Ciscoworks 2.6 and Nexus 7000 issues

Similar Messages

• Nexus 7000, 2000, FCOE and Fabric Path

  Hello,
  I have a couple of design questions that I am hoping some of you can help me with.
  I am working on a Dual DC Upgrade. It is pretty standard design, customer requires a L2 extension between the DC for Vmotion etc. Customer would like to leverage certain features of the Nexus product suite, including:
  Trust Sec
  VDC
  VPC
  High Bandwidth Scalability
  Unified I/O
  As always cost is a major issue and consolidation is encouraged where possible. I have worked on a couple of Nexus designs in the past and have levergaed the 7000, 5000, 2000 and 1000 in the DC.
  The feedback that I am getting back from Customer seems to be mirrored in Cisco's technology roadmap. This relates specifically to the features supported in the Nexus 7000 and Nexus 5000.
  Many large enterprise Customers ask the question of why they need to have the 7000 and 5000 in their topologies as many of the features they need are supported in both platforms and their environments will never scale to meet such a modular, tiered design.
  I have a few specific questions that I am hoping can be answered:
  The Nexus 7000 only supports the 2000 on the M series I/O Modules; can FCOE be implemented on a 2000 connected to a 7000 using the M series I/O Module?
  Is the F Series I/O Module the only I/O Module that supports FCOE?
  Are there any plans to introduce the native FC support on the Nexus 7000?
  Are there any plans to introduce full fabric support (230 Gbps) to the M series I/O module?
  Are there any plans to introduce Fabric path to the M series I/O module?
  Are there any plans to introduce L3 support to the F series I/O Module?
  Is the entire 2000 series allocated to a single VDC or can individual 2000 series ports be allocated to a VDC?
  Is Trust Sec only support on multi hop DCI links when using the ASR on EoMPLS pwire?
  Are there any plans to inroduce Trust Sec and VDC to the Nexus 5500?
  Thanks,
  Colm

  Hello Allan
  The only IO card which cannot co-exist with other cards in the same VDC is F2 due to specific hardware realisation.
  All other cards can be mixed.
  Regarding the Fabric versions - Fabric-2 gives much bigger throughoutput in comparing with Fabric-1
  So in order to get full speed from F2/M2 modules you will need Fab-2 modules.
  Fab2 modules won't give any advantages to M1/F1 modules.
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/data_sheet_c78-685394.html
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/prodcut_bulletin_c25-688075.html
  HTH,
  Alex

• FCoE and multiple Nexus 5000s and a 7000 core

  Hi
  I have a customer who is looking at four Nexus 5020s to start with and more in the future uplinked to a Nexus 7000 core.
  Am I right in thinking that whilst data traffic will be able to reach hosts ocnnected to a different Nexus 5002 via the 7000 core FCoE traffic will not ?
  If so what is teh recommended way of rolling out pods of 5020s for VMware servers with converged network adaptors so that they can all access the SAN ?
  Regards
  Pat

  Don't use corecenter for fan speed control.  Instead, use the BIOS:
  1) Open Corecenter from the administrator account or a user account that has admin privileges.  Click on the top center logo which should open the fan speed control window.  There should be two items, CoolnQuiet and User/Manual or something like.  Put it in manual and move the slider all the way to the right. Ignore the CoolnQuiet, it's misnamed here - MSI's corecenter does not control CoolnQuiet.  What MSI is calling CoolnQuiet is just fan speed control.  Anyway, put it in manual.  Close Corecenter and you should never have to open it again unless you want to monitor fan RPM's.
  2) Next, reboot and enter the BIOS.  Go to the H/W  Monitor settings.  Turn on Smart CPU Fan Speed.  Set to 40 C +/- 1.    This will allow the motherboard to control the fan speed.  On the other hand, if you want your fan always at maximum, then disable Smart Fan Speen control.   Don't worry about the Smart NB Fan speed, leave it disabled.
  Also, keep in mind that when you first open Corecenter, the immediate fan RPM's reported are not correct.  It takes it a few seconds to get the readings.  So wait until Corecenter minimizes itself to the system tray, then open it from there, and you will see the correct fan RPM's.

• Ask the Expert: Basic Introduction and Troubleshooting on Cisco Nexus 7000 NX-OS Virtual Device Context

  With Vignesh R. P.
  Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions of Cisco expert Vignesh R. P. about the Cisco® Nexus 7000 Series Switches and support for the Cisco NX-OS Software platform .
  The Cisco® Nexus 7000 Series Switches introduce support for the Cisco NX-OS Software platform, a new class of operating system designed for data centers. Based on the Cisco MDS 9000 SAN-OS platform, Cisco NX-OS introduces support for virtual device contexts (VDCs), which allows the switches to be virtualized at the device level. Each configured VDC presents itself as a unique device to connected users within the framework of that physical switch. The VDC runs as a separate logical entity within the switch, maintaining its own unique set of running software processes, having its own configuration, and being managed by a separate administrator.
  Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
  Remember to use the rating system to let Vignesh know if you have received an adequate response. 
  Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Data Center sub-community discussion forum shortly after the event. This event lasts through through January 18, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Vignesh
  Is there is any limitation to connect a N2K directly to the N7K?
  if i have a an F2 card 10G and another F2 card 1G and i want to creat 3 VDC'S
  VDC1=DC-Core
  VDC2=Aggregation
  VDC3=Campus core
  do we need to add a link between the different VDC's
  thanks

• ESXi 4.1 NIC Teaming's Load-Balancing Algorithm,Nexus 7000 and UCS

  Hi, Cisco Gurus:
  Please help me in answering the following questions (UCSM 1.4(xx), 2 UCS 6140XP, 2 Nexus 7000, M81KR in B200-M2, No Nexus 1000V, using VMware Distributed Switch:
  Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000?
  Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned?
  Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct?
  Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES?
  I would really appreciate if someone can help me clear these lingering doubts of mine.
  God Bless.
  SiM

  Sim,
  Here are my thoughts without a 1000v in place,
  Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000?   //Yes, for vPC to UCS the best practice is to bowtie uplink to (2) 7K or 5Ks.
  Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned? //The port channel will be configured on both the UCSM and the 7K. The pro of a port channel would be both bandwidth and redundancy. vPC would be prefered.
  Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct? //Without the 1000v, I always tend to leave to dvSwitch load balence behavior at the default of "route by portID". 
  Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES? UCS can perform L2 but Northbound should be performing L3.
  Cheers,
  David Jarzynka

• Requirements about delay and bandwith for using OTV in Nexus 7000 between two data centers separated 25 miles?

  We have two Nexus 7000, and I need use them with OTV between two data Centers separated 25 miles, but I don´t know what are the optimal values about bandwidth and delay (ms) for extended VLANs IDs (production and DAG replication) for Microsoft Exchange environment. Can somebody tell me please which are the values required for operate OTV in optimal conditions in this case? We have about 35 000 users that will use that platform of email. Thanks a lot for your comments. Regards.

  We have two Nexus 7000, and I need use them with OTV between two data Centers separated 25 miles, but I don´t know what are the optimal values about bandwidth and delay (ms) for extended VLANs IDs (production and DAG replication) for Microsoft Exchange environment. Can somebody tell me please which are the values required for operate OTV in optimal conditions in this case? We have about 35 000 users that will use that platform of email. Thanks a lot for your comments. Regards.

• Nexus 7000 with VPC and HSRP Configuration

  Hi Guys,
  I would like to know how to implement HSRP with the following setup:
  There are 2 Nexus 7000 connected with VPC Peer link. Each of the Nexus 7000 has a FEX attached to it.
  The server has two connections going to the FEX on each Nexus 7k (VPC). FEX's are not dual homed as far as I now they are not supported currently.
  R(A)              R(S)
  |                     |
  7K Peer Link 7K
  |                     |
  FEX              FEX
  Server connected to both FEX
  The question is we have two routers connected to each of the Nexus 7k in HSRP (active and one is standby). How can I configure HSRP on the nexus switches and how the traffic will routed from the Standby Nexus switch to Active Nexus switch (I know HSRP works differently here as both of them can forward packets). Will the traffic go to the secondary switch and then via the peer link to the active switch and then to the active router ? (From what I read the packet from end hosts which will go via the peer link will get dropped)
  Has anyone implemented this before ?
  Thanks

  Hi Kuldeep,
  If you intend to put those routers on a non-vpc vlan, you  may create  a new inter-switch trunk between the N7K and allow that non-vpc vlan . However if those will be on a VPC vlan, best to create two links to the N7K pair and create a VPC, otherwise configure those ports as orphan ports which will leverage the VPC peer link .
  HTH
  Jay Ocampo

• Nexus and 2960g connect issue

  Hi All
  I am having issue while connect the cisco 2960G and nexus 5000, i have attached the network setup. so kinldy check and update how i can proceed further.
  Regards
  Sudharsan.R
  91+8220088865

  Hi Sudharsan,
  Nice working with you again
  So, your issue is that the 2960 switches are seeing the Nexus device as one. What you have to do is to create a port-channel between the 2960 and nexus devices. That should solve your problem.

• Nexus 7000 and 2000. Is FEX supported with vPC?

  I know this was not supported a few months ago, curious if anything has changed?

  Hi Jenny,
  I think the answer will depend on what you mean by is FEX supported with vPC?
  When connecting a FEX to the Nexus 7000 you're able to run vPC from the Host Interfaces of a pair of FEX to an end system running IEEE 802.1AX (802.3ad) Link Aggregation. This is shown is illustration 7 of the diagram shown on the post Nexus 7000 Fex Supported/Not Supported Topologies.
  What you're not able to do is run vPC on the FEX Network Interface that connect up to the Nexus 7000 i.e., dual-homing the FEX to two Nexus 7000. This is shown in illustrations 8 and 9 of under the FEX topologies not supported on the same page.
  There's some discussion on this in the forum post DualHoming 2248TP-E to N7K that explains why it's not supported, but essentially it offers no additional resilience.
  From that post:
  The view is that when connecting FEX to the Nexus 7000, dual-homing does not add any level of resilience to the design. A server with dual NIC can attach to two FEX  so there is no need to connect the FEX to two parent switches. A server with only a single NIC can only attach to a single FEX, but given that FEX is supported by a fully redundant Nexus 7000 i.e., SE, fabrics, power, I/O modules etc., the availability is limited by the single FEX and so dual-homing does not increase availability.
  Regards

• Nexus 7000 Platform Logging

  Hello,
  We recently had a power supply failure in one of our Nexus 7000s, and I noticed that the syslog for the Platform is only present in the default VDC, and not in any of the other VDCs syslogs. Is this by design, or is there a logging level I can turn up in another VDC to capture this log? Thanks for any input
  syslog from default VDC -
  2013 Mar 18 23:10:34  %PLATFORM-2-PS_CAPACITY_CHANGE: Power supply PS3 changed i
  ts capacity. possibly due to power cable removal/insertion (Serial number xxxxxxxx)
  nothing in the VDC where I would like to get the logging
  default VDC logging level -
  xxx7K02# show log level platform
  Facility        Default Severity        Current Session Severity
  platform                5                       5
  0(emergencies)          1(alerts)       2(critical)
  3(errors)               4(warnings)     5(notifications)
  6(information)          7(debugging)
  xxx7K02#
  loggging from the specific VDC where we have management tools.
  xxx-LOW# show log level platform
  Facility        Default Severity        Current Session Severity
  platform                5                       5
  0(emergencies)          1(alerts)       2(critical)
  3(errors)               4(warnings)     5(notifications)
  6(information)          7(debugging)
  xxx-LOW#

  Hello Carl,
  What version of code are you running on your Nexus 7k?
  The expected behavior is:
  "When a hardware issue occurs, syslog messages are sent to all VDCs."
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/virtual_device_context/configuration/guide/vdc_mgmt.html#wp1170241
  Dave

• Privilege Level for Tacacs Account in Nexus 7000

  Hi,
  I have configured the Tacacs (ACS 4.2v) on Nexus 7000 (as mentioned below) and works fine but unlike IOS (6509) It's doesn't prompt that you are in userexec mode (>) and then need to type enable and password for full privilege.
  In n7k when I entered into "configure terminal" It won't allow me to access other commands.
  How to login into level 15 privilege mode after authenticating from tacacs
  (config)# show running-config tacacs+
  tacacs-server key 7 "xxxxx"
  tacacs-server host x.x.x.x key 7 "xxxx"
  aaa group server tacacs+ TacServer
      server x.x.x.x (same ip as tacacs-server host)
      use-vrf management
      source-interface Vlan2
  (config)# show running-config aaa
  aaa authentication login default group TacServer
  aaa authentication login console local
  aaa user default-role
  Here below are the commands accessible in "Terminal" currently
  (config)# ?
    no        Negate a command or set its defaults
    username  Configure user information.
    end       Go to exec mode
    exit      Exit from command interpreter
  isb.n7k-dcn-agg-1-sw(config)#

  Hi Jan.nielsen
  Issue is resolved but by another way.
  I have found the same resolution too of custom attirbute command but the Custom attribute Option for shell command wasn't available in ACS v4.2, so after enabling shell for users and by clicking exec--> Shell Exec and enabling priviledge level 15 in the same box of Shell options, It start working without any command

• Smart call home - HTTPS transport from the Nexus 7000 to Cisco

  hi
  i try configured call home on nexus 7000 with https transport and proxy server
  i follow this guide -
  http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/QuickStart_NX7000.pdf
  and configured this :
  callhome
    email-contact XXXXXXXXXXX
    phone-contact XXXXXXXXXXX
    streetaddress XXXXXXXXXXXXXXXX
    destination-profile CiscoTAC-1 transport-method http
    destination-profile CiscoTAC-1 http https://tools.cisco.com/its/service/oddce/services/DDCEService
     transport http use-vrf management
    transport http proxy server XXXXXXXXXX port 8080                --------- XXXXXXXXX = my proxy server
    transport http proxy enable
    enable
    periodic-inventory notification interval  30
  i have a problem to install the security certificate , i follow thw guide but i get the error :
  failed to load or parse certificate
  could not perform CA authentication
  when i try test call home eith the command : callhome test
  trying to send test callhome message
  warning:no callhome message sent
  email configuration incomplete for destination profile:full_txt
  email configuration incomplete for destination profile:short_txt
  Error in transporting http message for CiscoTAC-1
  http: Received HTTP code 407 from proxy after CONNECT
  i guess the problem is because i didnt install the certificate , how can i install the certificate ?
  is this the real problem ?

  I agree with Bryan that the easiest proxy server to setup for the  nexus 7000 is the Transport Gateway. The documentation (certificates) is  setup to allow you to connect to a Cisco Transport Gateway or directly  into tools.cisco.com. Both have a Cisco certificate.
  But that doesn't explain your issue. To answer your issue, you need to look here
  http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/SCH31_Ch6.html#wp1039385
  except  you need your proxy server's chained certificate in PEM format since  the Nexus 7000 is going to terminate at your proxy server. Take a look  at this line in the documentation.
  Input (cut & paste) the CA certificate (chain) in PEM format
  The error code 407 you indicated makes sense and  indicates "Proxy Authentication Required". You need the certificate  installed first. NX-OS uses the openssl crypto library to implement the  cert-pki feature if that helps. A complete certificate chain is required. Also,  you might make sure the CRL (certificate revocation list) is set to none  so it doesn't do that first.
  revocation-check none
  The 4 chained certificates given in the documentation are tools.cisco.com.cer, Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer,  Verisign-Root-CA.cer. The non-nexus 7000 devices just use the last one. Most likely you need a certificate that looks like
  your proxy server.cer,Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer,  Verisign-Root-CA.cer
  If you are using your own root CA (which typically are taken  off-line after authorizing subordinate CAs for security reasons) , then  make sure that their certificates are in the correct order to be  processed so each can be authenticated.
  Now you can see why a Cisco proxy server (Transport Gateway) is easier to setup.

• Frame generated by Nexus 7000 contains unexpected trailer when using GRE

  I have observed some unexpected behaviour on a Nexus 7000 running 6.1(2) in respect of the Ethernet II frame generated when the Nexus 7000 is a GRE Tunnel endpoint.
  The device receiving the Frame is discarding it and I waiting for the vendor to confirm the reason for this discard. However in case the reason is due to the Ethernet frame being "unusual" I am curious if any one else has come across this.
  To generate the Frame I perform a ping (on a workstation) which the Nexus 7000 in encapsulating in a GRE tunnel. Using Wireshark on the Nexus 7000 egress interface I observed that the Frame contains the following protocols as expected; ETH:IP:GRE:IP:ICMP:data
  When I issue the command "ping -l 1" on the workstation the Frame details from Wireshark are:
  Frame 84 bytes on wire
  Total IP payload = 53 bytes
   Outer IP header (20 bytes)
   GRE ( 4 bytes)
   Inner IP header (20 bytes)
   ICMP (header 8 bytes  payload 1 byte)
  Ethernet Trailer length = 17 bytes
  What is curious about this Frame is that;
  a) No Ethernet Trailer is needed as the IP payload exceeds 46 bytes
  b) The amount of padding applied is what would be needed if the Inner IP datagram were encapsulated directly in an Ethernet II Frame. The Inner ip datagram is 29 bytes octets and hence padding needed = 46 - 29  = 17.
  By doing ping sweep from length 1 to 18 the observed padding was;
  1,17
  2,16
  3,15
  17,1
  18,0
  So it would appear that the Nexus is adding padding to the Ethernet frame as though it were containing the pre GRE payload only.

  What module are you using?
  Ron

• High process in nexus 7000

  Hello,
  My name is Benjamin and I have problems with my Nexus 7000. It have high cpu process, I think that is not normal., what do you think?
  # sh process cpu sort
  PID    Runtime(ms)  Invoked   uSecs  1Sec    Process
  8259      1848785  56524183     32   27.6%  in.dcos-telnetd
  4717          231        96   2413   24.7%  netstack
  3536    402542882  64927941   6199    3.0%  platform
  4573    501774551  35371572  14185    1.0%  xbar_driver_usd
  4714          107        22   4871    1.0%  arp
      1       179754   5381666     33    0.0%  init
      2            2       300      9    0.0%  kthreadd
      3         3342    559942      5    0.0%  migration/0
      4      1936854  444724651      4    0.0%  ksoftirqd/0
      5       143477   2220884     64    0.0%  watchdog/0
      6         2042    349180      5    0.0%  migration/1
      7      1452663  372943404      3    0.0%  ksoftirqd/1
       1      111    111 11 1         1
      907878660006976000800707766999960776799987777777777678687773
      603310880008399000100504278989780308288903490180025795804831
  100 **      ***    *** ** *    **** *    ***
  90 **      *** *  *** ** *    *##* *    ***             *
  80 ** * *  *** ** *#***#**    *##* *    ###*  *  *   * ** * *
  70 ##*************##**##*******##*******###*******************
  60 ###########################################################
  50 ###########################################################
  40 ###########################################################
  30 ###########################################################*
  20 ###########################################################*
  10 ############################################################
      0....5....1....1....2....2....3....3....4....4....5....5....
                0    5    0    5    0    5    0    5    0    5
                 CPU% per minute (last 60 minutes)
                * = maximum CPU%   # = average CPU%

  I solved my issue, it was a bug problem:
  Some of the telnet sessions do not get cleared with recursive telnet
  Bug: CSCtk56774
  Workaround: to issue "clear user admin" command
  Regards

• Built-in Wireshark in Nexus 7000

  hello togehter,
  I have problem to capture data from the built-in ethanalyzer (wireshark) on a USB flash or Bootflash when the capture size reach 10MB. I tested with NX 4.2.4 and 5.0(2a). Is anyone know this issue?
  how can I extended the capture size on the flashs?
  best regards
  michael

  hello togehter,I
  have problem to capture data from the built-in ethanalyzer (wireshark)
  on a USB flash or Bootflash when the capture size reach 10MB. I tested
  with NX 4.2.4 and 5.0(2a). Is anyone know this issue?how can I extended the capture size on the flashs?best regardsmichael
  Hi Michael,
  As per the link i suppose capture file size is limited to 10 MB in nexus 7000
  http://www.ciscosystems.com.ro/en/US/prod/collateral/switches/ps9441/ps9402/ps9512/white_paper_c11-554444.html
  Hope to Help !!
  Ganesh.H
  If helpful do rate the helpful post