Nexus 3548 : vlan is not allowed on peer-link

Similar Messages

• VLANs 133-134 on Interface port-channel10 are being suspended. (Reason: Vlan is not allowed on Peer-link)

  I just added 2 vlans Port-channel10 on two of my Nexus 5000's that go from the to a 6509 Catalyst switch. I get this error when I do a show log:(VLANs 133-134 on Interface port-channel10 are being suspended. (Reason: Vlan is not allowed on Peer-link) When I do a sh int trunk I see Po10 (int Eth1/3) that Vlans Err-disabled on Trunk. Another odd thing when I do an spanning tree summary neith 133 or 134 is added in to the summary? Why would spanning-tree be ignoring these two new vlans?
  They are configured as so:
  interface port-channel10
  description "vpc 10 eth1/3 to 6506 po10 ten5/4"
  switch port mode trunk
  switchport trunk native vlan 999
  switchport trunk allowed vlan 130.,133-134,139,145,155,160-175,239,242,254,999
  vpc10
  What can I do to get 133 and 134 vlans to stop erroring on Port-channel 10 on both Nexus 5000's?

  Firstly I should say I have not used Nexus switches so the following advice should be treated with caution.
  Have you added the same vlans to the allowed vlans on your vPC peer link. That is what the error message seems to be telling you ie. they are not currently allowed.
  They need to be allowed otherwise the vlans are suspended which is what is happening.
  As I say I haven't used these switches so I can't say for sure if there is any downtime/disruption when you modify the allowed list but I think that is your problem from what I can see.
  Jon

• Starting iTunes 11 with the option key does not allow me to link my ipad with Remote

  I am using my Macbook Pro as a pure music server with a 2TB external USB 3 HD where all my music resides in a single folder.  Yet when I start iTunes by holding the option key (to allow iTunes to see the 2TB folder and not import all my music), the Devices tab is grayed out and hence my iPad3 is not recognised. As a result, I cannot use Apple's Remote App.
  The same hardware, does allow my to import a small named Library when the iPad is recognised.
  What gives? Any suggestions would help me to keep my hair!

  Try a Skype reset:
  http://community.skype.com/t5/Security-Privacy-Trust-and/Skype-name-and-Skype-MS-accounts/m-p/293557...
  You may also want to test it out in Safe Mode with Networking to see if anything changes.  Since Skype uses IE in the background make sure you Internet Explorer is able to browse web pages without restriction or that it isn't in some type of forced offline mode.

• Ichat not allowing to send links

  Lately I've been running into an issue with iChat where it won't allow me to send a link.
  It immediately tells me there's an error...any ideas?

  Where are you typing the link ?
  Profile ?
  Text Chat ?
  Can you give and example ?
  8:50 PM Sunday; January 6, 2008

• Copy not allowed..only link.  Bug?

  I am following the Java Studio Creator Field Guide book, and in it, you are told to select the Copy radio button (as opposed to Link) when setting a URL for an image. Well, on my setup, copy is greyed out (disabled).
  Is this a bug, or is there something that needs to be done to enable it?

  Hi,
  If you select tab URL, you are prevented from selecting radio button Copy.
  Selecting radio button Link works fine.
  (The behavior changed since the book was published).
  You can also copy an image file into your project's Resources directory by selecting tab File.
  This discrepancy is documented in
  http://www.asgteach.com/books/creator_field_guide.htm
  (Beyond the Book)
  Regards,
  Gail A.

• Duplicate address across VPC peer-link on Nexus 7010

  Just set up a VPC peer-link between two 7010 switches.  The peer-link is a port-channel of two 10Gb connections.  On both sides I'm seeing this in the log:
  2010 Jan  5 04:27:34 CRMCN7K-1 %ARP-2-DUP_SRC_IP:  arp [3069]  Source address of packet received from 0024.f716.b341 on Vlan401(port-channel10) is duplicate of local, 10.180.0.17
  and on the other
  2010 Jan  5 04:23:39 CRMCN7K-2 %ARP-2-DUP_SRC_IP:  arp [3052]  Source address of packet received from 0024.f71f.a7c1 on Vlan401(port-channel10) is duplicate of local, 10.180.0.18
  VLAN 401 is the only VLAN on them right now with a Layer 3 address.  What am I missing?  Everything looks correct.  Port-Channel10 is up and running fine..or so it seems.

  Hey Nashwj,
  What version of NX-OS are you running?
  Are the 7K in a stand alone environment (lab or similar) or connected to other production network devices?
  Are both of the VLANs carried across the vPC peer link port-channel?
  Are both of the VLANs carried across any vPC port-channel?
  Do you have HSRP setup on the VLAN 401 interfaces on each of the 7Ks?  If so, what are the real and vip IP addresses?
  If you can either provide answers to the above or configuration snapshots of the vPC and SVI interfaces for your VLANs on each of the 7Ks a solution should be reachable.

• Vpc peer-link forwarding behavior

  Hey,
  In this cisco doc (http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572835-00_NX-OS_vPC_DG.pdf ) I come across this statement:
  One of the most important forwarding rules of vPC is the fact that a frame that entered the vPC peer switch from the peer link cannot exit the switch out of a vPC member port (except if this is coming from an orphaned port).
  This makes perfect sense up to the "except if this is coming from an orphaned port". I can't seem to figure out why traffic sourced from an orphaned port (ie, "from" an orphaned port) and ulimately destined to a vPC member port is allowed -- since it should be sent out the local vPC member port and not across the peer link.
  Would make more sense to me if it said "destined to an orphaned port", so of course it would have to cross the peer-link.
  Can anyone shed some light on this exception to the rule?
  Thanks!

  Thanks Chad!
  Kept racking my brain on that one, and the only time it would make any sense (ie, I was trying to fit a square peg in a round hole), is if you have IGP peering to each 7K from an orphan port (ex, FW), the IGP ECMP hashes a packet to the far-end 7K, and then the traffic sent to the directly attached 7K must be sent across the vpc-peerlink -- and in theory shouldn't be dropped. This is, of course, until you add peer-gateway command, which confuses matters a bit -- especially from an IGP control-plane perspective, but also in this loop-prevention rule, since the local 7K will handle the packets destined to the other's 7K MAC.
  To complicate matters worse, the latest 5K release notes say to exclude-vlan for peer-gateway for your backup router vlan... still have to dive into that one.

• Is SPAN port not allowed in Nexus FEX Port ?

  Hi
      Customer want me to defined a SPAN port on N2K, it is a fex port. when I configure I got the following statement from the switch.
  Is there any way to solve the problem?
  n5k-N2K(config-monitor)# destination ?
    interface  Configure interfaces
  n5k-N2K(config-monitor)# destination interface eth102/1/18
  ERROR: Eth102/1/18: Configuration not allowed on fex interface
  N5K VERSION
  Cisco Nexus Operating System (NX-OS) Software
  TAC support: http://www.cisco.com/tac
  Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.
  The copyrights to certain works contained herein are owned by
  other third parties and are used and distributed under license.
  Some parts of this software are covered under the GNU Public
  License. A copy of the license is available at
  http://www.gnu.org/licenses/gpl.html.
  Software
    BIOS:      version 1.2.0
    loader:    version N/A
    kickstart: version 4.0(1a)N2(1)
    system:    version 4.0(1a)N2(1)
    BIOS compile time:       06/19/08
    kickstart image file is: bootflash:/n5000-uk9-kickstart.4.0.1a.N2.1.bin
    kickstart compile time:  2/25/2009 0:00:00 [02/25/2009 08:29:12]
    system image file is:    bootflash:/n5000-uk9.4.0.1a.N2.1.bin
    system compile time:     2/25/2009 0:00:00 [02/25/2009 08:56:57]

    Hi,
  A FEX port cannot be configured as a SPAN destination. Only a switch port can be configured and used as a SPAN destination.
  See link below for more info:
  http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_1_3_N2_1/Nexus5000_Release_Notes_5_1_3_N2.html
  HTH

• VLAN not allowed but NEs in different VLANs are still pingable (Router along with switches involved)

  Dear Experts,
  Please refer to attached file and share your feedback if my understanding is correct or need some correction.
  Best Regards!
  Ashish JAIN

  Ashish
  Your understanding is correct.
  If you added a PC in vlan 3 to switch 3 your link between switches would need to be a trunk link and allowing both vlans.
  Jon

• Question about Nexus 3548 vPC setup

  Hi.
  We have just installed our two first Nexus 3548 switches in our Catalyst environment. We want to set up a vPC domain between the Nexuses, to use for connections to storage and other equipment.
  I have read the guide at http://www.cisco.com/c/en/us/products/collateral/switches/nexus-3000-series-switches/white_paper_c11-685753.html and tried setting it up. I created a vPC domain on both switches like this:
  nexus1:
  vpc domain 1
    role priority 2000
    system-priority 4000
    peer-keepalive destination 192.168.105.40 source 192.168.105.39 vrf default
  nexus2:
  vpc domain 1
    system-priority 4000
    peer-keepalive destination 192.168.105.39 source 192.168.105.40 vrf default
  The switches are connected with a port-channel consisting of 2x 10GE. The IP addresses above are the ones we use for managing the switches. When I configure the port-channel as "vpc peer-link", the vpc status looks OK:
  vPC domain id                     : 1
  Peer status                       : peer adjacency formed ok
  vPC keep-alive status             : peer is alive
  Configuration consistency status  : success
  Per-vlan consistency status       : success
  Type-2 consistency status         : success
  vPC role                          : primary
  Number of vPCs configured         : 0
  Peer Gateway                      : Disabled
  Dual-active excluded VLANs        : -
  Graceful Consistency Check        : Enabled
  Auto-recovery status              : Disabled
  vPC Peer-link status
  id   Port   Status Active vlans
  1    Po2    up     1,6,100,102,106
  The problem I have is that I lose connection to nexus2 when I bring up the vPC. I can no longer access it on its IP (192.168.105.40). I cannot ping it from nexus1 either. The Nexus switches are connected to our core switches, which are Catalyst 6509. nexus1 is connected to coreswitch1 using a portchannel of 2xGE and nexus2 is connected to coreswitch2 the same way. A spanning-tree cost has been set on the uplink from nexus2, to make spanning tree block that uplink, and allow traffic between the nexuses to go over the 2x 10GE portchannel instead of over the core switches. I have attached a drawing of this.
  Maybe I shouldn't use the management IP:s for peer keepalive? Does the peer keepalive need to be on a different physical link than the peer-link?
  Regards,
  Johan

  We are not using the management ports for management, but an ordinary Vlan Interface in the default vrf, as seen below. We can of course change that and instead use the mgmt0 port if that is the best approach.
  vrf context management
  vlan configuration 1,100
  vlan 1
  vlan 100
    name DMMgmtPriv
  vpc domain 1
    role priority 2000
    system-priority 4000
    peer-keepalive destination 192.168.105.40 source 192.168.105.39 vrf default
  interface Vlan1
  interface Vlan100
    no shutdown
    no ip redirects
    ip address 192.168.105.39/23

• Help with multiple nat translation on a Cisco Nexus 3548

  Hi All,
  I need a little help with a NAT configuration on a cisco Nexus 3548 version 6.0(2)A4(3).
  What currently have is as follows:
  internal network: 192.168.4.0/24
  nexus router (routerA):
    LAN Side: vlan104 interface 192.168.4.201/24
    WAN Side: Eth1/48 interface 172.24.101.2/24
    remote network: 159.43.48.32/27
    remote gateway: 172.24.101.1/24
  use ACL's to ensure that only specific traffic is allowed out and in.
  allow a specific connection from a different internal network (192.168.3.0/24) to talk to port 159.43.48.34:1025
  Clients on the internal network 192.168.4.0, need to be able to connect to services (port 14002, port 8101) running on 159.43.48.34, but they must be SNAT'ed through the WAN interface as coming from 159.43.65.81
  Currently we have this working but the internal lan clients need to know how to get to 159.43.48.34/27 and therefore we need to route this network in our internal network.
  What we really want is to do is provide an address such as 192.168.4.203 for internal clients to use for connectivity to the various services, and then this address would be SNAT'ed to 159.43.65.81 over the WAN. We still want to secure the traffic in both directions.
  In the past i've been able to do this with inside and outside nat's and i haven't had to configure an interface on the router for the internal address, it has just been "stood up" by the nat rules. For example (this is how i've done it before):
  LAN interface
  ip nat outside
  WAN interface
  ip nat inside
  ip nat inside source static159.43.65.81 192.168.4.203
  ip nat outside source static 159.43.65.81 192.168.4.203
  but, trying to implement this sort of config on the Nexus isn't working.
  I am wondering if the Nexus behaves differently than ios based routers.
  I'd appreciate any help to get this config working.
  Thanks in advance,
  Les

  Les
  The issue with an "ip nat outside ..." static is that from the inside routing is done before NAT.
  So what happens is that the destination IP is 192.168.4.203 and the Nexus will do a route lookup, see it is directly connected so it won't forward the packet to the outside interface so it doesn't get translated.
  If you enter "ip nat outside source static 159.43.48.34 192.168.4.203" then on IOS it adds a host specific route to the routing table for 192.168.4.203 as directly connected.
  So you do a ping from a 192.168.3.x client  it looks like it is working but actually the L3 device is simply responding and the packet never gets to the server.
  Apologies for the long winded explanation but NXOS might behave differently and I wanted you to know what to look for.
  So with IOS there is the "add-route" option at the end of the NAT statement and if you use this it would add a host specific route into the routing table like this -
  192.168.4.203 255.255.255.255 159.43.48.34
  this is a recursive route ie. the device must know how to get to 159.43.48.34 but your Nexus should.
  What the above does is make sure any packets arriving at the Nexus for 192.168.4.203 get routed to the outside interface and so are translated.
  So firstly see if that option is available with your NAT statement ie.
  "ip nat outside source static 159.43.48.34 192.168.4.203 add-route"
  if it isn't then try adding just the static statement without it and then have a look at the routing table. If it hasn't put in a host specific route showing as directly connected which it may not, as it may behave differently, then you can manually add a route ie.
  192.168.4.203 255.255.255.255 <next hop IP>
  note that the next hop IP doesn't have to be the server here it could just be the next hop from the Nexus switch. All you are trying to do is get the packet routed to the outside interface.
  Hope that makes sense.
  Edit - one thing I haven't tried is to use a different IP subnet for NAT ie. one that is still part of your internal range but unused and then having a route on the Nexus, in your case, pointing to the outside interface and you redistribute this subnet into your IGP. Then you add the NAT statement.
  What may happen is it still adds a host specific route showing as directly connected but it may not because the Nexus wouldn't actually have a directly connected interface for that subnet.
  I suspect it would though.
  If it did work then it would still mean you didn't need to advertise the public IP internally.
  If I get the chance I'll test it later today.
  Jon

• NEXUS 3548 with 24 Port License

  Ive a 3548 box with 24port Lic,My concern is about the functionality of the remaining 24 Ports.Will there be a problem with the rest of the 24 ports while in production.
  NX3548# sh inventory
  NAME: "Chassis", DESCR: "Nexus 3548 Chassis"
  PID: N3K-C3548P-10G    , VID: V02 , SN: XXXXXXXXXX
  NAME: "Module 1", DESCR: "48x10GE Supervisor"
  PID: N3K-C3548P-10G    , VID: V02 , SN: XXXXXXXXXX
  NX3548# SH LICense usage
  Feature                      Ins  Lic   Status Expiry Date Comments
                                   Count
  24P_LIC_PKG                   Yes   -   Unused Never       -
  24P_UPG_PKG                   No    -   Unused             -
  LAN_BASE_SERVICES_PKG         Yes   -   Unused Never       -
  ALGO_BOOST_SERVICES_PKG       No    -   Unused             -
  LAN1K9_ENT_SERVICES_PKG       No    -   Unused             -
  LAN_ENTERPRISE_SERVICES_PKG   No    -   Unused             -

  Hello Dhanesh,
  thanks for your reply.
  We have 2 3548 licensed exactly as your Nexus.
  After a reboot of the two Nexus the first 4 ports (of the two) had problems (no input packets, only ouput packets, so unusable). There was connected devices with GLC-T, so they worked at 1 G, not 10G.
  We opened a TAC Case about this and, after remote session and many analysis, the engineer decided to replace the two devices.
  Despite this I have still some doubt.
  I found the discussion below and I post some logs of one of the Nexus, we use the 10 G not in a contiguous way.
  Thanks and regards
  https://supportforums.cisco.com/discussion/12073821/nexus-3548-24-port-license-what-ports-use
  371) Event:E_DEBUG, length:55, at 552701 usecs after Sat Mar 14 20:02:11 2015
      [825307441] Couldn't send grace period data: No route to host
  372) Event:E_DEBUG, length:58, at 255834 usecs after Sat Mar 14 19:02:57 2015
      [825307441] Couldn't fetch grace enabled status: no such pss key
  373) Event:E_DEBUG, length:55, at 819209 usecs after Sat Mar 14 19:02:18 2015
      [825307441] Couldn't send grace period data: No route to host
  374) Event:E_DEBUG, length:44, at 818664 usecs after Sat Mar 14 19:02:18 2015
      [825307441] Failed to get VDC map: no such pss key
  375) Event:E_DEBUG, length:44, at 818270 usecs after Sat Mar 14 19:02:18 2015
      [825307441] Transient read error in glob_refresh()
  376) Event:E_DEBUG, length:60, at 813122 usecs after Sat Mar 14 19:02:18 2015
      [825307441] Expiry date for feature LAN_BASE_SERVICES_PKG: 3650000
  377) Event:E_DEBUG, length:50, at 773120 usecs after Sat Mar 14 19:02:18 2015
      [825307441] Expiry date for feature 24P_LIC_PKG: 3650000
  378) Event:E_DEBUG, length:30, at 716563 usecs after Sat Mar 14 19:02:08 2015
      [825307441] checking confcheck config
  N3K-DC-1# sh int status
  Port          Name               Status    Vlan      Duplex  Speed   Type
  Eth1/1        *** FREE ***       sfpAbsent 1         full    1000    --
  Eth1/2        *** FREE ***       sfpAbsent 1         full    1000    --
  Eth1/3        *** FREE ***       sfpAbsent 1         full    1000    --
  Eth1/4        *** FREE ***       sfpAbsent 1         full    1000    --
  Eth1/5        UCS_UPLINK_FABRIC_ connected trunk     full    10G     SFP-H10GB-CU5M
  Eth1/6        UCS_UPLINK_FABRIC_ connected trunk     full    10G     SFP-H10GB-CU5M
  Eth1/7        --                 sfpAbsent 1         full    10G     --
  Eth1/8        --                 sfpAbsent 1         full    10G     --
  Eth1/9        --                 sfpAbsent 1         full    10G     --
  Eth1/10       --                 sfpAbsent 1         full    10G     --
  Eth1/11       --                 connected trunk     full    1000    1000base-T
  Eth1/12       --                 connected trunk     full    1000    1000base-T
  Eth1/13       --                 sfpAbsent 1         full    10G     --
  Eth1/14       --                 sfpAbsent 1         full    10G     --
  Eth1/15       --                 sfpAbsent 1         full    10G     --
  Eth1/16       --                 sfpAbsent 1         full    10G     --
  Eth1/17       --                 sfpAbsent 1         full    10G     --
  Eth1/18       --                 sfpAbsent 1         full    10G     --
  Eth1/19       --                 sfpAbsent 1         full    10G     --
  Eth1/20       --                 sfpAbsent 1         full    10G     --
  Eth1/21       --                 sfpAbsent 1         full    10G     --
  Eth1/22       --                 sfpAbsent 1         full    10G     --
  Eth1/23       --                 sfpAbsent 1         full    10G     --
  Eth1/24       --                 sfpAbsent 1         full    10G     --
  Eth1/25       --                 sfpAbsent 1         full    10G     --
  Eth1/26       --                 sfpAbsent 1         full    10G     --
  Eth1/27       --                 sfpAbsent 1         full    10G     --
  Eth1/28       --                 sfpAbsent 1         full    10G     --
  Eth1/29       --                 sfpAbsent 1         full    10G     --
  Eth1/30       --                 sfpAbsent 1         full    10G     --
  Eth1/31       *** FREE ***       notconnec 1         full    1000    1000base-T
  Eth1/32       --                 sfpInvali 1         full    10G     1000base-T
  Eth1/33       --                 sfpAbsent 1         full    10G     --
  Eth1/34       --                 sfpAbsent 1         full    10G     --
  Eth1/35       --                 sfpAbsent 1         full    10G     --
  Eth1/36       --                 sfpAbsent 1         full    10G     --
  Eth1/37       --                 sfpAbsent 1         full    10G     --
  Eth1/38       --                 sfpAbsent 1         full    10G     --
  Eth1/39       --                 sfpAbsent 1         full    10G     --
  Eth1/40       --                 sfpAbsent 1         full    10G     --
  Eth1/41       --                 sfpAbsent 1         full    10G     --
  Eth1/42       --                 sfpAbsent 1         full    10G     --
  Eth1/43       --                 notconnec 1         full    10G     10Gbase-SR
  Eth1/44       --                 notconnec 1         full    10G     10Gbase-SR
  Eth1/45       C3850-CORE [Port-C connected trunk     full    10G     10Gbase-SR
  Eth1/46       C3850-CORE [Port-C connected trunk     full    10G     10Gbase-SR
  Eth1/47       vPC PeerLink [Port connected trunk     full    10G     SFP-H10GB-CU3M
  Eth1/48       vPC PeerLink [Port connected trunk     full    10G     SFP-H10GB-CU3M
  Po2           C3850-CORE         connected trunk     full    10G     --
  Po3           3750-DC            connected trunk     full    a-1000  --
  Po4           UCS_UPLINK_FABRIC_ connected trunk     full    10G     --
  Po10          vPC PeerLink       connected trunk     full    10G     --
  mgmt0         --                 connected routed    full    a-1000  --

• Thoughs on interconnecting Nexus 3548 and 3750 switches

  Hi,
  I have two nexus 3548 switches.
  I have created port-group 1  on both switches to group eth1/47 with eth1/48.
  I have 4 sfps, 2 per switch. to connect to a single 3750 that I want to group together as well.
  So I have gi1/0/31 going to eth1/1 on nexus1 and gi1/0/32 going to eth1/2 on nexus1
  I have gi1/0/33 goin to eth1/1 on nexus2 and gi1/0/32 goin to eth1/2 on nexus2
  When I create the port group on the 3750 do I create one group with all 4 ports or will I have to create 2, one per nexus switch?
  Thanks

  Thanks for the replies. I finally got to test the hardware and config yesterday.
  Just so I am clear. the vpc and peer to peer links are only for interconnecting the two Nexus switches. I think I got that right. sho VPC br seems to say it is up. I am using Po5
  vPC domain id : 1
  Peer status : peer adjacency formed ok
  vPC keep-alive status : peer is alive
  Configuration consistency status : success
  Per-vlan consistency status : success
  Type-2 consistency status : success
  vPC role : secondary
  Number of vPCs configured : 0
  Peer Gateway : Disabled
  Dual-active excluded VLANs : -
  Graceful Consistency Check : Enabled
  Auto-recovery status : Disabled
  vPC Peer-link status
  id Port Status Active vlans
  1 Po5 up 1
  Next do I create a port channel on Nex1 and Nex2 for the two ports that connect to the 3750 (Po6 for example) or do I add the two links to the 3750s to Po5 ? I thought I add them to Po 5 but since I am mixing 1000 and 10G ports it doesnt seem to like it.

• ACE: Can the ft-vlan port be used for other vlans or not?

  Hi People,
  I am a bit confused reading cisco's documentation. I am now using the ft-vlan in a dedicated port (no other vlans), but I would like to use it as a normal port in order to use it in a context.
  From cisco website:
  "You cannot use this dedicated FT VLAN Ethernet port for normal network traffic; it must be dedicated for redundancy only.
  When you specify an Ethernet port or a port-channel interface as a dedicated FT VLAN, you have the option to either configure the dedicated VLAN as the only VLAN associated with the Ethernet port or port-channel interface, or to allocate it as part of a VLAN trunk link (see "(config-if) switchport trunk allowed vlan"). Note that the ACE automatically includes the FT VLAN in the VLAN trunk link. If you choose to configure VLAN trunking, it is not necessary for you to assign the FT VLAN in the trunk link along with the other VLANs."
  First it says, you cannot use this port for other traffic, and then it says this port can be a trunk port. If the port is trunk, then obviously you pass other vlans too. Right? or not? So can the port that has the ft-vlan be used in a context with other vlans?
  thanks,
  george

  Then simply do not use the 'ft-port' command.
  This command "auto" configure the interface to be switchtrunk with one vlan  allowed.
  If you reconfigure the interface with your own switchport command, all you risk is some kind of collision or a future software version which will deny this kind of configuration.
  Here is what I use to have vlan 500 part of a normal trunk interface.
  But be aware, that if your interface is overloaded, FT traffic could get dropped and therefore you will end up with 2 active units causing major traffic disuption.
  This is why we recommend to run FT on its own interface with no other traffic.
  Generating configuration....
  interface gigabitEthernet 1/1
    switchport access vlan 1000
    shutdown
  interface gigabitEthernet 1/2
    shutdown
  interface gigabitEthernet 1/3
    switchport trunk native vlan 20
    switchport trunk allowed vlan 10-500
    no shutdown
  interface gigabitEthernet 1/4
    shutdown
  ft interface vlan 500
    ip address 192.168.77.2 255.255.255.0
    peer ip address 192.168.77.1 255.255.255.0
    no shutdown
  Gilles.

• Nexus 3548 ACL Logging

  "show ip access-list", IOS displays matches against each statement within the ACL and you can see counters incrementing or not, useful in troubleshooting. Nexus 3548 does not display any counters with the same command!
  I must be missing something because I cannot find a logging command that will simply add hits with command "show IP access-list <name>" (Nexus 3548)
  Is there an alternative?

  After reading Cisco ACL docs I managed to configure and get ACL logging working fine on my lab 3548:
  test# sh log ip access-list cache
  Source IP        Destination IP     S-Port  D-Port    Interface   Protocol          Hits
  10.170.x.x    10.x.x.x        0       0         mgmt0      (6)TCP            98
  Software
    BIOS:      version 1.9.0
    loader:    version N/A
    kickstart: version 6.0(2)A4(3)
    system:    version 6.0(2)A4(3)
    Power Sequencer Firmware:
               Module 1: version v2.1
    BIOS compile time:       10/13/2012
    kickstart image file is: bootflash:///n3500-uk9-kickstart.6.0.2.A4.3.bin
    kickstart compile time:  11/21/2014 9:00:00 [11/21/2014 19:29:20]
    system image file is:    bootflash:///n3500-uk9.6.0.2.A4.3.bin
    system compile time:     11/21/2014 9:00:00 [11/21/2014 21:09:06]
  Hardware
    cisco Nexus 3548 Chassis ("48x10GE Supervisor")
    Intel(R) Pentium(R) CPU  @ 1.50GHz
   with 3805876 kB of memory.
  However in my other live Nexus 3548 "show log ip access-list cache" is not available from the command line with the following software version:
  -n35# show log ip access-list cache
                             ^
  % Invalid command at '^' marker.
  Software
    BIOS:      version 1.9.0
    loader:    version N/A
    kickstart: version 6.0(2)A1(1b)
    system:    version 6.0(2)A1(1b)
    Power Sequencer Firmware:
               Module 1: version v2.1
    BIOS compile time:       10/13/2012
    kickstart image file is: bootflash:///n3500-uk9-kickstart.6.0.2.A1.1b.bin
    kickstart compile time:  9/5/2013 14:00:00 [09/05/2013 23:37:16]
    system image file is:    bootflash:///n3500-uk9.6.0.2.A1.1b.bin
    system compile time:     9/5/2013 14:00:00 [09/06/2013 03:25:01]
  Hardware
    cisco Nexus 3548 Chassis ("48x10GE Supervisor")
  I've researched the command line reference and found nothing to suggest version 6.0(2)A1(1b) this OAL feature is not supported......anyways  the live 3548 I can see statistics per-entry command under each ACL (these ACL's are not bound to any VLAN interfaces). show ip access-list shows no hits against any of the ACL's
  My 1st question why is the OAL ACL cache is not supported on my live version?
  2nd q - Why there are no hits when the statistics per-entry command is configured under each ACL when I know there are thousands of hits per minute?
  NB: The ip access-group in statements are applied to the Interface port number NOT interface VLAN
  example
  interface Ethernet1/6
    description ** hello **
    ip access-group test in
    switchport access vlan 885
    speed 1000
    no negotiate auto