Creating Roles in Nexus 5000

Has any one created a role for just SAN guys to come in and config the zone information? ANd are there any good places out there that can help me to define what I can and cannot add to a role. Thanks

I have soldiered on and mde a first stab at RBAC. It might help you get a start. I am fully expecting that once we try using theroles there are glaring errors. We are taking the position that initially we will have three users, and everyone knows all the passwords while we sort out the roles properly. The standard admin, a san-admin and net-admin, so that not having access does not delay things. Once we are happy, the main admin will be a "sealed envelope" job.
I would appreciate anyone pointing out any glaring omissions!
role feature-group name My-SAN-Features
feature license
feature fc-qos
feature fcanalyzer
feature fcns
feature fcsp
feature fdmi
feature ficon
feature fspf
feature iscsi
feature isns
feature ivr
feature rlir
feature rscn
feature san-ext-tuner
feature sfm
feature sme
feature sme-kmc-admin
feature sme-recovery-officer
feature sme-stg-admin
feature vsan
feature wwnm
feature zone
role feature-group name My-NET-Features
feature aaa
feature access-list
feature arp
feature callhome
feature cdp
feature install
feature l3vm
feature license
feature ping
feature platform
feature radius
feature snmp
feature syslog
feature tacacs
feature eth-span
feature ethanalyzer
feature spanning-tree
feature svi
feature vlan
feature acl
feature cloud
feature mpls-tunnel
feature span
role name default-role
description This is a system defined role and applies to all users.
role name My-net-admin
description This role is read-write for network staff
rule 100 permit read-write feature-group FJ-NET-Features
rule 90 permit command configure terminal ; interface *
rule 10 permit read
vsan policy deny
interface policy deny
    permit interface mgmt0
    permit interface port-channel1-4096
    permit interface Ethernet1/1-40
role name My-san-admin
description This role is read-write for SMS staff
rule 100 permit read-write feature-group FJ-SAN-Features
rule 90 permit command configure terminal ; interface *
rule 10 permit read
interface policy deny
    permit interface fc2/1-4
    permit interface san-port-channel 1-256

Similar Messages

VPC on Nexus 5000 with Catalyst 6500 (no VSS)

Hi, I'm pretty new on the Nexus and UCS world so I have some many questions I hope you can help on getting some answers.
The diagram below is the configuration we are looking to deploy, that way because we do not have VSS on the 6500 switches so we can not create only one Etherchannel to the 6500s.
Our blades inserted on the UCS chassis have INTEL dual port cards, so they do not support full failover.
Questions I have are.
- Is this my best deployment choice?
- vPC highly depend on the management interface on the Nexus 5000 for the keep alive peer monitoring, so what is going to happen if the vPC brakes due to:
     - one of the 6500 goes down
          - STP?
          - What is going to happend with the Etherchannels on the remaining 6500?
     - the Management interface goes down for any other reason
          - which one is going to be the primary NEXUS?
Below is the list of devices involved and the configuration for the Nexus 5000 and 65000.
Any help is appreciated.
Devices
·         2 Cisco Catalyst with two WS-SUP720-3B each (no VSS)
·         2 Cisco Nexus 5010
·         2 Cisco UCS 6120xp
·         2 UCS Chassis
     -    4 Cisco B200-M1 blades (2 each chassis)
          - Dual 10Gb Intel card (1 per blade)
vPC Configuration on Nexus 5000
TACSWN01
TACSWN02
feature vpc
vpc domain 5
reload restore
reload restore   delay 300
Peer-keepalive   destination 10.11.3.10
role priority 10
!--- Enables vPC, define vPC domain and peer   for keep alive
int ethernet 1/9-10
channel-group 50   mode active
!--- Put Interfaces on Po50
int port-channel 50
switchport mode   trunk
spanning-tree port   type network
vpc peer-link
!--- Po50 configured as Peer-Link for vPC
inter ethernet 1/17-18
description   UCS6120-A
switchport mode   trunk
channel-group 51   mode active
!--- Associates interfaces to Po51 connected   to UCS6120xp-A
int port-channel 51
swithport mode   trunk
vpc 51
spannig-tree port   type edge trunk
!--- Associates vPC 51 to Po51
inter ethernet 1/19-20
description   UCS6120-B
switchport mode   trunk
channel-group 52   mode active
!--- Associates interfaces to Po51 connected   to UCS6120xp-B
int port-channel 52
swithport mode   trunk
vpc 52
spannig-tree port   type edge trunk
!--- Associates vPC 52 to Po52
!----- CONFIGURATION for Connection to   Catalyst 6506
Int ethernet 1/1-3
description   Cat6506-01
switchport mode   trunk
channel-group 61   mode active
!--- Associate interfaces to Po61 connected   to Cat6506-01
Int port-channel 61
switchport mode   trunk
vpc 61
!--- Associates vPC 61 to Po61
Int ethernet 1/4-6
description   Cat6506-02
switchport mode   trunk
channel-group 62   mode active
!--- Associate interfaces to Po62 connected   to Cat6506-02
Int port-channel 62
switchport mode   trunk
vpc 62
!--- Associates vPC 62 to Po62
feature vpc
vpc domain 5
reload restore
reload restore   delay 300
Peer-keepalive   destination 10.11.3.9
role priority 20
!--- Enables vPC, define vPC domain and peer   for keep alive
int ethernet 1/9-10
channel-group 50   mode active
!--- Put Interfaces on Po50
int port-channel 50
switchport mode   trunk
spanning-tree port   type network
vpc peer-link
!--- Po50 configured as Peer-Link for vPC
inter ethernet 1/17-18
description   UCS6120-A
switchport mode   trunk
channel-group 51   mode active
!--- Associates interfaces to Po51 connected   to UCS6120xp-A
int port-channel 51
swithport mode   trunk
vpc 51
spannig-tree port   type edge trunk
!--- Associates vPC 51 to Po51
inter ethernet 1/19-20
description   UCS6120-B
switchport mode   trunk
channel-group 52   mode active
!--- Associates interfaces to Po51 connected   to UCS6120xp-B
int port-channel 52
swithport mode   trunk
vpc 52
spannig-tree port   type edge trunk
!--- Associates vPC 52 to Po52
!----- CONFIGURATION for Connection to   Catalyst 6506
Int ethernet 1/1-3
description   Cat6506-01
switchport mode   trunk
channel-group 61   mode active
!--- Associate interfaces to Po61 connected   to Cat6506-01
Int port-channel 61
switchport mode   trunk
vpc 61
!--- Associates vPC 61 to Po61
Int ethernet 1/4-6
description   Cat6506-02
switchport mode   trunk
channel-group 62   mode active
!--- Associate interfaces to Po62 connected   to Cat6506-02
Int port-channel 62
switchport mode   trunk
vpc 62
!--- Associates vPC 62 to Po62
vPC Verification
show vpc consistency-parameters
!--- show compatibility parameters
Show feature
!--- Use it to verify that vpc and lacp features are enabled.
show vpc brief
!--- Displays information about vPC Domain
Etherchannel configuration on TAC 6500s
TACSWC01
TACSWC02
interface range GigabitEthernet2/38 - 43
description   TACSWN01 (Po61 vPC61)
switchport
switchport trunk   encapsulation dot1q
switchport mode   trunk
no ip address
channel-group 61   mode active
interface range GigabitEthernet2/38 - 43
description   TACSWN02 (Po62 vPC62)
switchport
switchport trunk   encapsulation dot1q
switchport mode   trunk
no ip address
channel-group 62   mode active

ihernandez81,
Between the c1-r1 & c1-r2 there are no L2 links, ditto with d6-s1 & d6-s2. We did have a routed link just to allow orphan traffic.
All the c1r1 & c1-r2 HSRP communications ( we use GLBP as well ) go from c1-r1 to c1-r2 via the hosp-n5k-s1 & hosp-n5k-s2. Port channels 203 & 204 carry the exact same vlans.
The same is the case on the d6-s1 & d6-s2 sides except we converted them to a VSS cluster so we only have po203 with 4 *10 Gb links going to the 5Ks ( 2 from each VSS member to each 5K).
As you can tell what we were doing was extending VM vlans between 2 data centers prior to arrivals of 7010s and UCS chassis - which worked quite well.
If you got on any 5K you would see 2 port channels - 203 & 204 - going to each 6500, again when one pair went to VSS po204 went away.
I know, I know they are not the same things .... but if you view the 5Ks like a 3750 stack .... how would you hook up a 3750 stack from 2 6500s and if you did why would you run an L2 link between the 6500s ?
For us using 4 10G ports between 6509s took ports that were too expensive - we had 6704s - so use the 5Ks.
Our blocking link was on one of the links between site1 & site2. If we did not have wan connectivty there would have been no blocking or loops.
Caution .... if you go with 7Ks beware of the inability to do L2/L3 via VPCs.
better ?
one of the nice things about working with some of this stuff is as long as you maintain l2 connectivity if you are migrating things they tend to work, unless they really break

Tacacs do not function in Nexus 5000

Dear Mister
By someone reason, the Tacas is not functioning in my Nexus 5000. I am using the next configuration :
tacacs-server key 7 "0310551D121F2D595D"
ip tacacs source-interface Vlan5
tacacs-server host 10.20.2.80
tacacs-server host 10.20.16.138
aaa group server tacacs+ TACSERVER
    server 10.20.2.80
    server 10.20.16.138
    source-interface Vlan5
    use-vrf default
aaa authentication login default group TACSERVER
no aaa user default-role
aaa authentication login error-enable
tacacs-server directed-request
I did a telnet to port 49, in address , and is functioning. That discard a Security problem (FW, ACL, etc).
When I do the test, nothing is showed in the Tacacs Logs Server.
The log messages are the next:
2012 Aug 22 15:54:45 NITE1 %TACACS-3-TACACS_ERROR_MESSAGE: received bad authentication packet from 10.20.2.80
2012 Aug 22 15:54:45 NITE1 %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond
2012 Aug 22 15:54:48 NITE1 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user GPALAVE from 10.20.2.80 - login[3087]
The problem is very strange.
I need help.
Best regards

You config looks fine. Can you ping from VLAN5 to TACACS+? Also, did you add VLAN5's IP address to your TACACS+.
Regards,
jerry

Creating Roles for Purchase Req. release strategy with classification

Hi friends,
Since I have created Purchase req rel strategy where I have four release strategy
1. For Plant 1 When value <= 5000 (Officer) will release , release code 01 release release strategy r1 and rel code L1
2 For Plant 1 When value >= 5000 (Manager) will release , release code 01 release release strategy r2and rel code L2
Now the manager will have 2 release code,if officer is absent he could release the requisition.
Same has to be done for plant 2
The release Group and code needs to be assigned to the Roles , could anybody tell me where i could know about roles and will be able to create roles and assign authorisation objects to the Roles , and release group and code to the enduser.
though its a basis job , since I have no idea , I mean I have never worked with Roles ,as now I have created the Release strategy with classification I need to assign authorisation objects to the Roles as I have four release strategy
1. For Plant 1 lower value of requisition 1 codeL1(Officer)
2 For higher value of requisition 2 code say Li and L2(Manager)
Manager should have 2 codes if officer is absent he could release
Same has to be done for Plant 2
Thanks N Regards
Siddhartha

Hii,
Steps:
1) Create a Role
2) Add the authorization Object M_EINK_FRG by taking the manual option
3) Assign Release Code and Release Grp
4) Assign the Role to the User ID which has the authorization of the Release Code and Grp.
Regards,
Kumar

UCS C-Series VIC-1225 to Nexus 5000 setup

Hello,
I have two nexus 5000 setup with a vpc peer link. I also have an cisco c240 m3 server with a vic-1225 card that will be running esx 5.1. I also have some 4 2248 fabric extenders. I have been searching for some best practice information on how to best setup this equipment. The nexus equipment is already running, so its more about connecting the c240 and the vic-1225 to the nexus switches. I guess this is better to do rather than to connect to the fabric extenders in order to minmize hops?
All documention I have found involves setup/configuration etc with fabric interconnects which I dont have, and have been told that I do not need. Does anyone have any info on this? and can point me in the right direction to setup this correctly?
More specifically, how should I setup the vic-1225 card to the nexus? just create a regular vpc/port-channel to the nexuses? use lacp and set it to active?
Do I need to make any configuration changes on the vic card via the cimc on the c240 server to make this work?

Hello again, Im stuck
This is what I have done. I have created the vPC between my esx host and my two nexus 5000 switches, but it doesnt seem to come up:
S02# sh port-channel summary
Flags: D - Down        P - Up in port-channel (members)
        I - Individual H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        S - Switched    R - Routed
        U - Up (port-channel)
        M - Not in use. Min-links not met
Group Port-       Type     Protocol Member Ports
      Channel
4     Po4(SD)     Eth      LACP      Eth1/9(D)
vPC info:
S02# sh vpc 4
vPC status
id     Port        Status Consistency Reason                     Active vlans
4      Po4         down* success     success                    -
vPC config:
interface port-channel4
switchport mode trunk
switchport trunk allowed vlan 20,27,30,50,100,500-501
spanning-tree port type edge trunk
vpc 4
interface Ethernet1/9
switchport mode trunk
switchport trunk allowed vlan 20,27,30,50,100,500-501
spanning-tree port type edge trunk
channel-group 4 mode active
Im unsure what I must configure on the cisco 240M3(esx host) side to make this work. I only have the two default interfaces(eth0 and eth1) on the vic-1225 installed in the esx host, and both have the vlan mode is set to TRUNK.
Any ideas on what I am missing?
Message was edited by: HDA

PFC configuration on Nexus 5000

Hi,
I have a CNA in my server connected to cisco nexus 5000 interfcae. I Want to genearate pause frames for FCOE class of traffic using the default class class-fcoe and cos value 3, the firmware version running is 5.0(3) N1 (1b). Can anyone tell me how can i configure it ?
Thanks,
Manju

Sorry for the delayed response, Here is what you asked
Cisco-5020# sh mod
Mod Ports Module-Type                      Model                  Status
1    40     40x10GE/Supervisor               N5K-C5020P-BF-SUP      active *
2    8      4x10GE + 4x1/2/4G FC Module      N5K-M1404              ok
Mod Sw              Hw      World-Wide-Name(s) (WWN)
1    5.0(3)N1(1b)    1.2     --
2    5.0(3)N1(1b)    1.0     20:41:00:0d:ec:b2:15:40 to 20:44:00:0d:ec:b2:15:40
Mod MAC-Address(es)                         Serial-Num
1    000d.ecb2.1548 to 000d.ecb2.156f         JAF1303ACES
2    000d.ecb2.1570 to 000d.ecb2.1577         JAF1245AJLF
Cisco-5020#
Cisco-5020#
Cisco-5020# sh run
!Command: show running-config
!Time: Fri Oct 28 17:40:02 2005
version 5.0(3)N1(1b)
feature fcoe
feature npiv
feature telnet
feature lldp
username admin password 5 $1$v9Tm8Y77$ZSdbOfBxe1.Z9Oz1V9V2B0 role network-admin
no password strength-check
ip domain-lookup
hostname Cisco-5020
logging event link-status default
service unsupported-transceiver
class-map type qos class-fcoe
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
policy-map type network-qos jumbo
class type network-qos class-fcoe
    pause no-drop
    mtu 2158
class type network-qos class-default
    mtu 9216
system qos
service-policy type network-qos jumbo
snmp-server user admin network-admin auth md5 0x2694501fdfbe5abed9e85d51e4e31038 priv 0x2694501fdfbe5abed9e85d51e4e31038 localizedkey
snmp-server host 138.239.198.184 traps version 2c public udp-port 1163
snmp-server host 138.239.198.184 traps version 2c public udp-port 1164
snmp-server host 138.239.198.200 traps version 2c public udp-port 1163
snmp-server host 138.239.198.200 traps version 2c public udp-port 1164
snmp-server host 138.239.200.118 traps version 2c public udp-port 1163
snmp-server host 138.239.198.200 traps version 2c public udp-port 1163
snmp-server enable traps entity fru
snmp-server community snmpv3 group network-operator
vrf context management
ip route 0.0.0.0/0 10.192.207.254
vlan 1-2,8
vlan 10
fcoe vsan 10
vlan 20
fcoe vsan 20
vlan 30
vlan 35
fcoe vsan 35
vlan 40,50
vlan 52
fcoe vsan 52
vsan database
vsan 20
vsan 52
fcdomain fcid database
vsan 52 wwn 10:00:00:00:c9:b1:e5:3d fcid 0x180000 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:3b fcid 0x180001 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:4d:e3 fcid 0x180002 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:ad fcid 0x180003 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:41 fcid 0x180004 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:b9 fcid 0x180005 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:b5 fcid 0x180006 dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:d1 fcid 0x180007 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:4d:e1 fcid 0x180008 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:a9 fcid 0x180009 dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:d5 fcid 0x18000a dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:5d fcid 0x18000b dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:9b fcid 0x18000c dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:99 fcid 0x18000d dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:5b fcid 0x18000e dynamic
vsan 1 wwn 10:00:00:00:c9:f2:73:b3 fcid 0x050000 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:47 fcid 0x18000f dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a7:93 fcid 0x180010 dynamic
vsan 52 wwn 10:00:00:00:c9:91:f8:19 fcid 0x180011 dynamic
vsan 52 wwn 10:00:00:00:c9:9c:e0:77 fcid 0x180012 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a7:d3 fcid 0x180013 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a3:bb fcid 0x180014 dynamic
vsan 52 wwn 10:00:00:00:c9:97:3b:c5 fcid 0x180015 dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:91 fcid 0x180016 dynamic
vsan 52 wwn 10:00:00:00:c9:a4:00:91 fcid 0x180017 dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:8d fcid 0x180018 dynamic
vsan 52 wwn 20:0f:00:11:0d:7f:a8:00 fcid 0x180019 dynamic
vsan 52 wwn 20:0f:00:11:0d:7f:a8:01 fcid 0x18001a dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a3:b7 fcid 0x18001b dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a5:27 fcid 0x18001c dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a3:53 fcid 0x18001d dynamic
vsan 52 wwn 10:00:00:00:c9:bb:c8:37 fcid 0x18001e dynamic
vsan 52 wwn 10:00:00:00:c9:5b:76:e5 fcid 0x18001f dynamic
vsan 20 wwn 10:00:00:00:c9:5b:a3:83 fcid 0xd30000 dynamic
vsan 52 wwn 10:00:00:00:c9:91:00:00 fcid 0x180020 dynamic
vsan 52 wwn 10:00:00:00:00:91:f7:f1 fcid 0x180021 dynamic
vsan 1 wwn 10:00:00:00:c9:5b:4d:e3 fcid 0x050001 dynamic
vsan 52 wwn 10:00:00:00:c9:97:3b:0f fcid 0x180022 dynamic
vsan 52 wwn 10:00:00:00:c9:3c:8e:21 fcid 0x180023 dynamic
vsan 52 wwn 10:00:00:00:c9:97:3b:11 fcid 0x180024 dynamic
vsan 20 wwn 10:00:00:00:c9:b1:e6:b7 fcid 0xd30001 dynamic
vsan 52 wwn 10:00:f8:19:00:91:f8:19 fcid 0x180025 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:a3:8b fcid 0x180026 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e4:ff fcid 0x180027 dynamic
vsan 52 wwn 10:00:00:00:c9:3c:8e:25 fcid 0x180028 dynamic
vsan 52 wwn 50:06:01:61:44:60:23:4f fcid 0x1800ef dynamic
vsan 52 wwn 10:00:00:00:c9:5b:d6:b9 fcid 0x180029 dynamic
vsan 52 wwn 10:00:00:00:c9:ad:ac:43 fcid 0x18002a dynamic
vsan 52 wwn 20:01:00:00:c9:5b:ab:99 fcid 0x18002b dynamic
vsan 52 wwn 20:02:00:00:c9:5b:ab:99 fcid 0x18002c dynamic
vsan 52 wwn 50:06:01:60:44:60:23:4f fcid 0x1801ef dynamic
vsan 52 wwn 10:00:00:00:c9:9d:1f:bf fcid 0x18002d dynamic
vsan 52 wwn 10:00:00:00:c9:9d:1f:c1 fcid 0x18002e dynamic
vsan 52 wwn 10:00:00:00:c9:f2:73:d3 fcid 0x18002f dynamic
vsan 20 wwn 10:00:00:00:c9:bb:c8:37 fcid 0xd30002 dynamic
vsan 52 wwn 10:00:00:00:c9:12:34:56 fcid 0x180030 dynamic
vsan 52 wwn 10:00:00:00:c9:12:34:57 fcid 0x180031 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:ea:81 fcid 0x180032 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:ea:7f fcid 0x180033 dynamic
vsan 20 wwn 10:00:00:00:c9:12:34:56 fcid 0xd30003 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:1b fcid 0x180034 dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:1d fcid 0x180035 dynamic
vsan 52 wwn 10:00:00:00:c9:bb:c7:8f fcid 0x180036 dynamic
vsan 52 wwn 10:00:00:00:c9:bb:cb:8f fcid 0x180037 dynamic
vsan 52 wwn 10:00:00:00:c9:bb:cb:93 fcid 0x180038 dynamic
vsan 52 wwn 10:00:00:00:c9:bb:c7:93 fcid 0x180039 dynamic
vsan 20 wwn 10:00:00:00:c9:12:34:57 fcid 0xd30004 dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:c4 fcid 0x18003a dynamic
vsan 52 wwn 10:00:00:00:c9:bb:17:b7 fcid 0x18003b dynamic
vsan 52 wwn 10:00:00:00:c9:a0:ce:2d fcid 0x18003c dynamic
vsan 52 wwn 10:00:00:00:c9:91:f7:f1 fcid 0x18003d dynamic
vsan 52 wwn 10:00:00:00:c9:5b:ab:c0 fcid 0x18003e dynamic
vsan 52 wwn 10:00:00:00:c9:b1:e5:5f fcid 0x18003f dynamic
vsan 52 wwn 10:00:00:00:c9:e3:06:89 fcid 0x180040 dynamic
vsan 52 wwn 50:06:01:68:44:60:23:4f fcid 0x1802ef dynamic
vsan 1 wwn 50:06:01:61:44:60:23:4f fcid 0x0500ef dynamic
vsan 52 wwn 10:00:00:00:c9:d1:16:24 fcid 0x180041 dynamic
vsan 52 wwn 10:00:00:00:c9:d1:16:25 fcid 0x180042 dynamic
vsan 52 wwn 10:00:00:00:c9:d1:0a:6d fcid 0x180043 dynamic
vsan 20 wwn 10:00:00:00:c9:d1:16:25 fcid 0xd30005 dynamic
vsan 20 wwn 10:00:00:00:c9:d1:16:24 fcid 0xd30006 dynamic
vsan 20 wwn ff:f2:00:00:c9:12:34:78 fcid 0xd30007 dynamic
vsan 20 wwn ff:f2:00:00:c9:d1:16:46 fcid 0xd30008 dynamic
vsan 52 wwn ff:f2:00:00:c9:d1:0a:8c fcid 0x180044 dynamic
vsan 20 wwn ff:f3:00:00:c9:d1:16:46 fcid 0xd30009 dynamic
vsan 52 wwn ff:f0:00:00:c9:d1:0a:8c fcid 0x180045 dynamic
vsan 52 wwn 10:00:00:00:c9:d1:0a:6c fcid 0x180046 dynamic
vsan 20 wwn ff:f2:00:00:c9:d1:0a:8c fcid 0xd3000a dynamic
vsan 20 wwn 10:00:00:00:c9:d1:0a:6d fcid 0xd3000b dynamic
vsan 52 wwn ff:f2:00:00:c9:d1:16:46 fcid 0x180047 dynamic
vsan 20 wwn ff:f3:00:00:c9:12:34:78 fcid 0xd3000c dynamic
vsan 52 wwn ff:f3:00:00:c9:12:34:78 fcid 0x180048 dynamic
vsan 52 wwn 50:06:01:69:44:60:23:4f fcid 0x1803ef dynamic
vsan 52 wwn ff:f3:00:00:c9:d1:16:46 fcid 0x180049 dynamic
vsan 52 wwn 10:00:00:00:c9:12:34:5b fcid 0x18004a dynamic
vsan 52 wwn 10:00:00:00:c9:12:34:5a fcid 0x18004b dynamic
vsan 52 wwn ff:f2:00:00:c9:12:34:78 fcid 0x18004c dynamic
vsan 52 wwn 10:00:00:00:c9:a5:ac:f3 fcid 0x18004d dynamic
vsan 52 wwn 10:00:00:00:c9:a5:ad:15 fcid 0x18004e dynamic
vsan 52 wwn 10:00:00:00:c9:a5:ac:f5 fcid 0x18004f dynamic
vsan 52 wwn 20:01:00:00:c9:a5:ac:f3 fcid 0x180050 dynamic
vsan 52 wwn 20:02:00:00:c9:a5:ac:f3 fcid 0x180051 dynamic
vsan 52 wwn ff:f3:00:00:c9:12:34:85 fcid 0x180052 dynamic
vsan 52 wwn 20:00:00:11:0d:77:9c:00 fcid 0x180053 dynamic
vsan 52 wwn 20:01:00:11:0d:77:9d:00 fcid 0x180054 dynamic
interface port-channel3
interface vfc1
no shutdown
interface vfc4
interface vfc9
bind interface Ethernet1/9
no shutdown
interface vfc10
interface vfc11
bind interface Ethernet1/11
no shutdown
interface vfc19
bind interface Ethernet1/19
no shutdown
interface vfc21
bind interface Ethernet1/21
no shutdown
interface vfc22
bind interface Ethernet1/22
switchport trunk allowed vsan 52
no shutdown
interface vfc24
bind interface Ethernet1/24
switchport trunk allowed vsan 52
no shutdown
interface vfc25
bind interface Ethernet1/25
switchport trunk allowed vsan 52
no shutdown
interface vfc26
bind interface Ethernet1/26
switchport trunk allowed vsan 52
no shutdown
interface vfc27
bind interface Ethernet1/27
no shutdown
interface vfc28
bind interface Ethernet1/28
no shutdown
interface vfc29
bind interface Ethernet1/29
no shutdown
interface vfc30
bind interface Ethernet1/30
switchport trunk allowed vsan 52
no shutdown
interface vfc31
bind interface Ethernet1/31
shutdown
interface vfc32
bind interface Ethernet1/32
no shutdown
interface vfc33
bind interface Ethernet1/33
no shutdown
interface vfc34
bind interface Ethernet1/34
no shutdown
interface vfc35
bind interface Ethernet1/35
no shutdown
interface vfc36
bind interface Ethernet1/36
no shutdown
interface vfc37
bind interface Ethernet1/37
no shutdown
interface vfc38
bind interface Ethernet1/38
no shutdown
interface vfc39
bind interface Ethernet1/39
no shutdown
interface vfc40
bind interface Ethernet1/40
no shutdown
vsan database
vsan 52 interface vfc1
vsan 52 interface vfc9
vsan 52 interface vfc11
vsan 52 interface vfc19
vsan 52 interface vfc21
vsan 52 interface vfc22
vsan 52 interface vfc24
vsan 52 interface vfc26
vsan 52 interface vfc27
vsan 52 interface vfc28
vsan 52 interface vfc29
vsan 52 interface vfc30
vsan 52 interface vfc31
vsan 52 interface vfc32
vsan 52 interface vfc33
vsan 52 interface vfc34
vsan 20 interface vfc35
vsan 52 interface vfc36
vsan 52 interface vfc37
vsan 52 interface vfc38
vsan 52 interface vfc39
vsan 52 interface vfc40
vsan 52 interface fc2/1
vsan 52 interface fc2/2
vsan 52 interface fc2/3
vsan 52 interface fc2/4
interface fc2/1
switchport trunk allowed vsan 1
switchport trunk allowed vsan add 52
switchport trunk mode auto
no shutdown
interface fc2/2
switchport trunk mode auto
no shutdown
interface fc2/3
no shutdown
interface fc2/4
no shutdown
interface Ethernet1/1
interface Ethernet1/2
speed 1000
interface Ethernet1/3
interface Ethernet1/4
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
switchport mode trunk
interface Ethernet1/8
interface Ethernet1/9
switchport mode trunk
switchport trunk allowed vlan 1,10,20,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/10
interface Ethernet1/11
priority-flow-control mode on
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/12
switchport mode trunk
interface Ethernet1/13
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/14
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/15
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/16
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/17
interface Ethernet1/18
switchport mode trunk
switchport trunk allowed vlan 1,30
interface Ethernet1/19
switchport mode trunk
switchport access vlan 10
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/20
switchport mode trunk
switchport access vlan 52
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/21
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/22
interface Ethernet1/23
flowcontrol receive on
flowcontrol send on
interface Ethernet1/24
switchport mode trunk
switchport access vlan 52
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/25
switchport mode trunk
switchport trunk allowed vlan 1,8,30,52
interface Ethernet1/26
switchport mode trunk
switchport access vlan 52
switchport trunk allowed vlan 1,8,30,52
interface Ethernet1/27
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet1/28
switchport mode trunk
switchport trunk allowed vlan 1,8,30,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/29
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/30
description line
switchport mode trunk
switchport access vlan 52
switchport trunk allowed vlan 1,8,30,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/31
switchport mode trunk
switchport trunk allowed vlan 1,10,20,52
interface Ethernet1/32
switchport mode trunk
switchport trunk allowed vlan 1,10,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/33
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/34
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/35
switchport mode trunk
switchport access vlan 10
switchport trunk allowed vlan 1,10,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/36
switchport mode trunk
switchport trunk allowed vlan 1,30,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/37
switchport mode trunk
switchport trunk allowed vlan 1,30,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/38
switchport mode trunk
switchport trunk allowed vlan 1,10,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/39
shutdown
switchport mode trunk
switchport trunk allowed vlan 1,10,20,52
flowcontrol receive on
flowcontrol send on
interface Ethernet1/40
switchport mode trunk
switchport trunk allowed vlan 1,52
flowcontrol receive on
flowcontrol send on
interface Ethernet2/1
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet2/2
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet2/3
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface Ethernet2/4
switchport mode trunk
flowcontrol receive on
flowcontrol send on
interface mgmt0
ip address 10.192.194.111/20
system default zone default-zone permit
system default zone distribute full
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N1.1b.bin
boot system bootflash:/n5000-uk9.5.0.3.N1.1b.bin
interface fc2/1
interface fc2/2
interface fc2/3
interface fc2/4
zone default-zone permit vsan 20
zone default-zone permit vsan 52
zoneset distribute full vsan 1
zoneset distribute full vsan 20
zoneset distribute full vsan 52
!Full Zone Database Section for vsan 1
zone name bg-qa vsan 1
    member pwwn 10:00:00:00:c9:5b:ab:ca
    member pwwn 21:00:00:0c:50:c3:70:23
    member pwwn 21:00:00:0c:50:c3:70:22
    member pwwn 21:00:00:0c:50:c3:70:16
    member pwwn 21:00:00:0c:50:c3:70:1e
    member pwwn 22:00:00:0c:50:c3:70:26
    member pwwn 22:00:00:18:62:06:76:8a
    member pwwn 22:00:00:11:c6:17:68:c3
    member pwwn 22:00:00:0c:50:c3:70:1d
    member pwwn 22:00:00:0c:50:c3:6f:c2
    member pwwn 22:00:00:11:c6:17:68:dc
    member pwwn 21:00:00:0c:50:c3:6a:d0
    member pwwn 21:00:00:0c:50:79:92:90
    member pwwn 21:00:00:11:c6:17:69:a0
    member pwwn 21:00:00:0c:50:79:93:af
    member pwwn 22:00:00:0c:50:48:10:80
    member pwwn 22:00:00:11:c6:18:46:c6
    member pwwn 22:00:00:0c:50:32:2e:0f
    member pwwn 22:00:00:0c:50:48:10:74
    member pwwn 22:00:00:11:c6:18:46:f2
    member pwwn 21:00:00:00:87:13:cb:d1
    member pwwn 21:00:00:0c:50:79:91:0f
    member pwwn 10:00:00:00:c9:3c:8e:49
    member pwwn 10:00:00:00:c9:5b:ab:c2
    member pwwn 10:00:00:00:c9:5b:af:f3
zone name sf_RAM vsan 1
    member pwwn 10:00:00:00:c9:5b:af:c9
    member pwwn 21:00:00:0c:50:b4:8e:20
zone name anand vsan 1
    member pwwn 10:00:00:00:c9:65:69:31
    member pwwn 22:00:00:18:62:06:7f:f6
zone name syedzone vsan 1
    member fwwn 20:11:00:0d:ec:56:7b:40
    member pwwn 50:06:01:60:44:60:23:4f
zone name bg_qa vsan 1
zoneset name TOM vsan 1
    member bg-qa
zoneset name bg_dvt vsan 1
    member sf_RAM
zoneset name lancer vsan 1
    member anand
zoneset name bg-qa vsan 1
zoneset name syed vsan 1
    member syedzone
zoneset activate name lancer vsan 1
!Full Zone Database Section for vsan 20
zone name amrita_zone1 vsan 20
    member pwwn 10:00:00:00:c9:5b:a3:83
    member pwwn 22:00:00:04:cf:89:19:67
    member pwwn 22:00:00:0c:50:48:10:80
    member pwwn 22:00:00:11:c6:18:46:f2
    member pwwn 22:00:00:0c:50:79:93:ae
zone name amr_zset vsan 20
zoneset name amr_zset vsan 20
    member amrita_zone1
zoneset activate name amr_zset vsan 20
!Full Zone Database Section for vsan 52
zone name vinod vsan 52
    member pwwn 50:06:01:69:44:60:23:4f
    member pwwn ff:f3:00:00:c9:12:34:78
    member pwwn 10:00:00:00:c9:12:34:5b
    member pwwn 10:00:00:00:c9:12:34:57
zone name neha vsan 52
zone name siv1 vsan 52
    member pwwn 10:00:00:00:c9:ad:ac:43
    member pwwn 50:06:01:61:44:60:23:4f
    member pwwn 10:00:00:00:c9:ad:ac:47
zone name neha1 vsan 52
    member pwwn 10:00:00:00:c9:5b:ab:ad
    member pwwn 50:06:01:60:44:60:23:4f
zone name neha2 vsan 52
    member pwwn 50:06:01:60:44:60:23:4f
    member pwwn 10:00:00:00:c9:5b:ab:a9
zone name neha3 vsan 52
    member pwwn 10:00:00:00:c9:9d:1f:bf
    member pwwn 50:06:01:60:44:60:23:4f
zone name neha4 vsan 52
    member pwwn 50:06:01:60:44:60:23:4f
    member pwwn 10:00:00:00:c9:9d:1f:c1
zone name chetan vsan 52
    member pwwn 10:00:00:00:c9:f2:73:d3
    member pwwn 50:06:01:60:44:60:23:4f
    member pwwn 10:00:00:00:c9:ad:ac:47
zone name siv2 vsan 52
    member pwwn 10:00:00:00:c9:d1:0a:6d
    member pwwn ff:f2:00:00:c9:d1:0a:8c
    member pwwn 22:00:00:0c:50:79:93:af
    member pwwn 22:00:00:0c:50:79:92:90
    member pwwn 22:00:00:0c:50:79:91:0f
    member pwwn 20:01:00:11:0d:77:9d:00
zone name sroy vsan 52
    member pwwn 10:00:00:00:c9:b1:ea:7f
    member pwwn 50:06:01:60:44:60:23:4f
    member pwwn 10:00:00:00:c9:5b:ab:99
    member pwwn 10:00:00:00:c9:bb:cb:8f
    member pwwn 10:00:00:00:c9:5b:ab:c4
    member pwwn 10:00:00:00:c9:d1:16:25
    member pwwn 50:06:01:61:44:60:23:4f
    member pwwn 10:00:00:00:c9:a5:ac:f3
zone name manju vsan 52
    member pwwn 10:00:00:00:c9:bb:c7:8f
    member pwwn 50:06:01:61:44:60:23:4f
zone name ram vsan 52
    member pwwn 50:06:01:60:44:60:23:4f
    member pwwn 10:00:00:00:c9:a0:ce:2d
    member pwwn 10:00:00:00:c9:bb:17:b7
    member pwwn 10:00:00:00:c9:5b:a5:27
    member pwwn 10:00:00:00:c9:91:f7:f1
    member pwwn 10:00:00:00:c9:b1:e5:5f
zone name jana vsan 52
    member pwwn 10:00:00:00:c9:91:f7:f1
    member pwwn 50:06:01:60:44:60:23:4f
zone name priya vsan 52
    member pwwn 10:00:00:00:c9:e3:06:89
    member pwwn 50:06:01:60:44:60:23:4f
zoneset name IBMraptor vsan 52
    member vinod
    member siv1
    member neha1
    member neha2
    member neha3
    member neha4
    member chetan
    member siv2
    member sroy
    member manju
    member ram
    member priya
zoneset name ananda vsan 52
zoneset name vinod vsan 52
zoneset activate name IBMraptor vsan 52
no system default switchport shutdown san
Cisco-5020# sh system internal dcbx info interface ethernet 1/38
Interface info for if_index: 0x1a025000(Eth1/38)
tx_enabled: TRUE
rx_enabled: TRUE
dcbx_enabled: TRUE
DCX Protocol: CIN
Port MAC address: 00:0d:ec:b2:15:6d
DCX Control FSM Variables: seq_no: 0x1, ack_no: 0x0,my_ack_no: 0x0, peer_seq_no:
0x0 oper_version: 0x0, max_version: 0x0 fast_retries 0x0
Lock Status: UNLOCKED
PORT STATE: UP
LLDP Neighbors
No DCX tlvs from the remote peer
6 Features on this intf for Protocol CIN(0)
3 Features on this intf for Protocol CEE(1)
6 Features on this intf for Protocol CIN(0)
Feature type LLS (6)sub_type FCoE Logical Link Status (0)
feature type 6(LLS)sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
     feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 0
     remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
     disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x1d9
Desired config cfg length: 1 data bytes:00
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type PFC (3)
feature type 3(PFC)sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
     feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
     remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
     disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
Desired config cfg length: 1 data bytes:08
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type App(Fcoe) (5)sub_type FCoE (0)
feature type 5(App(Fcoe))sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
     feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
     remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
     disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
Desired config cfg length: 1 data bytes:08
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type PriMtu (8)
feature type 8(PriMtu)sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
     feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
     remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
     disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
Desired config cfg length: 16 data bytes:24    00    24    00    24    00    08    6e    24    00    24    00    24    00    24    00
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type PriGrp (2)
feature type 2(PriGrp)sub_type 0
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
     feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
     remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
     disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0x179
Desired config cfg length: 24 data bytes:32    32    00    00    00    00    00    00    00    0f    00    0f    00    0e    20    64    00    0e    00    0e
   00    0e    00    0e
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Feature type LLS (6)sub_type LAN Logical Link Status (1)
feature type 6(LLS)sub_type 1
Feature State Variables: oper_version 0 error 0 local error 0 oper_mode 0
     feature_seq_no 0 remote_feature_tlv_present 0 remote_tlv_aged_out 1
     remote_tlv_not_present_notification_sent 0
Feature Register Params: max_version 0, enable 1, willing 0 advertise 1
     disruptive_error 0 mts_addr_node 0x101 mts_addr_sap 0xaf
Desired config cfg length: 1 data bytes:80
Operating config cfg length: 0 data bytes:
Peer config cfg length: 0 data bytes:
Traffic Counters
DCBX pkt stats:
    Total frames out: 20296
    Total Entries aged: 27
    Total frames in: 0
    DCBX frames in: 0
    Total frames received in error: 0
    Total frames discarded: 0
    Total TLVs unrecognized: 0
Cisco-5020#
Cisco-5020#
Cisco-5020#
I am new to this PFC, and first time trying to configure so you can see nothing being configured.

Tacacs cfs on the Nexus 5000

Hi
I want to distribute TACACS+ from the nexus 7000 to theo tne manuals nexus 5000
via CFS.
When i do the 'sh cfs app' i get this.... tacacs No Physical-fc-ip
However you cannot put in the distribute command for tacacs 'tacacs+ distribute'sl
You also cannot do the following command 'sh cfs app name tacacs'
Obviously there must be different commands ... but i cannot find them
If i cant distribute tacacs how can i make this work
many thanks
Steve

I think the command set does not matter.
Because the Nexus takes only the role and does not use per-command authorization (AFAIK), then it will take the role from the shell profile but selecting the command set does not matter because it does not use per command authorization.
I used command sets with CRS-1 and they had no effect. Only the shell profile configuration matters.
What is the situation at your end? do things work fine with/without selecting the command set? or putting empty command set in place?
Rating useful replies is more useful than saying "Thank you"

Connecting Nexus 5000 to HP Bladeserver using LACP

We are connecting the Nexus 5000 to an HP bladeserver. I know the NICs are HP NC553i. We have 2 5000 and create a port-channel. Everything works fine until we turn on LACP and then everything goes down.
Thanks,
Diane

LACP is a protocol negociation normally used between switches, not switch and host.
What switching module does the HP Blade Chassis have (uplinked to the N5Ks) ?
Pass through modules will not be able to create an LACP port channel unless the host can speak LACP. Host OSes like ESX can only support a static port channel (using IP Hashing), but not LACP.
The NIC model is irrevelant for the most part.
Regards,
Robert

Nexus 5000 - Odd Ethernet interface behavior (link down inactive)

Hi Guys,
This would sound really trivial but it is very odd behavior.
- We have a server connected to a 2, Nexus 5000s (for resiliancy)
- When there is no config on the ethernet interfaces whatsoever, the ethernet interface is UP / UP, there is minimal amount of traffic on the link etc. E.g.
Ethernet1/16 is up
Hardware: 1000/10000 Ethernet, address: 000d.ece7.85d7 (bia 000d.ece7.85d7)
Description: shipley-p1.its RK14/A13
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is access
full-duplex, 10 Gb/s, media type is 1/10g
Beacon is turned off
Input flow-control is off, output flow-control is off
Rate mode is dedicated
Switchport monitor is off
Last link flapped 00:00:07
Last clearing of "show interface" counters 05:42:32
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 96 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
    input rate 0 bps, 0 pps; output rate 8 bps, 0 pps
RX
    0 unicast packets 0 multicast packets 0 broadcast packets
    0 input packets 0 bytes
    0 jumbo packets 0 storm suppression packets
    0 runts 0 giants 0 CRC 0 no buffer
    0 input error 0 short frame 0 overrun   0 underrun 0 ignored
    0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
    0 input with dribble 0 input discard
    0 Rx pause
TX
    0 unicast packets 163 multicast packets 0 broadcast packets
    163 output packets 15883 bytes
    0 jumbo packets
    0 output errors 0 collision 0 deferred 0 late collision
    0 lost carrier 0 no carrier 0 babble
    0 Tx pause
1 interface resets
- As soon as I configure the link to be an access port, the link goes down, flagging "inactivity" E.g.
sh int e1/16
Ethernet1/16 is down (inactive)
Hardware: 1000/10000 Ethernet, address: 000d.ece7.85d7 (bia 000d.ece7.85d7)
Description: shipley-p1.its RK14/A13
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is access
auto-duplex, 10 Gb/s, media type is 1/10g
Beacon is turned off
Input flow-control is off, output flow-control is off
Rate mode is dedicated
Switchport monitor is off
Last link flapped 05:38:03
Last clearing of "show interface" counters 05:41:33
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 0 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
    input rate 0 bps, 0 pps; output rate 0 bps, 0 pps
RX
    0 unicast packets 0 multicast packets 0 broadcast packets
    0 input packets 0 bytes
    0 jumbo packets 0 storm suppression packets
    0 runts 0 giants 0 CRC 0 no buffer
    0 input error 0 short frame 0 overrun   0 underrun 0 ignored
    0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
    0 input with dribble 0 input discard
    0 Rx pause
TX
    0 unicast packets 146 multicast packets 0 broadcast packets
    146 output packets 13083 bytes
    0 jumbo packets
    0 output errors 0 collision 0 deferred 0 late collision
    0 lost carrier 0 no carrier 0 babble
    0 Tx pause
0 interface resets
- This behavior is seen on both 5Ks
- I've tried using a different set of ports, changed SFPs, and fibre cabling to no avail
- I can't seem to understand this behavior?! In that, why would configuring the port cause the link to go down?
- If anyone has experience this before, or could shed some light on this behavior, it would be appreciated.
sh ver
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
BIOS:      version 1.2.0
loader:    version N/A
kickstart: version 4.2(1)N1(1)
system:    version 4.2(1)N1(1)
power-seq: version v1.2
BIOS compile time:       06/19/08
kickstart image file is: bootflash:/n5000-uk9-kickstart.4.2.1.N1.1.bin
kickstart compile time: 4/29/2010 19:00:00 [04/30/2010 02:38:04]
system image file is:    bootflash:/n5000-uk9.4.2.1.N1.1.bin
system compile time:     4/29/2010 19:00:00 [04/30/2010 03:51:47]
thanks
Sheldon

I had identical issue
Two interfaces on two different FEXes were INACTIVE. I have two Nexus 5596 in vPC and A/A FEXes.
I also use config-sync feature.
Very same configuration was applied to other ports on other FEXes and they were working with no problems.
interface Ethernet119/1/1
inherit port-profile PP-Exchange2003
I checked VLAN status associated with this profile and it was active (of course it was, other ports were ok).
I solved it by removing port profile from this port and re-applied it... voila, port changed state to up!
Very very strange.

Error "creating file: 1008:5, -5000 Access Denied Error"

I'm unable to install Flash Player 9 in OS X (10.4.8). I
followed the following tech note:
http://www.adobe.com/go/4aa64290
* I uninstalled Flash Player using the uninstaller
* I repaired disk permissions
* I tried re-installing Flash Player
I still get the error message saying I don't have the
appropriate permissions.
Some background: I'm upgrading from a G5 tower to a new Mac
Pro. I ran the migration utility to copy over my user settings,
apps, etc. I noticed that pages with Flash were crashing the
browser(s) instantly. Of course, that's because the PowerPC version
was previously installed. I uninstalled and tried to re-install.
When I got the above error, searched the support area and found the
tech note saying to uninstall (done), repair permissions (done),
then re-install (fails.)
I'm stumped.
Any suggestions?

I have the same problem, after trying more than a few times
to install the
player, uninstall it, uninstall the Firefox 2, reinstall
Firefox... with the
same result : it says that I need a plugin, and put me to the
page of the Flash
player installer...
I had this new error message after erasing, as it was
proposed on a forum, the
Internet plug-ins directory... "creating file: 1008:5, -5000
Access Denied
Error"
I never had this message before. I have all the rights and
have installed lots
of softwares. I tried to use the terminal way... but this is
a long way for me
on a Mac... I would be able on a PC but I can't even
"navigate to this
directory"...
Do I have to say that this Flash player is now quite
important for lots of web
sites... This is really the first time I have a problem with
Flash. Is it the
Intel Mac ?? No, it seems Windows have also its probs. Thanks
for a reply... or
a solution !

How to create Roles in UME (ABAP+JAVA stack)

Hi,
I have created roles earlier on JAVA stack alone. However, this time I am working on JAVA+ABAP stack. When I am trying to create role in UME, I am getting only two tabs:
General Information
Assigned Groups
I am not getting Assinged Actions tab here.How do I assing actions ?
Can any one please help me in creating roles in ABAP+JAVA stack.
That would be a great help!
Regards
Faisal

HI Faisal,
When ABAP is the UME, you can only edit users / groups that are J2EE only. Any group that is defined in ABAP is read-only for the Java Server to prevent conflicts (there is no synchronization) and has to be changed in ABAP.
Please take a look at this link, which has a great graphic describing this.
http://help.sap.com/saphelp_nw04s/helpdata/en/7c/36dcd59865b246b993c471199ba37a/content.htm
So, if the Java group was created in ABAP, the ABAP user has to have the ABAP role assigned to him, so that he is in the group on the Java server. make sense? The graphic in the link above really explains it well I think.
If you a new / custom Java group (not in ABAP) then you should be able to assign users to it from the Java server.

GRC 10.0 - create role - Edit button inactive

Hi,
when trying to create role ((Business, Composite, Single etc.) in NWBC - AM - RM - Role Maintenance --> 'Create', it`s not possible to enter details as everything is grey and Edit button is inactive.
Also it`s not possible to modify already existing roles which were created using Role Mass Maintenance - Role Import tool. All fields are grey and Edit button is inactive as well.
Settings are checked, role types are active and user has full access.
Did someone have such problem? Any idea what can be missing there?
Thanks in advice for any advice.
Regards,
Aga

Dear Aga,
please check the following note: http://service.sap.com/sap/support/notes/1700890
Hope this helps to understand and fix the issue.
Regards,
Alessandro

How to do Enhancements in Reporting & What is Role and How to create Roles

Hi All,
Can any one tell How to do Enhancements in Reporting, and also What is Role and How to create Roles in Reporting?
Plz reply back me on [email protected]
Regards,
Kiran

Reporting Enhancement - RSR00001 - BW: Enhancements for global variables in reporting
And using the SAP Exit - EXIT_SAPLRRS0_001
RSR00001- With this enhancement to global variables in reporting you have the option of determining your default values for variables. You can use this enhancement for variables, for which 'Processing by Customer-Exit' has been selected in the variable maintenance. This is valid for all variable types (characteristic value, node, hierarchy, formula and text variables). You use the Exit EXIT_SAPLRRS0_001 for this.
The Enhancement component (RSR00001) must be assigned to a Project Created using the Transaction CMOD. On activating the Project, the Exit would become active and in turn the logic written inside the Exit.
To ensure that the data warehousing soultion reflects your company's structure and business needs it is critical that you establish who is authorized to access the data.With SAP BW, Authorizations can be defined and maintained by object and can also be applied to hierarchies and these authorizations can be inserted into roles that are used to determine what type of content is available to specific users or user groups.
T-code for Role maintainence -PFCG.
Please assign points if it is useful.
Regards
Pavan Prakhya

Unable to create PDF report from custom created roles in 12.1

Hi All,
This is something very new to me. I have created all my development under the super admin role,
I have created three roles in the UME and i have assigned the pages to the Roles,
When i execute a transaction which writes the output of a transaction to a PDF from the super admin role everything is working fine.
When i tried to do the same with the user assigned to thet newely created roles, the out of the transaction is not been written.
I am storing the PDF in the WEB tab of xMII and call it when ever used clicks a button.
Can anyone plz help me in this issue.
Regards,
Shyam

Hello Michael,
I am using MII 12.1.4 build 36. For the roles which i have created i have assigned actions like
XMII_User
XMII_OutputStorageServlet
XMII_QualityPortal
XMII_PDFService
XMII_LocalizationService
XMII_PersonalizationService
XMII_AuditService.
When i have the action XMII_FULL_Access is assigned everything is working perfectly,
I have assigned the roles i have created in the security tab of the Query, Display templetes and in the transaction.
The real problem i can figure is that, when we are logging in as super admin the transaction is able to write the output of the transaction to a location in the WEB tab. but when i am logging in as the user assigned to the Cutome role, it is not able to write the output in the scecified location. i am still seeing the last output which i have executed under the super admin role.
Regards,
Shyam

Creating roles in stored procedures

Basically what I want to do is create a roel within a stored procedure with a value that is being passed in. Of course when I try to do 'CREATE ROLE sp.rolename' i am getting errors due to the create. Does anybody have any suggestions to fix this problem??

Hi Tony,
The example u wanted is below:
Declare
lv_stmt := ' Create role < The role u intend to create>
Begin
-- u could this
EXECUTE IMMEDIATE lv_stmt;
-- or this (directly issuing the stmt)
EXECUTE IMMEDIATE
'CREATE ROLE < ur role > ' ;
End;
I hope u've got what u want.... all the best...
Rgds
Kiran

Creating Roles in Nexus 5000

Similar Messages

Maybe you are looking for