Nexus 5548 mgmt 0 interface

Similar Messages

• Nexus 5548 and vfc Interfaces - WHY?

  What is a vfc and why do we need to configure it? I find this extremely tedious.
  I  have a Dell blade CNA connected to a Dell M8024-k FCoE transit module,  which is then connected to a Cisco Nexus 5K. The Cisco 5K's FC port is  in NPIV mode and is connected to a Brocade 300 switch. An FC target is  connected to the B300.
  So, in configuring this set up, I see that, in the Cisco 5K, one has to map the CNA's Ethernet MAC-address to a vfc!
  Why  do I have to do this mapping? You dont have to do this with Brocade.  For example, in another lab setup, I have a Dell M8428-k FCF (FCoE)  switch, which is a Brocade ODM, and there is no such mapping necessary.  You bring up a CNA at will, the CNA executees a FIP FLOGI, gets an FPMA  from the FC fabric switch, and a construct is seamlessly built  between that CNA (or perhaps more correctly stated, the N-Port component  of that CNA) and a LUN. NO MANUAL MAPPING is necessary.
  Can  someone explain this Cisco vfc construct and why one has to engage in  this laborious task of mapping every CNA to a vfc? Just trying to  understand....perhaps I am missing something.
  Thank you

  Hello,
  Virtual Fiber Channel ( vfc ) interfaces are used to apply FC features in FCoE link.
  Check out the section " Cisco Nexus 5000 Series Virtual Fibre Channel Interfaces " in following link
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/white_paper_c11-560403.html
  Additional guidelines on vfc configuration are  documented here
  http://www.cisco.com/en/US/partner/docs/switches/datacenter/nexus5000/sw/fcoe/513_n1_1/b_Cisco_n5k_fcoe_config_gd_re_513_n1_1_chapter_0100.html#con_1288652
  Padma

• Connecting NEXUS 5548 1gig interface to 100mbps

  Hi,
  I have a 5548 that I need to connect to a firewall that supports 100 Mbps only.
  Can I configure interface speed on Nexus 5548 interface (GLC-T) to 100 Mbps inorder to connect it to the firewall??
  Regards,
  Sabih

  Hi Sabih,
  The interfaces on a Nexus 5548 can NOT be configured as 100 Mbps.
  If you wish to connect to the firewall via a 100 Mbps connection, you will need to make use of a Fabric Extender (Nexus 2000) that supports 100 Mbps.
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/data_sheet_c78-618603.html
  Thanks,
  Michael

• Nexus 5548 not responding to snmp

  I've got a Nexus 5548 running 6.0(2)N2(3).  It does not use the mgmt interface or management vrf.  It's using a vlan interface for all my management access.
  I have a simple snmp config set up:
  snmp-server community mystring
  My SNMP server is directly connected (no firewalls, no acls).  I can ping my nexus from the SNMP host, but can't get SNMP replies.
  I've done an SNMP debug, nothing happens when I run an snmpwalk.  I also checked show snmp, and it's showing no SNMP input packets.  
  Could this have something to do with trying to use the management vrf?  Or something simple I'm missing?  
  Thanks

  Ha wow -- "sh run snmp" pointed me to the problem. There was a command:
  no snmp-server protocol enable
  That must be a default, I never entered that.  Anyway a 'snmp-server protocol enable' fixed it.  I should have caught that.  Although an hour with TAC also didn't notice it hehe.
  Thanks!

• To be unable to discover a Nexus 5548 wirth DCNM 5.2(2e)

  Hello,
  I am unable to discover 2 Nexus 5548 with the SAN client of DCNM 5.2(2e)
  These Nexus are used like LAN and SAN switch. Each Nexus is a SAN fabric. I would want to use DCNM in order to configurate the zone/zoneset via GUI. These Nexus 5548 run 5.1(3)N2(1b) release.
  The Nexus ARE NOT managed  via the Mgmt interface (OOB) but they are managed via an interface vlan (InB)
  I could not configure rightly
  - the snmp-server user (SNMP user V1/v2 or V3 + group ? )  CLI on Nx
  - to configure the discovery in order that DCNM discover each fabric either from web GU interface or java SAN client
  Please help !

  I believe DCNM requires an ssh login to the Nexus and not SNMP.
  DCNM uses Netconf over SSH protocol. See this earlier posting.

• Telephony Issues on Nexus 5548

  Dear Viewers,
  I have Nexus 5548 devices in one of my client data centers and i have one 3750 switch to which all of these Avaya voice servers connect.
  The 3750 switch was initially connected through a L2 Link to a 6509 catalyst switch and the telephony applications were working correctly.
  The problem arises when i move this 3750 layer 2 link to a Nexus 5548 (OS version 5.1(3)N1 switch. All telephony calls coming from the outside (External calls) are not working as required but the internal calls work as usual.
  What is odd is that when i migrate this L2 link back to the 6509 switch, all works as usual. This is just a layer 2 connection and i am wondering why this is not possible.
  The vlan is accepted on all relevant trunks. I also deactivated igmp snooping on this voice vlan on the Nexus 5548 thinking it would help but in vain.
  Any ideas and suggestions are welcome.
  regards.
  Alain

  This is my radius config......  on a 5K
  radius-server timeout 7
  radius-server host 10.28.42.20 key 7 "Password" auth-port 1645 acct-port 1646 authentication accounting
  radius-server host 10.28.42.21 key 7 "Password" auth-port 1645 acct-port 1646 authentication accounting
  aaa group server radius Radius-Servers
   server 10.28.42.20
   server 10.28.42.21
  aaa authentication login default group Radius-Servers
  ip radius source-interface Vlan1
  aaa authentication login default fallback error local
  And it is currently working. On the radius server i also had to do this to make the users admins once logged in:
  https://supportforums.cisco.com/document/137181/nexus-integration-admin-access-free-radius

• Fabric with two Nexus-5548 and a brocade switch does not get fabric updates

  We have a fabric containing two Nexus 5548 and a Brocade 5000 switch in interop mode 2. When i make changes to the zoning, the first nexus (the fabric principal) and the brocade switch see the zone changes. The second Nexus switch does not see it. There are no error messages but  the change just can't be seen.  What can i do to find out, what goes wrong ?

  Ouch, deprecated is not the word i wanted to read
  We are using 5.1(3)N1(1a) on nexus-rz1-a
  and 6.0(2)N1(2) on nexus-rz2-a.
  The fabric can be seen :
  nexus-rz2-a# show fcs ie vsan 10
  IE List for VSAN: 10
  IE-WWN                   IE     Mgmt-Id  Mgmt-Addr (Switch-name)
  10:00:00:05:1e:90:57:27  S(Rem) 0xfffc01 10.88.133.110 (bc-san1)
  20:0a:00:2a:6a:72:ba:01  S(Loc) 0xfffc1c 10.88.133.105 (nexus-rz2-a)
  20:0a:54:7f:ee:7f:dc:01  S(Adj) 0xfffc0b 10.88.133.100 (nexus-rz1-a)
  [Total 3 IEs in Fabric]
  nexus-rz1-a# show fcs ie vsan 10
  IE List for VSAN: 10
  IE-WWN                   IE     Mgmt-Id  Mgmt-Addr (Switch-name)
  10:00:00:05:1e:90:57:27  S(Adj) 0xfffc01 10.88.133.110 (bc-san1)
  20:0a:00:2a:6a:72:ba:01  S(Adj) 0xfffc1c 10.88.133.105 (nexus-rz2-a)
  20:0a:54:7f:ee:7f:dc:01  S(Loc) 0xfffc0b 10.88.133.100 (nexus-rz1-a)
  [Total 3 IEs in Fabric]
  I try to distribute the zoneset this way:
  zoneset distribute vsan 10
  Zoneset distribution initiated. check zone status
  nexus-rz1-a# show zone status
  VSAN: 10 default-zone: deny distribute: full Interop: 2
      mode: basic merge-control: allow
      session: none
      hard-zoning: enabled broadcast: disabled
  Default zone:
      qos: none broadcast: disabled ronly: unsupported
  Full Zoning Database :
      DB size: 6291 bytes
      Zonesets:1  Zones:62 Aliases: 44
  Active Zoning Database :
      DB size: 10243 bytes
      Name: FABRIC1  Zonesets:1  Zones:60
  Status: Zoneset distribution completed at 08:06:00 UTC Dec  3 2013
  nexus-rz2-a# show zone status
  VSAN: 1 default-zone: deny distribute: active only Interop: default
      mode: basic merge-control: allow
      session: none
      hard-zoning: enabled broadcast: disabled
  Default zone:
      qos: none broadcast: disabled ronly: unsupported
  Full Zoning Database :
      DB size: 4 bytes
      Zonesets:0  Zones:0 Aliases: 0
  Active Zoning Database :
      Database Not Available
  Status:
  VSAN: 10 default-zone: deny distribute: full Interop: 2
      mode: basic merge-control: allow
      session: none
      hard-zoning: enabled broadcast: disabled
  Default zone:
      qos: none broadcast: disabled ronly: unsupported
  Full Zoning Database :
      DB size: 6291 bytes
      Zonesets:1  Zones:62 Aliases: 44
  Active Zoning Database :
      DB size: 10243 bytes
      Name: FABRIC1  Zonesets:1  Zones:60
  Status: Activation completed at 13:03:42 UTC Dec  2 2013

• Command to see transmit qeueing drops in Nexus 5548

  Hello, 10g links in our core are getting rather congested as seen by MRTG graphs. Any command on Nexus 5548 to show transmit queuing drops on a given interface?

  You could use #show queing interface eth 1/1
  it shows you output similar as below:
  NEXUS-1# show queuing interface ethernet 1/1
  Ethernet1/1 queuing information:
    TX Queuing
      qos-group  sched-type  oper-bandwidth
          0       WRR            100
    RX Queuing
      qos-group 0
      q-size: 470080, HW MTU: 9216 (9216 configured)
      drop-type: drop, xon: 0, xoff: 470080
      Statistics:
          Pkts received over the port             : 222434
          Ucast pkts sent to the cross-bar        : 199674
          Mcast pkts sent to the cross-bar        : 22760
          Ucast pkts received from the cross-bar  : 101087
          Pkts sent to the port                   : 145083
          Pkts discarded on ingress               : 0
          Per-priority-pause status               : Rx (Active), Tx (Inactive)
    Total Multicast crossbar statistics:
      Mcast pkts received from the cross-bar      : 43996

• Nexus 5548 L3 daughter card flapping

  Hi guys,
  Anyone of you here that experienced the logs below on their Nexus box:
  2011 Dec 12 06:24:45 GDCNXS5K01 %BTCM-2-BTCM_LOG_ROUTER_ERR: router card in slot 3 has internal link(s) flapped:     router ports down: 0x1a108000 0x1a109000 0x1a10a000 0x1a10b000 0x1a10c000 0x1a10d000 0x1a10e000 0x1a10f000
  I am getting this log at least once a day. Seems like it is shutting down the SVI of the box after the said log occured. Good thing I have enable vPC and I am able to access the NXS5K through the vCP keepalive link (mgmt).
  I have two Nexus 5548, but only one is experiencing the said error.
  Any inputs, suggestions would be greatly appreciated.
  Thanks,
  Edzel

  We had this same problem this past weekend, only in module 2 on a 5596.
  In our case, we had rebooted our primary Nexus and found the following message immediately preceeded the BTCM error you noted:
  %$ VDC-1 %$ %NOHMS-2-NOHMS_DIAG_ERROR: Module 2: Bootup diag detected major event: Forwarding ASIC failure: Ethernet2/9 Ethernet2/10 Ethernet2/11 Ethernet2/12 Ethernet2/13 Ethernet2/14 Ethernet2/15 Ethernet2/16
  We replaced the module.  A "show diag results module 3" would probably show you the same thing.  However, I don't think the error message will show up until you reboot.
  If your flapping Nexus is secondary, you probably won't notice anything major, but if it is your primary, it would probably affect your routing.

• Configuring FET-10G-SR for NEXUS 5548/2248

  Hey everyone-
  I am a little newer with configuring switches and routers, and I have been asked to troubleshoot a FET-10G-SR in our NEXUS 5548 and NEXUS 2248.  I am aware that the ports need to be configured to except FET parts, and I have tried using the "switchport mode fex-fabric" command to configure the ports, but the command will not work for some reason. Can anyone help me with configurations step by step to have these parts work properly? Any help will be greatly appreciated. Thank you!
  Chris Hazell

  It should normally work unless the port is not the proper type of has a configuraiton applied that's incompatible.
  Can you provide the output for "show run int eth ___" and "show int eth___" (substituting your interface number for the "___") for the interface in question?
  Also, if it's the first fex you are adding, you must have enabled "feature fex" globally.

• Help please with TACACS authentication from a Nexus 5548

  I cannot get login working via TACACS from my Nexus 5548.  I've tried creating a group and a single server with key etc.
  Config is simple:
  tacacs-server key 7  ************
  ip tacacs source-interface Vlanx
  aaa group server tacacs+ tacacs
      server 10.x.y.z
  The test aaa command shows it's authenticating:
  NEX01# test aaa server tacacs+  10.x.y.z <username> <password)
  user has been authenticated
  Debug shows this:
  NEX01# 2011 Jun  8 12:31:03 NEX01 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user <username>  from 10.x.y.z- login[1691]
  Am I doing something glaringly wrong here?
  Any advice is greatly appreciated.
  Thank you.

  Hi Paul,
  Looks like may be the packet dont have the route ACS when you try to login .
  Can you share sh run of the switch  ?
  Also do you see failed attempt on tacacs server side. ?
  Can you ping tacacs server with source interface Vlanx?
  Thanks
  Waris Hussain

• Nexus 5548 Layer 3 daughter card insertion

  Hello there,
  I am planning to install Nexus 5548 Layer 3 daughter card. I found the hardware removal procedure on Cisco website but it doesn't say whether it's hot plugged or not. (Since I've to remove existing L2 module so I guess the box needs to be powered off but not sure). Has anybody had the experience in doing the upgrade to share?
  Thanks in advance
  Regards,
  Chinnawoot 
  PS. Detail of the running system
  Cisco Nexus Operating System (NX-OS) Software
  TAC support: http://www.cisco.com/tac
  Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
  The copyrights to certain works contained in this software are
  owned by other third parties and used and distributed under
  license. Certain components of this software are licensed under
  the GNU General Public License (GPL) version 2.0 or the GNU
  Lesser General Public License (LGPL) Version 2.1. A copy of each
  such license is available at
  http://www.opensource.org/licenses/gpl-2.0.php and
  http://www.opensource.org/licenses/lgpl-2.1.php
  AUUT05TRUSDS03# show ver
  Cisco Nexus Operating System (NX-OS) Software
  TAC support: http://www.cisco.com/tac
  Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
  Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
  The copyrights to certain works contained herein are owned by
  other third parties and are used and distributed under license.
  Some parts of this software are covered under the GNU Public
  License. A copy of the license is available at
  http://www.gnu.org/licenses/gpl.html.
  Software
    BIOS:      version 3.6.0
    loader:    version N/A
    kickstart: version 7.0(1)N1(1)
    system:    version 7.0(1)N1(1)
    Power Sequencer Firmware:
               Module 1: version v2.0
               Module 3: version v2.0
    Microcontroller Firmware:        version v1.2.0.1
    SFP uC:    Module 1: v1.0.0.0
    QSFP uC:   Module not detected
    BIOS compile time:       05/09/2012
    kickstart image file is: bootflash:///n5000-uk9-kickstart.7.0.1.N1.1.bin
    kickstart compile time:  3/19/2014 14:00:00 [03/20/2014 10:09:46]
    system image file is:    bootflash:///n5000-uk9.7.0.1.N1.1.bin
    system compile time:     3/19/2014 14:00:00 [03/20/2014 13:54:43]
  Hardware
    cisco Nexus5548 Chassis ("O2 32X10GE/Modular Universal Platform Supervisor")
    Intel(R) Xeon(R) CPU         with 8253860 kB of memory.
    Processor Board ID FOC172441CQ
    Device name: AUUT05TRUSDS03
    bootflash:    1966080 kB
  Kernel uptime is 172 day(s), 21 hour(s), 56 minute(s), 9 second(s)
  Last reset at 126063 usecs after  Wed May 21 12:35:50 2014
    Reason: Reset Requested by CLI command reload
    System version: 7.0(1)N1(1)
    Service: power-sequence cycled
  plugin
    Core Plugin, Ethernet Plugin
  AUUT05TRUSDS03# show lic usage
  Feature                      Ins  Lic   Status Expiry Date Comments
                                   Count
  FCOE_NPV_PKG                  No    -   Unused             -
  FM_SERVER_PKG                 No    -   Unused             -
  ENTERPRISE_PKG                No    -   Unused             -
  FC_FEATURES_PKG               No    -   Unused             -
  VMFEX_FEATURE_PKG             No    -   Unused             -
  ENHANCED_LAYER2_PKG           Yes   -   Unused Never       -
  LAN_BASE_SERVICES_PKG         No    -   Unused             -
  LAN_ENTERPRISE_SERVICES_PKG   No    -   Unused             -

  I ended up getting the answer from TAC. First put in these two commands:
  test ethpm l3 enable-show-iport
  test port-channel l3 enable-show-ipc
  Then you will get some new port channels showing up (127 and 128).
  I'm not sure what 128 is for, but 127 is the internal port channel for the L3 card. Then you can view stats and poll with SNMP against the interface...
  show interface port-channel 127

• Link Error Nexus 5548

  Hi All,
  I have issues with Nexus 5548 ports 1000Gb ports. They go down after sometime with the error " Link not connected " while the links are connected. When i move the connections to other ports they work but after a while the go down again with the same error. I can confirm that is currently down was working and its currently connected. Has anyone seen the error before?
  Kindly see the output from the interface thats currently down below:
  VNX_NEXUS# sho interface eth1/11
  Ethernet1/11 is down (Link not connected)
    Hardware: 1000/10000 Ethernet, address: 002a.6a71.1f92 (bia 002a.6a71.1f92)
    Description: Link_to_EMC_RPA3
    MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA
    Port mode is access
    auto-duplex, 1000 Mb/s, media type is 10G
    Beacon is turned off
    Input flow-control is off, output flow-control is off
    Rate mode is dedicated
    Switchport monitor is off
    EtherType is 0x8100
    Last link flapped 2d23h
    Last clearing of "show interface" counters 5w6d
    30 seconds input rate 0 bits/sec, 0 packets/sec
    30 seconds output rate 0 bits/sec, 0 packets/sec
    Load-Interval #2: 5 minute (300 seconds)
      input rate 0 bps, 0 pps; output rate 0 bps, 0 pps
    RX
      43384443 unicast packets  30 multicast packets  1496 broadcast packets
      43385969 input packets  7837558138 bytes
      0 jumbo packets  0 storm suppression bytes
      0 runts  0 giants  0 CRC  0 no buffer
      0 input error  0 short frame  0 overrun   0 underrun  0 ignored
      0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
      0 input with dribble  0 input discard
      0 Rx pause
    TX
      56587244 unicast packets  3937125 multicast packets  1487058 broadcast packets
      62011427 output packets  14141808286 bytes
      0 jumbo packets
      0 output errors  0 collision  0 deferred  0 late collision
      0 lost carrier  0 no carrier  0 babble 0 output discard
      0 Tx pause
    18 interface resets

  Hi Leo,
  What confuses me is that the connection was working. I used the correct cable and the port type as well. How do i resolve this?

• Upgrading Nexus 5548

  Hi,
  We want to upgrade our pair of Nexus 5548 to the new NX-OS 5.1(3)N2(1a) from the 5.0(3)N1(1c) version. We would like to use the ISSU procedure. But when we execute the command "show spannig-tree issu-impact" we get the following output:
  No Active Topology change Found!
  Criteria 1 PASSED !!
  No Ports with BA Enabled Found!
  Criteria 2 PASSED!!
  List of all the Non-Edge Ports
  Port             VLAN Role Sts Tree Type Instance
  Ethernet2/8      1803 Desg FWD  PVRST      1803
  The 1803 vlan is only used for the peer-keepalive link and it only exists on these two Nexus. So one of the two Nexus needs to be the STP root. That makes the ports on that vlan to be in designated-forwarding state, which is not supported for the ISSU:
  sh run int e2/8
  !Command: show running-config interface Ethernet2/8
  !Time: Fri Jun  8 17:04:33 2012
  version 5.0(3)N1(1c)
  interface Ethernet2/8
    switchport access vlan 1803
    speed 1000
  That is the only port that belongs to that VLAN and it is directly connected to the other Nexus 5548. So the only way we see to avoid this port of being in designated-forwarding state is to apply the "no spanning-tree vlan 1803" command. Would it be a problem?
  We can imagine that introducing the "spanning-tree port type edge" should not be a good idea, shouldn´t it?
  Thank you very much for your help!
  Josu

  Hi,
  Reviewing all the prerequisites for the ISSU, we have seen the following:
  SSU and Layer 3
  Cisco Nexus 5500 Platform switches support Layer 3 functionality. However, the system cannot be upgraded with the ISSU process (non disruptive upgrade) when Layer 3 is enabled. It is required to unconfigure all Layer 3 features to be able to upgrade in a non disruptive way with an ISSU.
  We have the interface-vlan feature enabled. But it is only used for two interfaces:
  - interface-vlan 510 --> It is only used in order connect to the switch
  - interface-vlan 1803 --> The one used for the keepalive
  We could administratevely shutdown the interface-vlan 510. But we could not do so with the interface-vlan 1803, since it is used for the keepalive. If we execute "no feature interface-vlan", would the keepalive stop working?
  When we execute "sh install all impact ..." command the Nexus does not tell anything about this feature. Is really recommended to disable it? Is it needed for the ISSU procedure?
  Thank you very much in advance!!
  JOSU

• Connectivity Issue between Nexus 5548 to VNX 5300

  Hi All,
  I am doing a lab setup where i want to connect Nexus 5548 UP to VNX 5300 storage directly. The physical connectivity is established between switch and storage but On Nexus the status of the port shows "linkFailure". I tried matching the port mode (like Auto, F) and speed but the port always shows "linkFailure".
  The connectivity from Nexus to VNX is FC.
  Anyone can suggest the root cause or any troubleshooting steps.
  Regards,
  Abhilash

  LinkFailure might be a GUI status.
  show interface fcx/y might say,
  Link failure or not connected
  The physical layer link is not operational.
  This means the switch is not detecting light, so the phyiscal layer is the cable and lasers (sfp's, HBAs or whatever adapter the VNX uses).  It could mean you need to turn the interfaace up from the vnx side.