Distribute List Nexus 7000 / OSPF

Similar Messages

• Nexus: multiple ip distribute-list eigrp statements allowed ?

  Hi,
  I need to clarify if Nexus 7K (NX-Os 6.1(3) ) supports multiple "ip distribute-list eigrp" statements in interface configuration.
  Currently, there is already one statement to only allow default GW (0.0.0.0) routing information be sent.
  I need to allow a few more specific routes to be shared with the facing device.
  Can i have several distribute-list statements on the same interface ?
  Or it it mandatory to handle this at the ip prefix-list level with multiple allow/deny rules.
  I'm in a situation where i want to ammend the configuration without modifying existing objects or have to removed those who turned unused.
  According to Cisco general EIGRP documentation, multiple seems to be accepted.
  However, GNS3 simulator with a 7200VXR show that the new statement replaces the former one !
  Moreover, Nexus logic is often different and i didn't capture any clear statement for this in Nexus specific documentation.
  Needless to says that I have no test plateforme and no possibility to test that for the moment.
  If someone can confirm it's supported, i would appreciate.
  Thx

  Hi,
  I don't have a setup where I can try to see if this actually has the effect you're after, but you can certainly apply more than one distribute-list to an interface.
  N7K-2(config-if)# ip distribute-list eigrp DIST_LIST route-map FRED outN7K-2(config-if)# ip distribute-list eigrp DIST_LIST1 route-map FRED1 outN7K-2(config-if)# ip distribute-list eigrp DIST_LIST2 route-map FRED2 outN7K-2(config-if)# sh run int eth3/1!Command: show running-config interface Ethernet3/1!Time: Mon Feb  3 23:04:01 2014 version 5.2(1)interface Ethernet3/1  ip address 1.1.1.1/24  ip distribute-list eigrp DIST_LIST route-map FRED out  ip distribute-list eigrp DIST_LIST1 route-map FRED1 out  ip distribute-list eigrp DIST_LIST2 route-map FRED2 out  no shutdown N7K-2(config-if)#
  Regards

• Distribute list in Nexus 7K to allow only default route

  Hi All,
  We are about to migrate our core routers into two Nexus 7Ks with four VDCs each.
  I was planning to permit only the default route (0.0.0.0) into the building aggregation switch (Cisco 6509). I planned to use distribute-list as I have done it in IOS and I could allow it through any specific interface I want.
  Well, how do I do that in Nexus 7K? I don't see any distrubute list option. I can use prefix list, but then how do I specify the particular interface?
  Many thanks in advance.
  Mondal
  CCIE #29034

  Well, I found my own answer!
  Here is the command that goes on the Interface. I kept typing IP eigrp and hence did not get any option! Thanks for looking. You do offset-list the same way.
  ip distribute-list eigrp Test1 route-map EigrpTest in

• LMS 4.2.2 Interface utilisation on Nexus 7000

  Hi All,
  I'm trying to poll some interfaces for their utilization on a nexus 7000 through LMS 4.2.2.
  When I create a poller fot the specific instances, the LMS recognises the instances, but after activating the poller I get the error "No Such Instance - The specified instance is not available".
  No info is displayed when I generate an interface utilization report for the specific nexus.
  When I activate the automonitor for interface utilization, the interfaces on the nexus are polled.
  On the cisco website there are some features listed which LMS does not support on the Nexus 7000, but polling is not in that list (neither in the supported feature list).
  Any tips?
  Thanks for your help.
  Joris

  Any Idea..??

• ESXi 4.1 NIC Teaming's Load-Balancing Algorithm,Nexus 7000 and UCS

  Hi, Cisco Gurus:
  Please help me in answering the following questions (UCSM 1.4(xx), 2 UCS 6140XP, 2 Nexus 7000, M81KR in B200-M2, No Nexus 1000V, using VMware Distributed Switch:
  Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000?
  Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned?
  Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct?
  Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES?
  I would really appreciate if someone can help me clear these lingering doubts of mine.
  God Bless.
  SiM

  Sim,
  Here are my thoughts without a 1000v in place,
  Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000?   //Yes, for vPC to UCS the best practice is to bowtie uplink to (2) 7K or 5Ks.
  Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned? //The port channel will be configured on both the UCSM and the 7K. The pro of a port channel would be both bandwidth and redundancy. vPC would be prefered.
  Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct? //Without the 1000v, I always tend to leave to dvSwitch load balence behavior at the default of "route by portID". 
  Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES? UCS can perform L2 but Northbound should be performing L3.
  Cheers,
  David Jarzynka

• Nexus 5K OSPF with vPC

  Hi,
  I know it is well documented using IGP's, more specifically OSPF with 7K's and vPC's but when it comes to the same thing on 5K's I am still a little confused.
  My topology is:
  5K01 and 5K02 are connected and are vPC peers, I currently have a management network on VLAN 114, both 5k's have SVI's on this and are currently OSPF neighbors over their vPC using this vlan.
  I have an MPLS router (service provider PE) which is 2 routers but clustered so logically in this instance it is one router, the 5 k's will be conecting to this PE router via some switches over a vPC and needs to become a OSPF neighbor to both the 5K's.
  Looking at this post:
  http://adamraffe.com/2013/03/08/l3-over-vpc-nexus-7000-vs-5000/
  It suggests that I can just add VLAN 114 to the vPC up to tyhe PE and turn OSPF on on the interface on the PE, although this will not support Multicast and I don't really want to restrict myself as this may be a future requirement.
  What I thought might be a better solution would be to designate a new vlan and allow it on the vPC up to the PE and use that for the OSPF neighborships between the 5K's and the PE and not allowing it over the vPC peer link - leaving the 5K's neighborship over vlan 114.
  Can someone tell me what the best practice/supported topology is here and maybe provide some cisco links?
  Thanks a lot in advance.

  You have to be very careful when configuring L3 services and interfaces while using VPC. 
  Take a look at this document:
  http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf
  Also, take a look at this post:
  http://bradhedlund.com/2010/12/16/routing-over-nexus-7000-vpc-peer-link-yes-and-no/
  You can create a vlan used exclusively for Nexus-to-Nexus iBGP peering.  Use a new 'access' link between the two switches and place them on the new vlan.  Make sure that this VLAN does not traverse the VPC peer link.  Then, create SVIs on each switch for that VLAN and peer over that link.  Then, you can create a L3 link on each nexus to peer with your eBGP neighbors.
  The point you want to make sure you understand is the VPC loop prevention mechanism that says "If a packet is received on a VPC port, traverses the VPC peer link, it is not allowed to egress on a VPC port."

• Smart call home - HTTPS transport from the Nexus 7000 to Cisco

  hi
  i try configured call home on nexus 7000 with https transport and proxy server
  i follow this guide -
  http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/QuickStart_NX7000.pdf
  and configured this :
  callhome
    email-contact XXXXXXXXXXX
    phone-contact XXXXXXXXXXX
    streetaddress XXXXXXXXXXXXXXXX
    destination-profile CiscoTAC-1 transport-method http
    destination-profile CiscoTAC-1 http https://tools.cisco.com/its/service/oddce/services/DDCEService
     transport http use-vrf management
    transport http proxy server XXXXXXXXXX port 8080                --------- XXXXXXXXX = my proxy server
    transport http proxy enable
    enable
    periodic-inventory notification interval  30
  i have a problem to install the security certificate , i follow thw guide but i get the error :
  failed to load or parse certificate
  could not perform CA authentication
  when i try test call home eith the command : callhome test
  trying to send test callhome message
  warning:no callhome message sent
  email configuration incomplete for destination profile:full_txt
  email configuration incomplete for destination profile:short_txt
  Error in transporting http message for CiscoTAC-1
  http: Received HTTP code 407 from proxy after CONNECT
  i guess the problem is because i didnt install the certificate , how can i install the certificate ?
  is this the real problem ?

  I agree with Bryan that the easiest proxy server to setup for the  nexus 7000 is the Transport Gateway. The documentation (certificates) is  setup to allow you to connect to a Cisco Transport Gateway or directly  into tools.cisco.com. Both have a Cisco certificate.
  But that doesn't explain your issue. To answer your issue, you need to look here
  http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/SCH31_Ch6.html#wp1039385
  except  you need your proxy server's chained certificate in PEM format since  the Nexus 7000 is going to terminate at your proxy server. Take a look  at this line in the documentation.
  Input (cut & paste) the CA certificate (chain) in PEM format
  The error code 407 you indicated makes sense and  indicates "Proxy Authentication Required". You need the certificate  installed first. NX-OS uses the openssl crypto library to implement the  cert-pki feature if that helps. A complete certificate chain is required. Also,  you might make sure the CRL (certificate revocation list) is set to none  so it doesn't do that first.
  revocation-check none
  The 4 chained certificates given in the documentation are tools.cisco.com.cer, Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer,  Verisign-Root-CA.cer. The non-nexus 7000 devices just use the last one. Most likely you need a certificate that looks like
  your proxy server.cer,Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer,  Verisign-Root-CA.cer
  If you are using your own root CA (which typically are taken  off-line after authorizing subordinate CAs for security reasons) , then  make sure that their certificates are in the correct order to be  processed so each can be authenticated.
  Now you can see why a Cisco proxy server (Transport Gateway) is easier to setup.

• EtherChannel problem on Nexus 7000

  Dear NetPro gurus,
  One of my customer is trying to setup an EtherChannel (LACP) on a pair of Nexus 7000.  However, doesn't matter what we do, the port Eth 1/17 always become suspended.  We have tried swapping fiber cables and also swapping SFPs, but no help.
  The 1st Nexus 7010 - called 'VIWLRCA'
  The 2nd Nexus 7010 - called 'VIWLRCB'
  Originally port eth 1/17 are left as 'normal' trunk port, and we can see eth 1/17 shows up fine under 'show interface brief'
  viwlrca-PROD# sh run int eth 1/17
  interface Ethernet1/17
    switchport
    switchport mode trunk
    udld disable
    no shutdown
  viwlrca-PROD# sh run int eth 1/18
  interface Ethernet1/18
    switchport
    switchport mode trunk
    udld disable
    channel-group 20 mode active
    no shutdown
  viwlrca-PROD# sh int brief
  Ethernet      VLAN    Type Mode   Status  Reason                   Speed     Port
  Interface                                                                    Ch #
  Eth1/17       1       eth  trunk  up      none                        10G(S) --
  Eth1/18       1       eth  trunk  up      none                        10G(S) 20
  Eth1/19       --      eth  routed down    SFP not inserted           auto(S) --
  Eth1/20       --      eth  routed down    SFP not inserted           auto(S) --
  Eth1/21       --      eth  routed down    Administratively down      auto(S) --
  Eth1/22       --      eth  routed down    Administratively down      auto(S) --
  Eth1/23       --      eth  routed down    Administratively down      auto(S) --
  Eth1/24       --      eth  routed down    Administratively down      auto(S) --
  Eth2/25       --      eth  routed down    Administratively down      auto(D) --
  Eth2/26       --      eth  routed down    Administratively down      auto(D) --
  Eth2/27       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/28       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/29       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/30       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/31       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/32       --      eth  routed down    SFP not inserted           auto(D) --
  viwlrca-PROD#
  But as soon as I add the Eth 1/17 back onto PortChannel 20
  The Eth 1/17 becomes "Suspended" straight away
  viwlrca-PROD# sh int brief
  Ethernet      VLAN    Type Mode   Status  Reason                   Speed     Por
  t
  Interface                                                                    Ch
  Eth1/17       1       eth  trunk  down    suspended                  auto(S) 20
  Eth1/18       1       eth  trunk  up      none                        10G(S) 20
  Eth1/19       --      eth  routed down    SFP not inserted           auto(S) --
  Eth1/20       --      eth  routed down    SFP not inserted           auto(S) --
  Eth1/21       --      eth  routed down    Administratively down      auto(S) --
  Eth1/22       --      eth  routed down    Administratively down      auto(S) --
  Eth1/23       --      eth  routed down    Administratively down      auto(S) --
  Eth1/24       --      eth  routed down    Administratively down      auto(S) --
  Eth2/25       --      eth  routed down    Administratively down      auto(D) --
  Eth2/26       --      eth  routed down    Administratively down      auto(D) --
  Eth2/27       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/28       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/29       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/30       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/31       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/32       --      eth  routed down    SFP not inserted           auto(D) --
  viwlrca-PROD#
  viwlrca-PROD# sh port-channel summary
  Flags:  D - Down        P - Up in port-channel (members)
          I - Individual  H - Hot-standby (LACP only)
          s - Suspended   r - Module-removed
          S - Switched    R - Routed
          U - Up (port-channel)
          M - Not in use. Min-links not met
  Group Port-       Type     Protocol  Member Ports
        Channel
  20    Po20(SU)    Eth      LACP      Eth1/17(s)   Eth1/18(P)  
  viwlrca-PROD#
  Config on Primary Nexus:-
  viwlrca-PROD# sh run
  !Command: show running-config
  !Time: Tue Mar 22 06:04:26 2011
  version 5.1(1a)
  hostname PROD
  cfs eth distribute
  feature udld
  feature interface-vlan
  feature lacp
  feature vpc
  feature vtp
  username admin password 5 $1$pkJaKHZW$Sx4wpDG5xXYkD.QfDk/Cg.  role vdc-admin
  no ip domain-lookup
  ip domain-name vfc.com
  crypto key param rsa label viwlrca-PROD.vfc.com modulus 2048
  snmp-server user admin vdc-admin auth md5 0x05f7328e3b39a70be09abc3056ec2819 pri
  v 0x05f7328e3b39a70be09abc3056ec2819 localizedkey
  vrf context management
  spanning-tree pathcost method long
  spanning-tree port type edge bpduguard default
  spanning-tree loopguard default
  spanning-tree vlan 1-3967,4048-4093 priority 4096
  interface Vlan1
  interface Vlan161
    ip address 172.30.161.2/24
  interface Vlan162
    ip address 172.30.162.2/24
  interface Vlan163
    ip address 172.30.163.2/24
  interface Vlan164
    ip address 172.30.164.2/24
  interface Vlan165
    ip address 172.30.165.2/24
  interface Vlan190
    ip address 172.30.190.2/24
  interface port-channel20
    switchport
    switchport mode trunk
  interface Ethernet1/17
    switchport
    switchport mode trunk
    udld disable
    channel-group 20 mode active
    no shutdown
  interface Ethernet1/18
    switchport
    switchport mode trunk
    udld disable
    channel-group 20 mode active
    no shutdown
  interface Ethernet1/19
  interface Ethernet1/20
  interface Ethernet1/21
  interface Ethernet1/22
  interface Ethernet1/23
  interface Ethernet1/24
  interface Ethernet2/25
  interface Ethernet2/26
  interface Ethernet2/27
  interface Ethernet2/28
  interface Ethernet2/29
  interface Ethernet2/30
  interface Ethernet2/31
  interface Ethernet2/32
  interface Ethernet2/33
  interface Ethernet2/34
  interface Ethernet2/35
  interface Ethernet2/36
  interface Ethernet3/25
  interface Ethernet3/26
  interface Ethernet3/27
  interface Ethernet3/28
  interface Ethernet3/29
  interface Ethernet3/30
  interface Ethernet3/31
  interface Ethernet3/32
  interface Ethernet3/33
  interface Ethernet3/34
  interface Ethernet3/35
  interface Ethernet3/36
  line vty
  viwlrca-PROD#
  Config for Secondary Nexus 7000
  VIWLRCB-PROD# sh run
  !Command: show running-config
  !Time: Tue Mar 22 09:19:22 2011
  version 5.1(1a)
  hostname PROD
  cfs eth distribute
  feature interface-vlan
  feature lacp
  feature vpc
  feature vtp
  username admin password 5 $1$Lc486EOm$EtKhZWuxGjWWokfeuUsMk.  role vdc-admin
  no ip domain-lookup
  ip domain-name vfc.com
  crypto key param rsa label VIWLRCB-PROD.vfc.com modulus 2048
  snmp-server user admin vdc-admin auth md5 0xeb607b54234985ed6740c5fdbb8d84c6 pri
  v 0xeb607b54234985ed6740c5fdbb8d84c6 localizedkey
  vrf context management
  spanning-tree pathcost method long
  spanning-tree port type edge bpduguard default
  spanning-tree loopguard default
  spanning-tree vlan 1-3967,4048-4093 priority 8192
  interface Vlan1
  interface port-channel20
    switchport
    switchport mode trunk
  interface Ethernet1/17
    switchport
    switchport mode trunk
    channel-group 20 mode active
    no shutdown
  interface Ethernet1/18
    switchport
    switchport mode trunk
    channel-group 20 mode active
    no shutdown
  interface Ethernet1/19
  interface Ethernet1/20
  interface Ethernet1/21
  interface Ethernet1/22
  interface Ethernet1/23
  interface Ethernet1/24
  interface Ethernet2/25
  interface Ethernet2/26
  interface Ethernet2/27
  interface Ethernet2/28
  interface Ethernet2/29
  interface Ethernet2/30
  interface Ethernet2/31
  interface Ethernet2/32
  interface Ethernet2/33
  interface Ethernet2/34
  interface Ethernet2/35
  interface Ethernet2/36
  interface Ethernet3/25
  interface Ethernet3/26
  interface Ethernet3/27
  interface Ethernet3/28
  interface Ethernet3/29
  interface Ethernet3/30
  interface Ethernet3/31
  interface Ethernet3/32
  interface Ethernet3/33
  interface Ethernet3/34
  interface Ethernet3/35
  interface Ethernet3/36
  line vty
  VIWLRCB-PROD#
  Cheers,
  Hunt

  Quick troubleshoot:
  Default all interfaces in newly created port-channel as well as the port-channel interface, then delete port-channel interface.  Recreate port-channel without the LACP protocol:
  interface e1/17,e1/18
    switchport
    channel-group 20 mode on
    no shutdown
    exit
  interface port-channel20
    switchport
    switchport mode trunk
    no shutdown
    exit
  show port-channel summ
  show int trunk
  HTH,
  Sean

• PortChannel table in Nexus 7000/5000 through MIB

  I  ma trying to query   "CISCO-PORT-CHANNEL"   mib on Nexus 7000 for portChannel table and I  am not getting any info.
  Nexus OS versions : Nexus   7000  -  System version: 5.1(5)
                                      Nuxus 5000 -    System version: 5.0(3)N1(1a)
  Any pointers  or other alternatives to query through MIB ?
  Thanks,
  Chandra.

  Hi Chandra
  Here is a list of MIBS supproted on n7k:
  ftp://ftp-sj.cisco.com/pub/mibs/supportlists/nexus7000/Nexus7000MIBSupportList.html
  You can use IF-MIB to poll general port-channel interface status and use following command to find port-channel interface indexes among other output:
  sh interface snmp-ifindex
  Also you can poll the CISCO-LAG-MIB for port-chanel details.
  HTH,
  Alex

• SFP Detail Diagnostics Information Nexus 7000

  Hello guys,
  I have a question about why one port on a Nexus 7000 with a N7K-M132XP-12 (32 port 10G card) doesn't show any values
  when looking at "show inter e 9/27 transceiver details", all values are just zero.
  N7K# show inter e 9/27 transceiver details
  Ethernet9/27
   transceiver is present
   type is 10Gbase-SR
   name is CISCO-EXCELIGHT
   part number is SPP5101SR-C1
   revision is A
   serial number is EXX13050136
   nominal bitrate is 10300 MBit/sec
   Link length supported for 50/125um OM2 fiber is 82 m
   Link length supported for 62.5/125um fiber is 26 m
   Link length supported for 50/125um OM3 fiber is 300 m
   cisco id is --
   cisco extended id number is 4
   number of lanes 1
   SFP Detail Diagnostics Information (internal calibration)
   Current Alarms Warnings
   Measurement High Low High Low
   Temperature N/A 0.00 C 0.00 C 0.00 C 0.00 C
   Voltage N/A 0.00 V 0.00 V 0.00 V 0.00 V
   Current N/A 0.00 mA 0.00 mA 0.00 mA 0.00 mA
   Tx Power N/A 0.00 dBm 0.00 dBm 0.00 dBm 0.00 dBm
   Rx Power N/A 0.00 dBm 0.00 dBm 0.00 dBm 0.00 dBm
   Transmit Fault Count = 2
   Note: ++ high-alarm; + high-warning; -- low-alarm; - low-warning
  Tried to remove the SFT+ and inserted a new, but same results, all values are 0.
  Does anyone know why it doesn't show any values?
  We are runing version 6.2(8)
  And here's the port configuration:
  interface Ethernet9/27
   switchport
   switchport mode trunk
   spanning-tree port type edge trunk

  You are correct.  There isn't any option for seeing the hit count on the prefix-list on the Nexus series.
  HTH

• Catalyst 6500 - Nexus 7000 migration

  Hello,
  I'm planning a platform migration from Catalyst 6500 til Nexus 7000. The old network consists of two pairs of 6500's as serverdistribution, configured with HSRPv1 as FHRP, rapid-pvst and ospf as IGP. Futhermore, the Cat6500 utilize mpls/l3vpn with BGP for 2/3 of the vlans. Otherwise, the topology is quite standard, with a number of 6500 and CBS3020/3120 as serveraccess.
  In preparing for the migration, VTP will be discontinued and vlans have been manually "copied" from the 6500 to the N7K's. Bridge assurance is enabled downstream toward the new N55K access-switches, but toward the 6500, the upcoming etherchannels will run in "normal" mode, trying to avoid any problems with BA this way. For now, only L2 will be utilized on the N7K, as we're avaiting the 5.2 release, which includes mpls/l3vpn. But all servers/blade switches will be migrated prior to that.
  The questions arise, when migrating Layer3 functionality, incl. hsrp. As per my understanding, hsrp in nxos has been modified slightly to better align with the vPC feature and to avoid sub-optimal forwarding across the vPC peerlink. But that aside, is there anything that would complicate a "sliding" FHRP migration? I'm thinking of configuring SVI's on the N7K's, configuring them with unused ip's and assign the same virtual ip, only decrementing the prio to a value below the current standby-router. Also spanning-tree prio will, if necessary, be modified to better align with hsrp.
  From a routing perspective, I'm thinking of configuring ospf/bgp etc. similar to that of the 6500's, only tweaking the metrics (cost, localpref etc) to constrain forwarding on the 6500's and subsequently migrate both routing and FHRP at the same time. Maybe not in a big bang style, but stepwise. Is there anything in particular one should be aware of when doing this? At present, for me this seems like a valid approach, but maybe someone has experience with this (good/bad), so I'm hoping someone has some insight they would like to share.
  Topology drawing is attached.
  Thanks
  /Ulrich

  In a normal scenario, yes. But not in vPC. HSRP is a bit different in the vPC environment. Even though the SVI is not the HSRP primary, it will still forward traffic. Please see the below white paper.
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11-516396.html
  I will suggest you to set up the SVIs on the N7K but leave them in the down state. Until you are ready to use the N7K as the gateway for the SVIs, shut down the SVIs on the C6K one at a time and turn up the N7K SVIs. When I said "you are ready", it means the spanning-tree root is at the N7K along with all the L3 northbound links (toward the core).
  I had a customer who did the same thing that you are trying to do - to avoid down time. However, out of the 50+ SVIs, we've had 1 SVI that HSRP would not establish between C6K and N7K, we ended up moving everything to the N7K on a fly during of the migration. Yes, they were down for about 30 sec - 1 min for each SVI but it is less painful and waste less time because we don't need to figure out what is wrong or any NXOS bugs.
  HTH,
  jerry

• Nexus 7000 Platform Logging

  Hello,
  We recently had a power supply failure in one of our Nexus 7000s, and I noticed that the syslog for the Platform is only present in the default VDC, and not in any of the other VDCs syslogs. Is this by design, or is there a logging level I can turn up in another VDC to capture this log? Thanks for any input
  syslog from default VDC -
  2013 Mar 18 23:10:34  %PLATFORM-2-PS_CAPACITY_CHANGE: Power supply PS3 changed i
  ts capacity. possibly due to power cable removal/insertion (Serial number xxxxxxxx)
  nothing in the VDC where I would like to get the logging
  default VDC logging level -
  xxx7K02# show log level platform
  Facility        Default Severity        Current Session Severity
  platform                5                       5
  0(emergencies)          1(alerts)       2(critical)
  3(errors)               4(warnings)     5(notifications)
  6(information)          7(debugging)
  xxx7K02#
  loggging from the specific VDC where we have management tools.
  xxx-LOW# show log level platform
  Facility        Default Severity        Current Session Severity
  platform                5                       5
  0(emergencies)          1(alerts)       2(critical)
  3(errors)               4(warnings)     5(notifications)
  6(information)          7(debugging)
  xxx-LOW#

  Hello Carl,
  What version of code are you running on your Nexus 7k?
  The expected behavior is:
  "When a hardware issue occurs, syslog messages are sent to all VDCs."
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/virtual_device_context/configuration/guide/vdc_mgmt.html#wp1170241
  Dave

• Dell Servers with Nexus 7000 + Nexus 2000 extenders

  << Original post by smunzani. Answered by Robert. Moving from Document section to Discussions>>
  Team,
  I would like to use some of the existing Dell Servers for new network design of Nexus 7000 + Nexus 2000 extenders. What are my options for FEC to the hosts? All references of M81KR I found on CCO are related to UCS product only.
  What's best option for following setup?
  N7K(Aggregation Layer) -- N2K(Extenders) -- Dell servers
  Need 10G to the servers due to dense population of the VMs. The customer is not up for dumping recently purchased dell boxes in favor of UCS. Customer VMware license is Enterprise Edition.
  Thanks in advance.

  To answer your question, the M81KR-VIC is a Mezz card for UCS blades only.  For Cisco rack there is a PCIe version which is called the P81.  These are both made for Cisco servers only due to the integration with server management and virtual interface functionality.
  http://www.cisco.com/en/US/prod/collateral/ps10265/ps10493/data_sheet_c78-558230.html
  More information on it here:
  Regards,
  Robert

• Ask the Expert: Basic Introduction and Troubleshooting on Cisco Nexus 7000 NX-OS Virtual Device Context

  With Vignesh R. P.
  Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions of Cisco expert Vignesh R. P. about the Cisco® Nexus 7000 Series Switches and support for the Cisco NX-OS Software platform .
  The Cisco® Nexus 7000 Series Switches introduce support for the Cisco NX-OS Software platform, a new class of operating system designed for data centers. Based on the Cisco MDS 9000 SAN-OS platform, Cisco NX-OS introduces support for virtual device contexts (VDCs), which allows the switches to be virtualized at the device level. Each configured VDC presents itself as a unique device to connected users within the framework of that physical switch. The VDC runs as a separate logical entity within the switch, maintaining its own unique set of running software processes, having its own configuration, and being managed by a separate administrator.
  Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
  Remember to use the rating system to let Vignesh know if you have received an adequate response. 
  Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Data Center sub-community discussion forum shortly after the event. This event lasts through through January 18, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Vignesh
  Is there is any limitation to connect a N2K directly to the N7K?
  if i have a an F2 card 10G and another F2 card 1G and i want to creat 3 VDC'S
  VDC1=DC-Core
  VDC2=Aggregation
  VDC3=Campus core
  do we need to add a link between the different VDC's
  thanks

• Privilege Level for Tacacs Account in Nexus 7000

  Hi,
  I have configured the Tacacs (ACS 4.2v) on Nexus 7000 (as mentioned below) and works fine but unlike IOS (6509) It's doesn't prompt that you are in userexec mode (>) and then need to type enable and password for full privilege.
  In n7k when I entered into "configure terminal" It won't allow me to access other commands.
  How to login into level 15 privilege mode after authenticating from tacacs
  (config)# show running-config tacacs+
  tacacs-server key 7 "xxxxx"
  tacacs-server host x.x.x.x key 7 "xxxx"
  aaa group server tacacs+ TacServer
      server x.x.x.x (same ip as tacacs-server host)
      use-vrf management
      source-interface Vlan2
  (config)# show running-config aaa
  aaa authentication login default group TacServer
  aaa authentication login console local
  aaa user default-role
  Here below are the commands accessible in "Terminal" currently
  (config)# ?
    no        Negate a command or set its defaults
    username  Configure user information.
    end       Go to exec mode
    exit      Exit from command interpreter
  isb.n7k-dcn-agg-1-sw(config)#

  Hi Jan.nielsen
  Issue is resolved but by another way.
  I have found the same resolution too of custom attirbute command but the Custom attribute Option for shell command wasn't available in ACS v4.2, so after enabling shell for users and by clicking exec--> Shell Exec and enabling priviledge level 15 in the same box of Shell options, It start working without any command