EtherChannel problem on Nexus 7000
Dear NetPro gurus,
One of my customer is trying to setup an EtherChannel (LACP) on a pair of Nexus 7000. However, doesn't matter what we do, the port Eth 1/17 always become suspended. We have tried swapping fiber cables and also swapping SFPs, but no help.
The 1st Nexus 7010 - called 'VIWLRCA'
The 2nd Nexus 7010 - called 'VIWLRCB'
Originally port eth 1/17 are left as 'normal' trunk port, and we can see eth 1/17 shows up fine under 'show interface brief'
viwlrca-PROD# sh run int eth 1/17
interface Ethernet1/17
switchport
switchport mode trunk
udld disable
no shutdown
viwlrca-PROD# sh run int eth 1/18
interface Ethernet1/18
switchport
switchport mode trunk
udld disable
channel-group 20 mode active
no shutdown
viwlrca-PROD# sh int brief
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
Eth1/17 1 eth trunk up none 10G(S) --
Eth1/18 1 eth trunk up none 10G(S) 20
Eth1/19 -- eth routed down SFP not inserted auto(S) --
Eth1/20 -- eth routed down SFP not inserted auto(S) --
Eth1/21 -- eth routed down Administratively down auto(S) --
Eth1/22 -- eth routed down Administratively down auto(S) --
Eth1/23 -- eth routed down Administratively down auto(S) --
Eth1/24 -- eth routed down Administratively down auto(S) --
Eth2/25 -- eth routed down Administratively down auto(D) --
Eth2/26 -- eth routed down Administratively down auto(D) --
Eth2/27 -- eth routed down SFP not inserted auto(D) --
Eth2/28 -- eth routed down SFP not inserted auto(D) --
Eth2/29 -- eth routed down SFP not inserted auto(D) --
Eth2/30 -- eth routed down SFP not inserted auto(D) --
Eth2/31 -- eth routed down SFP not inserted auto(D) --
Eth2/32 -- eth routed down SFP not inserted auto(D) --
viwlrca-PROD#
But as soon as I add the Eth 1/17 back onto PortChannel 20
The Eth 1/17 becomes "Suspended" straight away
viwlrca-PROD# sh int brief
Ethernet VLAN Type Mode Status Reason Speed Por
t
Interface Ch
Eth1/17 1 eth trunk down suspended auto(S) 20
Eth1/18 1 eth trunk up none 10G(S) 20
Eth1/19 -- eth routed down SFP not inserted auto(S) --
Eth1/20 -- eth routed down SFP not inserted auto(S) --
Eth1/21 -- eth routed down Administratively down auto(S) --
Eth1/22 -- eth routed down Administratively down auto(S) --
Eth1/23 -- eth routed down Administratively down auto(S) --
Eth1/24 -- eth routed down Administratively down auto(S) --
Eth2/25 -- eth routed down Administratively down auto(D) --
Eth2/26 -- eth routed down Administratively down auto(D) --
Eth2/27 -- eth routed down SFP not inserted auto(D) --
Eth2/28 -- eth routed down SFP not inserted auto(D) --
Eth2/29 -- eth routed down SFP not inserted auto(D) --
Eth2/30 -- eth routed down SFP not inserted auto(D) --
Eth2/31 -- eth routed down SFP not inserted auto(D) --
Eth2/32 -- eth routed down SFP not inserted auto(D) --
viwlrca-PROD#
viwlrca-PROD# sh port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
Group Port- Type Protocol Member Ports
Channel
20 Po20(SU) Eth LACP Eth1/17(s) Eth1/18(P)
viwlrca-PROD#
Config on Primary Nexus:-
viwlrca-PROD# sh run
!Command: show running-config
!Time: Tue Mar 22 06:04:26 2011
version 5.1(1a)
hostname PROD
cfs eth distribute
feature udld
feature interface-vlan
feature lacp
feature vpc
feature vtp
username admin password 5 $1$pkJaKHZW$Sx4wpDG5xXYkD.QfDk/Cg. role vdc-admin
no ip domain-lookup
ip domain-name vfc.com
crypto key param rsa label viwlrca-PROD.vfc.com modulus 2048
snmp-server user admin vdc-admin auth md5 0x05f7328e3b39a70be09abc3056ec2819 pri
v 0x05f7328e3b39a70be09abc3056ec2819 localizedkey
vrf context management
spanning-tree pathcost method long
spanning-tree port type edge bpduguard default
spanning-tree loopguard default
spanning-tree vlan 1-3967,4048-4093 priority 4096
interface Vlan1
interface Vlan161
ip address 172.30.161.2/24
interface Vlan162
ip address 172.30.162.2/24
interface Vlan163
ip address 172.30.163.2/24
interface Vlan164
ip address 172.30.164.2/24
interface Vlan165
ip address 172.30.165.2/24
interface Vlan190
ip address 172.30.190.2/24
interface port-channel20
switchport
switchport mode trunk
interface Ethernet1/17
switchport
switchport mode trunk
udld disable
channel-group 20 mode active
no shutdown
interface Ethernet1/18
switchport
switchport mode trunk
udld disable
channel-group 20 mode active
no shutdown
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet2/25
interface Ethernet2/26
interface Ethernet2/27
interface Ethernet2/28
interface Ethernet2/29
interface Ethernet2/30
interface Ethernet2/31
interface Ethernet2/32
interface Ethernet2/33
interface Ethernet2/34
interface Ethernet2/35
interface Ethernet2/36
interface Ethernet3/25
interface Ethernet3/26
interface Ethernet3/27
interface Ethernet3/28
interface Ethernet3/29
interface Ethernet3/30
interface Ethernet3/31
interface Ethernet3/32
interface Ethernet3/33
interface Ethernet3/34
interface Ethernet3/35
interface Ethernet3/36
line vty
viwlrca-PROD#
Config for Secondary Nexus 7000
VIWLRCB-PROD# sh run
!Command: show running-config
!Time: Tue Mar 22 09:19:22 2011
version 5.1(1a)
hostname PROD
cfs eth distribute
feature interface-vlan
feature lacp
feature vpc
feature vtp
username admin password 5 $1$Lc486EOm$EtKhZWuxGjWWokfeuUsMk. role vdc-admin
no ip domain-lookup
ip domain-name vfc.com
crypto key param rsa label VIWLRCB-PROD.vfc.com modulus 2048
snmp-server user admin vdc-admin auth md5 0xeb607b54234985ed6740c5fdbb8d84c6 pri
v 0xeb607b54234985ed6740c5fdbb8d84c6 localizedkey
vrf context management
spanning-tree pathcost method long
spanning-tree port type edge bpduguard default
spanning-tree loopguard default
spanning-tree vlan 1-3967,4048-4093 priority 8192
interface Vlan1
interface port-channel20
switchport
switchport mode trunk
interface Ethernet1/17
switchport
switchport mode trunk
channel-group 20 mode active
no shutdown
interface Ethernet1/18
switchport
switchport mode trunk
channel-group 20 mode active
no shutdown
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet2/25
interface Ethernet2/26
interface Ethernet2/27
interface Ethernet2/28
interface Ethernet2/29
interface Ethernet2/30
interface Ethernet2/31
interface Ethernet2/32
interface Ethernet2/33
interface Ethernet2/34
interface Ethernet2/35
interface Ethernet2/36
interface Ethernet3/25
interface Ethernet3/26
interface Ethernet3/27
interface Ethernet3/28
interface Ethernet3/29
interface Ethernet3/30
interface Ethernet3/31
interface Ethernet3/32
interface Ethernet3/33
interface Ethernet3/34
interface Ethernet3/35
interface Ethernet3/36
line vty
VIWLRCB-PROD#
Cheers,
Hunt
Quick troubleshoot:
Default all interfaces in newly created port-channel as well as the port-channel interface, then delete port-channel interface. Recreate port-channel without the LACP protocol:
interface e1/17,e1/18
switchport
channel-group 20 mode on
no shutdown
exit
interface port-channel20
switchport
switchport mode trunk
no shutdown
exit
show port-channel summ
show int trunk
HTH,
Sean
Similar Messages
-
AAA problems Nexus 7000 %AUTHPRIV-3-SYSTEM_MSG: Unable to create temporary user
Hi,
I'm having problems getting our Nexus 7000 to authenticate users from our Windows domain. If I set up a user within the ACS server and use the CiscoSecure database for password authentication it works fine.
In the logs on the nexus I receive the following messages when logging on using my windows account.
%AUTHPRIV-3-SYSTEM_MSG: Unable to create temporary user 16894. Error 0x404a0036 - login[20923]
%AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user 16894 from 10.128.45.44 - login[20923]
We can log on to all other Cisco OS devices using windows domain accounts, its just the Nexus.
Any help much appreciated.
Thanks
DarrenNo errors the autnetication on the ACS is showing as passed. The problem is I get an access denied message from the nexus switch,
-
Catalyst 6500 - Nexus 7000 migration
Hello,
I'm planning a platform migration from Catalyst 6500 til Nexus 7000. The old network consists of two pairs of 6500's as serverdistribution, configured with HSRPv1 as FHRP, rapid-pvst and ospf as IGP. Futhermore, the Cat6500 utilize mpls/l3vpn with BGP for 2/3 of the vlans. Otherwise, the topology is quite standard, with a number of 6500 and CBS3020/3120 as serveraccess.
In preparing for the migration, VTP will be discontinued and vlans have been manually "copied" from the 6500 to the N7K's. Bridge assurance is enabled downstream toward the new N55K access-switches, but toward the 6500, the upcoming etherchannels will run in "normal" mode, trying to avoid any problems with BA this way. For now, only L2 will be utilized on the N7K, as we're avaiting the 5.2 release, which includes mpls/l3vpn. But all servers/blade switches will be migrated prior to that.
The questions arise, when migrating Layer3 functionality, incl. hsrp. As per my understanding, hsrp in nxos has been modified slightly to better align with the vPC feature and to avoid sub-optimal forwarding across the vPC peerlink. But that aside, is there anything that would complicate a "sliding" FHRP migration? I'm thinking of configuring SVI's on the N7K's, configuring them with unused ip's and assign the same virtual ip, only decrementing the prio to a value below the current standby-router. Also spanning-tree prio will, if necessary, be modified to better align with hsrp.
From a routing perspective, I'm thinking of configuring ospf/bgp etc. similar to that of the 6500's, only tweaking the metrics (cost, localpref etc) to constrain forwarding on the 6500's and subsequently migrate both routing and FHRP at the same time. Maybe not in a big bang style, but stepwise. Is there anything in particular one should be aware of when doing this? At present, for me this seems like a valid approach, but maybe someone has experience with this (good/bad), so I'm hoping someone has some insight they would like to share.
Topology drawing is attached.
Thanks
/UlrichIn a normal scenario, yes. But not in vPC. HSRP is a bit different in the vPC environment. Even though the SVI is not the HSRP primary, it will still forward traffic. Please see the below white paper.
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11-516396.html
I will suggest you to set up the SVIs on the N7K but leave them in the down state. Until you are ready to use the N7K as the gateway for the SVIs, shut down the SVIs on the C6K one at a time and turn up the N7K SVIs. When I said "you are ready", it means the spanning-tree root is at the N7K along with all the L3 northbound links (toward the core).
I had a customer who did the same thing that you are trying to do - to avoid down time. However, out of the 50+ SVIs, we've had 1 SVI that HSRP would not establish between C6K and N7K, we ended up moving everything to the N7K on a fly during of the migration. Yes, they were down for about 30 sec - 1 min for each SVI but it is less painful and waste less time because we don't need to figure out what is wrong or any NXOS bugs.
HTH,
jerry -
Using SNMP to monitor Nexus 7000 Series Supervisor Module
Hello,
I got a Nexus 7000 supervisor module recently, I met a SNMP problem for this module
I would like to know which specific OIDs to use to monitor the following using SNMP on a Nexus 7000 supervisor module:
- Port status
- CPU total utilization
- Power Supply status
- Chassis Fan status
etc.
The Nexus is quite different from other Cisco devices - any help will be appreciated!hope help, and
port status OID is ifOperStatus
CPU total utilization OID is 1.3.6.1.4.1.9.9.109.1.1.1.1.6.1
[root@NET-MONITOR-1 ~]#
[root@NET-MONITOR-1 ~]# snmpwalk -On -v 2c -c 360buy 172.17.0.253 ifDescr.83886080
.1.3.6.1.2.1.2.2.1.2.83886080 = STRING: mgmt0
[root@NET-MONITOR-1 ~]#
[root@NET-MONITOR-1 ~]# snmpwalk -On -v 2c -c 360buy 172.17.0.253 ifOperStatus.83886080
.1.3.6.1.2.1.2.2.1.8.83886080 = INTEGER: up(1)
[root@NET-MONITOR-1 ~]#
[root@NET-MONITOR-1 ~]# snmpwalk -On -v 2c -c 360buy 172.17.0.253 1.3.6.1.4.1.9.9.109.1.1.1.1.6.1
.1.3.6.1.4.1.9.9.109.1.1.1.1.6.1 = Gauge32: 21
[root@NET-MONITOR-1 ~]# -
Smart call home - HTTPS transport from the Nexus 7000 to Cisco
hi
i try configured call home on nexus 7000 with https transport and proxy server
i follow this guide -
http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/QuickStart_NX7000.pdf
and configured this :
callhome
email-contact XXXXXXXXXXX
phone-contact XXXXXXXXXXX
streetaddress XXXXXXXXXXXXXXXX
destination-profile CiscoTAC-1 transport-method http
destination-profile CiscoTAC-1 http https://tools.cisco.com/its/service/oddce/services/DDCEService
transport http use-vrf management
transport http proxy server XXXXXXXXXX port 8080 --------- XXXXXXXXX = my proxy server
transport http proxy enable
enable
periodic-inventory notification interval 30
i have a problem to install the security certificate , i follow thw guide but i get the error :
failed to load or parse certificate
could not perform CA authentication
when i try test call home eith the command : callhome test
trying to send test callhome message
warning:no callhome message sent
email configuration incomplete for destination profile:full_txt
email configuration incomplete for destination profile:short_txt
Error in transporting http message for CiscoTAC-1
http: Received HTTP code 407 from proxy after CONNECT
i guess the problem is because i didnt install the certificate , how can i install the certificate ?
is this the real problem ?I agree with Bryan that the easiest proxy server to setup for the nexus 7000 is the Transport Gateway. The documentation (certificates) is setup to allow you to connect to a Cisco Transport Gateway or directly into tools.cisco.com. Both have a Cisco certificate.
But that doesn't explain your issue. To answer your issue, you need to look here
http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/SCH31_Ch6.html#wp1039385
except you need your proxy server's chained certificate in PEM format since the Nexus 7000 is going to terminate at your proxy server. Take a look at this line in the documentation.
Input (cut & paste) the CA certificate (chain) in PEM format
The error code 407 you indicated makes sense and indicates "Proxy Authentication Required". You need the certificate installed first. NX-OS uses the openssl crypto library to implement the cert-pki feature if that helps. A complete certificate chain is required. Also, you might make sure the CRL (certificate revocation list) is set to none so it doesn't do that first.
revocation-check none
The 4 chained certificates given in the documentation are tools.cisco.com.cer, Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer, Verisign-Root-CA.cer. The non-nexus 7000 devices just use the last one. Most likely you need a certificate that looks like
your proxy server.cer,Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer, Verisign-Root-CA.cer
If you are using your own root CA (which typically are taken off-line after authorizing subordinate CAs for security reasons) , then make sure that their certificates are in the correct order to be processed so each can be authenticated.
Now you can see why a Cisco proxy server (Transport Gateway) is easier to setup. -
Ciscoworks 2.6 and Nexus 7000 issues
Running LMS 2.6 with RME version 4.0.6, and DFM 2.0.13.
We keep getting false alerts in DFM on the temperature in our Nexus 7000 switches. The alert says that the high temp threshold is 45C, and it's being exceeded at 46C. The thing that bothers me is that the actual switch reads that the threshold is around 100C or more. Any ideas as to why DFM would be picking up a temperature so far off the mark?
Also, in regards to RME, I cannot pull configs from the Nexus 7000's. The check box in "archive config" is blanked out to where I can't check it. I download the device packages for the 7000 into RME but it will not pull configs. Is this not supported under our version of RME, or would there be some other reason that I can't do this?
Thanks for any assistance with these issues!UPDATE:
I fixed the RMA config pull issue. I thought I had previously downloaded the Nexus device packages so that RMA could work with them, but upon checking again, it looks like I just didn't have them installed. Got that piece fixed and now I can pull configs from the switches just fine.
Still having problems with the temperature reading in DFM not accurately reflecting what is actually on the switches. Any suggestions as to where to start hunting down the issue for this are greatly appreciated. Thanks! -
Hi
We are having 2 nexus switches configured in the network as core with HSRP configured between them..The access switches are connected withdual 10G links to both core switches with VPC configured in Nexus..In both core switches 10G module is used for uplink termination..In one of the core switch for this 10 G module we get the follwoing error
Module-1 reported minor temperature alarm. Sensor=20 Temperature=101 MinThreshold=100 2011 Dec 22 08:10:19 CORE-SEC %PLATFORM-2-MOD_TEMPOK:
Module-1 recovered from minor temperature alarm. Sensor=20 Temperature=99 MinThreshold=100 even though the room temprature is 23 Degree still we get this error wherein as per the nexus documenation allowed room temparature is 0-40 Degree (Operating temperature: 32º to 104ºF (0º to 40ºC) `
show module`
Mod Ports Module-Type Model Status
1 8 10 Gbps Ethernet XL Module N7K-M108X2-12L ok
2 32 1/10 Gbps Ethernet Module N7K-F132XP-15 ok
3 48 10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L ok
5 0 Supervisor module-1X N7K-SUP1 active *
As per the nexus module documentation for module1 the allwed temparature is 0-40degree wherein the actual room temparatue is 23degree..below is the exception message for module1
exception information --- exception instance 1 ----
Module Slot Number: 1
Device Id : 49
Device Name : Temperature-sensor
Device Errorcode : 0xc3114203
Device ID : 49 (0x31)
Device Instance : 20 (0x14)
Dev Type (HW/SW) : 02 (0x02)
ErrNum (devInfo) : 03 (0x03)
System Errorcode : 0x4038001e Module recovered from minor temperature alarm
Error Type : Minor error
PhyPortLayer :
Port(s) Affected :
DSAP : 39 (0x27)
UUID : 24 (0x18
Same module exists in second Nexus 7000 which is in same datacenter but not getting this alarm..
can anyone please suggest on the same..Software details are as below
Software
BIOS: version 3.22.0
kickstart: version 5.1(3)
system: version 5.1(3)
BIOS compile time: 02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.5.1.3.bin
kickstart compile time: 12/25/2020 12:00:00 [03/11/2011 07:42:56]
system image file is: bootflash:///n7000-s1-dk9.5.1.3.bin
system compile time: 1/21/2011 19:00:00 [03/11/2011 08:37:35]Hi Sameer
Temperature alarm means that one particular sensor on the linecard warms up to 101 degree.
This can be caused by damaged sensor or problems with cooling in that particular part of chassis.
You can check temperature on the module using following command:
show environment temperature module 1
Tru to move the module to another slot. If the issue reoccure - open a TAC case.
HTH,
Alex -
Hello,
My name is Benjamin and I have problems with my Nexus 7000. It have high cpu process, I think that is not normal., what do you think?
# sh process cpu sort
PID Runtime(ms) Invoked uSecs 1Sec Process
8259 1848785 56524183 32 27.6% in.dcos-telnetd
4717 231 96 2413 24.7% netstack
3536 402542882 64927941 6199 3.0% platform
4573 501774551 35371572 14185 1.0% xbar_driver_usd
4714 107 22 4871 1.0% arp
1 179754 5381666 33 0.0% init
2 2 300 9 0.0% kthreadd
3 3342 559942 5 0.0% migration/0
4 1936854 444724651 4 0.0% ksoftirqd/0
5 143477 2220884 64 0.0% watchdog/0
6 2042 349180 5 0.0% migration/1
7 1452663 372943404 3 0.0% ksoftirqd/1
1 111 111 11 1 1
907878660006976000800707766999960776799987777777777678687773
603310880008399000100504278989780308288903490180025795804831
100 ** *** *** ** * **** * ***
90 ** *** * *** ** * *##* * *** *
80 ** * * *** ** *#***#** *##* * ###* * * * ** * *
70 ##*************##**##*******##*******###*******************
60 ###########################################################
50 ###########################################################
40 ###########################################################
30 ###########################################################*
20 ###########################################################*
10 ############################################################
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per minute (last 60 minutes)
* = maximum CPU% # = average CPU%I solved my issue, it was a bug problem:
Some of the telnet sessions do not get cleared with recursive telnet
Bug: CSCtk56774
Workaround: to issue "clear user admin" command
Regards -
Built-in Wireshark in Nexus 7000
hello togehter,
I have problem to capture data from the built-in ethanalyzer (wireshark) on a USB flash or Bootflash when the capture size reach 10MB. I tested with NX 4.2.4 and 5.0(2a). Is anyone know this issue?
how can I extended the capture size on the flashs?
best regards
michaelhello togehter,I
have problem to capture data from the built-in ethanalyzer (wireshark)
on a USB flash or Bootflash when the capture size reach 10MB. I tested
with NX 4.2.4 and 5.0(2a). Is anyone know this issue?how can I extended the capture size on the flashs?best regardsmichael
Hi Michael,
As per the link i suppose capture file size is limited to 10 MB in nexus 7000
http://www.ciscosystems.com.ro/en/US/prod/collateral/switches/ps9441/ps9402/ps9512/white_paper_c11-554444.html
Hope to Help !!
Ganesh.H
If helpful do rate the helpful post -
Broadcom LiveLink : Receiving MAC flaps with Cisco Nexus 7000
We are migrating from using two Nortel 8600's running VRRP at the distribution to Cisco Nexus 7K's using HSRP. So we have a server connected to two 3750G switches which then connect to the Nexi (previously the 8600's). As soon as we connected the 3750's to the Nexus and moved the gateway to Nexus, LiveLink forces all the servers to alternate traffic between NIC1 and NIC2.
Since LiveLink is a teaming application, it uses virtual mac for nic1 and nic2, but the virtual mac associated with the IP address moves to the active link.
LiveLink is used to check the availability of the gateway by polling the gateway out of each interface using an ARP request.
The problem does not exhibit itself in our Cisco VSS environment, and with Nortel's VRRP. I tried running VRRP on the Nexus but no joy.
Anyone know of a bug that could cause this issue?Unfortunately we have LiveLink enabled on most of our Windows servers in our data centers. One of my colleagues sent me this bug issue. I'm not sure if this is the cause, but it's worth trying. We will update the NxOs (currently on 5.1.1) next week and see if that fixes the problem.
•CSCtl85080
Symptom: Incomplete Address Resolution Protocol (ARP) entries are observed on a Cisco Nexus 7000 Series switch, along with partial packet loss and a memory leak.
Conditions: This symptom might be seen when ARP packets have a nonstandard size (that is, greater than 64 bytes).
Workaround: This issue is resolved in 5.1.3. -
Virtualized Lab Infrastructure - 3560G connecting to a Nexus 7000 - Help!
Hi all,
I've been struggling with the configuration for my small environment for a week or so now, and being a Cisco beginner, I'm worried about going down the wrong path, so I'm hoping someone on here would be able to help with my lab configuration.
As you can see from the graphic, I have been allocated VLANs 16-22 for my use, on the Nexus 7000. There are lots of other VLANs in use on the Nexus, by other groups, most of which are routable between one another. VLAN 99 is used for switch management, and VLAN 11, is where the Domain Controller, DHCP and Windows Deployment Server reside for the lab domain. Servers across different VLANs use this DC/DHCP/WDS set of servers. These VLANS route out to the internet successfully.
I have been allocated eth 3/26 on the Nexus, as my uplink connection to my own ToR 3560G. All of my servers, of which there are around 8 in total, are connected to the 3560. I have enabled IP routing on the 3560, and created VLANs 18-22, providing an IP on each. This config has been assigned to all 48 gigabit ports on the 3560 (using the commands in the graphic), and each Windows Server 2012 R2 Hyper-V host connects to the 3560 via 4 x 1GbE connections. On each Hyper-V host, the 4 x 1GbE ports are teamed, and a Hyper-V vSwitch is bound to that team. I then assign the VLAN ID at the vNIC level.
Routing between the VLANs is currently working fine - As a test, i can put 2 of the servers on different VLANs, each with their respective VLAN default gateway, and they can ping between one another.
My challenge is, I'm not quite sure what i need to do for the following:
1) How should I configure the uplink gi 0/52 on the 3560 to enable my VLANs to reach the internet?
2) How should I configure eth 3/26 on the Nexus?
3) I need to ensure that the 3560 is also on the management VLAN 99 so it can be managed successfully.
4) I do not want to route to VLAN 11, as i intend to have my own domain (DC/DNS/DHCP/WDS)
Any help or guidance you can provide would be much appreciated!
Thanks!
MattHi again Jon,
OK, been battling with it a little more.
Here's the config for the 3560:
Current configuration : 11643 bytes
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname CSP_DX_Cluster
no aaa new-model
vtp mode transparent
ip subnet-zero
ip routing
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 16,18-23,99
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 18
switchport trunk allowed vlan 18-22
switchport mode trunk
spanning-tree portfast trunk
<same through interface GigabitEthernet0/48>
interface GigabitEthernet0/52
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 16,99
switchport mode trunk
interface Vlan1
no ip address
interface Vlan16
ip address 10.0.6.2 255.255.255.252
interface Vlan18
ip address 10.0.8.1 255.255.255.0
interface Vlan19
ip address 10.0.9.1 255.255.255.0
interface Vlan20
ip address 10.0.12.1 255.255.255.0
interface Vlan21
no ip address
interface Vlan22
ip address 10.0.14.1 255.255.255.0
interface Vlan99
ip address 10.0.99.87 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.6.1
ip http server
control-plane
l
end
At the Nexus end, the port connecting to the 3560 is configured as:
interface Ethernet3/26
description DX_3560_uplink
switchport
switchport mode trunk
switchport trunk allowed vlan 16,99
no shutdown
Now, the problem I'm currently having, is that on the 3560, things route fine, between VLANs. However, from on a server within one of the VLANs, say, 18, trying to ping the default gateway of the 3560 fails. I can ping 10.0.6.2 which is the 3560-end of VLAN 16, but i can't get over to 10.0.6.1 and beyond. I suspect, it's relating to what you said about "the only thing missing is you also need routes on the Nexus switch for the IP subnets on your 3560 and the next hop IP would be 10.0.6.2 ie the vlan 16 SVI IP on the 3560"
I suspect that, in layman's (my terms!) terms, the Nexus simply doesn't know about the networks 10.0.8.1 (VLAN 18), 10.0.9.1 (VLAN 19) and so on.
So, i need routes on my Nexus to fix this. The problem is, I'm not quite sure what that looks like.
Would it be:
ip route 10.0.8.0 255.255.255.0 10.0.6.2
ip route 10.0.9.0 255.255.255.0 10.0.6.2 and so on?
To give a bit of history, prior to me creating VLANs 18-22 on the 3560, all VLANs originally existing on the Nexus. Everything routed fine out to the internet, for all of the VLANs (with the same subnet settings that i have configured, i.e. 10.0.8.x for VLAN 18 etc), so i'm presuming once I get the Nexus to understand that the IP subnets live on the 3560, traffic should flow successfully to the internet.
Should.... :-) -
Nexus 7000 SSL wildcard SSL certificate support ?
Hello
i want to verify if Nexus 7000 supports Wildcard SSL's.
CheersI have the same problem on a 5515-X, and I've tried pretty much the same things. The weird thing for me is that everything worked great until I did an OS upgrade. Back on 8.6.1, my browser successfully verified the certificate on my SSL VPN login page, and AnyConnect never brought up any warning boxes. But after I upgraded to 9.1.3, the box was back to using a self-signed cert. The wildcard identity certificate seems to have just disappeared, though the GoDaddy CA cert and my local CA cert both stayed intact.
I've used OpenSSL to convert and verify my cert file in a number of different ways, but all of my supposedly valid files still get the import operation failed message. So it seems like there was some OS change that suddenly made my wildcard incompatible, but I haven't figured out what it is yet.
Hope this helps, for both our sakes. -
Hello,
We recently had a power supply failure in one of our Nexus 7000s, and I noticed that the syslog for the Platform is only present in the default VDC, and not in any of the other VDCs syslogs. Is this by design, or is there a logging level I can turn up in another VDC to capture this log? Thanks for any input
syslog from default VDC -
2013 Mar 18 23:10:34 %PLATFORM-2-PS_CAPACITY_CHANGE: Power supply PS3 changed i
ts capacity. possibly due to power cable removal/insertion (Serial number xxxxxxxx)
nothing in the VDC where I would like to get the logging
default VDC logging level -
xxx7K02# show log level platform
Facility Default Severity Current Session Severity
platform 5 5
0(emergencies) 1(alerts) 2(critical)
3(errors) 4(warnings) 5(notifications)
6(information) 7(debugging)
xxx7K02#
loggging from the specific VDC where we have management tools.
xxx-LOW# show log level platform
Facility Default Severity Current Session Severity
platform 5 5
0(emergencies) 1(alerts) 2(critical)
3(errors) 4(warnings) 5(notifications)
6(information) 7(debugging)
xxx-LOW#Hello Carl,
What version of code are you running on your Nexus 7k?
The expected behavior is:
"When a hardware issue occurs, syslog messages are sent to all VDCs."
http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/virtual_device_context/configuration/guide/vdc_mgmt.html#wp1170241
Dave -
Dell Servers with Nexus 7000 + Nexus 2000 extenders
<< Original post by smunzani. Answered by Robert. Moving from Document section to Discussions>>
Team,
I would like to use some of the existing Dell Servers for new network design of Nexus 7000 + Nexus 2000 extenders. What are my options for FEC to the hosts? All references of M81KR I found on CCO are related to UCS product only.
What's best option for following setup?
N7K(Aggregation Layer) -- N2K(Extenders) -- Dell servers
Need 10G to the servers due to dense population of the VMs. The customer is not up for dumping recently purchased dell boxes in favor of UCS. Customer VMware license is Enterprise Edition.
Thanks in advance.To answer your question, the M81KR-VIC is a Mezz card for UCS blades only. For Cisco rack there is a PCIe version which is called the P81. These are both made for Cisco servers only due to the integration with server management and virtual interface functionality.
http://www.cisco.com/en/US/prod/collateral/ps10265/ps10493/data_sheet_c78-558230.html
More information on it here:
Regards,
Robert -
With Vignesh R. P.
Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions of Cisco expert Vignesh R. P. about the Cisco® Nexus 7000 Series Switches and support for the Cisco NX-OS Software platform .
The Cisco® Nexus 7000 Series Switches introduce support for the Cisco NX-OS Software platform, a new class of operating system designed for data centers. Based on the Cisco MDS 9000 SAN-OS platform, Cisco NX-OS introduces support for virtual device contexts (VDCs), which allows the switches to be virtualized at the device level. Each configured VDC presents itself as a unique device to connected users within the framework of that physical switch. The VDC runs as a separate logical entity within the switch, maintaining its own unique set of running software processes, having its own configuration, and being managed by a separate administrator.
Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
Remember to use the rating system to let Vignesh know if you have received an adequate response.
Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community discussion forum shortly after the event. This event lasts through through January 18, 2013. Visit this forum often to view responses to your questions and the questions of other community members.Hi Vignesh
Is there is any limitation to connect a N2K directly to the N7K?
if i have a an F2 card 10G and another F2 card 1G and i want to creat 3 VDC'S
VDC1=DC-Core
VDC2=Aggregation
VDC3=Campus core
do we need to add a link between the different VDC's
thanks
Maybe you are looking for
-
Iam from Yemen we have CDMA carrier called Yemen mobile I bought an iPad from the US CDMA works with Verizon when I got to Yemen doesn't work with the carrier Yemen mobile and both carriers verizon and Yemen mobile work by the CDMA system don't know
-
Imovie video at 7 frames per second?
I'm working on a stop motion piece that's meant to run at 7 fps, but the slowest I can seem to make it run in imovie is 10 fps. Is it possible to get this video to work at my desired frame rate, or is 10 fps the slowest the program will allow?
-
Doubt in Firing Query with multiple opportunities UUID/IDs
HI Folks! I might have simple doubt but please help me on this! 1. I have a custom BO with association to opportunities. [DeploymentUnit(CustomerRelationshipManagement)] businessobject Sy_Trade { [AlternativeKey] [Label("Trade Id")] element tradeid :
-
Does the iphone 4s use verizon towers through straight talk
Does the iphone 4s use verizon towers through straight talk?
-
Setting multiple values in a preparedStatement
Hi all, I am working on an application that has a couple of methods that use the same preparedStatement multiple times (in one case 6 or 7 times), (there is also more than 1 preparedStatement in the method) and I was wondering if there is a simple wa