Nexus 5000 switch-profile sync via SVI?

Similar Messages

• The meaning of Interface Ethernet250/1 under the Nexus 2000 is connected to Nexus 5000 switch

  Dear all,
     Recently, I prepared and deploy a network monitoring system to monitor the new generation Nexus connected network.  With using snmpwalk to query the interfacs information from the Nexus 5000 switch (one Nexus 2000 is connected to it via FlexLink), I found that other than normal Nexus 5000 and 2000 ports(ifName to be Ethernet1/1, Ethernet1/2, ... Ethernet190/1/1, Ethernet190/1/2...), a series of interface with ifName Ethernet250/1, Ethernet250/2, .... to be appeared in the interface SNMP tree.   With logged into the Nexus 5000 and issue display interface command, I can only found the information on the normal interfaces but not the abnormal interface Ethernet250/1, ...
     Would someone know what is it (do E250/1 is a logical interface like port channel or VLAN) and how to monitor it ?  Thanks in advances.
  HC Wong

  I've not seen that myself. Could it perhaps be a VPC (Virtual Portchannel)?

• Nexus 5596 switch-profile synchronization problem

  hi
  I can't synchronize switch-profile
  System version: 5.1(3)N1(1)
  Sync-status: Not yet merged
  Merge Flags: pending_merge:0 rcv_merge:1 pending_validate:1
  Status: Verify Failure
  Error(s):
  Following commands failed parsing: If the error is 'Command Parsing Failed', please check if some conditional feature(s) needs to be enabled
  switchport mode trunk (Command Parsing Failed)
  how to find the source of the problem ?

  Hello Pawel
  Can you attach following from both Nexus 5596 switches in question
  term length 0
  show version
  show run
  show tech-support port-profile

• Nexus 5020 Switch Profile Error

  Hi There,
  I have 2 x 5020s peered together with a switch profile. Somehow the switch-profile configurations have gone out of sync.
  1st 5020
  switch-profile  : xxxx
  Start-time: 889959 usecs after Tue Aug  9 12:25:47 2011
  End-time: 453948 usecs after Tue Aug  9 12:26:36 2011
  Profile-Revision: 188
  Session-type: Commit
  Session-subtype: -
  Peer-triggered: Yes
  Profile-status: Commit Failed
  Local information:
  Status: Commit Failure
  Error(s):
  Failed command(s):
  h
  Peer information:
  IP-address: 10.87.249.12
  Sync-status: In Sync.
  Status: Commit Failure
  Error(s): Commit failed on peer.
  2nd 5020
  switch-profile  : xxxx
  Start-time: 831600 usecs after Tue Aug  9 12:25:47 2011
  End-time: 326942 usecs after Tue Aug  9 12:26:36 2011
  Profile-Revision: 186
  Session-type: Commit
  Session-subtype: -
  Peer-triggered: No
  Profile-status: Commit Failed
  Local information:
  Status: Commit Success
  Error(s):
  Peer information:
  IP-address: 10.87.249.11
  Sync-status: In Sync.
  Status: Commit Failure
  Error(s):
  Failed command(s):
  h
  I am now unable to make changes to the switch-profile config. I know exactly where the difference is in the config. It is the description on one of the Ethernet interfaces
  interface Ethernet173/1/44
    description *** Server D4 ILO 10.87.103.51 ***
    switchport access vlan 31
    spanning-tree port type edge
  interface Ethernet173/1/44
    description *** Server D4 ILO 10.87.103.62 ***
    switchport access vlan 31
    spanning-tree port type edge
  How can I recover from this and sync up both the profiles to the same revision?

  Hi,
  Manually fix the description on one side so that both side look equally. (just conf term not conf sync)
  Then it shoul sync again. But try to sync from both switches - I've the situation that it config sync succseeds from one side but not from the other.

• Nexus 5000 switches - what is a universal port?

  Please forgive the noob question, but I would really appreciate any advice on a network I'm trying to put together. I need the switches for a network with both FC and 10Gb-E (around 30 and 15 of each respectively - to start) and was thought the 5000 series looked like it was just what we needed.
  I'm trying to understand what the Universal Ports are. The documentation says they can support ethernet or FC, but what kind of connector do they use? Looking at the images they seem to be fibre connectors, but can they take an RJ45 plug for ethernet as well?

  See https://supportforums.cisco.com/discussion/11912046/configure-nexus-5548-native-fc
  Cisco Nexus 5548UP and Nexus 5596UP are Unified Fabric switches that have 32 and 48 Fixed SFP+ ports, respectively. This fixed or built-in ports are unified ports which means that each of the ports can be used for conventional Ethernet, FCoE or FC. Out of the box, all of the 32 or 48 ports are "Ethernet" port type. As the name implies, with this port type, the port are ready for us to be used as conventional Ethernet port or for FCoE. Remember that FCoE is basically transporting FC traffic over Ethernet, so we need "Ethernet" port type for FCoE.
  First you configure e.g. a port as FC; then of course you have to insert the proper SPF; same is true for Ethernet: 1 or 10G SFP.

• UCS C-Series VIC-1225 to Nexus 5000 setup

  Hello,
  I have two nexus 5000 setup with a vpc peer link. I also have an cisco c240 m3 server with a vic-1225 card that will be running esx 5.1. I also have some 4 2248 fabric extenders. I have been searching for some best practice information on how to best setup this equipment. The nexus equipment is already running, so its more about connecting the c240 and the vic-1225 to the nexus switches. I guess this is better to do rather than to connect to the fabric extenders in order to minmize hops?
  All documention I have found involves setup/configuration etc with fabric interconnects which I dont have, and have been told that I do not need. Does anyone have any info on this? and can point me in the right direction to setup this correctly?
  More specifically, how should I setup the vic-1225 card to the nexus? just create a regular vpc/port-channel to the nexuses? use lacp and set it to active?
  Do I need to make any configuration changes on the vic card via the cimc on the c240 server to make this work?

  Hello again, Im stuck
  This is what I have done. I have created the vPC between my esx host and my two nexus 5000 switches, but it doesnt seem to come up:
  S02# sh port-channel summary
  Flags:  D - Down        P - Up in port-channel (members)
          I - Individual  H - Hot-standby (LACP only)
          s - Suspended   r - Module-removed
          S - Switched    R - Routed
          U - Up (port-channel)
          M - Not in use. Min-links not met
  Group Port-       Type     Protocol  Member Ports
        Channel
  4     Po4(SD)     Eth      LACP      Eth1/9(D)
  vPC info:
  S02# sh vpc 4
  vPC status
  id     Port        Status Consistency Reason                     Active vlans
  4      Po4         down*  success     success                    -
  vPC config:
  interface port-channel4
    switchport mode trunk
    switchport trunk allowed vlan 20,27,30,50,100,500-501
    spanning-tree port type edge trunk
    vpc 4
  interface Ethernet1/9
    switchport mode trunk
    switchport trunk allowed vlan 20,27,30,50,100,500-501
    spanning-tree port type edge trunk
    channel-group 4 mode active
  Im unsure what I must configure on the cisco 240M3(esx host) side to make this work. I only have the two default interfaces(eth0 and eth1) on the vic-1225 installed in the esx host, and both have the vlan mode is set to TRUNK.
  Any ideas on what I am missing?
  Message was edited by: HDA

• Nexus 5000 command/log accounting

  Good afternoon gentlemen
  I need to configure the same as shown below in Nexus 5000 switches. The requirement is logging all user access login (whether failed or succeeded) and also logging all commands that users issue.
  #IOS commands
  no logging console
  logging buffered 307200 informational
  service timestamps log datetime localtime show-timezone
  logging trap debugging
  login on-failure log
  login on-success log
  archive
     log config
        logging enable
        logging size 500
        hidekeys
        notify syslog contenttype plaintext
  By now, I only found the command "show accounting log". But no way to export to a syslog server I think.
  If you guys have an idea please answear
  Regards
  Christian

  Good afternoon gentlemen
  I need to configure the same as shown below in Nexus 5000 switches. The requirement is logging all user access login (whether failed or succeeded) and also logging all commands that users issue.
  #IOS commands
  no logging console
  logging buffered 307200 informational
  service timestamps log datetime localtime show-timezone
  logging trap debugging
  login on-failure log
  login on-success log
  archive
     log config
        logging enable
        logging size 500
        hidekeys
        notify syslog contenttype plaintext
  By now, I only found the command "show accounting log". But no way to export to a syslog server I think.
  If you guys have an idea please answear
  Regards
  Christian

• Ask the Expert: Different Flavors and Design with vPC on Cisco Nexus 5000 Series Switches

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about Cisco® NX-OS.
  The biggest limitation to a classic port channel communication is that the port channel operates only between two devices. To overcome this limitation, Cisco NX-OS has a technology called virtual port channel (vPC). A pair of switches acting as a vPC peer endpoint looks like a single logical entity to port channel attached devices. The two devices that act as the logical port channel endpoint are actually two separate devices. This setup has the benefits of hardware redundancy combined with the benefits offered by a port channel, for example, loop management.
  vPC technology is the main factor for success of Cisco Nexus® data center switches such as the Cisco Nexus 5000 Series, Nexus 7000 Series, and Nexus 2000 Series Switches.
  This event is focused on discussing all possible types of vPC along-with best practices, failure scenarios, Cisco Technical Assistance Center (TAC) recommendations and troubleshooting
  Vishal Mehta is a customer support engineer for the Cisco Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in TAC for the past 3 years with a primary focus on data center technologies, such as the Cisco Nexus 5000 Series Switches, Cisco Unified Computing System™ (Cisco UCS®), Cisco Nexus 1000V Switch, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching, and service provider.
  Nimit Pathak is a customer support engineer for the Cisco Data Center Server Virtualization TAC team based in San Jose, California, with primary focus on data center technologies, such as Cisco UCS, the Cisco Nexus 1000v Switch, and virtualization. Nimit holds a master's degree in electrical engineering from Bridgeport University, has CCNA® and CCNP® Nimit is also working on a Cisco data center CCIE® certification While also pursuing an MBA degree from Santa Clara University.
  Remember to use the rating system to let Vishal and Nimit know if you have received an adequate response. 
  Because of the volume expected during this event, Vishal and Nimit might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure Community, under the subcommunity LAN, Switching & Routing, shortly after the event. This event lasts through August 29, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Gustavo
  Please see my responses to your questions:
  Yes almost all routing protocols use Multicast to establish adjacencies. We are dealing with two different type of traffic –Control Plane and Data Plane.
  Control Plane: To establish Routing adjacency, the first packet (hello) is punted to CPU. So in the case of triangle routed VPC topology as specified on the Operations Guide Link, multicast for routing adjacencies will work. The hellos packets will be exchanged across all 3 routers and adjacency will be formed over VPC links
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999181
  Now for Data Plane we have two types of traffic – Unicast and Multicast.
  The Unicast traffic will not have any forwarding issues, but because the Layer 3 ECMP and port channel run independent hash calculations there is a possibility that when the Layer 3 ECMP chooses N5k-1 as the Layer 3 next hop for a destination address while the port channel hashing chooses the physical link toward N5k-2. In this scenario,N5k-2 receives packets from R with the N5k-1 MAC as the destination MAC.
  Sending traffic over the peer-link to the correct gateway is acceptable for data forwarding, but it is suboptimal because it makes traffic cross the peer link when the traffic could be routed directly.
  For that topology, Multicast Traffic might have complete traffic loss due to the fact that when a PIM router is connected to Cisco Nexus 5500 Platform switches in a vPC topology, the PIM join messages are received only by one switch. The multicast data might be received by the other switch.
  The Loop avoidance works little different across Nexus 5000 and Nexus 7000.
  Similarity: For both products, loop avoidance is possible due to VSL bit
  The VSL bit is set in the DBUS header internal to the Nexus.
  It is not something that is set in the ethernet packet that can be identified. The VSL bit is set on the port asic for the port used for the vPC peer link, so if you have Nexus A and Nexus B configured for vPC and a packet leaves Nexus A towards Nexus B, Nexus B will set the VSL bit on the ingress port ASIC. This is not something that would traverse the peer link.
  This mechanism is used for loop prevention within the chassis.
  The idea being that if the port came in the peer link from the vPC peer, the system makes the assumption that the vPC peer would have forwarded this packet out the vPC-enabled port-channels towards the end device, so the egress vpc interface's port-asic will filter the packet on egress.
  Differences:  In Nexus 5000 when it has to do L3-to-L2 lookup for forwarding traffic, the VSL bit is cleared and so the traffic is not dropped as compared to Nexus 7000 and Nexus 3000.
  It still does loop prevention but the L3-to-L2 lookup is different in Nexus 5000 and Nexus 7000.
  For more details please see below presentation:
  https://supportforums.cisco.com/sites/default/files/session_14-_nexus.pdf
  DCI Scenario:  If 2 pairs are of Nexus 5000 then separation of L3/L2 links is not needed.
  But in most scenarios I have seen pair of Nexus 5000 with pair of Nexus 7000 over DCI or 2 pairs of Nexus 7000 over DCI. If Nexus 7000 are used then L3 and L2 links are required for sure as mentioned on above presentation link.
  Let us know if you have further questions.
  Thanks,
  Vishal

• Switch Profile view in MIB

  Hello Experts,
  On a Nexus 5000 in VPC domain, I look for the result of commited switch profile.
  Where can I find this kind of information (in bold), in which MIB ? Do you have the OID ?
  SW11B2D01# show switch-profile YOP status
  switch-profile  : YOP
  Start-time: 873633 usecs after Wed Jun 11 12:03:04 2014
  End-time: 101711 usecs after Wed Jun 11 12:03:30 2014
  Profile-Revision: 11
  Session-type: Commit
  Session-subtype: -
  Peer-triggered: No
  Profile-status: Sync Success
  Local information:
  Status: Commit Success
  Error(s):
  Peer information:
  IP-address: 1.1.1.1
  Sync-status: In sync
  Status: Commit Success
  Error(s):
  Thanks for your help,
  Paul

  oups you're right
  The two lines are :
  Sync-status: In sync
  Status: Commit Success
  Thanks
  Paul

• Nexus 5000 - Securing MGMT Access

  Could anyone comment on whether the capability exists to configure an ACL that protects management access, restricting access to certain source subnets? I want to use inband mgmt access (interface vlan feature)but limit the access by IP. ACLs seem to be only configurable on a per port basis or VLAN mapped basis, not on the VLAN Interface or Line VTY. Thanks in advance to anyone who offers a comment!

  Hi Adam,
  [edit] This is fixed in 4.1(3)N2(1) with defect CSCta26533.  It is also available in 4.2(1)N1(1).  I just tested this to verify, I was confused earlier as to what version my switches were running.
  Here's an exmaple in 4.2(1)N1(1):
  Nexus5010(config)# conf t
  Nexus5010(config)# ip access-list someACL
  Nexus5010(config-acl)# deny ip 192.168.0.0/16 any                      
  Nexus5010(config-acl)# permit ip any any
  Nexus5010(config-acl)# int mgmt0
  Nexus5010(config-if)# ip access-group someACL in
  Nexus5010(config-if)# exit
  Nexus5010# sh ip access-lists summary
  IPV4 ACL someACL
          Total ACEs Configured: 2
          Configured on interfaces:
                  mgmt0 - ingress (Router ACL)
          Active on interfaces:
                  mgmt0 - ingress (Router ACL)
  Also, CSCsq20638 will allow you to put an ACL on VTY lines.  CSCsq20638 slipped the target release since my first answer, but is now committed to the 5.0 train for the Nexus 7000.
  When the Nexus 5000 picks up this enhancement sometime in Q4 of 2010.  I can't be specific about a release date since it's under active development, but it should be called 5.0(2)N1(1)
  Regarding a VACL, that will work for inband management (SVI / VLAN interface), but not for those managing via MGMT0.
  Regards,
  John Gill
  Message was edited by: johgill

• Nexus 5000 - Odd Ethernet interface behavior (link down inactive)

  Hi Guys,
  This would sound really trivial but it is very odd behavior.
  - We have a server connected to a 2, Nexus 5000s (for resiliancy)
  - When there is no config on the ethernet interfaces whatsoever, the ethernet interface is UP / UP, there is minimal amount of traffic on the link etc. E.g.
  Ethernet1/16 is up
    Hardware: 1000/10000 Ethernet, address: 000d.ece7.85d7 (bia 000d.ece7.85d7)
    Description: shipley-p1.its RK14/A13
    MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA
    Port mode is access
    full-duplex, 10 Gb/s, media type is 1/10g
    Beacon is turned off
    Input flow-control is off, output flow-control is off
    Rate mode is dedicated
    Switchport monitor is off
    Last link flapped 00:00:07
    Last clearing of "show interface" counters 05:42:32
    30 seconds input rate 0 bits/sec, 0 packets/sec
    30 seconds output rate 96 bits/sec, 0 packets/sec
    Load-Interval #2: 5 minute (300 seconds)
      input rate 0 bps, 0 pps; output rate 8 bps, 0 pps
    RX
      0 unicast packets  0 multicast packets  0 broadcast packets
      0 input packets  0 bytes
      0 jumbo packets  0 storm suppression packets
      0 runts  0 giants  0 CRC  0 no buffer
      0 input error  0 short frame  0 overrun   0 underrun  0 ignored
      0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
      0 input with dribble  0 input discard
      0 Rx pause
    TX
      0 unicast packets  163 multicast packets  0 broadcast packets
      163 output packets  15883 bytes
      0 jumbo packets
      0 output errors  0 collision  0 deferred  0 late collision
      0 lost carrier  0 no carrier  0 babble
      0 Tx pause
    1 interface resets
  - As soon as I configure the link to be an access port, the link goes down, flagging "inactivity" E.g.
  sh int e1/16
  Ethernet1/16 is down (inactive)
    Hardware: 1000/10000 Ethernet, address: 000d.ece7.85d7 (bia 000d.ece7.85d7)
    Description: shipley-p1.its RK14/A13
    MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA
    Port mode is access
    auto-duplex, 10 Gb/s, media type is 1/10g
    Beacon is turned off
    Input flow-control is off, output flow-control is off
    Rate mode is dedicated
    Switchport monitor is off
    Last link flapped 05:38:03
    Last clearing of "show interface" counters 05:41:33
    30 seconds input rate 0 bits/sec, 0 packets/sec
    30 seconds output rate 0 bits/sec, 0 packets/sec
    Load-Interval #2: 5 minute (300 seconds)
      input rate 0 bps, 0 pps; output rate 0 bps, 0 pps
    RX
      0 unicast packets  0 multicast packets  0 broadcast packets
      0 input packets  0 bytes
      0 jumbo packets  0 storm suppression packets
      0 runts  0 giants  0 CRC  0 no buffer
      0 input error  0 short frame  0 overrun   0 underrun  0 ignored
      0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
      0 input with dribble  0 input discard
      0 Rx pause
    TX
      0 unicast packets  146 multicast packets  0 broadcast packets
      146 output packets  13083 bytes
      0 jumbo packets
      0 output errors  0 collision  0 deferred  0 late collision
      0 lost carrier  0 no carrier  0 babble
      0 Tx pause
    0 interface resets
  - This behavior is seen on both 5Ks
  - I've tried using a different set of ports, changed SFPs, and fibre cabling to no avail
  - I can't seem to understand this behavior?!  In that, why would configuring the port cause the link to go down?
  - If anyone has experience this before, or could shed some light on this behavior, it would be appreciated.
  sh ver
  Cisco Nexus Operating System (NX-OS) Software
  TAC support: http://www.cisco.com/tac
  Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
  The copyrights to certain works contained herein are owned by
  other third parties and are used and distributed under license.
  Some parts of this software are covered under the GNU Public
  License. A copy of the license is available at
  http://www.gnu.org/licenses/gpl.html.
  Software
    BIOS:      version 1.2.0
    loader:    version N/A
    kickstart: version 4.2(1)N1(1)
    system:    version 4.2(1)N1(1)
    power-seq: version v1.2
    BIOS compile time:       06/19/08
    kickstart image file is: bootflash:/n5000-uk9-kickstart.4.2.1.N1.1.bin
    kickstart compile time:  4/29/2010 19:00:00 [04/30/2010 02:38:04]
    system image file is:    bootflash:/n5000-uk9.4.2.1.N1.1.bin
    system compile time:     4/29/2010 19:00:00 [04/30/2010 03:51:47]
  thanks
  Sheldon

  I had identical issue
  Two interfaces on two different FEXes were INACTIVE. I have two Nexus 5596 in vPC and A/A FEXes.
  I also use config-sync feature.
  Very same configuration was applied to other ports on other FEXes and they were working with no problems.
  interface Ethernet119/1/1
    inherit port-profile PP-Exchange2003
  I checked VLAN status associated with this profile and it was active (of course it was, other ports were ok).
  I solved it by removing port profile from this port and re-applied it... voila, port changed state to up!
  Very very strange.

• Not able to import User Profile Property via BDC Connection

  I want to fill some of the user profile properties via BDC Connection. I already have created more than 50 user profiles which I imported from AD. Now, in order to import profiles properties using BDC, I performed below steps:
  a) Ensured Business Data Connectivity and Secure Store are running and used account has Full permission on these services.
  b) Created an external content type using SharePoint Designer and created an external list to ensure that data is available:
  Set email field as identifier, which is one of the columns in SQL table and is a primary key.
  Created Read Item and Read List operations on above ECT.
  c) Checked the presence of above ECT in BDC service and ensured it has all necessary permissions i.e. Edit, Execute etc.
  d) Configure a new synchronization connection in User profile Service by selecting the same ECT. Here I chose to connect 1:1 mapping and picked up WorkEmail property to return items.
  e) Mapped one of the custom property with one of the fields of SQL Server. Here, I ensured they both have same type.
  f) Ran Full Synchronize after above steps. On checked, I do not find any data in the mapped properties.
  Below are the traces of LOGS:
  Profile sync step BusinessConnection (stage BusinessDataCatalogFullImport) finished successfully. 8ecffe9c-6d0a-e0e8-ec25-eb7a5f1c1215
  04/21/2015 12:37:00.68  OWSTIMER.EXE (0x337C)                    0x02DC SharePoint Portal Server       User Profiles                
   ac4iu Medium   Profile sync step BusinessConnection (stage BusinessDataCatalogFullSync) started execution. 
  04/21/2015 12:37:00.68  OWSTIMER.EXE (0x337C)                    0x4CCC SharePoint Foundation          Topology                     
   8xqz Medium   Updating SPPersistedObject UserProfileImportJob Name=UserProfileServiceApplication_ProfileImportJob. Version: 2294209 Ensure: False, HashCode: 36728399, Id: 4f037df6-d339-4b5a-8892-ef3699c16b20, Stack:    at
  Microsoft.SharePoint.Administration.SPJobDefinition.Update()     at Microsoft.Office.Server.UserProfiles.UserProfileImportJob.SaveStatus()     at Microsoft.Office.Server.UserProfiles.UserProfileImportJob.Execute()    
  at Microsoft.Office.Server.Administration.UserProfileApplicationJob.Execute(SPJobState jobState)     at Microsoft.SharePoint.Administration.SPTimerJobInvokeInternal.Invoke(SPJobDefinition jd, Guid targetInstanceId, Boolean isTimerService,
  Int32& result)     at Microsoft.SharePoint.Administration.SPTimerJobInvoke.Invoke(TimerJobExecuteData& data, Int32& result)   8ecffe9c-6d0a-e0e8-ec25-eb7a5f1c1215
  04/21/2015 12:37:01.70  OWSTIMER.EXE (0x337C)                    0x4CCC SharePoint Portal Server       User Profiles                
   ac4iq Medium   Profile sync step BusinessConnection (stage BusinessDataCatalogFullSync) finished successfully. 8ecffe9c-6d0a-e0e8-ec25-eb7a5f1c1215
  04/21/2015 12:37:01.70  OWSTIMER.EXE (0x337C)                    0x4CCC SharePoint Foundation          Topology                     
   8xqz Medium   Updating SPPersistedObject UserProfileImportJob Name=UserProfileServiceApplication_ProfileImportJob. Version: 2294211 Ensure: False, HashCode: 36728399, Id: 4f037df6-d339-4b5a-8892-ef3699c16b20, Stack:    at
  Microsoft.SharePoint.Administration.SPJobDefinition.Update()     at Microsoft.Office.Server.UserProfiles.UserProfileImportJob.SaveStatus()     at Microsoft.Office.Server.UserProfiles.UserProfileImportJob.Execute()    
  at Microsoft.Office.Server.Administration.UserProfileApplicationJob.Execute(SPJobState jobState)     at Microsoft.SharePoint.Administration.SPTimerJobInvokeInternal.Invoke(SPJobDefinition jd, Guid targetInstanceId, Boolean isTimerService,
  Int32& result)     at Microsoft.SharePoint.Administration.SPTimerJobInvoke.Invoke(TimerJobExecuteData& data, Int32& result)   8ecffe9c-6d0a-e0e8-ec25-eb7a5f1c1215
  04/21/2015 12:37:02.53  OWSTIMER.EXE (0x337C)                    0x319C SharePoint Foundation          Monitoring                   
   nasq Medium   Entering monitored scope (Timer Job job-upgrade-sites). Parent No 9f354308-7b18-40f3-80d6-c7d0616cd9e5
  04/21/2015 12:37:02.53  OWSTIMER.EXE (0x337C)                    0x319C SharePoint Foundation          Logging
  Correlation Data       xmnv Medium   Name=Timer Job job-upgrade-sites a0cffe9c-7d80-e0e8-ec25-e024bd692f28
  04/21/2015 12:37:02.67  OWSTIMER.EXE (0x337C)                    0x319C SharePoint Foundation          Monitoring                   
   b4ly Medium   Leaving Monitored Scope (Timer Job job-upgrade-sites). Execution Time=136.402252241556 a0cffe9c-7d80-e0e8-ec25-e024bd692f28
  04/21/2015 12:37:04.94  w3wp.exe (0x4440)                        0x4070 SharePoint Portal Server       Runtime                      
   8gp7 Medium   Topology cache updated. (AppDomain: /LM/W3SVC/1712947452/ROOT-1-130740700225995467) 
  04/21/2015 12:37:05.00  OWSTIMER.EXE (0x337C)                    0x1FA0 SharePoint Foundation          Monitoring                   
   aeh57 Medium   Sql Ring buffer status eventsPerSec = ,processingTime=0,totalEventsProcessed=0,eventCount=0,droppedCount=0,memoryUsed=0 
  04/21/2015 12:37:05.52  w3wp.exe (0x4440)                        0x3DD8 SharePoint Foundation        
   Topology                       e5mc Medium   WcfSendRequest: RemoteAddress: 'http://172.20.21.163:32843/af95f58c149b4b61b13c0d0250479beb/MetadataWebService.svc'
  Channel: 'Microsoft.SharePoint.Taxonomy.IMetadataWebServiceApplication' Action: 'http://schemas.microsoft.com/sharepoint/taxonomy/soap/IDataAccessReadOnly/GetChanges2' MessageId: 'urn:uuid:324f52f2-8c3a-49e3-9d2c-6119776db97b' 08d6992a-9413-4d09-b8f9-bcfb08266cc7
  04/21/2015 12:37:05.52  w3wp.exe (0x4848)                        0x3D98 SharePoint Foundation        
   Monitoring                     nasq Medium   Entering monitored scope (ExecuteWcfServerOperation). Parent No 
  04/21/2015 12:37:05.52  w3wp.exe (0x4848)                        0x3D98 SharePoint Foundation        
   Topology                       e5mb Medium   WcfReceiveRequest: LocalAddress: 'http://ispantest.domainname.local:32843/af95f58c149b4b61b13c0d0250479beb/MetadataWebService.svc'
  Channel: 'System.ServiceModel.Channels.ServiceChannel' Action: 'http://schemas.microsoft.com/sharepoint/taxonomy/soap/IDataAccessReadOnly/GetChanges2' MessageId: 'urn:uuid:324f52f2-8c3a-49e3-9d2c-6119776db97b' 08d6992a-9413-4d09-b8f9-bcfb08266cc7
  04/21/2015 12:37:05.52  w3wp.exe (0x4848)                        0x3D98 SharePoint Server            
   Taxonomy                       fuc5 Medium   MetadataWebServiceApplication.GetChanges called on 'Managed Metadata Service' starting. 08d6992a-9413-4d09-b8f9-bcfb08266cc7
  04/21/2015 12:37:05.53  w3wp.exe (0x4848)                        0x3D98 SharePoint Server            
   Taxonomy                       fuc6 Medium   MetadataWebServiceApplication.GetChanges called on 'Managed Metadata Service' completed. 08d6992a-9413-4d09-b8f9-bcfb08266cc7
  04/21/2015 12:37:05.53  w3wp.exe (0x4848)                        0x3D98 SharePoint Foundation        
   Monitoring                     b4ly Medium   Leaving Monitored Scope (ExecuteWcfServerOperation). Execution Time=2.03964470344695 08d6992a-9413-4d09-b8f9-bcfb08266cc7
  04/21/2015 12:37:05.53  w3wp.exe (0x4440)                        0x3DD8 SharePoint Foundation        
   General                        aipzw High     An exception occurred while writing a service call usage
  entry.  Exception details: System.ObjectDisposedException: Safe handle has been closed     at
  System.Runtime.InteropServices.SafeHandle.DangerousAddRef(Boolean& success)     at Microsoft.Win32.Win32Native.GetTokenInformation(SafeTokenHandle TokenHandle, UInt32 TokenInformationClass, SafeLocalAllocHandle TokenInformation,
  UInt32 TokenInformationLength, UInt32& ReturnLength)     at System.Security.Principal.WindowsIdentity.GetTokenInformation(SafeTokenHandle tokenHandle, TokenInformationClass tokenInformationClass)     at System.Security.Principal.WindowsIdentity.get_User()    
  at System.Security.Principal.WindowsIdentity.GetName()     at System.Security.Principal.WindowsIdentity.get_Name()     at Microsoft.SharePoint.Utilities.SPUtili... 08d6992a-9413-4d09-b8f9-bcfb08266cc7

  Thanks for the very clear answer back. You're a star. Much appreciated and better to know where you stand directly. Have called the helpdesk and are willing to solve and take this one back in, although it will hurt. The macBook Pro continues to be out of reach economically, so it would need to be the white macBook...
  Just wanted to check some last items before making final decisions as I am checking an alternative workaround
  - my camcorder supports recording on memory stick which can then be read into iMovie without problem. Any idea if memory stick is lower in resolution as normal DV tape recording? If this is comparable I can choose to from now on switch to memory stick. When I record on the stick it is then recognised as MOV.
  - is there any other (non apple made) OSX software on the market to facilitate only the USB driven capturing? Hence did any other SW supplier plug this hole? The old windows pc has proven that the camera streams images via the USB port (hence don't at all understand why iMovie cannot just support capturing via USB streaming...!!!!) and I understand it is more that iMovie doesn't support capturing images via USB, but does anybody else at least for the capturing bit?
  - You read about Firewire - USB adapters/hubs/convertors. It is however never clear if it would solve this issue. Dead-end street or an option?
  - I can capture my archive of old tapes on my old PC and then put them into my Mac. However the capturing SW makes one large file of it and no event is split. Any idea if on import iMovie could automatically split this into different events (based on date or start/stop?)
  - final question: does iMovie when capturing video from tapebased camcorder automatically split events based on date or start/stop? Would be silly to make switch and then still find out I need to manually make the cuts.
  Very grateful for your support. Just a couple of days left to make final decision...

• VPC on Nexus 5000 with Catalyst 6500 (no VSS)

  Hi, I'm pretty new on the Nexus and UCS world so I have some many questions I hope you can help on getting some answers.
  The diagram below is the configuration we are looking to deploy, that way because we do not have VSS on the 6500 switches so we can not create only one  Etherchannel to the 6500s.
  Our blades inserted on the UCS chassis  have INTEL dual port cards, so they do not support full failover.
  Questions I have are.
  - Is this my best deployment choice?
  - vPC highly depend on the management interface on the Nexus 5000 for the keep alive peer monitoring, so what is going to happen if the vPC brakes due to:
       - one of the 6500 goes down
            - STP?
            - What is going to happend with the Etherchannels on the remaining  6500?
       - the Management interface goes down for any other reason
            - which one is going to be the primary NEXUS?
  Below is the list of devices involved and the configuration for the Nexus 5000 and 65000.
  Any help is appreciated.
  Devices
  ·         2  Cisco Catalyst with two WS-SUP720-3B each (no VSS)
  ·         2 Cisco Nexus 5010
  ·         2 Cisco UCS 6120xp
  ·         2 UCS Chassis
       -    4  Cisco  B200-M1 blades (2 each chassis)
            - Dual 10Gb Intel card (1 per blade)
  vPC Configuration on Nexus 5000
  TACSWN01
  TACSWN02
  feature vpc
  vpc domain 5
  reload restore
  reload restore   delay 300
  Peer-keepalive   destination 10.11.3.10
  role priority 10
  !--- Enables vPC, define vPC domain and peer   for keep alive
  int ethernet 1/9-10
  channel-group 50   mode active
  !--- Put Interfaces on Po50
  int port-channel 50
  switchport mode   trunk
  spanning-tree port   type network
  vpc peer-link
  !--- Po50 configured as Peer-Link for vPC
  inter ethernet 1/17-18
  description   UCS6120-A
  switchport mode   trunk
  channel-group 51   mode active
  !--- Associates interfaces to Po51 connected   to UCS6120xp-A  
  int port-channel 51
  swithport mode   trunk
  vpc 51
  spannig-tree port   type edge trunk
  !--- Associates vPC 51 to Po51
  inter ethernet 1/19-20
  description   UCS6120-B
  switchport mode   trunk
  channel-group 52   mode active
  !--- Associates interfaces to Po51 connected   to UCS6120xp-B  
  int port-channel 52
  swithport mode   trunk
  vpc 52
  spannig-tree port   type edge trunk
  !--- Associates vPC 52 to Po52
  !----- CONFIGURATION for Connection to   Catalyst 6506
  Int ethernet 1/1-3
  description   Cat6506-01
  switchport mode   trunk
  channel-group 61   mode active
  !--- Associate interfaces to Po61 connected   to Cat6506-01
  Int port-channel 61
  switchport mode   trunk
  vpc 61
  !--- Associates vPC 61 to Po61
  Int ethernet 1/4-6
  description   Cat6506-02
  switchport mode   trunk
  channel-group 62   mode active
  !--- Associate interfaces to Po62 connected   to Cat6506-02
  Int port-channel 62
  switchport mode   trunk
  vpc 62
  !--- Associates vPC 62 to Po62
  feature vpc
  vpc domain 5
  reload restore
  reload restore   delay 300
  Peer-keepalive   destination 10.11.3.9
  role priority 20
  !--- Enables vPC, define vPC domain and peer   for keep alive
  int ethernet 1/9-10
  channel-group 50   mode active
  !--- Put Interfaces on Po50
  int port-channel 50
  switchport mode   trunk
  spanning-tree port   type network
  vpc peer-link
  !--- Po50 configured as Peer-Link for vPC
  inter ethernet 1/17-18
  description   UCS6120-A
  switchport mode   trunk
  channel-group 51   mode active
  !--- Associates interfaces to Po51 connected   to UCS6120xp-A  
  int port-channel 51
  swithport mode   trunk
  vpc 51
  spannig-tree port   type edge trunk
  !--- Associates vPC 51 to Po51
  inter ethernet 1/19-20
  description   UCS6120-B
  switchport mode   trunk
  channel-group 52   mode active
  !--- Associates interfaces to Po51 connected   to UCS6120xp-B  
  int port-channel 52
  swithport mode   trunk
  vpc 52
  spannig-tree port   type edge trunk
  !--- Associates vPC 52 to Po52
  !----- CONFIGURATION for Connection to   Catalyst 6506
  Int ethernet 1/1-3
  description   Cat6506-01
  switchport mode   trunk
  channel-group 61   mode active
  !--- Associate interfaces to Po61 connected   to Cat6506-01
  Int port-channel 61
  switchport mode   trunk
  vpc 61
  !--- Associates vPC 61 to Po61
  Int ethernet 1/4-6
  description   Cat6506-02
  switchport mode   trunk
  channel-group 62   mode active
  !--- Associate interfaces to Po62 connected   to Cat6506-02
  Int port-channel 62
  switchport mode   trunk
  vpc 62
  !--- Associates vPC 62 to Po62
  vPC Verification
  show vpc consistency-parameters
  !--- show compatibility parameters
  Show feature
  !--- Use it to verify that vpc and lacp features are enabled.
  show vpc brief
  !--- Displays information about vPC Domain
  Etherchannel configuration on TAC 6500s
  TACSWC01
  TACSWC02
  interface range GigabitEthernet2/38 - 43
  description   TACSWN01 (Po61 vPC61)
  switchport
  switchport trunk   encapsulation dot1q
  switchport mode   trunk
  no ip address
  channel-group 61   mode active
  interface range GigabitEthernet2/38 - 43
  description   TACSWN02 (Po62 vPC62)
  switchport
  switchport trunk   encapsulation dot1q
  switchport mode   trunk
  no ip address
  channel-group 62   mode active

  ihernandez81,
  Between the c1-r1 & c1-r2 there are no L2 links, ditto with d6-s1 & d6-s2.  We did have a routed link just to allow orphan traffic.
  All the c1r1 & c1-r2 HSRP communications ( we use GLBP as well ) go from c1-r1 to c1-r2 via the hosp-n5k-s1 & hosp-n5k-s2.  Port channels 203 & 204 carry the exact same vlans.
  The same is the case on the d6-s1 & d6-s2 sides except we converted them to a VSS cluster so we only have po203 with  4 *10 Gb links going to the 5Ks ( 2 from each VSS member to each 5K).
  As you can tell what we were doing was extending VM vlans between 2 data centers prior to arrivals of 7010s and UCS chassis - which  worked quite well.
  If you got on any 5K you would see 2 port channels - 203 & 204  - going to each 6500, again when one pair went to VSS po204 went away.
  I know, I know they are not the same things .... but if you view the 5Ks like a 3750 stack .... how would you hook up a 3750 stack from 2 6500s and if you did why would you run an L2 link between the 6500s ?
  For us using 4 10G ports between 6509s took ports that were too expensive - we had 6704s - so use the 5Ks.
  Our blocking link was on one of the links between site1 & site2.  If we did not have wan connectivty there would have been no blocking or loops.
  Caution .... if you go with 7Ks beware of the inability to do L2/L3 via VPCs.
  better ?
  one of the nice things about working with some of this stuff is as long as you maintain l2 connectivity if you are migrating things they tend to work, unless they really break

• Tacacs cfs on the Nexus 5000

  Hi
  I want to distribute TACACS+ from the nexus 7000 to theo tne manuals  nexus 5000
  via CFS.
  When i do the 'sh cfs app' i get this....   tacacs         No        Physical-fc-ip
  However you cannot put in the distribute command for tacacs 'tacacs+ distribute'sl
  You also cannot do the following command   'sh cfs app name tacacs'
  Obviously there must be different commands ... but i cannot find them
  If i cant distribute tacacs how can i make this work
  many thanks
  Steve

  I think the command set does not matter.
  Because the Nexus takes only the role and does not use per-command authorization (AFAIK), then it will take the role from the shell profile but selecting the command set does not matter because it does not use per command authorization.
  I used command sets with CRS-1 and they had no effect. Only the shell profile configuration matters.
  What is the situation at your end? do things work fine with/without selecting the command set? or putting empty command set in place?
  Rating useful replies is more useful than saying "Thank you"

• Nexus 5000 as NTP client

  We run 6509 core routers as NTP servers to other IOS routers/switches & servers of several OS flavours.
  All good.
  Recently added some Nexus 5000s and cannot get them to lock.
  No firewalls or ACLs in the path
  6509 (1 of 4) state:
  LNPSQ01CORR01>sh ntp ass
        address         ref clock     st  when  poll reach  delay  offset    disp
  + 10.0.1.2         131.188.3.220     2   223  1024  377     0.5   -6.23     0.7
  +~130.149.17.21    .PPS.             1   885  1024  377    33.7   -0.26     0.8
  *~138.96.64.10     .GPS.             1   680  1024  377    22.7   -2.15     1.0
  +~129.6.15.29      .ACTS.            1   720  1024  377    84.9   -3.37     0.6
  +~129.6.15.28      .ACTS.            1   855  1024  377    84.8   -3.30     2.3
  * master (synced), # master (unsynced), + selected, - candidate, ~ configured
  Nexus state:
  BL01R01B10SRVS01# sh ntp peer-status
  Total peers : 4
  * - selected for sync, + -  peer mode(active),
  - - peer mode(passive), = - polled in client mode
      remote               local              st  poll  reach   delay
  =10.0.1.1               10.0.201.11            16   64       0   0.00000
  =10.0.1.2               10.0.201.11            16   64       0   0.00000
  =10.0.1.3               10.0.201.11            16   64       0   0.00000
  =10.0.1.4               10.0.201.11            16   64       0   0.00000
  Nexus config:
  ntp distribute
  ntp server 10.0.1.1
  ntp server 10.0.1.2
  ntp server 10.0.1.3
  ntp server 10.0.1.4
  ntp source 10.0.201.11
  ntp commit
  interface mgmt0
    ip address 10.0.201.11/24
  vrf context management
    ip route 0.0.0.0/0 10.0.201.254
  Reachability to the NTP source...
  BL01R01B10SRVS01# ping 10.0.1.1 vrf management source 10.0.201.11
  PING 10.0.1.1 (10.0.1.1) from 10.0.201.11: 56 data bytes
  64 bytes from 10.0.1.1: icmp_seq=0 ttl=253 time=3.487 ms
  64 bytes from 10.0.1.1: icmp_seq=1 ttl=253 time=4.02 ms
  64 bytes from 10.0.1.1: icmp_seq=2 ttl=253 time=3.959 ms
  64 bytes from 10.0.1.1: icmp_seq=3 ttl=253 time=4.053 ms
  64 bytes from 10.0.1.1: icmp_seq=4 ttl=253 time=4.093 ms
  --- 10.0.1.1 ping statistics ---
  5 packets transmitted, 5 packets received, 0.00% packet loss
  round-trip min/avg/max = 3.487/3.922/4.093 ms
  BL01R01B10SRVS01#
  Are we missing some NTP or managment vrf setup in the Nexus 5Ks??
  Thanks
  Rob Spain
  UK

  I have multiple 5020's, 5548's, and 5596's, and they all experience this same problem. Mind you I run strictly layer 2. I don't even have feature interface-vlan enabled. I tried: "ntp server X.X.X.X use-vrf management" as well as "clock protocol ntpt". These didn't help. 
  I was told by TAC that there is a bug (sorry I do not have the ID), but basically NTP will not work over the management VRF. The only way I got NTP to work, was by enabling the feature interface-vlan, and adding a vlan interface with an IP and retrieving NTP through this interface. 
  I upgraded to 5.2 (1) in hopes that this would fix the issue. but it did not.