Nexus 5500 duplicate ICMP echo-replay
I am experiencing inconsistent echo-replay from devices connected via VPC to Nexus 5500s while pinging from the Nexus exec prompt.
In some cases I receive normal response when pinging from one Nexus, but no response when pinging from the other switch. In other instance I receive normal response to one Nexus, and duplicate replays to the other. It looks like a VPC related bug. NXOS is 5.1.3.N2.1
5501# ping 10.12.12.232
PING 10.12.12.232 (10.12.12.232): 56 data bytes
64 bytes from 10.12.12.232: icmp_seq=0 ttl=253 time=8.585 ms
64 bytes from 10.12.12.232: icmp_seq=0 ttl=254 time=9.227 ms (DUP!)
64 bytes from 10.12.12.232: icmp_seq=1 ttl=253 time=1.011 ms
64 bytes from 10.12.12.232: icmp_seq=2 ttl=253 time=8.097 ms
64 bytes from 10.12.12.232: icmp_seq=2 ttl=254 time=9.429 ms (DUP!)
64 bytes from 10.12.12.232: icmp_seq=3 ttl=253 time=18.195 ms
64 bytes from 10.12.12.232: icmp_seq=4 ttl=253 time=8.807 ms
5502# ping 10.12.12.232
PING 10.12.12.232 (10.12.12.232): 56 data bytes
64 bytes from 10.12.12.232: icmp_seq=0 ttl=254 time=0.985 ms
64 bytes from 10.12.12.232: icmp_seq=1 ttl=254 time=0.884 ms
64 bytes from 10.12.12.232: icmp_seq=2 ttl=254 time=0.875 ms
64 bytes from 10.12.12.232: icmp_seq=3 ttl=254 time=3.105 ms
64 bytes from 10.12.12.232: icmp_seq=4 ttl=254 time=8.378 ms
Thanks
Jarek
Hi
I found this in the configuration guide for the Nexus 7000 configuring VPCs
"When you enable this feature (peer-gateway), Cisco NX-OS automatically disables IP redirects on all interface VLANs mapped over a vPC VLAN to avoid generation of IP redirect messages for packets switched through the peer gateway router."
However this is not happening automatically on the 5K, so you need to manually add "no ip redirects" on each VPC vlan interface to prevent duplicate pings.
Similar Messages
-
Mix of Nexus 5500 & Catalyst 6500
Hi there,
Does Nexus 5500 series require a Nexus 7000 parent device? or it will be supported with Catalyst 6509?
If this is the scenario :
CAT6509 - Core Layer 3
CAT6509 - Distribution Layer 2/3
NX-5548 - Access Layer 2
And FYI, no VSS on Catalyst 6509.
Thanks in advance,
GerardHello Chad,
Cool thanks ... that is perfect. We're eventually moving towards NX at the Core and Distribs really soon. Yeah, that's what I've known with the Extenders requirement with parent 5k or 7k too ...
Gerard -
IPM 4.2.0 and icmp-echo 0.0.0.0 problem
Hi,
I'm having a problem with IPM.
We are running LMS 3.2 with IPM 4.2.0.
I used IPM to configure a device to perform a ping to an ad-hoc target, the source router was configured as:
ip sla 182611
icmp-echo 0.0.0.0
request-data-size 64
owner ipm|<name>
tag <tag>
ip sla schedule 182611life forever start-time now ageout 3600
The target device is an ad-hoc with an ip-address but the IP SLA job ends up as 0.0.0.0.
When I'm running 'show ip sla statistics' it shows that the ping are timed out (as they are being sent to 0.0.0.0 instead of the real IP address).
The source router is running:
Cisco IOS Software, 3800 Software (C3825-ADVSECURITYK9-M), Version 12.4(22)T, RELEASE SOFTWARE (fc1)
Anyone had familiar problems?
Thanks,
Amitjclarke wrote:I haven't seen this before. Can you redo the configuration, and collect a sniffer trace of SNMP traffic between the IPM server and the device? This will help determine if the problem is with IPM or IOS.
Hi,
My IPM is running on Solaris 10.
Can you advise what/how I can sniff the SNMP traffic between the server and the IOS device?
Here is more information from the device:
#show version
Cisco IOS Software, C3550
Software (C3550-IPSERVICESK9-M), Version 12.2(46)SE, RELEASE SOFTWARE
(fc2)
#show running-config | inc 154366
ip sla 154366
ip sla schedule 154366 life forever start-time now ageout 3600ip sla reaction-configuration 154366 react timeout threshold-type immediate action-type trapOnly
ip sla reaction-configuration 154366 react rtt threshold-value 4000 3000 threshold-type consecutive 2 action-type trapOnly
35PROB#show ip sla configuration 154366
IP SLAs, Infrastructure Engine-II.
Entry number: 154366Owner: ipm|unix107776a44Tag: 35PROB_AMIT
Type of operation to perform: echoTarget address: 0.0.0.0
Source address: 0.0.0.0Request size (ARR data portion): 64
Operation timeout (milliseconds): 5000Type Of Service parameters: 0x0
Verify data: NoVrf Name:
Schedule: Operation frequency (seconds): 60
Next Scheduled Start Time: Start Time already passed Group Scheduled : FALSE
Randomly Scheduled : FALSE Life (seconds): Forever
Entry Ageout (seconds): 3600 Recurring (Starting Everyday): FALSE
Status of entry (SNMP RowStatus): ActiveThreshold (milliseconds): 4000
Distribution Statistics:
Number of statistic hours kept: 2 Number of statistic distribution buckets kept: 1
Statistic distribution interval (milliseconds): 20
History Statistics: Number of history Lives kept: 0
Number of history Buckets kept: 15 History Filter Type: None
Enhanced History:
Thanks -
Connecting the nexus 5500 with multiple vsans
Hi,
it's my first experience in the fibre channel world and i have a few doubts about the best way to connect the nexus 5500 to a EMC storage.
This is my scenario
this is my configuration:
vsan database
vsan 2
vsan 2 interface fc 1/1
vsan 3
vsan 3 interface fc 1/2
interface fc1/1
switchport mode f
no shut
interface fc1/2
switchport mode f
no shut
now I don't know how can I connect the port fc1/3 to the vnx storage, I think I can't make a trunk like ethernet, can anyone help me?
Or i only can do this with zoning
Thanks
FredHello Fred,
All interfaces must be in the same vsan for them to see each other
vsan database
vsan 2 interface fc1/1, fc1/2, fc1/3
exit
Then you can zone each separately
example:
zone name host1 vsan 2
member pwwn 11:11:11:11:11:11:11:11 (host1 pwwn)
member pwwn 33:33:33:33:33:33:33:33 (VNX)
zone name host2 vsan 2
member pwwn 22:22:22:22:22:22:22:22 (host2 pwwn)
member pwwn 33:33:33:33:33:33:33:33 (VNX)
zoneset name Zoneset1 vsan 2
mem host1
mem host2
zoneset activate name Zoneset1 vsan 2
Thanks -
ASA 8.4(2) doesn't respond to ICMP echo on ip address with port forwarding only
Hello,
In order to meet our requirements we had to configure PAT for TCP 80 on 2 external IP addresses to one internal IP in DMZ. TCP port 80 is being translated for both external IP addresses and it works as expected. However, since we have migrated to ASA both external IP addresses don't respond to ICMP echo requests generating following error:
%ASA-3-106014: Deny inbound icmp src outside:<Source IP> dst outside:<Destination IP> (type 8, code 0)
Previously we have been using Cisco router to achieve the same objective and it worked well.
I have noticed that when I add "same-security-traffic permit intra-interface" to a configuration the message mentioned above stops appearing in a logs.
As far as I can tell ASA sends packet back through outside interface, despite the fact that appliance advertises its mac address in response to arp request for the same external IP address.
Is there any way to make ASA realise that it should respond to ICMP echo requests on external IP addresses that have forwarding setup?
I do realise that ICMP would work in 1-to-1 NAT scenario, but we can't apply 1-to-1 NAT for 2 external IP addresses to point to one internal IP address.
Kind Regards,
Paul PrestonHi Julio,
Interesting. I have tried to map two external IP addresses with using 1 to 1 nat to a single internal IP, but when I tried to configure a second one I remember a message "mapping exists"...
I think that it might be easier if I paste relevent config:
access-list From_Internet extended permit icmp any any
access-list From_Internet extended permit tcp any gt 1023 host 172.17.0.103 eq www
access-list From_Internet extended deny ip any any log warnings
object network www-91-17.103
host 172.17.0.103
object network www-92-17.103
host 172.17.0.103
icmp permit any outside
object network www-91-17.103
nat (DMZ,outside) static x.x.x.91 service tcp www www
object network www-92-17.103
nat (DMZ,outside) static x.x.x.92 service tcp www www
With a config above NAT works for both IP addresses, but unfortunately neither IP address respond to icmp echo requests.
Kind Regards,
Paul Preston -
Uplink-ID 0 in Nexus 5500 with FEX 2248.
Hi all,
I've got 2 Nexus 5548 and a fex 2248 connected to both of them via a vPC. 1 Uplink port goes to N5K-01 e1/10 and a second Uplink port goes to N5K-02 to port e1/10.
On the log of the first Nexus 5500 I see this:
N5K-01 %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 0 of Fex 103 that is connected with Ethernet1/10 changed its status from Configured to Fabric Up
N5K-01 %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 1 of Fex 103 that is connected with Ethernet1/10 changed its status from Fabric Up to Connecting
N5K-01 1 %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 1 of Fex 103 that is connected with Ethernet1/10 changed its status from Connecting to Active
On the log of the second nexus 5500, I see this:
N5K-02 %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 0 of Fex 103 that is connected with Ethernet1/10 changed its status from Configured to Fabric Up
N5K-02 %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 2 of Fex 103 that is connected with Ethernet1/10 changed its status from Fabric Up to Connecting
N5K-02 %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 2 of Fex 103 that is connected with Ethernet1/10 changed its status from Connecting to Active
What is the difference between Uplink-ID 0, 1 and 2? If I only have 2 uplink ports, why is there a third one?
Thanks in advace for your assistance.Hi Sonu,
I see the similar problem on my nexus5ks. show cfs peer does not display the peer information. I have been waiting for hours now.
sw01# sh cfs peerCFS Discovery is in Progress ..Please waitCould not get response. The network topology may be under going change.Please try after about 30 seconds
Did you find the fix7workaround of this problem ?
Regards,
Umair -
Cannot InterVlan on Cisco Nexus 5500
Dear All,
I have problem with my nexus 5500,
Intervlan on my nexus not work,
i dont know why..
Before i have only this kind of license:
Feature Ins Lic Status Expiry Date Comments
Count
FCOE_NPV_PKG No - Unused -
FM_SERVER_PKG No - Unused -
ENTERPRISE_PKG Yes - Unused Never -
FC_FEATURES_PKG Yes - Unused Never -
VMFEX_FEATURE_PKG Yes - Unused Never -
ENHANCED_LAYER2_PKG No - Unused -
LAN_BASE_SERVICES_PKG No - Unused -
LAN_ENTERPRISE_SERVICES_PKG No - Unused -
and feature i used is :
- feature privilege
- feature telnet
- feature interface-vlan
- feature hsrp
- feature dhcp
- feature lldp
I make few vlan on nexus and then i check the interface status and the result is all vlan Interface is UP but intervlan is not work.
And then, i install license for LAN_BASE_SERVICES_PKG, this is result for install licensed:
Feature Ins Lic Status Expiry Date Comments
Count
FCOE_NPV_PKG No - Unused -
FM_SERVER_PKG No - Unused -
ENTERPRISE_PKG Yes - Unused Never -
FC_FEATURES_PKG Yes - Unused Never -
VMFEX_FEATURE_PKG Yes - Unused Never -
ENHANCED_LAYER2_PKG No - Unused -
LAN_BASE_SERVICES_PKG Yes - In use Never -
LAN_ENTERPRISE_SERVICES_PKG No - Unused -
I used vlan configuration vlan before, but the interface VLAN is DOWN/DOWN.
and then i read this article:
http://www.layerzero.nl/blog/2012/10/nexus-5000-non-routable-vdc-mode/
Yes, thats solution work for 1 Vlan with "management" command on interface VLAN.
But, the other vlan is still DOWN. and Intervlan is not work to.
Anyone, can help me please?
I have experience configure Nexus 5000 with VPC, FEX, Storage, etc, and everything fine without isue in intervlan.
Thanks.Marvin,
This is the output.
`show module`
Mod Ports Module-Type Model Status
1 48 O2 48X10GE/Modular Supervisor N5K-C5596UP-SUP active *
Mod Sw Hw World-Wide-Name(s) (WWN)
1 5.2(1)N1(1b) 1.0 --
`show interface brief`
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
Eth1/1 1 eth trunk up none 10G(D) --
Eth1/2 1 eth trunk up none 10G(D) --
Eth1/3 1 eth trunk up none 10G(D) --
Eth1/4 1 eth trunk up none 10G(D) --
Eth1/5 1 eth trunk down Link not connected 10G(D) --
Eth1/6 1 eth trunk up none 10G(D) --
Eth1/7 1 eth trunk up none 10G(D) --
Eth1/8 1 eth trunk down Link not connected 10G(D) --
Eth1/9 1 eth access down SFP not inserted 10G(D) --
Eth1/10 1 eth access down SFP not inserted 10G(D) --
Eth1/11 1 eth access down SFP not inserted 10G(D) --
Eth1/12 1 eth access down SFP not inserted 10G(D) --
Eth1/13 1 eth access down SFP not inserted 10G(D) --
Eth1/14 1 eth access down SFP not inserted 10G(D) --
Eth1/15 1 eth access down SFP not inserted 10G(D) --
Eth1/16 1 eth access down SFP not inserted 10G(D) --
Eth1/17 1 eth access down SFP not inserted 10G(D) --
Eth1/18 1 eth access down SFP not inserted 10G(D) --
Eth1/19 1 eth access down SFP not inserted 10G(D) --
Eth1/20 1 eth access down SFP not inserted 10G(D) --
Eth1/21 1 eth access down SFP not inserted 10G(D) --
Eth1/22 1 eth access down SFP not inserted 10G(D) --
Eth1/23 1 eth access down SFP not inserted 10G(D) --
Eth1/24 1 eth access down SFP not inserted 10G(D) --
Eth1/25 1 eth access down SFP not inserted 10G(D) --
Eth1/26 1 eth access down SFP not inserted 10G(D) --
Eth1/27 1 eth access down SFP not inserted 10G(D) --
Eth1/28 1 eth access down SFP not inserted 10G(D) --
Eth1/29 1 eth access down SFP not inserted 10G(D) --
Eth1/30 1 eth access down SFP not inserted 10G(D) --
Eth1/31 1 eth access down SFP not inserted 10G(D) --
Eth1/32 1 eth access down SFP not inserted 10G(D) --
Eth1/33 1 eth access down SFP not inserted 10G(D) --
Eth1/34 1 eth access down SFP not inserted 10G(D) --
Eth1/35 1 eth access down SFP not inserted 10G(D) --
Eth1/36 1 eth access down SFP not inserted 10G(D) --
Eth1/37 1 eth access down SFP not inserted 10G(D) --
Eth1/38 1 eth access down SFP not inserted 10G(D) --
Eth1/39 1 eth access down SFP not inserted 10G(D) --
Eth1/40 1 eth access down SFP not inserted 10G(D) --
Eth1/41 1 eth access down SFP not inserted 10G(D) --
Eth1/42 1 eth access down SFP not inserted 10G(D) --
Eth1/43 1 eth access down SFP not inserted 10G(D) --
Eth1/44 1 eth access down SFP not inserted 10G(D) --
Eth1/45 1 eth access down SFP not inserted 10G(D) --
Eth1/46 1 eth access down SFP not inserted 10G(D) --
Eth1/47 1 eth trunk down SFP not inserted 10G(D) --
Eth1/48 1 eth trunk down SFP not inserted 10G(D) --
Port VRF Status IP Address Speed MTU
mgmt0 -- down -- -- 1500
Interface Secondary VLAN(Type) Status Reason
Vlan1 -- down Administratively down
Vlan199 -- up --
Vlan999 -- down Non-routable VDC mode
sh ip int bri
IP Interface Status for VRF "default"(1)
Interface IP Address Interface Status
Vlan199 192.168.36.10 protocol-up/link-up/admin-up
Vlan999 192.168.99.1 protocol-down/link-down/admin-up
sh vlan
VLAN Name Status Ports
1 default active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth1/5, Eth1/6, Eth1/7, Eth1/8
Eth1/9, Eth1/10, Eth1/11
Eth1/12, Eth1/13, Eth1/14
Eth1/15, Eth1/16, Eth1/17
Eth1/18, Eth1/19, Eth1/20
Eth1/21, Eth1/22, Eth1/23
Eth1/24, Eth1/25, Eth1/26
Eth1/27, Eth1/28, Eth1/29
Eth1/30, Eth1/31, Eth1/32
Eth1/33, Eth1/34, Eth1/35
Eth1/36, Eth1/37, Eth1/38
Eth1/39, Eth1/40, Eth1/41
Eth1/42, Eth1/43, Eth1/44
Eth1/45, Eth1/46, Eth1/47
Eth1/48
5 A active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth1/5, Eth1/6, Eth1/7, Eth1/8
Eth1/47, Eth1/48
199 B active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth1/5, Eth1/6, Eth1/7, Eth1/8
Eth1/47, Eth1/48
391 C active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth1/5, Eth1/6, Eth1/7, Eth1/8
Eth1/47, Eth1/48
392 D active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth1/5, Eth1/6, Eth1/7, Eth1/8
Eth1/47, Eth1/48
393 E active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth1/5, Eth1/6, Eth1/7, Eth1/8
Eth1/47, Eth1/48
394 F active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth1/5, Eth1/6, Eth1/7, Eth1/8
Eth1/47, Eth1/48
395 G active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth1/5, Eth1/6, Eth1/7, Eth1/8
Eth1/47, Eth1/48
500 H active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth1/5, Eth1/6, Eth1/7, Eth1/8
Eth1/47, Eth1/48
526 I active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth1/5, Eth1/6, Eth1/7, Eth1/8
Eth1/47, Eth1/48
VLAN Type Vlan-mode
1 enet CE
5 enet CE
199 enet CE
391 enet CE
392 enet CE
393 enet CE
394 enet CE
395 enet CE
500 enet CE
526 enet CE
Remote SPAN VLANs
Primary Secondary Type Ports -
DCNM SAN 6.2 + Nexus 5500 not using interface mgmt
When trying to discover a newly setup fabric we have set the SVI of one of the Nexus 5500 switches as seed device in DCNM SAN server. Problem do seem to be the same in DCNM 6.2 as in DCNM 5.x, one can not use a SVI.... After adding the seed switch with the IP adress of the SVI it appears in the Admin->Data sources->Fabric with the ip address of the mgmt interface. Thing is that this ip address can not be reached from the DCNM SAN server since we have only used a cross over ethernet cable for peer-keepalive over the mgmt interfaces.
Is there a way in DCNM SAN 6.2 to force SAN management over a SVI instead of the mgmt interface?Here is the solution:
in the menubar on the top, in the lower one go to Admin > Server Properties
scroll to the middle of the list, locate “fabric.managementIpOverwrite” and set it to false
restart the DCNM Servers -
ACL filtering icmp ECHO-Reply Behavior
Hello Guys....
I needed some help here.....i have attached the topology with this in case you dont get what iam trying to ask
i have just 2 routers connected directly like this...... R1<------------> R2, The network between them is 10.1.12.0/24, R1 has an ip address of
10.1.12.1 & R2 has an ip address of 10.1.12.2.....Well so far so good hmmm
Now the Question is simple i want to block ICMP echo-reply's coming from R1 to R2 simple as that But it only works if i apply an ACL on R2's
Interface in the INBOUND Direction why on earth it dosent work if i apply the ACL on R1's interface in the OUTBOUND direction ???
THE ACL is this one# access-list 100 deny icmp host 10.1.12.1 host 10.1.12.2 echo-reply
access-list 100 permit ip any any
It works if i apply this in the inbound direction of R2 but why dosen't it work if i apply this in the OUTBOUND direction of R1?
Please do help me out thanks :)Hi,
I believe that's because "Access lists that are applied to interfaces do not filter traffic that originates from that router."
See http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfacls.html#wp1001135
for details.
Best regards,
Milan -
Hi,
If I use a SFP-10G-SR transceiver in a Nexus 5500, can I have FCoE in this port?
Sorry for the question but i'm begining in the FCoE world
ThanksThanks Vinayak
I'm very excited to be working with Nexus switches. Currently we only going to use ethernet, but with the new servers will be able to use FCoE. -
Nexus 5500 to Nexus 5500 Fiber Etherchannel with different lengths
Hi,
I'm in the very first phase of designing a small datacenter infrastructure based on the Nexus 5500 series. I haven't got any hands-on nexus experience yet so please forgive me if I'm asking a silly question here...
What I would like to build is a 4 unit, redundant datacenter design. Two units in one DC, and two units in the other. I would like to connect both DCs together using a redundant darkfiber. One link is 10 miles, the other is 20 miles.
The Nexus switches are going to be connected "back-to-back" with and the redundant etherchannel between the DCs, like this http://www.netcraftsmen.net/component/content/article/69-data-center/859-configuring-back-to-back-vpcs-on-cisco-nexus-switches.html
Can I expect any problems with this design? In particular with the different lengths of fiber, like buffering issues or failing transmissions?
Thanks!That should not be an issue. You will need single mode fiber and single mode optics, and as long as all your optics support distance of 20 miles or more, then you should be fine.
HTH -
Nexus 5500 - Fabricpath Core Port - Error disabled. Reason:DCX-No ACK in 100 PDUs
Has anyone seen Fabricpath Core Interfaces between two Nexus 5596UP switches error-disabled because of missing DCBX Acks after 50mins?
I do not see interface errors and the peer is another 5500.
Both switches are running 5.1(3)N2(1) with this port config:
int e1/3
switchport mode fabricpath
! Cisco 5m Twinax cables
Log messages
2012 May 25 17:40:59 nexus1 %L3VM-5-FP_TPG_INTF_DOWN: Interface Ethernet1/3 down in fabricpath topology 0 - Interface down
2012 May 25 17:40:59 nexus1 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet1/3 is down (None)
2012 May 25 17:40:59 nexus1 %ISIS_FABRICPATH-5-ADJCHANGE: isis_fabricpath-default [3365] P2P adj L1 nexus5 over Ethernet1/3 - DOWN (Delete All) on MT-0
2012 May 25 17:40:59 nexus1 %CDP-5-NEIGHBOR_REMOVED: CDP Neighbor nexus5(FOX1550GDH1) on port Ethernet1/3 has been removed
2012 May 25 17:40:59 nexus1 %LLDP-5-SERVER_REMOVED: Server with Chassis ID 547f.ee63.fa88 Port ID Eth1/1 on local port Eth1/3 has been removed
2012 May 25 17:40:59 nexus1 %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet1/3 is down (Error disabled. Reason:DCX-No ACK in 100 PDUs)
RobertCan you send the output of
show lldp interface ethernet 1/3
show lldp dcbx interface ethernet 1/3
a workaround may be to disable lldp on both sides on these physical interfaces -
Layer 3 config design on Nexus 5500 with Fabric Path
I trying to Network deisgn for new data Center , i am new to DataCenter desgin, i attached the network diagram
i would like to know if can configure my layer3 on 5500 and configure Fabric path to uplink switch
please help give your suggestions on this designYou can configure layer-3 on the 5500 series, but you need to install a daughter cards in each 5500.
See this link:
Layer 3 Daughter Card and Expansion Module Options for Cisco Nexus 5548P, 5548UP, 5596UP, and 5596T Switches
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/data_sheet_c78-618603.html
HTH -
On several Solaris 10 08/07 boxes following ipfilter rules do not work:
pass out all keep state
pass in quick proto icmp all icmp-type echo
pass in quick proto tcp from any to any port = ssh keep state
block in log all
ssh goes through, but there is no ping reply. Can't see anything in ipmon.log, so it seems the connection is not blocked.
Any hints?I am trying to figure out how to block ICMP ping reply. I have a static ip that I have given to Airport Extreme.
Kind of shocked as routers 1/3rd the cost allow this. -
Nexus 5500 VoIP cos 3 and FCoE
Hi
I have a requirment to do QoS for a DC that includes some VoIP as well FCoE with CNAs in the servers. I want to use COS 3 for the VoIP signalling and drop it in the same input and output quues to the servers as FCoE.
so we have
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
which is the default for FCoE and I have 50% bandwidth assoicated with it.
policy-map type queuing
class type queuing class-fcoe
bandwidth percent 50
class type queing someother class etc
The issue is the "class-fcoe" is a default class and there doesnt seem to be anywhere I can edit it to add the VOIP control traffic to the same class or can I just add it here:
class-map type queuing match any class-fcoe
match qos-group 1
match cos 3
Thanks
PatHmm
From the UCS 8 SRND
For instance, voice signaling traffic with L3 DSCP value of CS3 is mapped to L2 CoS value of 3 by Nexus 1000V. All Fibre Channel over Ethernet (FCoE) traffic is marked with L2 CoS value of 3 by Cisco UCS. When voice signaling and FCoE traffic enter the Cisco UCS 6100 Fabric Interconnect Switch, both will carry a CoS value of 3. In this situation voice signaling traffic will share queues and scheduling with the Fibre Channel priority class and will be given lossless behavior. (Fibre Channel priority class for CoS 3 in the UCS 6100 Fabric Interconnect Switch does not imply that the class cannot be shared with other types of traffic.)
This seems ti pmply you can run Call SIgnalling COS 3 in the same queueu as FCOE COS 3. I kow its talking about a 6100 fabric switch but thats very similar to a 5500.
Could I not do something like:
class-map type qos match-all voice-signal-global
match-cos 3
policy-map type qos classify-global
class voice-signal-global
set qos-group 1
class class-fcoe
set qos-group 1
But then I cant see how to link this where we set the queuing bandwidth percentages as this uses the "class-fcoe"
policy-map type queuing global-fcoe-queuing-in
class type queuing class-fcoe
bandwidth percent 50
Could I create a class to replace "class-fcoe" and jsut match on qos-group 1 to define whats in it ?
Regards
Pat
Maybe you are looking for
-
Looking for an app for my Tour
I'm looking for an app for my tour. I own a small lawncare/landscape bus and am looking for something when i get done with a job i can pull up the clients record and just click if they have paid or were billed. And when i get checks in the mail that
-
Problem with Canon Printer and Leopard
I have a Canon Ink-Jet (Pixma IP 4200) printer, which, until two days ago was running fine. Since then, I've been unable to print on it - either I get the error message that the printer is out of paper, when it isn't, or that the computer cannot conn
-
So I go to go on iTunes the other day and a notice comes up that says "Newer Version of QuickTime Required" and then it says "QuickTime version 7.0d0 is installed, iTunes requires QuickTime version 7.1.3 or later. Please reinstall iTunes." So i reins
-
Convert scientific notation value into normal number
hi, I am importing excel(.csv) file into Oracle database, a value in excel file 8.70773E+11 is displaying in scientific notation format, i want to store it like 870772521002.
-
Using php-mysql module and Apache2.2 provided with FMS4.5
Hi, we've recently downloaded and upgraded FMS from 3 to 4.5 on a server that has this configuration (before upgrading): - Centos 5.5 - Apache 2.2.3 - mysql 5.0.77 - php 5.3.3 - perl 5.8.8 Everything was fined before upgrading since 3 years. We decid