Fabric path vlan question

Setup as shown in the attached. S1-S4 are Fabric path spine switches. Will it work ? or I need to configure both vlan 10 and vlan 20 in "mode fabricpath" on all S1 to S4 even though only vlan 10 is required in S1-S2 and vlan 20 required in S3-S4.

Have you tried looking on Github? You might a Python script that you can re-use.

Similar Messages

Python script for Fabric Path Vlan audit?

Has anyone written any kind of scripts/automation to audit a NXOS FP domain and ensure CU vlans are properly configured?

Have you tried looking on Github? You might a Python script that you can re-use.

Nexus 7000, 2000, FCOE and Fabric Path

Hello,
I have a couple of design questions that I am hoping some of you can help me with.
I am working on a Dual DC Upgrade. It is pretty standard design, customer requires a L2 extension between the DC for Vmotion etc. Customer would like to leverage certain features of the Nexus product suite, including:
Trust Sec
VDC
VPC
High Bandwidth Scalability
Unified I/O
As always cost is a major issue and consolidation is encouraged where possible. I have worked on a couple of Nexus designs in the past and have levergaed the 7000, 5000, 2000 and 1000 in the DC.
The feedback that I am getting back from Customer seems to be mirrored in Cisco's technology roadmap. This relates specifically to the features supported in the Nexus 7000 and Nexus 5000.
Many large enterprise Customers ask the question of why they need to have the 7000 and 5000 in their topologies as many of the features they need are supported in both platforms and their environments will never scale to meet such a modular, tiered design.
I have a few specific questions that I am hoping can be answered:
The Nexus 7000 only supports the 2000 on the M series I/O Modules; can FCOE be implemented on a 2000 connected to a 7000 using the M series I/O Module?
Is the F Series I/O Module the only I/O Module that supports FCOE?
Are there any plans to introduce the native FC support on the Nexus 7000?
Are there any plans to introduce full fabric support (230 Gbps) to the M series I/O module?
Are there any plans to introduce Fabric path to the M series I/O module?
Are there any plans to introduce L3 support to the F series I/O Module?
Is the entire 2000 series allocated to a single VDC or can individual 2000 series ports be allocated to a VDC?
Is Trust Sec only support on multi hop DCI links when using the ASR on EoMPLS pwire?
Are there any plans to inroduce Trust Sec and VDC to the Nexus 5500?
Thanks,
Colm

Hello Allan
The only IO card which cannot co-exist with other cards in the same VDC is F2 due to specific hardware realisation.
All other cards can be mixed.
Regarding the Fabric versions - Fabric-2 gives much bigger throughoutput in comparing with Fabric-1
So in order to get full speed from F2/M2 modules you will need Fab-2 modules.
Fab2 modules won't give any advantages to M1/F1 modules.
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/data_sheet_c78-685394.html
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/prodcut_bulletin_c25-688075.html
HTH,
Alex

VM Fex on Fabric Path

Hi all,
Does VM Fex work on Fabric path environment?
If so, please direct me to some references
Thanks
Jagath

Thanks
One more question.
According to your first post, VM FEX is supported by all N5K switches.
But following cisco document states that it is supported only by N5500.
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/layer2/513_n1_1/b_Cisco_n5k_layer2_config_gd_rel_513_N1_1_chapter_010101.html
Switch
VM-FEX is supported by the Cisco Nexus 5500 Platform running Cisco NX-OS Release 5.1(3)N1(1) or later.
So, which one is correct?

Layer 3 config design on Nexus 5500 with Fabric Path

I trying to Network deisgn for new data Center , i am new to DataCenter desgin, i attached the network diagram
i would like to know if can configure my layer3 on 5500 and configure Fabric path to uplink switch
please help give your suggestions on this design

You can configure layer-3 on the 5500 series, but you need to install a daughter cards in each 5500.
See this link:
Layer 3 Daughter Card and Expansion Module Options for Cisco Nexus 5548P, 5548UP, 5596UP, and 5596T Switches
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/data_sheet_c78-618603.html
HTH

Fabric Path

Does anyone have a deep-dive white paper on Fabric Path?
All I can find on Cisco's website is an 8-page overview.
Thanks

Hi
Please see the configuration guide for fabric path (Requires Cisco.com login)
http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/fabricpath/configuration/guide/fp_cli_Book.html
Thanks
Hatim Badr

The old native vlan question....

Topic came up during troubleshooting a 3524XL sw.
I think my understanding of the native vlan concept is wrong.
I thought on a trunk port (Cisco device) that any packet transversing a trunk link (dot1q trunk that is) has a vlan tag applied on the egress port. As an untagged packet arrives on the port (prior to being sent out over the trunk), its is tagged with the native vlan (if its not assocated with any other vlan), then sent out the (egress) the trunked port.
But lately I have been reading that
"A native vlan is the untagged vlan on an 802.1q trunked switchport. The native vlan and management vlan could be the same, but it is better security practice that they aren't. Basically if a switch receives untagged frames on a trunkport, they are assumed to be part of the vlan that are designated on the switchport as the native vlan. Frames egressing a switchport on the native vlan are not tagged. This is the definition however more recent switch software often will allow you to tag all of the frames, even those in the native vlan. This gives some added security and allows the CoS bits to be carried between switches even on the native vlan. Let me know if you need further clarification."
From : https://learningnetwork.cisco.com/thread/8721
So this tells me that you can have a packet transversing a dot1q link w/o a vlan tag...then when it arrives on the other end its put in the vlan that is on that native vlan question. Is this correct?
If so, and a packet can transverse a trunk link w/o a VLAN tag applied, how does a sw detect (ingress) a native vlan mismatch?
Thanks!

Hi,
It's correct, the native vlan is not tagged by default on the trunk link but some platform can make you tag all traffic though even the native vlan.
The native vlan mismatch is detected through cdp.
Regards.
Alain.
Don't forget to rate helpful posts.

SG300-10 VLAN Questions

My apologies if this has been asked before, but I have some questions regarding the setup of my new switch and network. I have never worked with switches before, so this is quite a learning experience. The picture above describes the current layout of my network. Here is how I have tried to set it up, so far.
VLAN 1 [Ports 1-4, Untagged, Trunk] (172.16.1.1/24)
Workstation A (Wired)
172.16.1.2/24
Server B (Wired)
172.16.1.3/24
VLAN 2 [Ports 5-8, Untagged, Trunk] (172.16.2.1/24)
Server C (Wired)
172.16.2.2/24
Server D (Wired)
172.16.2.3/24
Server E (Wired)
172.16.2.4/24
Server F (Wired)
172.16.2.5/24
VLAN 3 [Ports 9-10, Untagged, Trunk] (192.168.1.1/24)
Laptop G (Wireless)
DHCP via Router
Laptop H (Wireless)
DHCP via Router
Laptop I (Wireless)
DHCP via Router
Wireless Router
192.168.1.254/24
Now, my goal is to have all 3 VLANs be able to talk to each other but also have VLAN 1 access the internet, through the wireless router. In the future I would also like Server B to be able to expose services (http & ssh) to the outside. VLAN 2 shouldn't have internet access at all. I know I can add static routes to the wireless router, if need be. All three laptops, can access the internet through the wireless router, without any problems.
So my questions are:
1) Is there anything inherently wrong with the design of this network? If so, what could be changed?
2) Is VLAN 3 really necessary?
3) What would I need to do, to get the 3 VLANs communicating with each other?
4) What should the gateway be, to get VLAN 1 internet access?
5) What would I need to do, to expose Server B services to the outside?
6) What static routes do I need to add?
Thanks in advance!
   Jer

Hello Jeremy,
Thank you for your interest and patience.
You are on the right track here. However, several important changes must be made. Consider the following concepts:
The concept of a native VLAN. The link between the router and the switch must be part of VLAN 1. Otherwise, information from the router will not be distributed correctly on the switch due to the current PVID of 3.
The VLAN IP Interface (VLAN IP Address) identifies the subnet for the VLAN. Therefore, thinking of the switch as a router, you are correct that the default gateway for each client should be the respective VLAN interface on the switch. The switch will automatically route between directly connected IP Interfaces and their subnets.
However, in order for your clients to get to network that the switch doesn't know about, (the internet), there must be a default route to the router.
Additionally, in order for the router to forward information from the internet back to the VLANs on the switch, the router must know how to reach the different VLANs.
The folloing linked figure (Fig. 1) describes an appropriate sample setup. See here.
In this scenario, a SG300-10 is configured with 3 VLANs:
VLAN 1 - Default VLAN, used for management - 192.168.1.x/24 - Ports 9-10 - 1U - Trunk Mode
VLAN 2 - Servers - 192.168.2.x/24 - Ports 5-8 - 2U - Trunk Mode
VLAN 3 - Workstations - 192.168.3.x/24 - Ports 1-4 - 3U - Trunk Mode
VLAN 1 is used to communicate to the router. Therefore, the following default route must be added to the switch's configuration:
ip route      0.0.0.0      0.0.0.0      192.168.1.1
The switch will automatically build the routes between the VLANs local to the switch. Visualize Server C going togoogle.com. Its IP address is 192.168.2.2. Its default gateway should be the VLAN 2 IP Interface on the switch (192.168.2.254 in this example). Because the default route is configured, the switch will forward the internet request to the router. The router will then forward the request to your ISP out the WAN where it will eventually reach Google.
However, when the request comes back into the router, the router must know to route it to the 192.168.2.x subnet. So, in order for this to work, routes that accomplish the following must be configured on your router:
Subnet IP               Mask                    Gateway                                              Interface
192.168.2.1             255.255.255.0        192.168.1.254 (SG-300 IP Interface)         LAN
192.168.3.1             255.255.255.0        192.168.1.254 (SG-300 IP Interface)         LAN
As you have already discovered, there are several limitation to using a router that does not support 802.1Q tagging. Chiefly, your clients will not receive either DHCP or DNS automatically from the router. To mitigate this, you can do either of the following:
Run a DHCP server with multiple DHCP scopes on a device connected to your switch. You can then use Option 82 on the switch to route DHCP requests and DNS info between VLANs on the switch.
Statically configure IP and DNS information. You could enter Open DNS Servers or Google's DNS servers on your clients.
Ideally, you would want to use a router that supports 802.1Q tagging. In this figure here (Fig. 2), you can see the VLANconfiguration page for a Cisco RV180W, a very capable and affordable small business router that I highly recommend. Port 1 on the RV180W is configured as a trunk port and carries VLANs 1-3 to the switch. The clients automatically receive IP addresses and DNS information from the correct DHCP pool on the router.
Do not hesitate to contact us. We are always happy to help.
All the best,
-David Aguilar
Cisco Small Business Support Center
1-866-606-1866

File Path Control question

Simple question: How do I invoke the Open command in the File Path control? My reason is of my user hasn't supplied a file, then I want to force the user to select one.
Solved!
Go to Solution.

Most file related vi should prompt if there is no file path. If for some reason you are not getting that you could check to see if the file path is empty and add a prompt see below:
Tim
Johnson Controls
Holland Michigan

Massive mp3 file(path) move question

Alright so I recently purchased a 2 terabyte network server for my home network. The purpose of this is to move all my music, movies, photos, etc. to the network drive in order to clear out all that space on my laptop's drive. At this point and time, I've only copied all my music to network drive. Figure the next step would be is to delete all my music off my local drive. But then got a little worried about iTunes. Now when I delete my music off my local drive, iTunes will be looking for the mp3s via the originated file path. Obviously the file is not going to be there. So when this happens in iTunes, the circularly enclosed exclamation point pops up and iTunes wants you to manually and find the file for it to play. So essentially my question is... Since I'm doing this on a large scale, Is there an easier way to get this done?
Best solution I was able to come up with was to delete all the songs in iTunes and re-drag all the music back in there. BUT... the problem I have with that a good majority of the music's album artwork were manually put in by me (kind of uh...yeah about seeing the album artwork on the screen when I'm listening to my iPod). So I don't want lose all that it. Help! Kind of long, I know. Appreciate any help or suggestions.

Thanks for responding Brian -
The message I get is Error Code -2147467259
Conn Execute.vi->InsertIntoFrom.vi<ERR>Exception occured in Microsoft OLE DB Provider for ODBC Drivers: [Microsoft][ODBC Microsoft Access Driver] Could not find file 'C:\Project\APDSS\DataBase\ExternalInterface.mdb'. in Conn Execute.vi->InsertIntoFrom.vi
When my query looks like
INSERT INTO InternalInterface SELECT Field1, Field2 FROM ExternalInterface.ExternalTable WHERE Id = '065649-101-750';

Zone path location question

I am rebuilding our Zone hosting server and the Zone paths are currently located on the SAN through an iscsi mount. My question is: If I plan to use Live Upgrade should the zone paths be in the root partition instead?
Also, if you have any suggestions about using Live upgrade with non-global zones I would like to hear them as well.
Thanks,
Dave

Which file system you are using?
I have patched several guest ldoms running several zones with Live Upgrade. Every zone's zroot is on separate zpool (because of HA). This way it is quite easy to migrate a single zone to second node (in the event of disaster)
One thing that you should remember is that Live Upgrade with ZFS does the patching by using ZFS snapshot. For example, if you do the patching to a live system (which is supported with Live Upgrade!) and the application running on the zone is storing its data on the same file system where zone's root is, the application's data might be out of date after you reboot the machine using the new BE that was created by Live Upgrade.

A very odd VLAN question -please help

Hi,
We have two subnets 10.1.1.0 and 10.1.2.0 and these subnets are phisically separated. we also have two VLANS, VLAN 2 and 3, please think of the VLAN 2 as the default VLAN 1. strenge, it has been like this when I took over. there is no trunking between these two VLANS. 10.1.1.0 is the main network and all the servers and users arfe on it and 10.1.2.0 is a Dev environment and some development severs are on it.
I have given an IP address from the maon subnet i.e. 10.1.1.0 to a switch which is used for Dev environment on its SC0 and have assigned it to VLAN 2 but the rest of the 10.1.2.0, i.e. the Dev environment is on VLAN 3. from the main network I cannot ping that IP address (naturally) and I don't know how to build on what we currently have without making major changes and build over time as transparant as possible.
I am sorry for this very long expalanation.
I guess I need to know if I can make trunking between these two VLANs, i.e. VLAN 2 (main 10.1.1.0) and VLAN 3 (Dev environment 10.1.2.0) with out needing a router? of if I need a router, how? so that I can build upon it over time.
well, I have given an IP address from main subnet from VLAN 2 to a swotch which is for VLAN 3 or Dev environment!!! I really didn't know how to do this in order to make it as trasnparant possible to others since I am not in charge of the AD and the servers.
Please forgive me for my somehow vague explanation and I hope I could have made a question.
Thanks,
Masood

Hi and thanks for responding. Almost all my switches are L2/L3 Cisco CAT switches with two 3560 at the edge with knowledge of public network located between my two border routers and my Firewalls. My main switch is a Cisco CAT 4510 R with is a layer 2 and 3 switch with Cisco IOS and a few 3550s and 3512s around. I also have two CAT 4006s with CAT OS but these aren't my current concern as I know that I need to either use one of these swithes or a router to route between my VLANs. I do have a Cisco Router, a 2621 as my main router with its fa 0/1 is used for my two mian subnets (servers, devices, and users are on these two subnets 10.1.1.0 and 10.1.4.0) and the DHCP server is givng out IPs out of these two private subnets. the other interface on this router fa0/0 is used for 10.1.2.0 which is totally isolated subnets with a bounch of servers on it called Dev Environment. The AD guys want it this way.
Ok, now, when I take over this network I realized that those people who were looking after this network had created two VLANs, VLAN 2 (acting as the default VLAN 1 actually and used for managemnt of devices too) and VLAN 3 (VLAN 3 is for 10.1.2.0, i.e. the DEv Evironment, so bacically all of my devices, servers and users are on VLAN 2!!! and no trunking.....
I have provided a Diag of my network topology.
what I need to do is to find the best way to create a few more VLANs on my main network (10.1.1.0 and 10.1.4.0) and put all the servers on one VLAN; say VLAN 2 and few other segments and ten start to route between them by trunking. My problem is that the AD guys do not want to get involve and do not want (one of them my boss) to do IP renumbering so i need to do this at the L2 (by MAC addrss may be) and then use the router or (I can upgrade my main router to provide more interfaces with more mem and processing power) and use t to route between VLANs. this router is also used to connect us to a remote office where we have our Web Servers hosted via a T1 point-to-point as we are an online business so I need to be very carefull with this mission and have all the server and web Servers at this locations and my remote locations (10.5.1.0) on a same VLAN and then user on different VLANs by segmenting departments.
Now, you see my delema and the challange that I am facing. how this can be done slowly and gradually. first adding one more VLAN put all the servers on it (also, back interfaces and clustering of servers in mind) and users on another, then, start trunking and see how it works. if all goes well then I can start creating more VLANs and that would be the easy part and point them to the trunk Interface / Link.
Your thoughts will be greataly apreciated.
Thx,
Masood

Fabric Interconnect 6120xp question

I have two fabric interconnect 6120xp in cluster on one i find the ip in running config and on the partner i dont. It might be due to this i dont get the ipaddress of the fabric interconnect (shows as 0.0.0.0) on my san switch when querying fcns database. Any help is appreciated.
lhr02-wxp00-fic01-B(nxos)# sh run |inc ip
ip host lhr02-wxp00-fic01-B 10.255.96.78
ip address 10.255.96.78/24
lhr02-wxp00-fic01-A(nxos)# sh run |inc ip
role name server-equipment
lhr02-wxp00-fic01-A(nxos)#
lhr02-wxif-san02# show fcns database npv
VSAN 20:
NPV NODE-NAME           NPV IP_ADDR     NPV IF CORE SWITCH WWN         CORE IF
20:14:54:7f:ee:04:c8:01 10.255.96.78    fc2/4   20:00:54:7f:ee:07:6e:80 fc1/6
20:14:54:7f:ee:04:c8:01 10.255.96.78    fc2/2   20:00:54:7f:ee:07:6e:80 fc1/5
lhr02-wxif-san01# show fcns database npv
VSAN 10:
NPV NODE-NAME           NPV IP_ADDR     NPV IF CORE SWITCH WWN         CORE IF
20:0a:54:7f:ee:03:ee:c1 0.0.0.0         fc2/1   20:00:54:7f:ee:17:eb:80 fc1/3
20:0a:54:7f:ee:03:ee:c1 0.0.0.0         fc2/3   20:00:54:7f:ee:17:eb:80 fc1/4

On the FI with the 0.0.0.0 ipaddress run the sho npv inter info | inc IP.
Next go into UCSM and select the equipment tab.Then pick the FI in question. On the right select General tab and then Access.
What is the ipaddress? Does it also show 0.0.0.0 here as well?
If it does, try changing it to the address you wanted and check it again.
If that does not work then you can try to erase the config on that FI and reconfiguring it from the begining.
Verify they it joins the cluster and HA is ready and the ipaddress is available.

Vlan & Inter Vlan question

Here is my network layout:
I have a cable modem connecting to a Linksys WRT54GL (DDWRT) router. Port 1 on the WRT54GL is connect to port 01 on the SG300-10 switch.
On the SG300-10 I've created two Vlans (Vlan 30 & Vlan 40). I assigned ports 3 & 4 on the SG300-10 to Vlan 30 and ports 5 & 6 to Vlan 40. Vlan 30 has the IP Address 10.10.30.1 and Vlan 40 has an Address of 10.10.40.1. The default Vlan (Vlan1) has an Address of 10.10.20.2. The default gateway (WRT54GL router) has an Address of 10.10.20.1. I have also enable DHCP relay on the switch and enter the command "ip routing". My question is on either vlan if I wanted to setup static addresses for clients would I use the 10.10.20.1 (WRT54GL) address as the default gateway? Also, what additional configurations do I need to make for the Vlans to be able to talk to each other and be able to access the internet?
Thanks,

Van,
Thanks for the reply. The SG300-10 is in layer 3 mode. I have configured the DHCP server accordingly. Here is my setup:
                   cable modem
                          |
                          |
                   linksys wrt54gl (10.10.20.1)
                          |
                          |
                   sg300-10 Vlan1= 10.10.20.2 (manage)
                                  Vlan30= 10.10.30.0 /24 (GW= 10.10.30.1)
                                  Vlan40= 10.10.40.0 /24 (GW= 10.10.40.1)
You said that for inter-Vlan to work I need to set the clients GW to the switch. Would that be the Vlan's gateway for clients in each vlan? For example if a client was in vlan30 their gw would be 10.10.30.1?
The clients are not able to access the internet from the vlan. How would I configure the static on the switch for the vlans to be able to access the internet? Would this work: ip route 0.0.0.0 0.0.0.0 10.10.20.1?

Private vlan question

I am replacing a standard set of switches out with ones that can support PVLAN's. All our switches currently have their ip address on vlan 1 and that is the subnet which the default gateway resides. The second switch acts as a redundant switch and will need the same vlans as the primary. Currently they are etherchanneled together. I want to setup a single private vlan with one isolated vlan and several community vlans. My question is where do I put the IP address? Do I still setup a vlan 1 interface as I have done all along? Or do I put the addrss on the primary private vlan? And I assume I will need to setup a trunk between the two switches, vs. etherchannel?

Private VLANs provide Layer 2 isolation between ports within the same private VLAN. There are three types of private VLAN ports:
PromiscuousA promiscuous port can communicate with all interfaces, including the community and isolated ports within a private VLAN.
IsolatedAn isolated port has complete Layer 2 separation from other ports within the same private VLAN except for the promiscuous port. Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports.
CommunityCommunity ports communicate among themselves and with their promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces in other communities or isolated ports within their private VLAN.
PVLANS are also knows as secondary vlans, they are always associated to primary vlans so they can communicate to other devices outside their subnet through the default gateway. The management ip address or sc0 if it's CAtOS will always be in primary vlan or if native IOS and it's interface vlan it will always be the primary vlan. so, to answer your question, the management ip address will be in primary vlan.
You cannot use the inband port, sc0, in a private VLAN.
Note: With software release 6.3(1) and later releases, you can configure the sc0 port as a private VLAN port; however, you cannot configure the sc0 port as a promiscuous port.

Fabric path vlan question

Similar Messages

Maybe you are looking for