3)U5(1b)
  interface Ethernet1/21
    no switchport
    service-policy type queuing output pqu
    ip address 15.0.20.1/24
  what could possibly be missing?
  Thanks
  Jose.

  Duplicate post.  
  Go here:  http://supportforums.cisco.com/discussion/12190426/ecn-marking-cisco-nexus-3064

• Cisco Nexus 1000v Virtual Switch for Hyper-V Availability

  Hi,
  Does anyone have any information on the availability of the Cisco Nexus 1000v virtual switch for Hyper-V. Is it available to download from Cisco yet? If not when will it be released? Are there any Beta programs etc?
  I can download the 1000v for VmWare but cannot find any downloads for the Hyper-V version.
  Microsoft Partner

  Any updates on the Cisco Nexus 1000v virtual switch for Hyper-V? Just checked on the Cisco site, however still only the download for VMware and no trace of any beta version. Also posted the same question at:
  http://blogs.technet.com/b/schadinio/archive/2012/06/09/windows-server-2012-hyper-v-extensible-switch-cisco-nexus-1000v.aspx
  "Hyper-V support isn't out yet. We are looking at a beta for Hyper-V starting at the end of February or the begining of March. "
  -Ian @ Cisco Community
  || MCITP: EA, VA, EMA, Lync SA, makes a killer sandwich. ||

• Cisco Nexus 5K + Micrososft Radius for Admin Authentication

  Hi,
  I have cisco 3750 switches configured to use MS radius for administrator authention. however, now I would like to add our cisco nexus switches to MS radius as well so that administrators are authenticated against the Microsoft radius for admin authention.
  I tried it earlier but it won't accept 3750 commands.. Can you please help with me with a configuration example please that I can follow?
  the commands I have used on 3750 are as follows:
  aaa new-model
  aaa authentication login vtylogin group radius local
  aaa authentication login conlogin group radius local
  aaa authentication enable default group radius enable
  aaa authorization console
  aaa authorization exec vtylogin group radius local
  aaa authorization exec conlogin group radius local
  radius-server host x.x.x.x key SECRETE
  line con 0
  exec-timeout 5 0
  authorization exec conlogin
  logging synchronous
  login authentication conlogin
  line vty 0 4
  exec-timeout 0 0
  authorization exec vtylogin
  login authentication vtylogin
  transport input ssh
  line vty 5 15
  exec-timeout 0 0
  authorization exec vtylogin
  login authentication vtylogin
  transport input ssh

  I have never done this before with ACS but not with NPS. However, you are in the right path. Nexus uses NX-OS which is different in some regards to regular IOS. One of those differences is the AAA setup. In NX-OS you assign users to roles. So for full access you will need to return the following attributes from your Radius server:
  Attribute: cisco-av-pair
  Requirement: Mandatory
  Value: shell:roles*"network-admin vdc-admin"
  For more information take a look at this link:
  http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115925-nexus-integration-acs-00.html
  Hope this helps
  Thank you for rating helpful posts!