High process in nexus 7000

Similar Messages

• Ask the Expert: Basic Introduction and Troubleshooting on Cisco Nexus 7000 NX-OS Virtual Device Context

  With Vignesh R. P.
  Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions of Cisco expert Vignesh R. P. about the Cisco® Nexus 7000 Series Switches and support for the Cisco NX-OS Software platform .
  The Cisco® Nexus 7000 Series Switches introduce support for the Cisco NX-OS Software platform, a new class of operating system designed for data centers. Based on the Cisco MDS 9000 SAN-OS platform, Cisco NX-OS introduces support for virtual device contexts (VDCs), which allows the switches to be virtualized at the device level. Each configured VDC presents itself as a unique device to connected users within the framework of that physical switch. The VDC runs as a separate logical entity within the switch, maintaining its own unique set of running software processes, having its own configuration, and being managed by a separate administrator.
  Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
  Remember to use the rating system to let Vignesh know if you have received an adequate response. 
  Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Data Center sub-community discussion forum shortly after the event. This event lasts through through January 18, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Vignesh
  Is there is any limitation to connect a N2K directly to the N7K?
  if i have a an F2 card 10G and another F2 card 1G and i want to creat 3 VDC'S
  VDC1=DC-Core
  VDC2=Aggregation
  VDC3=Campus core
  do we need to add a link between the different VDC's
  thanks

• Smart call home - HTTPS transport from the Nexus 7000 to Cisco

  hi
  i try configured call home on nexus 7000 with https transport and proxy server
  i follow this guide -
  http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/QuickStart_NX7000.pdf
  and configured this :
  callhome
    email-contact XXXXXXXXXXX
    phone-contact XXXXXXXXXXX
    streetaddress XXXXXXXXXXXXXXXX
    destination-profile CiscoTAC-1 transport-method http
    destination-profile CiscoTAC-1 http https://tools.cisco.com/its/service/oddce/services/DDCEService
     transport http use-vrf management
    transport http proxy server XXXXXXXXXX port 8080                --------- XXXXXXXXX = my proxy server
    transport http proxy enable
    enable
    periodic-inventory notification interval  30
  i have a problem to install the security certificate , i follow thw guide but i get the error :
  failed to load or parse certificate
  could not perform CA authentication
  when i try test call home eith the command : callhome test
  trying to send test callhome message
  warning:no callhome message sent
  email configuration incomplete for destination profile:full_txt
  email configuration incomplete for destination profile:short_txt
  Error in transporting http message for CiscoTAC-1
  http: Received HTTP code 407 from proxy after CONNECT
  i guess the problem is because i didnt install the certificate , how can i install the certificate ?
  is this the real problem ?

  I agree with Bryan that the easiest proxy server to setup for the  nexus 7000 is the Transport Gateway. The documentation (certificates) is  setup to allow you to connect to a Cisco Transport Gateway or directly  into tools.cisco.com. Both have a Cisco certificate.
  But that doesn't explain your issue. To answer your issue, you need to look here
  http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/SCH31_Ch6.html#wp1039385
  except  you need your proxy server's chained certificate in PEM format since  the Nexus 7000 is going to terminate at your proxy server. Take a look  at this line in the documentation.
  Input (cut & paste) the CA certificate (chain) in PEM format
  The error code 407 you indicated makes sense and  indicates "Proxy Authentication Required". You need the certificate  installed first. NX-OS uses the openssl crypto library to implement the  cert-pki feature if that helps. A complete certificate chain is required. Also,  you might make sure the CRL (certificate revocation list) is set to none  so it doesn't do that first.
  revocation-check none
  The 4 chained certificates given in the documentation are tools.cisco.com.cer, Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer,  Verisign-Root-CA.cer. The non-nexus 7000 devices just use the last one. Most likely you need a certificate that looks like
  your proxy server.cer,Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer,  Verisign-Root-CA.cer
  If you are using your own root CA (which typically are taken  off-line after authorizing subordinate CAs for security reasons) , then  make sure that their certificates are in the correct order to be  processed so each can be authenticated.
  Now you can see why a Cisco proxy server (Transport Gateway) is easier to setup.

• Ciscoworks 2.6 and Nexus 7000 issues

  Running LMS 2.6 with RME version 4.0.6, and DFM 2.0.13.
  We keep getting false alerts in DFM on the temperature in our Nexus 7000 switches. The alert says that the high temp threshold is 45C, and it's being exceeded at 46C. The thing that bothers me is that the actual switch reads that the threshold is around 100C or more. Any ideas as to why DFM would be picking up a temperature so far off the mark?
  Also, in regards to RME, I cannot pull configs from the Nexus 7000's. The check box in "archive config" is blanked out to where I can't check it. I download the device packages for the 7000 into RME but it will not pull configs. Is this not supported under our version of RME, or would there be some other reason that I can't do this?
  Thanks for any assistance with these issues!

  UPDATE:
  I fixed the RMA config pull issue. I thought I had previously downloaded the Nexus device packages so that RMA could work with them, but upon checking again, it looks like I just didn't have them installed. Got that piece fixed and now I can pull configs from the switches just fine.
  Still having problems with the temperature reading in DFM not accurately reflecting what is actually on the switches. Any suggestions as to where to start hunting down the issue for this are greatly appreciated. Thanks!

• Nexus 7000, 2000, FCOE and Fabric Path

  Hello,
  I have a couple of design questions that I am hoping some of you can help me with.
  I am working on a Dual DC Upgrade. It is pretty standard design, customer requires a L2 extension between the DC for Vmotion etc. Customer would like to leverage certain features of the Nexus product suite, including:
  Trust Sec
  VDC
  VPC
  High Bandwidth Scalability
  Unified I/O
  As always cost is a major issue and consolidation is encouraged where possible. I have worked on a couple of Nexus designs in the past and have levergaed the 7000, 5000, 2000 and 1000 in the DC.
  The feedback that I am getting back from Customer seems to be mirrored in Cisco's technology roadmap. This relates specifically to the features supported in the Nexus 7000 and Nexus 5000.
  Many large enterprise Customers ask the question of why they need to have the 7000 and 5000 in their topologies as many of the features they need are supported in both platforms and their environments will never scale to meet such a modular, tiered design.
  I have a few specific questions that I am hoping can be answered:
  The Nexus 7000 only supports the 2000 on the M series I/O Modules; can FCOE be implemented on a 2000 connected to a 7000 using the M series I/O Module?
  Is the F Series I/O Module the only I/O Module that supports FCOE?
  Are there any plans to introduce the native FC support on the Nexus 7000?
  Are there any plans to introduce full fabric support (230 Gbps) to the M series I/O module?
  Are there any plans to introduce Fabric path to the M series I/O module?
  Are there any plans to introduce L3 support to the F series I/O Module?
  Is the entire 2000 series allocated to a single VDC or can individual 2000 series ports be allocated to a VDC?
  Is Trust Sec only support on multi hop DCI links when using the ASR on EoMPLS pwire?
  Are there any plans to inroduce Trust Sec and VDC to the Nexus 5500?
  Thanks,
  Colm

  Hello Allan
  The only IO card which cannot co-exist with other cards in the same VDC is F2 due to specific hardware realisation.
  All other cards can be mixed.
  Regarding the Fabric versions - Fabric-2 gives much bigger throughoutput in comparing with Fabric-1
  So in order to get full speed from F2/M2 modules you will need Fab-2 modules.
  Fab2 modules won't give any advantages to M1/F1 modules.
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/data_sheet_c78-685394.html
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/prodcut_bulletin_c25-688075.html
  HTH,
  Alex

• NEXUS 7000 xcvrInval

  Hi,
  I have some Nexus 7000 with FET-10G with xcvrInval status
  Eth7/33          N5k-S1-3T-1/3   xcvrInval trunk     auto    auto    Fabric Exte
  and some other FET-10G with notconn status
  Eth7/8           FEX-101         notconnec 1         auto    auto    Fabric Exte
  If I inter exchange the position of both FET-10G the status port doesn´t change
  FET-10G from 7/8 to 7/33
  FET-10G from 7/33 to 7/8
  7/33 holds xcvrInval status
  7/8 holds notconnec status
  I have reconfigured from default interface with same results
  Next you´ll find the same serial number in deferent port, the diference is the current
  when is xcvrInva or when is notconnec
  What can I do to get FET10G in e7/33 validated?
  sh interface e7/33   transceiver details
  Ethernet7/33
        transceiver is present
        type is Fabric Extender Transceiver
        name is CISCO-FINISAR  
        part number is FTLX8570D3BCL-C2
        revision is A  
        serial number is FNS17201TE5    
        nominal bitrate is 10300 MBit/sec
        Link length supported for 62.5/125um fiber is 10 m
        Link length supported for 50/125um OM3 fiber is 100 m
        cisco id is --
        cisco extended id number is 4
        cisco part number is 10-2566-02
        cisco product id is FET-10G            
        cisco vendor id is V02
        number of lanes 1
               SFP Detail Diagnostics Information (internal calibration)
                  Current              Alarms                  Warnings
                  Measurement     High        Low         High          Low
      Temperature   19.30 C        75.00 C      5.00 C     70.00 C       10.00 C
  [7m--More-- [m
      Voltage        3.31 V         3.63 V      2.97 V      3.46 V        3.13 V
      Current        0.06 mA  --     11.80 mA     4.00 mA    10.80 mA       5.00 mA
      Tx Power          N/A        22.69 dBm    8.69 dBm     18.69 dBm     12.69 dBm
      Rx Power          N/A        22.99 dBm    6.09 dBm     18.99 dBm     10.09 dBm
      Transmit Fault Count = 0
      Note: ++  high-alarm; +  high-warning; --  low-alarm; -  low-warning
  now in slot 7/8
  Ethernet7/8
        transceiver is present
        type is Fabric Extender Transceiver
        name is CISCO-FINISAR  
        part number is FTLX8570D3BCL-C2
        revision is A  
        serial number is FNS17201TE5    
        nominal bitrate is 10300 MBit/sec
        Link length supported for 62.5/125um fiber is 10 m
        Link length supported for 50/125um OM3 fiber is 100 m
        cisco id is --
        cisco extended id number is 4
        cisco part number is 10-2566-02
        cisco product id is FET-10G            
        cisco vendor id is V02
        number of lanes 1
               SFP Detail Diagnostics Information (internal calibration)
                  Current              Alarms                  Warnings
                  Measurement     High        Low         High          Low
      Temperature   23.17 C        75.00 C      5.00 C     70.00 C       10.00 C
  [7m--More-- [m
      Voltage        3.30 V         3.63 V      2.97 V      3.46 V        3.13 V
      Current        7.50 mA       11.80 mA     4.00 mA    10.80 mA       5.00 mA
      Tx Power      17.65 dBm      22.69 dBm    8.69 dBm     18.69 dBm     12.69 dBm
      Rx Power     -12.21 dBm --   22.99 dBm    6.09 dBm     18.99 dBm     10.09 dBm
      Transmit Fault Count = 0
      Note: ++  high-alarm; +  high-warning; --  low-alarm; -  low-warning
  NX7K-1-VDC-3T-S1-L2FP# sh int e7/33
  Ethernet7/33 is down (Transceiver validation failed)
  admin state is up, Dedicated Interface
    Belongs to Po51
    Hardware: 1000/10000 Ethernet, address: 8478.ac23.6cec (bia 8478.ac23.6cec)
    Description: N5k-S1-3T-1/3
    MTU bytes (CoS values):  MTU  1500(0-2,4-7) bytes  MTU  2112(3) bytes
    BW 10000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, medium is broadcast
    Port mode is trunk
  auto-speed  auto-duplex,, media type is 10G
    Beacon is turned off
    Auto-Negotiation is turned on
    Input flow-control is off, output flow-control is off
    Auto-mdix is turned on
    Rate mode is dedicated
    Switchport monitor is off
    EtherType is 0x8100
    EEE (efficient-ethernet) : n/a
    Last link flapped never
    Last clearing of "show interface" counters 07:22:09
    0 interface resets
    Load-Interval #1: 30 seconds
      30 seconds input rate 0 bits/sec, 0 packets/sec
      30 seconds output rate 0 bits/sec, 0 packets/sec
    Load-Interval #2: 5 minute (300 seconds)
      300 seconds input rate 0 bits/sec, 0 packets/sec
      300 seconds output rate 0 bits/sec, 0 packets/sec
    RX
      88 unicast packets  0 multicast packets  0 broadcast packets
      0 input packets  0 bytes
      0 jumbo packets  0 storm suppression packets
      0 runts  0 giants  0 CRC/FCS  0 no buffer
      0 input error  0 short frame  0 overrun   0 underrun  0 ignored
      0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
      0 input with dribble  0 input discard
      0 Rx pause
    TX
      88 unicast packets  0 multicast packets  0 broadcast packets
      0 output packets  0 bytes
      0 jumbo packets
      0 output error  0 collision  0 deferred  0 late collision
      0 lost carrier  0 no carrier  0 babble  0 output discard
      0 Tx pause
  NX7K-1-VDC-3T-S1-L2FP# sh int e7/33
  Ethernet7/8 is down (Link not connected)
  admin state is up, Dedicated Interface
    Belongs to Po101
    Hardware: 1000/10000 Ethernet, address: 8478.ac23.6cd3 (bia 8478.ac23.6cd3)
    Description: FEX-101
    MTU bytes (CoS values):  MTU  1500(0-2,4-7) bytes  MTU  2112(3) bytes
    BW 10000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, medium is p2p
    Port mode is fex-fabric
  auto-speed  auto-duplex,, media type is 10G
    Beacon is turned off
    Auto-Negotiation is turned on
    Input flow-control is off, output flow-control is off
    Auto-mdix is turned on
    Rate mode is dedicated
    Switchport monitor is off
    EtherType is 0x8100
    EEE (efficient-ethernet) : n/a
    Last link flapped 5week(s) 1day(s)
    Last clearing of "show interface" counters never
    0 interface resets
    Load-Interval #1: 30 seconds
      30 seconds input rate 0 bits/sec, 0 packets/sec
  [7m--More-- [m
      30 seconds output rate 0 bits/sec, 0 packets/sec
    Load-Interval #2: 5 minute (300 seconds)
      300 seconds input rate 0 bits/sec, 0 packets/sec
      300 seconds output rate 0 bits/sec, 0 packets/sec
    RX
      10588 unicast packets  0 multicast packets  0 broadcast packets
      4 input packets  0 bytes
      0 jumbo packets  0 storm suppression packets
      0 runts  0 giants  0 CRC/FCS  0 no buffer
      0 input error  0 short frame  0 overrun   0 underrun  0 ignored
      0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
      0 input with dribble  0 input discard
      0 Rx pause
    TX
      10588 unicast packets  1 multicast packets  0 broadcast packets
      4 output packets  5688 bytes
      0 jumbo packets
      0 output error  0 collision  0 deferred  0 late collision
      0 lost carrier  0 no carrier  0 babble  0 output discard
      0 Tx pause

  Hi Ans,
  You are rigth, I have defaulted againt the port, now configured with switchport mode FEX, and now the FET-10G is validated
  NX7K-1-VDC-3T-S1-L2FP(config-if)#  description FEX-101
  NX7K-1-VDC-3T-S1-L2FP(config-if)#   switchport
  NX7K-1-VDC-3T-S1-L2FP(config-if)#   switchport mode fex-fabric
  NX7K-1-VDC-3T-S1-L2FP(config-if)#   fex associate 101
  NX7K-1-VDC-3T-S1-L2FP(config-if)#   medium p2p
  NX7K-1-VDC-3T-S1-L2FP(config-if)#   channel-group 101
  NX7K-1-VDC-3T-S1-L2FP(config-if)#   no shutdown
  NX7K-1-VDC-3T-S1-L2FP(config-if)#
  NX7K-1-VDC-3T-S1-L2FP(config-if)# sh int e7/33 status
  Port             Name            Status    Vlan      Duplex  Speed   Type
  Eth7/33          FEX-101         notconnec 1         auto    auto    Fabric Exte
  NX7K-1-VDC-3T-S1-L2FP(config-if)#
  Thanks for your help, and have a nice weekend.
  Atte,
  EF

• Gratuitous ARP in Nexus 7000

  We are in the process of migrating our servers from Cat6500 (HSRPv1) to Nexus 7000 (HSRPv2). The HSRP virtual ip address remains the same after the migration. During the migration, we will shut down the Layer3 interface vlan on the Cat6500 and create the new Layer 3 interface vlan on the N7K. Because we are migrating to HSRPv2, the HSRP virtual MAC address will change.  Would like to check if there is there any way for the N7K to send gratuitous ARP to all the servers so that their ARP cache are refreshed. does "ip arp gratuitous update" help ?  THanks Eng Wee

  Hi Eng Wee,
  Nexus sends gratuitous arp by default. This command is enabled on the interface by default. There is nothing special that you need to do for the switch to send the gratuitous arps.
  JayaKrishna

• Migration from Nexus 7000 without VDC to VDC

  Hi all
  I am working on a DataCenter architecture where we would like to implement Nexus 7000.
  For the time being, there only one "context" but we may take the opportunity to implement VDC in a later future
  I was not able to find a clear answer on the following :
    Can we add the VDC licence & configure a new VDC on a Nexus 7000 running without VDC ?
    I suppose this is possible. but does it need to have the whole configuration changed or adding a VDC can be done without any interruption on the current environnement ?
  Thanks in advance !

  Hello
  To have VDC support on n7k you will require following license:
  LAN_ADVANCED_SERVICES_PKG
  To configure new vdc you need to run:
  Nexus(config)# vdc
  This will create new VDC which is separate from the current one. It shouldn't affect productional environment since separate processes started for new VDC.
  Then you can allocate some interfaces to it and configure.
  But you need to be careful to check whether you allocate unused interfaces and don't add resource excessive configuration.
  Here is a very good explanation of what is VDC and how it works:
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/ps9512/White_Paper_Tech_Overview_Virtual_Device_Contexts.html
  And here is VDC config guide:
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/virtual_device_context/configuration/guide/vdc_nx-os_cfg.html
  HTH,
  Alex

• SFP Detail Diagnostics Information Nexus 7000

  Hello guys,
  I have a question about why one port on a Nexus 7000 with a N7K-M132XP-12 (32 port 10G card) doesn't show any values
  when looking at "show inter e 9/27 transceiver details", all values are just zero.
  N7K# show inter e 9/27 transceiver details
  Ethernet9/27
   transceiver is present
   type is 10Gbase-SR
   name is CISCO-EXCELIGHT
   part number is SPP5101SR-C1
   revision is A
   serial number is EXX13050136
   nominal bitrate is 10300 MBit/sec
   Link length supported for 50/125um OM2 fiber is 82 m
   Link length supported for 62.5/125um fiber is 26 m
   Link length supported for 50/125um OM3 fiber is 300 m
   cisco id is --
   cisco extended id number is 4
   number of lanes 1
   SFP Detail Diagnostics Information (internal calibration)
   Current Alarms Warnings
   Measurement High Low High Low
   Temperature N/A 0.00 C 0.00 C 0.00 C 0.00 C
   Voltage N/A 0.00 V 0.00 V 0.00 V 0.00 V
   Current N/A 0.00 mA 0.00 mA 0.00 mA 0.00 mA
   Tx Power N/A 0.00 dBm 0.00 dBm 0.00 dBm 0.00 dBm
   Rx Power N/A 0.00 dBm 0.00 dBm 0.00 dBm 0.00 dBm
   Transmit Fault Count = 2
   Note: ++ high-alarm; + high-warning; -- low-alarm; - low-warning
  Tried to remove the SFT+ and inserted a new, but same results, all values are 0.
  Does anyone know why it doesn't show any values?
  We are runing version 6.2(8)
  And here's the port configuration:
  interface Ethernet9/27
   switchport
   switchport mode trunk
   spanning-tree port type edge trunk

  You are correct.  There isn't any option for seeing the hit count on the prefix-list on the Nexus series.
  HTH

• Nexus 7000 Platform Logging

  Hello,
  We recently had a power supply failure in one of our Nexus 7000s, and I noticed that the syslog for the Platform is only present in the default VDC, and not in any of the other VDCs syslogs. Is this by design, or is there a logging level I can turn up in another VDC to capture this log? Thanks for any input
  syslog from default VDC -
  2013 Mar 18 23:10:34  %PLATFORM-2-PS_CAPACITY_CHANGE: Power supply PS3 changed i
  ts capacity. possibly due to power cable removal/insertion (Serial number xxxxxxxx)
  nothing in the VDC where I would like to get the logging
  default VDC logging level -
  xxx7K02# show log level platform
  Facility        Default Severity        Current Session Severity
  platform                5                       5
  0(emergencies)          1(alerts)       2(critical)
  3(errors)               4(warnings)     5(notifications)
  6(information)          7(debugging)
  xxx7K02#
  loggging from the specific VDC where we have management tools.
  xxx-LOW# show log level platform
  Facility        Default Severity        Current Session Severity
  platform                5                       5
  0(emergencies)          1(alerts)       2(critical)
  3(errors)               4(warnings)     5(notifications)
  6(information)          7(debugging)
  xxx-LOW#

  Hello Carl,
  What version of code are you running on your Nexus 7k?
  The expected behavior is:
  "When a hardware issue occurs, syslog messages are sent to all VDCs."
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/virtual_device_context/configuration/guide/vdc_mgmt.html#wp1170241
  Dave

• Dell Servers with Nexus 7000 + Nexus 2000 extenders

  << Original post by smunzani. Answered by Robert. Moving from Document section to Discussions>>
  Team,
  I would like to use some of the existing Dell Servers for new network design of Nexus 7000 + Nexus 2000 extenders. What are my options for FEC to the hosts? All references of M81KR I found on CCO are related to UCS product only.
  What's best option for following setup?
  N7K(Aggregation Layer) -- N2K(Extenders) -- Dell servers
  Need 10G to the servers due to dense population of the VMs. The customer is not up for dumping recently purchased dell boxes in favor of UCS. Customer VMware license is Enterprise Edition.
  Thanks in advance.

  To answer your question, the M81KR-VIC is a Mezz card for UCS blades only.  For Cisco rack there is a PCIe version which is called the P81.  These are both made for Cisco servers only due to the integration with server management and virtual interface functionality.
  http://www.cisco.com/en/US/prod/collateral/ps10265/ps10493/data_sheet_c78-558230.html
  More information on it here:
  Regards,
  Robert

• LMS 4.2.2 Interface utilisation on Nexus 7000

  Hi All,
  I'm trying to poll some interfaces for their utilization on a nexus 7000 through LMS 4.2.2.
  When I create a poller fot the specific instances, the LMS recognises the instances, but after activating the poller I get the error "No Such Instance - The specified instance is not available".
  No info is displayed when I generate an interface utilization report for the specific nexus.
  When I activate the automonitor for interface utilization, the interfaces on the nexus are polled.
  On the cisco website there are some features listed which LMS does not support on the Nexus 7000, but polling is not in that list (neither in the supported feature list).
  Any tips?
  Thanks for your help.
  Joris

  Any Idea..??

• ESXi 4.1 NIC Teaming's Load-Balancing Algorithm,Nexus 7000 and UCS

  Hi, Cisco Gurus:
  Please help me in answering the following questions (UCSM 1.4(xx), 2 UCS 6140XP, 2 Nexus 7000, M81KR in B200-M2, No Nexus 1000V, using VMware Distributed Switch:
  Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000?
  Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned?
  Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct?
  Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES?
  I would really appreciate if someone can help me clear these lingering doubts of mine.
  God Bless.
  SiM

  Sim,
  Here are my thoughts without a 1000v in place,
  Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000?   //Yes, for vPC to UCS the best practice is to bowtie uplink to (2) 7K or 5Ks.
  Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned? //The port channel will be configured on both the UCSM and the 7K. The pro of a port channel would be both bandwidth and redundancy. vPC would be prefered.
  Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct? //Without the 1000v, I always tend to leave to dvSwitch load balence behavior at the default of "route by portID". 
  Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES? UCS can perform L2 but Northbound should be performing L3.
  Cheers,
  David Jarzynka

• Privilege Level for Tacacs Account in Nexus 7000

  Hi,
  I have configured the Tacacs (ACS 4.2v) on Nexus 7000 (as mentioned below) and works fine but unlike IOS (6509) It's doesn't prompt that you are in userexec mode (>) and then need to type enable and password for full privilege.
  In n7k when I entered into "configure terminal" It won't allow me to access other commands.
  How to login into level 15 privilege mode after authenticating from tacacs
  (config)# show running-config tacacs+
  tacacs-server key 7 "xxxxx"
  tacacs-server host x.x.x.x key 7 "xxxx"
  aaa group server tacacs+ TacServer
      server x.x.x.x (same ip as tacacs-server host)
      use-vrf management
      source-interface Vlan2
  (config)# show running-config aaa
  aaa authentication login default group TacServer
  aaa authentication login console local
  aaa user default-role
  Here below are the commands accessible in "Terminal" currently
  (config)# ?
    no        Negate a command or set its defaults
    username  Configure user information.
    end       Go to exec mode
    exit      Exit from command interpreter
  isb.n7k-dcn-agg-1-sw(config)#

  Hi Jan.nielsen
  Issue is resolved but by another way.
  I have found the same resolution too of custom attirbute command but the Custom attribute Option for shell command wasn't available in ACS v4.2, so after enabling shell for users and by clicking exec--> Shell Exec and enabling priviledge level 15 in the same box of Shell options, It start working without any command

• Nexus 7000 - unexpected shutdown of vPC-Ports during reload of the primary vPC Switch

  Dear Community,
  We experienced an unusual behavior of two Nexus 7000 switches within a vPC domain.
  According to the attached sketch, we have four N7Ks in two data centers - two Nexus 7Ks are in a vPC domain for each data center.
  Both data centers are connected via a Multilayer-vPC.
  We had to reload one of these switches and I expected the other N7K in this vPC domain to continue forwarding over its vPC-Member-ports.
  Actually, all vPC ports have been disabled on the secondary switch until the reload of the first N7K (vPC-Role: primary) finished.
  Logging on Switch B:
  20:11:51 <Switch B> %VPC-2-VPC_SUSP_ALL_VPC: Peer-link going down, suspending all vPCs on secondary
  20:12:01 <Switch B> %VPC-2-PEER_KEEP_ALIVE_RECV_FAIL: In domain 1, VPC peer keep-alive receive has failed
  In case of a Peer-link failure, I would expect this behavior if the other switch is still reachable via the Peer-Keepalive-Link (via the Mgmt-Port), but since we reloaded the whole switch, the vPCs should continue forwarding. 
  Could this be a bug or are there any timers to be tuned?
  All N7K switches are running on NX-OS 6.2(8)
  Switch A:
  vpc domain 1
    peer-switch
    role priority 2048
    system-priority 1024
    peer-keepalive destination <Mgmt-IP-Switch-B>
    delay restore 360
    peer-gateway
    auto-recovery reload-delay 360
    ip arp synchronize
  interface port-channel1
    switchport mode trunk
    switchport trunk allowed vlan <x-y>
    spanning-tree port type network
    vpc peer-link
  Switch B:
  vpc domain 1
    peer-switch
    role priority 1024
    system-priority 1024
    peer-keepalive destination <Mgmt-IP-Switch-A>
    delay restore 360
    peer-gateway
    auto-recovery reload-delay 360
    ip arp synchronize
  interface port-channel1
    switchport mode trunk
    switchport trunk allowed vlan <x-y>
    spanning-tree port type network
    vpc peer-link
  Best regards

  Problem solved:
  During the reload of the Nexus 7K, the linecards were powerd off a short time earlier than the Mgmt-Interface. As a result of this behavior, the secondary Nexus 7K received at least one vPC-Peer-Keepalive Message while its peer-link was already powerd off. To avoid a split brain scenario, the VPC-member-ports have been shut down.
  Now we are using dedicated interfaces on the linecards for the VPC-Peer-Keepalive-Link and a reload of one N7K won't result in a total network outage any more.