Disable openssl on Nexus 7010
I need to restrict management to ssh on Nexus 7010.
I need to turn off or restrict ssl.
or upgrade to a newer version of Openssl
You can restrict access with ACL. Or turn off SSH completely. But you can't install any SSL version you want since the NX-OS is not a regular Linux box.
HTH,
jerry
Similar Messages
-
Hello everyone,
Here is my issue. We have a Nexus 7010 and for the third time now slot 3 will not allow a module to run in it. This is what we have done so far. RMA'd the module and the chassis. When the module is put into another slot it comes up without any issue. The only difference between this chassis and the other one we have is that we only have 2 of the 3 power supplies in it. The chassis itself has 2 sup mods and 3 48 port 10 gig mods. On a side note after we RMA'd the chassis slot 3 worked fine until we configured the new VDC and allocated the card to it. Any help will be appreciated.Yes I am still have this issue. Here is the output you asked for.
show diagnostic result module all
Current bootup diagnostic level: complete
Module 1: 1/10 Gbps Ethernet Module
Test results: (. = Pass, F = Fail, I = Incomplete,
U = Untested, A = Abort, E = Error disabled)
1) ASICRegisterCheck-------------> .
2) PrimaryBootROM----------------> .
3) SecondaryBootROM--------------> .
4) EOBCPortLoopback--------------> .
5) OBFL--------------------------> .
6) PortLoopback:
Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
U U U U U U U U U U U U U U U U
Port 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
U U U U U U U U U U U U U U . .
Port 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
. . . . . . . . . . . U U U . U
7) RewriteEngineLoopback:
Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
. U U U U U U U U U U U U U U U
Port 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
U U U U U U U U U U U U U U U U
Port 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
U U U U U U U U U U U U U U U U
8) SnakeLoopback:
Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Port 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Port 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
9) FIPS:
Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
U U U U U U U U U U U U U U U U
Port 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
U U U U U U U U U U U U U U U U
Port 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
U U U U U U U U U U U U U U U U
10) BootupPortLoopback:
Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Port 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Port 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
Current bootup diagnostic level: complete
Module 5: Supervisor Module-2 (Active)
Test results: (. = Pass, F = Fail, I = Incomplete,
U = Untested, A = Abort, E = Error disabled)
1) ASICRegisterCheck-------------> U
2) USB---------------------------> .
3) NVRAM-------------------------> .
4) RealTimeClock-----------------> .
5) PrimaryBootROM----------------> .
6) SecondaryBootROM--------------> .
7) CompactFlash------------------> .
8) ExternalCompactFlash----------> U
9) PwrMgmtBus--------------------> .
10) SpineControlBus---------------> .
11) SystemMgmtBus-----------------> .
12) StatusBus---------------------> .
13) StandbyFabricLoopback---------> U
14) ManagementPortLoopback--------> .
15) EOBCPortLoopback--------------> .
16) OBFL--------------------------> .
Current bootup diagnostic level: complete
Module 6: Supervisor Module-2 (Standby)
Test results: (. = Pass, F = Fail, I = Incomplete,
U = Untested, A = Abort, E = Error disabled)
1) ASICRegisterCheck-------------> .
2) USB---------------------------> .
3) NVRAM-------------------------> .
4) RealTimeClock-----------------> .
5) PrimaryBootROM----------------> .
6) SecondaryBootROM--------------> .
7) CompactFlash------------------> .
8) ExternalCompactFlash----------> U
9) PwrMgmtBus--------------------> U
10) SpineControlBus---------------> .
11) SystemMgmtBus-----------------> U
12) StatusBus---------------------> U
13) StandbyFabricLoopback---------> .
14) ManagementPortLoopback--------> .
15) EOBCPortLoopback--------------> .
16) OBFL--------------------------> .
Current bootup diagnostic level: complete
Module 8: 1/10 Gbps Ethernet Module
Test results: (. = Pass, F = Fail, I = Incomplete,
U = Untested, A = Abort, E = Error disabled)
1) ASICRegisterCheck-------------> U
2) PrimaryBootROM----------------> .
3) SecondaryBootROM--------------> .
4) EOBCPortLoopback--------------> .
5) OBFL--------------------------> .
6) PortLoopback:
Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
U U U U . . U U U U U U . . U .
Port 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
U U . . . . . . . . . . . . . .
Port 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
. . . . . . . . U U U U U U U U
7) RewriteEngineLoopback:
Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
. U U U U U U U U U U U U U U U
Port 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
U U U U U U U U U U U U U U U U
Port 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
U U U U U U U U U U U U U U U U
8) SnakeLoopback:
Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Port 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Port 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
. . . . . . . . U U U U U U U U
9) FIPS:
Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
U U U U U U U U U U U U U U U U
Port 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
U U U U U U U U U U U U U U U U
Port 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
U U U U U U U U U U U U U U U U
10) BootupPortLoopback:
Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Port 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
Port 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
. . . . . . . . U U U U U U U U
show module
Mod Ports Module-Type Model Status
1 48 1/10 Gbps Ethernet Module N7K-F248XP-25E ok
3 48 1/10 Gbps Ethernet Module N7K-F248XP-25E testing
5 0 Supervisor Module-2 N7K-SUP2 active *
6 0 Supervisor Module-2 N7K-SUP2 ha-standby
8 48 1/10 Gbps Ethernet Module N7K-F248XP-25E ok
Mod Sw Hw
1 6.2(2a) 1.0
3 6.2(2a) 1.0
5 6.2(2a) 1.1
6 6.2(2a) 1.0
8 6.2(2a) 1.0
ISSCSW7010RE-4# show module
Mod Ports Module-Type Model Status
1 48 1/10 Gbps Ethernet Module N7K-F248XP-25E ok
3 48 1/10 Gbps Ethernet Module N7K-F248XP-25E testing
5 0 Supervisor Module-2 N7K-SUP2 active *
6 0 Supervisor Module-2 N7K-SUP2 ha-standby
8 48 1/10 Gbps Ethernet Module N7K-F248XP-25E ok
Mod Sw Hw
1 6.2(2a) 1.0
3 6.2(2a) 1.0
5 6.2(2a) 1.1
6 6.2(2a) 1.0
8 6.2(2a) 1.0
Mod Online Diag Status
1 Pass
3 Untested
5 Pass
6 Pass
8 Pass
Xbar Ports Module-Type Model Status
1 0 Fabric Module 2 N7K-C7010-FAB-2 ok
2 0 Fabric Module 2 N7K-C7010-FAB-2 ok
3 0 Fabric Module 2 N7K-C7010-FAB-2 ok
4 0 Fabric Module 2 N7K-C7010-FAB-2 ok
5 0 Fabric Module 2 N7K-C7010-FAB-2 ok
Xbar Sw Hw
1 NA 1.5
2 NA 1.5
3 NA 1.5
4 NA 1.5
5 NA 1.5
3 48 1/10 Gbps Ethernet Module N7K-F248XP-25E testing
3 48 1/10 Gbps Ethernet Module N7K-F248XP-25E initializing
Mod Ports Module-Type Model Status
1 48 1/10 Gbps Ethernet Module N7K-F248XP-25E ok
3 48 1/10 Gbps Ethernet Module pwr-cycld
5 0 Supervisor Module-2 N7K-SUP2 active *
6 0 Supervisor Module-2 N7K-SUP2 ha-standby
8 48 1/10 Gbps Ethernet Module N7K-F248XP-25E ok
Mod Power-Status Reason
3 pwr-cycld Unknown. Issue show system reset mod ...
Mod Sw Hw
1 6.2(2a) 1.0
5 6.2(2a) 1.1
6 6.2(2a) 1.0
8 6.2(2a) 1.0
Mod MAC-Address(es) Serial-Num
1 e4-c7-22-17-c0-8c to e4-c7-22-17-c0-bf JAF1802ANEA
5 84-78-ac-1c-fa-0f to 84-78-ac-1c-fa-21 JAF1721AQPC
6 84-78-ac-14-cb-16 to 84-78-ac-14-cb-28 JAF1713BAKS
8 e8-ed-f3-38-7b-08 to e8-ed-f3-38-7b-3b JAF1733ARPG
Mod Online Diag Status
1 Pass
5 Pass
6 Pass
8 Pass
Xbar Ports Module-Type Model Status
1 0 Fabric Module 2 N7K-C7010-FAB-2 ok
2 0 Fabric Module 2 N7K-C7010-FAB-2 ok
3 0 Fabric Module 2 N7K-C7010-FAB-2 ok
4 0 Fabric Module 2 N7K-C7010-FAB-2 ok
5 0 Fabric Module 2 N7K-C7010-FAB-2 ok
Xbar Sw Hw
1 NA 1.5
2 NA 1.5
3 NA 1.5
4 NA 1.5
5 NA 1.5
2014 Aug 5 11:49:19 -MAF %$ VDC-2 %$ %PLATFORM-2-MOD_DETECT: Module 3 detected () Module-Type 1/10 Gbps Ethernet Module Model N7K-F248XP-25E
2014 Aug 5 11:49:19 MAF %$ VDC-2 %$ %PLATFORM-2-MOD_PWRUP: Module 3 powered up (
2014 Aug 5 11:49:19 %$ VDC-1 %$ %PLATFORM-2-MOD_DETECT: Module 3 detected ) Module-Type 1/10 Gbps Ethernet Module Model N7K-F248XP-25E
2014 Aug 5 11:49:19 %$ VDC-1 %$ %PLATFORM-2-MOD_PWRUP: Module 3 powered up () -
Critical Alarm for Nexus 7010 device
Hi Team,
We are getting Critical Alarm for the Data center device Nexus 7010 continuously from 28-Oct.
error (device hde1) in start_transaction: Journal has aborted - kernel
2012 Oct 29 10:00:18.227 DC-Core-Switch2 29 10:00:18 %KERN-2-SYSTEM_MSG: EXT3-fs
error (device hde1) in start_transaction: Journal has aborted - kernel
2012 Oct 29 10:28:37.497 DC-Core-Switch2 29 10:28:37 %KERN-2-SYSTEM_MSG: EXT3-fs
error (device hde1) in start_transaction: Journal has aborted - kernel
2012 Oct 29 10:28:42.398 DC-Core-Switch2 29 10:28:42 %KERN-2-SYSTEM_MSG: EXT3-fs
Also attaching the complete logs collected for this device and suggest if there is any Hardware related issue or some Software related issue.
Regards,
AshutoshHello
hde1 is the logflash device. Looks like there were IO errors and the kernel mounted the fs read-only. You can try to reload the device and if logflash will come back up fine after the reload, its a transient issue; if the issue comes back, the logflash device most likely is damaged bad and needs to be replaced. You will need to open a service request with TAC to get it replaced.
HTH,
Alex -
Nexus 7010 bgp state change alert not triggered to NNM
Hi ,
BGP state change alert not triggered to NNM on Nexus -7010 for Monitoring.
Details of the Device:
Nexus 7010 :
Software
BIOS: version 3.22.0
kickstart: version 5.1(3)
system: version 5.1(3)
BGP neighbor status :
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.1.2 4 65505 5089234 5194515 51359 0 0 6w2d 391
172.16.1.3 4 65505 5044293 5146859 51359 0 0 30w4d 378
172.31.11.3 4 15404 120744 114811 51359 0 0 1w6d 1
172.31.42.3 4 65501 5261796 5264413 51359 0 0 2d06h 0
Snmp trap enabled:
snmp-server user admin network-admin auth md5 0x690c4ede8a88ba7f2de791dbe7a77f0a
priv 0x690c4ede8a88ba7f2de791dbe7a77f0a localizedkey
snmp-server host 172.30.0.55 traps version 2c xxxx
snmp-server enable traps bgp
Downloaded cisco-bgp4-mib version, bgp4-mib tried and performed snmpwalk as given below
nnmsnmpwalk.ovpl -c xxx 172.31.15.130 .1.3.6.1.4.1.9.9.187.0.6
Error : No MIB objects contained under subtree
nnmsnmpwalk.ovpl -v 2 -c xxx 172.31.15.130 .1.3.6.1.2.1.15.3.
No MIB objects contained under subtree
Kindly advise to resolve the issue
Regards
HariYou can set an alert for Warning State. This is feasible.
Juke Chou
TechNet Community Support -
Nexus 7010 fabric extender timing out
Hello -
We have a Nexus 7010 and we are testing out using the fabric extenders for a need. We have a demo 2224 unit and have it connected to our M132XP-12 10G blade in the 7K but the FEX won't come online. I would have figured a possible software incompatability but looking at the supported list for that as well as hardware everything seems to be in order. This is what the status shows after it spends about 15 mins in the image download state.
FEX: 111 Description: FEX0111 state: Offline
FEX version: 4.2(1)N2(1a) [Switch version: 5.1(2)]
FEX Interim version: 4.2(1)N2(1a)
Switch Interim version: 5.1(2)
Module Sw Gen: 21 [Switch Sw Gen: 21]
pinning-mode: static Max-links: 1
Fabric port for control traffic: Eth2/20
Fabric interface state:
Po11 - Interface Up. State: Active
Eth2/20 - Interface Up. State: Active
Fex Port State Fabric Port Primary Fabric
This is looped in the log details until it times out:
04/25/2011 15:31:41.986978: Module register received
04/25/2011 15:31:41.987713: Registration response sent
04/25/2011 15:31:41.987889: Requesting satellite to download image
04/25/2011 15:32:00.105031: Module register received
04/25/2011 15:32:00.105779: Registration response sent
04/25/2011 15:32:00.105956: Requesting satellite to download image
04/25/2011 15:32:20.191181: Module register received
04/25/2011 15:32:20.191957: Registration response sent
04/25/2011 15:32:20.192144: Requesting satellite to download image
We ran a debug during this and these entries are displayed when looking for errors.
2011 Apr 25 15:30:31.443745 fex: Reg resp: Failed to get card info for swcardid 132
2011 Apr 25 15:30:35.472721 fex: Cardinfo: Unknown card id to get (132)
2011 Apr 25 15:30:35.472753 fex: Reg resp: Failed to get card info for swcardid 132
2011 Apr 25 15:30:41.495302 fex: Cardinfo: Unknown card id to get (132)
I'm still doing some more searching which so far hasn't turned up much, wanted to see if anyone has some other insight??
Thanks!Hi Jack -
Thanks for the response. Unfortunately, yes that is already complete. I was hoping that would be an easy fix. When we upgraded to 5.1(2) we did the 5.1 EPLD. I ran the install all impact command noted below for the 5.1 EPLD just to make sure it didn't report anything else as needing upgrade.
sho install all impact epld bootflash:n7000-s1-epld.5.1.1.img
Compatibility check:
Module Type Upgradable Impact Reason
1 LC Yes disruptive Module Upgradable
2 LC Yes disruptive Module Upgradable
5 SUP Yes disruptive Module Upgradable
1 Xbar Yes disruptive Module Upgradable
2 Xbar Yes disruptive Module Upgradable
3 Xbar Yes disruptive Module Upgradable
1 FAN Yes disruptive Module Upgradable
2 FAN Yes disruptive Module Upgradable
3 FAN Yes disruptive Module Upgradable
4 FAN Yes disruptive Module Upgradable
Copy complete, now saving to disk (please wait)...
Retrieving EPLD versions... Please wait.
Images will be upgraded according to following table:
Module Type EPLD Running-Version New-Version Upg-Required
1 LC Power Manager 4.008 4.008 No
1 LC IO 1.006 1.006 No
1 LC Forwarding Engine 1.006 1.006 No
1 LC SFP 1.004 1.004 No
2 LC Power Manager 4.008 4.008 No
2 LC IO 1.016 1.016 No
2 LC Forwarding Engine 1.006 1.006 No
2 LC FE Bridge(1) 186.006 186.006 No
2 LC FE Bridge(2) 186.006 186.006 No
2 LC Linksec Engine(1) 2.006 2.006 No
2 LC Linksec Engine(2) 2.006 2.006 No
2 LC Linksec Engine(3) 2.006 2.006 No
2 LC Linksec Engine(4) 2.006 2.006 No
2 LC Linksec Engine(5) 2.006 2.006 No
2 LC Linksec Engine(6) 2.006 2.006 No
2 LC Linksec Engine(7) 2.006 2.006 No
2 LC Linksec Engine(8) 2.006 2.006 No
5 SUP Power Manager 3.009 3.009 No
5 SUP IO 3.028 3.028 No
5 SUP Inband 1.008 1.008 No
5 SUP Local Bus CPLD 3.000 3.000 No
5 SUP CMP CPLD 6.000 6.000 No
1 Xbar Power Manager 2.010 2.010 No
2 Xbar Power Manager 2.010 2.010 No
3 Xbar Power Manager 2.010 2.010 No
1 FAN Fan Controller (1) 0.007 0.007 No
1 FAN Fan Controller (2) 0.007 0.007 No
2 FAN Fan Controller (1) 0.007 0.007 No
2 FAN Fan Controller (2) 0.007 0.007 No
3 FAN Fan Controller (1) 0.007 0.007 No
3 FAN Fan Controller (2) 0.007 0.007 No
4 FAN Fan Controller (1) 0.007 0.007 No
4 FAN Fan Controller (2) 0.007 0.007 No -
We currently have two Nexus 7010 with 5.0(2a) as system images.
We would need to know the correct upgrade path to 6.1(1). On the release notes it reads the path is from 4.2(8), 5.0(5) or 5.1(6) to 5.2(5) then to 6.1(1).
Also if ISSU is possible or, because we may need to upgrade EPLD, if there is no upgrade path to do a non-disruptive upgrade.You probably need to dig a little deeper to get a definitive answer (sup1 or 2, type of cards, etc..) but here is a diagram in the release notes for 6.1 found here:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/release/notes/61_nx-os_release_note.html
If this posts answers your question or is helpful, please consider rating it and/or marking as answered. -
Question about Nexus 7010.
Hello everybody,
Just a quick question, how do you restore a running-config (or a Nexus .bin file) to a Nexus 7010. Is it thesame process as the IOS base scenario. Please explain and help. Thank you in advance.
--chieCopy tftp: running-config should work. See below there are other options as well.
NX7K02-agg# copy ?
bootflash: Select source filesystem
core: Select source filesystem
debug: Select source filesystem
ftp: Select source filesystem
log: Select source filesystem
logflash: Select source filesystem
nvram: Select source filesystem
running-config Copy running configuration to destination
scp: Select source filesystem
sftp: Select source filesystem
slot0: Select source filesystem
startup-config Copy startup configuration to destination
system: Select source filesystem
tftp: Select source filesystem
usb1: Select source filesystem
usb2: Select source filesystem
volatile: Select source filesystem
NX7K02-agg# copy tftp: ?
bootflash: Select destination filesystem
debug: Select destination filesystem
log: Select destination filesystem
logflash: Select destination filesystem
nvram: Select destination filesystem
running-config Copy from source to running configuration
slot0: Select destination filesystem
startup-config Copy from source to startup configuration
system: Select destination filesystem
usb1: Select destination filesystem
usb2: Select destination filesystem
volatile: Select destination filesystem
NX7K02-agg# copy tftp: running-config -
Hi all.
The problem.
Today I updated my Nexus 7010 sup1 from 6.1.4a to 6.2.8.
I want did it in ISSU mode, but after impact check I got this:
Compatibility check is done:
Module bootable Impact Install-type Reason
1 yes non-disruptive rolling
2 yes non-disruptive rolling
3 yes non-disruptive rolling
4 yes non-disruptive rolling
5 yes disruptive reset Some LACP ports not in steady state or operating in 'rate fast' mode.
6 yes disruptive reset Some LACP ports not in steady state or operating in 'rate fast' mode.
7 yes non-disruptive rolling
8 yes non-disruptive rolling
9 yes non-disruptive rolling
10 yes non-disruptive rolling
Additional info for this installation:
Service "lacp" in vdc 1: LACP: Upgrade will be disruptive as 6 switch ports and 0 fex ports are not upgrade ready!!
Issue the "show lacp issu-impact" cli for more details.
(modified the impact to <Hitful> for module <6>)
Do you want to continue with the installation (y/n)? [n] y
I went on with yes and update script reboot both sups after updated all modules.
It was quite a surprise for me (yes I know I must see word "disruptive" opposite my sups 5 and 6). Because I already had done two ISSU updates on two nexuses (from 5.1.* ->5.2.7 and 5.2.7 -> 6.1.4a) and didn`t have any trouble with LACP timers. Is it a new feature of the 6.* train?
I have another Nexus that I want to update. And it also has same problem with LACP timers.
show install all impact give me the same disruptive result because of LACP.
Can I somehow suppress such ISSU behavior? In case of LACP. I don`t have vPC, just ordinal PC.
It is a way better if some LACP interfaces flap in process, than an almost 14 minutes of all 7010 chassis reboot that I had.
Although problem with LACP timers is that they must be the same on the switch side and on the other side. And in case of switches, linux boxes or HP VCs changing LACP timers isn`t a big problem. IT is a biggg problem in case of the Windows Server.
sh lacp interface ethernet 8/13
Interface Ethernet8/13 is up
Channel group is 13 port channel is Po13
Local Port: Eth8/13 MAC Address= 40-55-39-23-1e-c1
System Identifier=0x8000, Port Identifier=0x8000,0x80d
Operational key=12
LACP_Activity=active
LACP_Timeout=Long Timeout (30s)
Neighbor: 0x1
MAC Address= ac-16-2d-a4-f2-54
System Identifier=0xffff, Port Identifier=0xff,0x1
Operational key=17
LACP_Activity=active
LACP_Timeout=short Timeout (1s)
They must be the same and equal 30s for successful ISSUYou probably need to dig a little deeper to get a definitive answer (sup1 or 2, type of cards, etc..) but here is a diagram in the release notes for 6.1 found here:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/release/notes/61_nx-os_release_note.html
If this posts answers your question or is helpful, please consider rating it and/or marking as answered. -
MGTM0 Interface only in Admin VDC in Nexus 7010
Hi guys,
I created two new VDCs in a Nexus 7010 (NX-OS 6.2.6) and I can see the MGTM0 interface only in the Admin VDC
I wanted to see the MGTM0 in all VDCs.
Does someone get this problem too ?
My Best Regards,
Andre Gustavo LomonacoHi Reza,
Thanks for your reply.
If the user run the setup wizard, the interface mgtm0 will be created in VDC.
If the user don't run the setup wizard, the interface mgtm0 will not be created and you will need
to only use the interface mgtm 0 command to create the interface.
Thanks a lot -
How to do routing on N7K-F248XP-25E (Nexus 7010) ?
Hi all,
Please educate me the following scenario : I have Nexus 7010 with 2 L3 modules, N7K-M132XP-12L and N7K-M148GT-11L. Now to increase more ports for end devices, I add in the module N7K-F248XP-25E and believe it's for Layer 2 switching only. Is there a way to do routing on these L2 modules without having to go to the L3 modules ? Thanks for all help.Is there a way to do routing on these L2 modules without having to go to the L3 modules ?
No. If you have an M1/M2 card and routing is enabled, the F2E card will "step down" and do Layer 2 work. All Layer 3 work will be done by the M1/M2 card. -
Data Center Hall Temperature for Cisco Nexus 7010
Hi,
I Have a Nexus 7010 that sometimes raise an alarm about temperature thresholds that are being exceeded.... I was wondering if Cisco has a recommendation (or best practice) about the correct temperature that the Nexus need in the cold and hot hall of the data room. I know that the operative temperature of nexus is 0 - 40°C but i´m not sure if my halls are in the best temperature.Hi Salvador,
As long as you keep your Data Center environment in this operative range your N7K will be fine.
The usual is around 18°C and 24°C.
Richard -
Hi,
Can any one please let me know how to enable http/https access on cisco nexus 7010
Regards
Asif NaveedFollowing objects from conventional CISCO-PROCESS-MIB provides you details on CPU on devices:
cpmCPUTotal5secRev 1.3.6.1.4.1.9.9.109.1.1.1.1.6
cpmCPUTotal1minRev 1.3.6.1.4.1.9.9.109.1.1.1.1.7
cpmCPUTotal5minRev 1.3.6.1.4.1.9.9.109.1.1.1.1.8
Following document will be helpful as well:
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a94.shtml
As many MIBs are not completely implemented on NX-OS so there is one more MIB which can help, i.e CISCO-SYSTEM-EXT-MIB :
cseSysCPUUtilization(1.3.6.1.4.1.9.9.305.1.1.1)
Unlike the averaged values from CISCO-PROCESS-MIB, cseSysCPUUtilization returns an un-smoothed value and typically shows more erratic results. It only shares the the average utilization of CPU on the active supervisor. So usually it is recommended to use the CISCO-PROCESS-MIB, ie. cpmCPUTotal5secRev instead.
-Thanks
Vinod
**Rating Encourages contributors, and its really free. ** -
Nexus 7010 mgmt0 useage opinion
As a Senior Network Engineer I have entered into a bit of a debate with our Architect about the use of the mgmt0 interfaces on the nexus 7010 switch (dual-sups, M2 and F2 linecards).
I would like to know opinion of the Cisco support network.
I believe the mgmt0 interface should left alone for control plane traffic only and Out Of Band management access (ie ssh). At the moment I have made a subnet for all VDCs with the mgmt0 (vrf management) sitting in a common subnet. The physical mgmt0 interfaces from both SUPs are connected a management hand off switch. The mgmt0s also serves as our control plane for VPCs. The VPC peer-link however is using main interfaces of the line-cards.
The opinions;
- The Architect thinks we should use all the mgmt0 interfaces for snmp, ntp, tacacs netflow-analysis and switch management.
- However, I think I should use a traditional Loopback to perform these functions within the linecards. The mgmt0 should only be used if traditional restricted switch access has failed.
My Basis;
the Loopback never goes down, uses multiple paths (the OOB hand off switch could fail closing switch management access completely). The mgmt0 should be used as a last resort of management access to CMP.
Thoughts please - CheersI see your point about wanting to mitigate the impact of losing the OOB switch. I don't think the mgmt0 interface going down is considered the level of failure that will trigger a Supervisor switchover though. That's the way I read the Nexus 7000 HA whitepaper (and what I've seen based on some limited experience with taking apart a 7k pair).
So, no the 7k can't send you an SNMP trap or syslog message if it's configured management path is offline. Mitigation of that could be via your NMS polling the devices's mgmt0 addresses. No response = trouble in paradise. Investigation step would be to log into the 7ks using the loopback IP and local authentication since your TACACS source-interface (mgmt0) is offline and going from there.
The handful I've built (mostly 5k setups) I go for a Cat 3k switch with dual power supplies as the OOB switch. Once one of those is setup and seen not to be DOA, it's generally going to stay up until someone goes in and uplugs it or initiates a system reload. -
Hi,
I needed to add vlans on the bladecenter, So added to ports on the bladecenter and then to the main trunk port of BC as well as i created the vlan on BC.
This BC connects to two main NEXUS 7010 core switch, I added to trunk port of these switches as well and vlan was already created in the nexus core switch.
but i was unable to ping the subnet gateway from the nexus core switch and gets the error as "no route to host"
Is this something there is no routing define for this subnet. As OSPF is running on the core switch.
Thanks
SagarThanks Alex
VLAN was allowed on the trunk, everything related vlan is fine.
but there was no static route defined on the switch as the routing for the subnet was done on the firewall
so what i thought is to give a static route for network with next hop as firewall interface and guess what it started to work
Thanks
Sagar -
Nexus 7010 Loses Config after power off
Recently we installed a pair of Nexus 7010's and we recently moved them to an APC rack better suited for their size. Upon powering them up we found out that the VDC's lost their configurations. The VDC's and the alloated resources were still there as well as the default VDC configuration but the other 2 we have configured had their configurations missing. We have been observing best practices and saving the configuration to NVRAM with the copy run start comand as well as the copy run start vdc-all commands yet the configurations were still lost.
Can anyone shed some light on what the problem may be?
Thank you in advance for your help!We had the same issue TAC told us to reset the supv
,,,,, you might want to save your config ;-) it worked for us
Maybe you are looking for
-
I am trying to find a power supply for the sony DRX-720 DVD/CD AND THE PRICE
I am trying to find a power adapter for the sony DRX-720UL DVD/CD Rewritable Drive and the cost?
-
Using 'Function Returning SQL Query' with Flash charts
I have created a pl/sql function that returns a SQL query as a varchar2 of this form: select null link <x value> value <Series1 y value> Series 1 Label <Series2 y value> Series 2 Label <Series3 y value> Series 3 Label from tablea a join tableb b on a
-
AdvancedDataGrid headerrenderer children added dynamically do not display
The AdvancedDataGrid in Flex 3.x does not correctly render children of a custom headerrenderer when the children are added dynamically. This works correctly with the DataGrid. An AdvancedDataGrid has a custom headerrenderer with one field to display
-
Cant understand this exception
hai forum, Please help me understand this error. I am selecting class files using filechooser.When i selected A.class from a directory this exception was thrown.Kindly tell me what this exception says. And i dont face this exception with a particular
-
I need to create a GUI with a JPanel showing a plot, and on the bottom left corner I'd like to have a JTable showing some data. The LayeredPane would be real nice to do that. I tried but the objects in the LayeredPane did not resize with the window.