Confused the CORE Switch's

Similar Messages

• Activating zoneset only from the core switch

  Folks,
              How can i restrict so that only the core switch is allowed to make changes to the active zoneset?
  Also if I am merging two switches and they have active zonesets but with different names, would that merge the two fabrics?
  Thanks,
  Tarun

  your probably thinking about NPV, NPV is disruptive but NPIV isn't. It is just a feature that you would enable on the core.
  The acronyms are confusing and easily mixed up.
  NPIV allows multiple initiators to login over a single FC/port-channel. NPV changes the operation of the switch so that to the core it looks like a host with a lot of initiators/HBAs. In NPV mode the edge switch doesn't consume any FC domain IDs.
  Here is a link that should be helpful - http://www.cisco.com/en/US/prod/collateral/ps4159/ps6409/ps5989/ps9898/white_paper_c11-459263.html

• Precautions prior to reload the core switch of my fabrics

  Hello,
  I recently bought Gen 4 8-Gbps FC advanced modules for my 9509. I've updated the 9509 to NX-OS 5.2(2). It is indicated in the release notes that after the update, the 9509 need to be reloaded in order to support the Gen 4 modules.
  I have a 2 fabrics SAN with core/edge topology. Of course my 9509 are the core switches of my fabrics. They are running the lower priority (1) for every VSANs.
  Here the fcdomain info of a VSAN (they have all the same configurations)
  VSAN 2
  The local switch is the Principal Switch.
  Local switch run time information:
         State: Stable
         Local switch WWN:   20:02:00:0d:ec:35:73:81
         Running fabric name: 20:02:00:0d:ec:35:73:81
         Running priority: 1
         Current domain ID: 0xe9(233)
  Local switch configuration information:
         State: Enabled
         FCID persistence: Enabled
          Auto-reconfiguration: Disabled
         Contiguous-allocation: Disabled
         Configured fabric name: 20:01:00:05:30:00:28:df
         Optimize Mode: Disabled
         Configured priority: 1
         Configured domain ID: 0xe9(233) (preferred)
  Principal switch run time information:
         Running priority: 1
  Interface               Role         RCF-reject
  port-channel 1     Downstream       Disabled
  port-channel 2     Downstream       Disabled
  Now, I'm not sure if they are other important points that need to be checked prior to the reload. I do guess that the FCID will not change after the reload and the switch will come back as principal also.
  If other configurations need to be verified, feel free to tell me which one.
  Thank you in advance.
  Eric

  I 150% agree with dwb and woodmeister50 about WD hard drives. They are NOWHERE near the quality they should be. When you can get a Seagate for just a few dollars more, and they last years longer, NO ONE should buy a WD. I lost $25,000 worth of music and audiobooks on a six-week-old WD in 2007 and that was the last I'd ever buy from them. They REFUSED to warranty it with the ORIGINAL sales receipt from Bestbuy.
  I have 16Gb of Crucial RAM in my Mini and here's what I've discovered.
  You WON'T see "lightning fast" performance increases, becasue the Mini is pretty darned fast to begin with. What you WILL see is that when you're running RAM intensive apps like Photoshop or Parallels, other apps won't "bog down".
  Quite frequently I find myself with less than half a gig of free RAM out of that 16. When it was only 8 I was at 100% nearly ALL THE TIME. When I only had the 4 it came with, it was always maxed out.

• Connecting core switch to the internet ?

  Hi,
  We have 2 6506's connected through an ether-channel trunk.
  On these 6506's we have configured a vlan, vlan interface and 2 access ports for 2 ASA's.
  These ASA's run in failover mode but only one ASA is physically connected at the moment.
  We want to be more resilient so our provider has provided us with a redundant setup of routers for our internet connection.
  However, for this construction they would need a layer 2 connection on our side to have HSRP running.
  There are 2 options in my opinion :
  - Buy a set of switches to facilitate the layer-2 connection between te routers and to connect the outside of the ASA's.
  - Instead of buying 2 new switches, create a new unrouted vlan on our core 6506's and use access-ports for the routers and the ASA's.
  But how safe is it to connected the core switch with an unrouted vlan to the internet router ?
  In terms of vlan hopping or other possible attacks ?
  I think i have to disable DTP, Spanning-Tree, CDP and maybe a lot more ?

  I am as far as applying this to secure the port :
  switchport
  switchport mode access
  switchport access vlan X
  switchport nonegotiate
  spanning-tree bpdufilter enable
  spanning-tree portfast edge
  switchport port-security
  switchport port-security maximum 3
  switchport port-security violation restrict
  no cdp enable
  Any additions to this ?

• Core switch and sub switch gateway

  I have a Layer 3 core switch(backbone) 10.18.16.0/24, and the core switch needs to connect to multiple Layer 2 sub switches.
  The Layer 2  sub switches will connect to multiple workstations. The sub switches network will be 172.20.10.0/24, 172.20.40/24 and so on.
   I use core switch IP 10.18.16.11 to connect to sub switch 172.20.10.0/24. Which gateway IP  should I use for 172.20.10.0/24 ? Should I use 172.20.10.1 or 10.18.16.11 ?
  Thank you for your help in advance.

  I am not sure what you mean by "sup switches", but usually you need a management IP/vlan segment, so you can use it to access the devices.  So if your management segment is 172.20.10.0/24 you assign an SVI to every layer-2 switch and give it an IP in this range and the gateway for all the SVIs should be on the core (172.20.10.1/24
  example:
  access switch-1 172.20.10.11/24
  access switch-2 172.20.10.12/24
  access switch-3 172.20.10.13/24
  and so on
  The default gateway for all your layer-2 switches should be the SVI on the core (172.20.10.1/24)
  HTH

• Core switches experience High CPU while generating syslog report from LMS

  Hi Everyone,
  Are there anyone who experience that the CPU utilization of some devices went up while generating a report from RME. Basing from other monitoring tool SNMP is taking up a huge cpu process. Any idea why this happened considering that the report is generated daily but only on one instance it caused the core switches to be paralyze due to high cpu. Changing the SNMP community string is the immediate action that resolve the issue to disconnect it from LMS.
  BTW, this is LMS 2.6.
  Thank you.

  The problem did not reoccurred any more. When I checked on the Syslogcollector.log it appeared that it is unable to subscribe. I assumed that the reason why snmp packets were flooded during the time that it they experience high cpu is because the client is generating syslog report for all devices while the syslog collector is not subscribe. Is this possible?
  Thanks

• Hyper-v cluster with core switch downtime... what to do?

  Is there a way to essentially "pause" the hyper-v cluster and keep things running but do NOT attempt to failover anything for any reason?
  We have one Procurve 5412zl switch with two c7000 enclosures. In each c7000 enclosure there are two switches that connect all the blade servers within the enclosure. Those two switches are interconnected internally so they can communicate within the enclosure.
  So if the core switch goes down the hyper-v servers in the same c7000 enclosure can still communicate but they will be seperated from the others in the other enclosure.
  So we have 4 hyper-v servers in one enclosure and 3 in another. If i disconnect the core switch i'm wondering what will happen (if I reboot the switch which is what I need to do).
  How can I avoid having to shut down everything for this and just tell hyper-v cluster to not do anything when the network is lost?

  Hi Quadrantids,
  " to essentially "pause" the hyper-v cluster and keep things running but
  do NOT attempt to failover anything for any reason"
  Based on my understanding  you need to keep cluster running on the same C7000 enclosure , in another words before you cut the connection between the C7000 enclosures  you may migrate VMs to same enclosure to keep running (I assume that the
  storage will not be affected by the restart ).
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Route or switch on the core Layer

                     I am working on a new network design for my company with four buildings, I have used building distribution method for all buildings, my design seems to be functioning properly, I have configured vlans and eigrp routing on the distribution switches as you can see on the diagram, but used the four core layer switches just for switching not routing and I did not configure any routing on them, I would like to know if this is good design or do I need to configure routing on the Core Layer as well

  There is no right or wrong answer to this. Originally the recommendation was to switch in the core ie. use only L2 because L2 switching as fast and L3 routing was slow.  But then L3 switches appreared and the recommendation was to use L3 to connect to the core.
  But both are just recommendations. You don't have to follow the guidelines slavishly.
  Having said that, looking at your design there are a lot of redundant paths between switches. This means lots of loops and using L2 will mean blocked paths in the core and potentially blocked paths to and from the core. If you used L3 connections from the distrbution to the core and between the cores you would be able to utilise all the links and hence get more bandwidth.
  In addition if a link failed you would not be reliant on STP to bring up a redundant path as all paths would be in use (although you should still run STP).
  Couple of other points -
  1) you have 4 switches in the core - what is the reasoning behind this ? is it distance limitations between buildings ?
  2) your addressing. Ideally you would want to be able to summarise from one building to the other so it would make more sense to have all the 192.168.x.x networks in one building and all the 10.x.x.x networks in the other. Actually it would make more sense to decide on an IP range ie. 10.x.x.x or 192.168.x.x (not both) and then use summarised ranges for each building.
  Jon

• Sinkhole routing rfc1918 on the core/distribution switch (6500)

  Hi guys,
  I am planning on getting rid of packets going to unrouted nonexistent rfc1918 networks in our DC environment going into internet facing firewall from our core/distribution switch via default route. I am thinking on setting a bunch of rfc1918 static routes to Null0 on the core/distro switches so they will kill all the packets destined to unused rfc1918 networks into Null0. Wondering if that would be a good solution to this.
  Thanks!

  I am not sure quite what you have in mind when you talk about a bunch of rfc1918 static routes. I could see doing a route for 10.0.0.0 range, for 172.16.0.0 range, and for 192.168.0.0 range. Is 3 a bunch? If you had more in mind what would they be?
  If you do static routes to Null0 for the summarized spaces then it would allow routing to any private addresses used inside your network to work since they should have more specific entries in your routing table and it would discard traffic with destination addresses in private address space. Be aware that if you have any site to site VPN tunnels from the firewall or any address translations on the firewall that use private addresses that your plan may very well have negative consequences for them.
  HTH
  Rick

• HT5642 After turning off the notification switches of some apps in notificaton center, there are still notifications. I'm confused. Why?

  After turning off the notification switches of some apps in notificaton center, there are still notifications. I'm confused. Why?

  Just guessing, but I would think, as I look at mine, that it might have to do with when the apps were added to the device. To be honest, identifying this as a bug might not be correct. You are the first person I have seen post something like this, so it must not bother others. You can leave feedback for Apple on the feedback page. Go to http://www.apple.com/feedback and then click on the appropriate link.

• Looking for the list of maintaining and configuring tasks on Core switch.

  I have some experiences DMS switches, things like setting up zone, alias, zoneset etc, but never have any experiences on core switches or something between core and edge switches since the SAN environment here has not reached that scale.
  Would you please list those tasks that needs to be done in daily maintenance, and required configurations? or some related documents? including those on core switches or something between core and edge switches?
  Thank you very much for your ideas.

  Hello ciscomagic1,
  The definition of core and edge swicthes in a FC architecture is related the topology point of view.
  The core could be NPIV enabled switche and all edges running as NPV mode.
  Also the core could be the switch that will make the translation of FC to another protocol as FCoE, FCIP or iSCSI and should be licensed to those protocols.
  Normally the core is the more centralized switch in the entire fabric, with more backplane capacity, redundancy and high port density. Of course this is not a rule at all.
  Essentially the core and edge switches can perform the same tasks and have the same functionality, the point is how them will be better availed in a design.

• Can I use DHCP snooping and IOS DHCP server on the same switch stack

  Hello,
  I am shortly going to be deploying a Cisco CallManager solution for a customer whose network comprises stacks of Catalyst 3850 switches.
  There is no separate core/server farm switch so the CallManager servers, voice gateways and IP phones will all plug into the same stack and be in the same VLAN (not my choice!).
  For security we want to enable DHCP snooping and were planning on using the IOS DHCP server on the Catalyst switch stack.
  Will this work? - when I enable DHCP snooping in networks with separate access layer switches I set the uplinks to the core as trusted links.
  I am not sure whether DHCP snooping will work in this case. Do I need to set the VLAN interface on the switch as trusted, is this even possible?
  Unfortunately I do not have access to a layer 3 switch to test this at the moment.
  Thanks

  Nope.  That's the issue.
  They'll sync on a third device acting as a hotspot, but the device sending a signal is not "on" the network it creates so the airport is all by itself on that network.  At least that is what it looks like to me.  Anyone have another take on it?  Seems pretty silly that an iPad can put out a wifi signal, an Airport Express can receive a wifi signal, and yet there is no simple way to get them to communicate under this particular condition.

• How to create a Access list on core switch to bloxk all Internet Traffic & allow some specific Internet Traffic

  Hellp Everyone,
  I am trying to create a Access-List on my Core Switch, in which I want to allow few internet website & block the rest of them.
  I want to allow the whole Intranet but few intranet websites also needs access to the internet.
  Can we create such Access-List with the above requirement.
  I tried to create the ACL on the switch but it blocks the whole internet access.
  i want to do it for a subnet not for a specific IP.
  Can someone help me in creating such access list.
  Thanks in Advance

  The exact syntax depends on your subnets and how they connect to the Internet. If you can share a simple diagram that would be much more informative.
  In general just remember that access-lists are parsed from the top down and as soon as a match is found, the processing stops. So you put the most specific rules at the top. also, once you add an access-list, there is an implicit "deny any any" at the end.
  The best approach is to create some network object-groups and then refer to them in your access list. From your description, that would be something like three object-groups - one for the Intranet (Intranet), one for the allowed servers that can use Internet (allowed_servers), and a third for the permitted Internet sites (allowed_sites).
  You would then use them as follows:
  ip access-list extended main_acl
  permit any object-group intranet any
  permit object-group allowed_servers object-group allowed_sites any
  interface vlan
  ip access-group main_acl in
  More details on the syntax and examples can be found here:
  http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-object-group-acl.html#GUID-BE5C124C-CCE0-423A-B147-96C33FA18C66

• Steps to upgrade Cisco MDS core switch

  Hello,
  We wanted to upgrade our Cisco SAN core switch firmware. Currently we are running below firmware version. We wanted to go to latest version NX OS 5.2 (x) but as per the white paper i need to go to 5.0 (X) and after that i need to upgrade it to 5.2 (x). Can some help me with the steps to follow the upgrade. I have th cook book but just need the main steps to perform the upgrade.
  kickstart: version 4.1(1c)
    system:    version 4.1(1c)

  are you using IVR non-NAT, if you are you need to convert to IVR-NAT before you go to 5.2. Other than that you just follow the  normal procedure, look at the release notes for each firmware to make sure your hardware is supported and then do the usual
  install all system bootflash:m9x00-xxx.bin kickstart bootflash:m9x00-xxx-kickstart-xx.bin
  as a side note, i know you don't mark people replies to your questions as helpful/correct on EMC ECN ..at least do it here to show your appreciation.
  @dynamoxxx

• Difference between core switch types WS-C3750X-12S-S and N3K-C3524P-10G?

  Hello All,
  I am new to this domain and yet have to look after the setup of our datacenter for a new branch. Could any one of you provide difference between core switch types WS-C3750X-12S-S and N3K-C3524P-10G!
  Thanks in advance!!

  N3K-C3524P-10G
  24 fixed 1/10-Gbps SFP+ ports; upgradeable to 48 with a valid license
  Line-rate Layer 2 and Layer 3 throughput of up to 480 Gbps
  Compact 1RU form factor
  Dual redundant color-coded power supplies
  Four redundant color-coded fans