Nexus 3548 : vlan is not allowed on peer-link
Hi, I had posted earlier but I think I have almost figured out the issue.. just not how to resolve it.
I have two nexus switches connected together with PO5.
Each nexus has a PO6 to connect to a single Cat3750
VLAN 46 on one of the switches is showing
%ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 46 on Interface port-channel6 are being suspended. (Reason: Vlan is not allowed on Peer-link)
Oddly the other switch seems to ok with VLAN 46.
I also see this
show vpc consistency-parameters vpc 6
... Local Remote.
Allowed VLANs - 1,31,34,46,200,600-605 1,31,34,46,200,600-605
Local suspended VLANs - 46 -
I just dont get it. Both switches are almost identical in their running configs.
Any thoughts?
well the funny thing about the nexus configs is that I compared them in notepad ++ and they are the same.
vrf context management
ip route 0.0.0.0/0 10.31.0.9
vlan 1
vlan 31
name VLAN0031-VOIP
vlan 34
name vlan_nutanix
vlan 46
name VLAN0046-MITEL
vlan 200
name VLAN0200-ExchDAG
vlan 600
name VLAN0600-VMOTION
vlan 601
name VLAN0601-DMZ1
vlan 602
name VLAN0602-DMZ2
vlan 603
name VLAN0603-DMZ3
vlan 604
name VLAN0604-DMZ4
vlan 605
name VLAN0605-PNET
vpc domain 1
role priority 110
peer-keepalive destination 10.31.61.11 source 10.31.61.12
auto-recovery
interface port-channel5
switchport mode trunk
spanning-tree port type network
speed 10000
vpc peer-link
interface port-channel6
switchport mode trunk
spanning-tree port type normal
speed 1000
vpc 6
interface port-channel11
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
speed 10000
vpc 11
interface port-channel12
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
speed 10000
vpc 12
interface port-channel13
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
speed 10000
vpc 13
interface port-channel14
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
speed 10000
vpc 14
interface port-channel15
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
speed 10000
vpc 15
interface Ethernet1/1
switchport mode trunk
speed 1000
channel-group 6 mode active
interface Ethernet1/2
switchport mode trunk
speed 1000
channel-group 6 mode active
interface Ethernet1/3
description Nutanix
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
channel-group 11
interface Ethernet1/4
description Nutanix
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge
channel-group 12
interface Ethernet1/5
description Nutanix
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge
channel-group 13
interface Ethernet1/6
description Nutanix
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge
channel-group 14
interface Ethernet1/7
description Nutanix
switchport mode trunk
switchport trunk allowed vlan 1,31,34,46,200,600-605
spanning-tree port type edge trunk
channel-group 15
interface Ethernet1/47
switchport mode trunk
channel-group 5 mode active
interface Ethernet1/48
switchport mode trunk
channel-group 5 mode active
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
3750 confing
interface Port-channel6
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet1/0/33
description ch nexus1-1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 6 mode active
interface GigabitEthernet1/0/34
description ch nexus1-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 6 mode active
interface GigabitEthernet1/0/35
description ch nexus2-1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 6 mode active
interface GigabitEthernet1/0/36
description ch nexus2-2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 6 mode active
interface Vlan46
ip address 172.17.16.1 255.255.255.0
Similar Messages
-
I just added 2 vlans Port-channel10 on two of my Nexus 5000's that go from the to a 6509 Catalyst switch. I get this error when I do a show log:(VLANs 133-134 on Interface port-channel10 are being suspended. (Reason: Vlan is not allowed on Peer-link) When I do a sh int trunk I see Po10 (int Eth1/3) that Vlans Err-disabled on Trunk. Another odd thing when I do an spanning tree summary neith 133 or 134 is added in to the summary? Why would spanning-tree be ignoring these two new vlans?
They are configured as so:
interface port-channel10
description "vpc 10 eth1/3 to 6506 po10 ten5/4"
switch port mode trunk
switchport trunk native vlan 999
switchport trunk allowed vlan 130.,133-134,139,145,155,160-175,239,242,254,999
vpc10
What can I do to get 133 and 134 vlans to stop erroring on Port-channel 10 on both Nexus 5000's?Firstly I should say I have not used Nexus switches so the following advice should be treated with caution.
Have you added the same vlans to the allowed vlans on your vPC peer link. That is what the error message seems to be telling you ie. they are not currently allowed.
They need to be allowed otherwise the vlans are suspended which is what is happening.
As I say I haven't used these switches so I can't say for sure if there is any downtime/disruption when you modify the allowed list but I think that is your problem from what I can see.
Jon -
Starting iTunes 11 with the option key does not allow me to link my ipad with Remote
I am using my Macbook Pro as a pure music server with a 2TB external USB 3 HD where all my music resides in a single folder. Yet when I start iTunes by holding the option key (to allow iTunes to see the 2TB folder and not import all my music), the Devices tab is grayed out and hence my iPad3 is not recognised. As a result, I cannot use Apple's Remote App.
The same hardware, does allow my to import a small named Library when the iPad is recognised.
What gives? Any suggestions would help me to keep my hair!Try a Skype reset:
http://community.skype.com/t5/Security-Privacy-Trust-and/Skype-name-and-Skype-MS-accounts/m-p/293557...
You may also want to test it out in Safe Mode with Networking to see if anything changes. Since Skype uses IE in the background make sure you Internet Explorer is able to browse web pages without restriction or that it isn't in some type of forced offline mode. -
Ichat not allowing to send links
Lately I've been running into an issue with iChat where it won't allow me to send a link.
It immediately tells me there's an error...any ideas?Where are you typing the link ?
Profile ?
Text Chat ?
Can you give and example ?
8:50 PM Sunday; January 6, 2008 -
Copy not allowed..only link. Bug?
I am following the Java Studio Creator Field Guide book, and in it, you are told to select the Copy radio button (as opposed to Link) when setting a URL for an image. Well, on my setup, copy is greyed out (disabled).
Is this a bug, or is there something that needs to be done to enable it?Hi,
If you select tab URL, you are prevented from selecting radio button Copy.
Selecting radio button Link works fine.
(The behavior changed since the book was published).
You can also copy an image file into your project's Resources directory by selecting tab File.
This discrepancy is documented in
http://www.asgteach.com/books/creator_field_guide.htm
(Beyond the Book)
Regards,
Gail A. -
Duplicate address across VPC peer-link on Nexus 7010
Just set up a VPC peer-link between two 7010 switches. The peer-link is a port-channel of two 10Gb connections. On both sides I'm seeing this in the log:
2010 Jan 5 04:27:34 CRMCN7K-1 %ARP-2-DUP_SRC_IP: arp [3069] Source address of packet received from 0024.f716.b341 on Vlan401(port-channel10) is duplicate of local, 10.180.0.17
and on the other
2010 Jan 5 04:23:39 CRMCN7K-2 %ARP-2-DUP_SRC_IP: arp [3052] Source address of packet received from 0024.f71f.a7c1 on Vlan401(port-channel10) is duplicate of local, 10.180.0.18
VLAN 401 is the only VLAN on them right now with a Layer 3 address. What am I missing? Everything looks correct. Port-Channel10 is up and running fine..or so it seems.Hey Nashwj,
What version of NX-OS are you running?
Are the 7K in a stand alone environment (lab or similar) or connected to other production network devices?
Are both of the VLANs carried across the vPC peer link port-channel?
Are both of the VLANs carried across any vPC port-channel?
Do you have HSRP setup on the VLAN 401 interfaces on each of the 7Ks? If so, what are the real and vip IP addresses?
If you can either provide answers to the above or configuration snapshots of the vPC and SVI interfaces for your VLANs on each of the 7Ks a solution should be reachable. -
Vpc peer-link forwarding behavior
Hey,
In this cisco doc (http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572835-00_NX-OS_vPC_DG.pdf ) I come across this statement:
One of the most important forwarding rules of vPC is the fact that a frame that entered the vPC peer switch from the peer link cannot exit the switch out of a vPC member port (except if this is coming from an orphaned port).
This makes perfect sense up to the "except if this is coming from an orphaned port". I can't seem to figure out why traffic sourced from an orphaned port (ie, "from" an orphaned port) and ulimately destined to a vPC member port is allowed -- since it should be sent out the local vPC member port and not across the peer link.
Would make more sense to me if it said "destined to an orphaned port", so of course it would have to cross the peer-link.
Can anyone shed some light on this exception to the rule?
Thanks!Thanks Chad!
Kept racking my brain on that one, and the only time it would make any sense (ie, I was trying to fit a square peg in a round hole), is if you have IGP peering to each 7K from an orphan port (ex, FW), the IGP ECMP hashes a packet to the far-end 7K, and then the traffic sent to the directly attached 7K must be sent across the vpc-peerlink -- and in theory shouldn't be dropped. This is, of course, until you add peer-gateway command, which confuses matters a bit -- especially from an IGP control-plane perspective, but also in this loop-prevention rule, since the local 7K will handle the packets destined to the other's 7K MAC.
To complicate matters worse, the latest 5K release notes say to exclude-vlan for peer-gateway for your backup router vlan... still have to dive into that one. -
Is SPAN port not allowed in Nexus FEX Port ?
Hi
Customer want me to defined a SPAN port on N2K, it is a fex port. when I configure I got the following statement from the switch.
Is there any way to solve the problem?
n5k-N2K(config-monitor)# destination ?
interface Configure interfaces
n5k-N2K(config-monitor)# destination interface eth102/1/18
ERROR: Eth102/1/18: Configuration not allowed on fex interface
N5K VERSION
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
BIOS: version 1.2.0
loader: version N/A
kickstart: version 4.0(1a)N2(1)
system: version 4.0(1a)N2(1)
BIOS compile time: 06/19/08
kickstart image file is: bootflash:/n5000-uk9-kickstart.4.0.1a.N2.1.bin
kickstart compile time: 2/25/2009 0:00:00 [02/25/2009 08:29:12]
system image file is: bootflash:/n5000-uk9.4.0.1a.N2.1.bin
system compile time: 2/25/2009 0:00:00 [02/25/2009 08:56:57]Hi,
A FEX port cannot be configured as a SPAN destination. Only a switch port can be configured and used as a SPAN destination.
See link below for more info:
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_1_3_N2_1/Nexus5000_Release_Notes_5_1_3_N2.html
HTH -
Dear Experts,
Please refer to attached file and share your feedback if my understanding is correct or need some correction.
Best Regards!
Ashish JAINAshish
Your understanding is correct.
If you added a PC in vlan 3 to switch 3 your link between switches would need to be a trunk link and allowing both vlans.
Jon -
Question about Nexus 3548 vPC setup
Hi.
We have just installed our two first Nexus 3548 switches in our Catalyst environment. We want to set up a vPC domain between the Nexuses, to use for connections to storage and other equipment.
I have read the guide at http://www.cisco.com/c/en/us/products/collateral/switches/nexus-3000-series-switches/white_paper_c11-685753.html and tried setting it up. I created a vPC domain on both switches like this:
nexus1:
vpc domain 1
role priority 2000
system-priority 4000
peer-keepalive destination 192.168.105.40 source 192.168.105.39 vrf default
nexus2:
vpc domain 1
system-priority 4000
peer-keepalive destination 192.168.105.39 source 192.168.105.40 vrf default
The switches are connected with a port-channel consisting of 2x 10GE. The IP addresses above are the ones we use for managing the switches. When I configure the port-channel as "vpc peer-link", the vpc status looks OK:
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
id Port Status Active vlans
1 Po2 up 1,6,100,102,106
The problem I have is that I lose connection to nexus2 when I bring up the vPC. I can no longer access it on its IP (192.168.105.40). I cannot ping it from nexus1 either. The Nexus switches are connected to our core switches, which are Catalyst 6509. nexus1 is connected to coreswitch1 using a portchannel of 2xGE and nexus2 is connected to coreswitch2 the same way. A spanning-tree cost has been set on the uplink from nexus2, to make spanning tree block that uplink, and allow traffic between the nexuses to go over the 2x 10GE portchannel instead of over the core switches. I have attached a drawing of this.
Maybe I shouldn't use the management IP:s for peer keepalive? Does the peer keepalive need to be on a different physical link than the peer-link?
Regards,
JohanWe are not using the management ports for management, but an ordinary Vlan Interface in the default vrf, as seen below. We can of course change that and instead use the mgmt0 port if that is the best approach.
vrf context management
vlan configuration 1,100
vlan 1
vlan 100
name DMMgmtPriv
vpc domain 1
role priority 2000
system-priority 4000
peer-keepalive destination 192.168.105.40 source 192.168.105.39 vrf default
interface Vlan1
interface Vlan100
no shutdown
no ip redirects
ip address 192.168.105.39/23 -
Help with multiple nat translation on a Cisco Nexus 3548
Hi All,
I need a little help with a NAT configuration on a cisco Nexus 3548 version 6.0(2)A4(3).
What currently have is as follows:
internal network: 192.168.4.0/24
nexus router (routerA):
LAN Side: vlan104 interface 192.168.4.201/24
WAN Side: Eth1/48 interface 172.24.101.2/24
remote network: 159.43.48.32/27
remote gateway: 172.24.101.1/24
use ACL's to ensure that only specific traffic is allowed out and in.
allow a specific connection from a different internal network (192.168.3.0/24) to talk to port 159.43.48.34:1025
Clients on the internal network 192.168.4.0, need to be able to connect to services (port 14002, port 8101) running on 159.43.48.34, but they must be SNAT'ed through the WAN interface as coming from 159.43.65.81
Currently we have this working but the internal lan clients need to know how to get to 159.43.48.34/27 and therefore we need to route this network in our internal network.
What we really want is to do is provide an address such as 192.168.4.203 for internal clients to use for connectivity to the various services, and then this address would be SNAT'ed to 159.43.65.81 over the WAN. We still want to secure the traffic in both directions.
In the past i've been able to do this with inside and outside nat's and i haven't had to configure an interface on the router for the internal address, it has just been "stood up" by the nat rules. For example (this is how i've done it before):
LAN interface
ip nat outside
WAN interface
ip nat inside
ip nat inside source static159.43.65.81 192.168.4.203
ip nat outside source static 159.43.65.81 192.168.4.203
but, trying to implement this sort of config on the Nexus isn't working.
I am wondering if the Nexus behaves differently than ios based routers.
I'd appreciate any help to get this config working.
Thanks in advance,
LesLes
The issue with an "ip nat outside ..." static is that from the inside routing is done before NAT.
So what happens is that the destination IP is 192.168.4.203 and the Nexus will do a route lookup, see it is directly connected so it won't forward the packet to the outside interface so it doesn't get translated.
If you enter "ip nat outside source static 159.43.48.34 192.168.4.203" then on IOS it adds a host specific route to the routing table for 192.168.4.203 as directly connected.
So you do a ping from a 192.168.3.x client it looks like it is working but actually the L3 device is simply responding and the packet never gets to the server.
Apologies for the long winded explanation but NXOS might behave differently and I wanted you to know what to look for.
So with IOS there is the "add-route" option at the end of the NAT statement and if you use this it would add a host specific route into the routing table like this -
192.168.4.203 255.255.255.255 159.43.48.34
this is a recursive route ie. the device must know how to get to 159.43.48.34 but your Nexus should.
What the above does is make sure any packets arriving at the Nexus for 192.168.4.203 get routed to the outside interface and so are translated.
So firstly see if that option is available with your NAT statement ie.
"ip nat outside source static 159.43.48.34 192.168.4.203 add-route"
if it isn't then try adding just the static statement without it and then have a look at the routing table. If it hasn't put in a host specific route showing as directly connected which it may not, as it may behave differently, then you can manually add a route ie.
192.168.4.203 255.255.255.255 <next hop IP>
note that the next hop IP doesn't have to be the server here it could just be the next hop from the Nexus switch. All you are trying to do is get the packet routed to the outside interface.
Hope that makes sense.
Edit - one thing I haven't tried is to use a different IP subnet for NAT ie. one that is still part of your internal range but unused and then having a route on the Nexus, in your case, pointing to the outside interface and you redistribute this subnet into your IGP. Then you add the NAT statement.
What may happen is it still adds a host specific route showing as directly connected but it may not because the Nexus wouldn't actually have a directly connected interface for that subnet.
I suspect it would though.
If it did work then it would still mean you didn't need to advertise the public IP internally.
If I get the chance I'll test it later today.
Jon -
NEXUS 3548 with 24 Port License
Ive a 3548 box with 24port Lic,My concern is about the functionality of the remaining 24 Ports.Will there be a problem with the rest of the 24 ports while in production.
NX3548# sh inventory
NAME: "Chassis", DESCR: "Nexus 3548 Chassis"
PID: N3K-C3548P-10G , VID: V02 , SN: XXXXXXXXXX
NAME: "Module 1", DESCR: "48x10GE Supervisor"
PID: N3K-C3548P-10G , VID: V02 , SN: XXXXXXXXXX
NX3548# SH LICense usage
Feature Ins Lic Status Expiry Date Comments
Count
24P_LIC_PKG Yes - Unused Never -
24P_UPG_PKG No - Unused -
LAN_BASE_SERVICES_PKG Yes - Unused Never -
ALGO_BOOST_SERVICES_PKG No - Unused -
LAN1K9_ENT_SERVICES_PKG No - Unused -
LAN_ENTERPRISE_SERVICES_PKG No - Unused -Hello Dhanesh,
thanks for your reply.
We have 2 3548 licensed exactly as your Nexus.
After a reboot of the two Nexus the first 4 ports (of the two) had problems (no input packets, only ouput packets, so unusable). There was connected devices with GLC-T, so they worked at 1 G, not 10G.
We opened a TAC Case about this and, after remote session and many analysis, the engineer decided to replace the two devices.
Despite this I have still some doubt.
I found the discussion below and I post some logs of one of the Nexus, we use the 10 G not in a contiguous way.
Thanks and regards
https://supportforums.cisco.com/discussion/12073821/nexus-3548-24-port-license-what-ports-use
371) Event:E_DEBUG, length:55, at 552701 usecs after Sat Mar 14 20:02:11 2015
[825307441] Couldn't send grace period data: No route to host
372) Event:E_DEBUG, length:58, at 255834 usecs after Sat Mar 14 19:02:57 2015
[825307441] Couldn't fetch grace enabled status: no such pss key
373) Event:E_DEBUG, length:55, at 819209 usecs after Sat Mar 14 19:02:18 2015
[825307441] Couldn't send grace period data: No route to host
374) Event:E_DEBUG, length:44, at 818664 usecs after Sat Mar 14 19:02:18 2015
[825307441] Failed to get VDC map: no such pss key
375) Event:E_DEBUG, length:44, at 818270 usecs after Sat Mar 14 19:02:18 2015
[825307441] Transient read error in glob_refresh()
376) Event:E_DEBUG, length:60, at 813122 usecs after Sat Mar 14 19:02:18 2015
[825307441] Expiry date for feature LAN_BASE_SERVICES_PKG: 3650000
377) Event:E_DEBUG, length:50, at 773120 usecs after Sat Mar 14 19:02:18 2015
[825307441] Expiry date for feature 24P_LIC_PKG: 3650000
378) Event:E_DEBUG, length:30, at 716563 usecs after Sat Mar 14 19:02:08 2015
[825307441] checking confcheck config
N3K-DC-1# sh int status
Port Name Status Vlan Duplex Speed Type
Eth1/1 *** FREE *** sfpAbsent 1 full 1000 --
Eth1/2 *** FREE *** sfpAbsent 1 full 1000 --
Eth1/3 *** FREE *** sfpAbsent 1 full 1000 --
Eth1/4 *** FREE *** sfpAbsent 1 full 1000 --
Eth1/5 UCS_UPLINK_FABRIC_ connected trunk full 10G SFP-H10GB-CU5M
Eth1/6 UCS_UPLINK_FABRIC_ connected trunk full 10G SFP-H10GB-CU5M
Eth1/7 -- sfpAbsent 1 full 10G --
Eth1/8 -- sfpAbsent 1 full 10G --
Eth1/9 -- sfpAbsent 1 full 10G --
Eth1/10 -- sfpAbsent 1 full 10G --
Eth1/11 -- connected trunk full 1000 1000base-T
Eth1/12 -- connected trunk full 1000 1000base-T
Eth1/13 -- sfpAbsent 1 full 10G --
Eth1/14 -- sfpAbsent 1 full 10G --
Eth1/15 -- sfpAbsent 1 full 10G --
Eth1/16 -- sfpAbsent 1 full 10G --
Eth1/17 -- sfpAbsent 1 full 10G --
Eth1/18 -- sfpAbsent 1 full 10G --
Eth1/19 -- sfpAbsent 1 full 10G --
Eth1/20 -- sfpAbsent 1 full 10G --
Eth1/21 -- sfpAbsent 1 full 10G --
Eth1/22 -- sfpAbsent 1 full 10G --
Eth1/23 -- sfpAbsent 1 full 10G --
Eth1/24 -- sfpAbsent 1 full 10G --
Eth1/25 -- sfpAbsent 1 full 10G --
Eth1/26 -- sfpAbsent 1 full 10G --
Eth1/27 -- sfpAbsent 1 full 10G --
Eth1/28 -- sfpAbsent 1 full 10G --
Eth1/29 -- sfpAbsent 1 full 10G --
Eth1/30 -- sfpAbsent 1 full 10G --
Eth1/31 *** FREE *** notconnec 1 full 1000 1000base-T
Eth1/32 -- sfpInvali 1 full 10G 1000base-T
Eth1/33 -- sfpAbsent 1 full 10G --
Eth1/34 -- sfpAbsent 1 full 10G --
Eth1/35 -- sfpAbsent 1 full 10G --
Eth1/36 -- sfpAbsent 1 full 10G --
Eth1/37 -- sfpAbsent 1 full 10G --
Eth1/38 -- sfpAbsent 1 full 10G --
Eth1/39 -- sfpAbsent 1 full 10G --
Eth1/40 -- sfpAbsent 1 full 10G --
Eth1/41 -- sfpAbsent 1 full 10G --
Eth1/42 -- sfpAbsent 1 full 10G --
Eth1/43 -- notconnec 1 full 10G 10Gbase-SR
Eth1/44 -- notconnec 1 full 10G 10Gbase-SR
Eth1/45 C3850-CORE [Port-C connected trunk full 10G 10Gbase-SR
Eth1/46 C3850-CORE [Port-C connected trunk full 10G 10Gbase-SR
Eth1/47 vPC PeerLink [Port connected trunk full 10G SFP-H10GB-CU3M
Eth1/48 vPC PeerLink [Port connected trunk full 10G SFP-H10GB-CU3M
Po2 C3850-CORE connected trunk full 10G --
Po3 3750-DC connected trunk full a-1000 --
Po4 UCS_UPLINK_FABRIC_ connected trunk full 10G --
Po10 vPC PeerLink connected trunk full 10G --
mgmt0 -- connected routed full a-1000 -- -
Thoughs on interconnecting Nexus 3548 and 3750 switches
Hi,
I have two nexus 3548 switches.
I have created port-group 1 on both switches to group eth1/47 with eth1/48.
I have 4 sfps, 2 per switch. to connect to a single 3750 that I want to group together as well.
So I have gi1/0/31 going to eth1/1 on nexus1 and gi1/0/32 going to eth1/2 on nexus1
I have gi1/0/33 goin to eth1/1 on nexus2 and gi1/0/32 goin to eth1/2 on nexus2
When I create the port group on the 3750 do I create one group with all 4 ports or will I have to create 2, one per nexus switch?
ThanksThanks for the replies. I finally got to test the hardware and config yesterday.
Just so I am clear. the vpc and peer to peer links are only for interconnecting the two Nexus switches. I think I got that right. sho VPC br seems to say it is up. I am using Po5
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
id Port Status Active vlans
1 Po5 up 1
Next do I create a port channel on Nex1 and Nex2 for the two ports that connect to the 3750 (Po6 for example) or do I add the two links to the 3750s to Po5 ? I thought I add them to Po 5 but since I am mixing 1000 and 10G ports it doesnt seem to like it. -
ACE: Can the ft-vlan port be used for other vlans or not?
Hi People,
I am a bit confused reading cisco's documentation. I am now using the ft-vlan in a dedicated port (no other vlans), but I would like to use it as a normal port in order to use it in a context.
From cisco website:
"You cannot use this dedicated FT VLAN Ethernet port for normal network traffic; it must be dedicated for redundancy only.
When you specify an Ethernet port or a port-channel interface as a dedicated FT VLAN, you have the option to either configure the dedicated VLAN as the only VLAN associated with the Ethernet port or port-channel interface, or to allocate it as part of a VLAN trunk link (see "(config-if) switchport trunk allowed vlan"). Note that the ACE automatically includes the FT VLAN in the VLAN trunk link. If you choose to configure VLAN trunking, it is not necessary for you to assign the FT VLAN in the trunk link along with the other VLANs."
First it says, you cannot use this port for other traffic, and then it says this port can be a trunk port. If the port is trunk, then obviously you pass other vlans too. Right? or not? So can the port that has the ft-vlan be used in a context with other vlans?
thanks,
georgeThen simply do not use the 'ft-port' command.
This command "auto" configure the interface to be switchtrunk with one vlan allowed.
If you reconfigure the interface with your own switchport command, all you risk is some kind of collision or a future software version which will deny this kind of configuration.
Here is what I use to have vlan 500 part of a normal trunk interface.
But be aware, that if your interface is overloaded, FT traffic could get dropped and therefore you will end up with 2 active units causing major traffic disuption.
This is why we recommend to run FT on its own interface with no other traffic.
Generating configuration....
interface gigabitEthernet 1/1
switchport access vlan 1000
shutdown
interface gigabitEthernet 1/2
shutdown
interface gigabitEthernet 1/3
switchport trunk native vlan 20
switchport trunk allowed vlan 10-500
no shutdown
interface gigabitEthernet 1/4
shutdown
ft interface vlan 500
ip address 192.168.77.2 255.255.255.0
peer ip address 192.168.77.1 255.255.255.0
no shutdown
Gilles. -
"show ip access-list", IOS displays matches against each statement within the ACL and you can see counters incrementing or not, useful in troubleshooting. Nexus 3548 does not display any counters with the same command!
I must be missing something because I cannot find a logging command that will simply add hits with command "show IP access-list <name>" (Nexus 3548)
Is there an alternative?After reading Cisco ACL docs I managed to configure and get ACL logging working fine on my lab 3548:
test# sh log ip access-list cache
Source IP Destination IP S-Port D-Port Interface Protocol Hits
10.170.x.x 10.x.x.x 0 0 mgmt0 (6)TCP 98
Software
BIOS: version 1.9.0
loader: version N/A
kickstart: version 6.0(2)A4(3)
system: version 6.0(2)A4(3)
Power Sequencer Firmware:
Module 1: version v2.1
BIOS compile time: 10/13/2012
kickstart image file is: bootflash:///n3500-uk9-kickstart.6.0.2.A4.3.bin
kickstart compile time: 11/21/2014 9:00:00 [11/21/2014 19:29:20]
system image file is: bootflash:///n3500-uk9.6.0.2.A4.3.bin
system compile time: 11/21/2014 9:00:00 [11/21/2014 21:09:06]
Hardware
cisco Nexus 3548 Chassis ("48x10GE Supervisor")
Intel(R) Pentium(R) CPU @ 1.50GHz
with 3805876 kB of memory.
However in my other live Nexus 3548 "show log ip access-list cache" is not available from the command line with the following software version:
-n35# show log ip access-list cache
^
% Invalid command at '^' marker.
Software
BIOS: version 1.9.0
loader: version N/A
kickstart: version 6.0(2)A1(1b)
system: version 6.0(2)A1(1b)
Power Sequencer Firmware:
Module 1: version v2.1
BIOS compile time: 10/13/2012
kickstart image file is: bootflash:///n3500-uk9-kickstart.6.0.2.A1.1b.bin
kickstart compile time: 9/5/2013 14:00:00 [09/05/2013 23:37:16]
system image file is: bootflash:///n3500-uk9.6.0.2.A1.1b.bin
system compile time: 9/5/2013 14:00:00 [09/06/2013 03:25:01]
Hardware
cisco Nexus 3548 Chassis ("48x10GE Supervisor")
I've researched the command line reference and found nothing to suggest version 6.0(2)A1(1b) this OAL feature is not supported......anyways the live 3548 I can see statistics per-entry command under each ACL (these ACL's are not bound to any VLAN interfaces). show ip access-list shows no hits against any of the ACL's
My 1st question why is the OAL ACL cache is not supported on my live version?
2nd q - Why there are no hits when the statistics per-entry command is configured under each ACL when I know there are thousands of hits per minute?
NB: The ip access-group in statements are applied to the Interface port number NOT interface VLAN
example
interface Ethernet1/6
description ** hello **
ip access-group test in
switchport access vlan 885
speed 1000
no negotiate auto
Maybe you are looking for
-
Printing to pdf is stalled at the status bar stage under acrobat 9.5.4
I have this issue about printing to pdf. No matter what program (Word, Notepad...) I use to print to pdf by selecting the Adobe PDF option under the choices of "Print" window, this is what would happen: 1) New windown pops up OK for me to name the pd
-
Camera Raw only offers to open 16-bit raw files in 8-bit mode
I am using a windows CS6 Bridge => Camera Raw (8.2) => CS6 Photoshop (13.0.1 x64) to try to open various 16-bit raw files (.dng, .nef, .arw) which Bridge sees as 16-bit, but only an 8-bit version makes it into photoshop. How do I convince Camera Raw
-
I have a pc, and i accidentally deleted the address bar in my safari browser and no longer have any view options to get it back. I uninstalled and reinstalled safari twice, but the address bar still isn't there and neither are the view options. If th
-
Create keyboard shortcuts for different mailboxes?
How can I create keyboard shortcuts to "Get Mail" from individual email accounts? (ie NOT all accounts at once). I'm sure I did it in the Panther version of Mail – by using the Keyboards Sys Pref – but I can't seem to get it to work this time... Than
-
TS3694 why is there an error 9006 and how can i fix it?? please answer for ipad mini
why is there an error 9006 and how can i fix it?? please answer and btw its an ipad mini