Nexus 5548UP VFC with multiple physical interfaces

I have a physical host that is evenly quad-homed to a pair of 2248PQ Fex's. Each NIC interface is 10Gb.
Each of my fex's is single homed to a 5548UP in a VPC configuration. I am using FCoE and I have CNA's in my host. My design is below.
On the LAN side, I would like to have a full 40Gb LACP / VPC Port channel. On the FC side, I would like to be able to create a VFC on each side, (or multiple VFC's if that is required), and attach it to both interfaces on each side, so that I have two full FC paths from the host to each SAN fabric, also for a total of 40Gb.
I've seen some Cisco diagrams in some much older forum posts that show that this is not possible, but I've seen nothing recent on this. Does anyone know if it's possible?

Hi,
If you have two different storage separated, then how this would be possible since in that condition you need to allow both storage on same Port-channels which I think is not valid design.
Have you got any answer or solution for this ?
Regards
Ajay

Similar Messages

OTV site vlan with multiple overlay interface

Hi,
I have an OTV multihoming sites. 2 sites. 2 otv edge device each site.
and with multiple overlay interface sharing 1 joint interface
otv edge device connected to multiple VDC.
each internal / downlink will forward different vlan for each vdc.
================================
example
int overlay 1
otv extends-vlan 10
int overlay 2
otv extends vlan 20
int eth 2/1
description trunk to VDC1
switchport trunk allowed vlan 10,100
int eth 2/2
description trunk to VDC2
switchport trunk allowed vlan 20,100
otv site-vlan 100
================================
i understand that i can only use 1 site vlan.
so in order for the failover to happen, both eth 2/1 and eth2/2 must fail?
what if only int eth2/1 fail? will the int overlay 1 failover to secondary otv device?
thanks,
ivan

"So when querying the adjacency server the ED then knows which other ED is within the same site?"
Yes for the first part of the question, using the site Vlan unique to each site.
Why do you need a routed link between ED's at local site? You dont need to connect those back-back over L3. Moreover if you want to use it for L3 ADJ over peer-link, you need to make sure that VLAN that you are using is not allowed on the VPC member ports, just on the peer-link, else VPC loop alrorithm will break your traffic.
Are you planning to use multicast or a Unicast deployment? I remember I tried testing the topology in a POC for one of my customer, things did not work as expected in multicast deployment mode and worked fine in Unicast Adjacency server mode. I need to go back and check my notes on this.
I would rather have the join-interface go back to a routed core at site rather than back-back connecivity as it opens up the tested Multicast deployment mode.
Cheers,
-amit singh

Nexus 5548UP lacp with IBM AIX P740

We are currently working in a lab to configure our first pair of 5548UP(with a 2232PP on each) with FCoE to an IBM p740 AIX server. On the Nexus side I have confugured the physical port e100/1/1 (2232pp) to be in a channel-group that will be part of a vpc with the other 5548UP switch, I am trunking all vlans in the etherchannel with the IBM server. Everything is working, i have the port-channel UP, the vfc and vpc when I use ''channel-group x mode ON'' on the physical ports and on the server side the 803.2ad is not active, it's configured ''roundRobin''.
Suppose I want to use LACP for the connections with the server should I configure the Nexus switch port with ''channel-group x mode active'' or ''channel-group x mode passive''? When the server is configured with ''802.3ad'' enabled and when I have ''channel-group x mode active'' or ''passive'' it doesn't work, the port-channel x does not come UP.
Does anyone have an explenation of how I should be configure?
Thanks

Hello,
Using LACP passive or active mode should not make much of a difference as long as one of the sides of the port-channel actively negotiates LACP. In most cases, we just configure both sides to be LACP active.
When you say the port-channel is not working when using LACP, what are the symptoms?
Are the physical ports in "I" state?'
'show port-channel summary' will show this
What does the output of "show lacp counters interface port-channel X" show?
This command will tell you if the Nexus 5K/2K is receiving LACPDUs from the IBM device (and if we are sending them). I would suggest to collect the LACP counters to verify that we are receiving the LACP packets from IBM, otherwise Nexus will not bring up the port-channel. Here is an example output from my lab switch:
5548-2019# show lacp counters interface port-channel 500
                    LACPDUs         Marker      Marker Response    LACPDUs
Port              Sent   Recv     Sent   Recv     Sent   Recv      Pkts Err
port-channel500
Ethernet1/15       16401 16399    0      0        0      0        0
Ethernet1/16       16400 16399    0      0        0      0        0
Regards,
Steven

Zone with multiple logical interfaces

Hi,
How can multiple logical network interfaces be added to a running zone?
I have configured and installed a whole root zone with one shared-ip network interface.
Now, I need to add more logical interfaces to the same zone.
On a physical server with a bge interface, I would create a /etc/hostname file for each logical interface such as
$ ls /etc | grep host
hostname.bge0
hostname.bge0:1
hostname.bge0:2
hostname.bge0:3
hostname.bge0:4
hostname.bge1
hostname.bge1:1
hostname.bge1:2
hostname.bge1:3
hostname.bge3
hosts
$How can the above be done for a zone?

Hi
This requires 2 steps. Firstly update your zone configuration to add the logical interface and its associated IP address.
Assuming from below you want the logical interface to be added to bge0 then do the following replacing the zonename and ip address for whatever is appropriate for you.
# zonecfg -z itchyzone
zonecfg:itchyzone1> add net
zonecfg:itchyzone1:net> set address=192.168.1.21
zonecfg:itchyzone1:net> set physical=bge0
zonecfg:itchyzone1:net> end
zonecfg:itchyzone1> exitYou can do the above as many times as you like to create multiple logical interfaces for the zone.
After doing the above you will need to reboot the zone to get the new logical interface.
However if you cant reboot the zone you can plumb a logical interface into the zone by running something similar to the following (change for your zonename, IP etc) from the global zone:
# ifconfig bge0 addif 192.168.1.21 netmask + broadcast + zone itchyzone1 upyou will now have an extra interface in the zone (in this case called itchyzone1). To verify, login to the zone and run ifconfig -a and you will see your new interface.
# zlogin itchyzone1
[Connected to zone 'itchyzone1' pts/4]
Last login: Mon Oct 5 22:24:15 on pts/4
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
# ifconfig -a
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
bge0:2: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2
        inet 192.168.1.20 netmask ffffff00 broadcast 192.168.1.255
bge0:3: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2
        inet 192.168.1.21 netmask ffffff00 broadcast 192.168.1.255Hope this helps
Martin

Hierarchy with multiple Physical tables

Some time ago there was a post with this subject and I am in need, if you pls, with the same situation:
I am looking for Dim (1) - (1:N)-> Dim (3). And Dim (3) - (1:N)-> Fact.
Suggestion by Mr. Bharath was to, just reduce your snowflake to star in your BMM with Dim (3) as your single LTS. Within the LTS map Dim (1). to Dim (3).
Could someone pls. help me clarifying the suggestion .../
a) Should I use the Dim(3) LTS and how to map Dim(1) ? - I believe we should use a column ? right ? Or just Add the Dim(3) in the LTS tables
Txs. for any hints
Antonio

Hi Antonio,
First of all - try to avoid SNF in BMM.
http://www.oraclebidwh.com/2010/10/obiee-bmm-layer-design-principalsbest-practices/
Comments:
1) You can keep the SNF model in BMM, but if you keep them, then you cannot create an hiearchy with combination of Dim(1) and Dim(3) together as those are two seperate LT.
2) OBIEE will take the shortest path in forming the query. But, if there are multiple shortest path, then OBIEE will use the latest relationship ID in creating the execution plan. For example: Dim (1) is joined with Dim(3) and Dim(4) and your report pulls - Dim(1) and Fact(1), then the shortest path can be either through DIM(3) or Dim(4), and for such scenario's OBIEE will use the ID (latest ID). Say Dim(4) was the latest join - then OBIEE will use Dim(4) in the query to join with Dim(1).
3) I actually do not undertstand your issue here - if you are creating an Hiearchy using Dim(1) and Dim(3) together, then why don;t you pull all the fields from Dim(1) into this LT. And in your presentation create folders if you want both the dimensions to be displayed seperately.
If you are trying to understand and explore OBIEE - then go ahead play with all possible ways you could think off.
Regards,
Bharath

Generics: Requiring a generic type with multiple super-interfaces

Is it possible to use generics to require that a type be a composition of two superclasses? For instance, let's say that I have a method that serializes a List. Since the List interface is not itself serializable (but most List implementations are), I cannot have a compile-time guarantee that a method with the following signature will succeed:
public void serializeList(List serializableList);
However, could I use generics to construct a new signature (sorry about bad generics syntax) like this:
public void serializeList(<? extends List, Serializeable> serializableList);
Thanks.

It's not exactly generics, you want the object to implement both List and Serializable. Generics would let you declare that the List should contain only Serializable objects (don't ask me to write the declaration though).
However you can't even guarantee that a Serializable object can be serialized reliably, since it could contain (directly or indirectly) a reference to an object that isn't serializable. So I wouldn't work too hard on solving that problem.

Cisco ISE with multiple Network interface

Hello,
I am deploying Cisco ISE 1.2 in a distributed deployment and the requirement is to use external Radius proxy feature. ISE PSNs are designed to have 2 L3 NIC's, Eth0 for administration and Eth1 as client side facing NIC for Radius requests. I am interested to know would Cisco ISE in version 1.2 use Eth1 interface to send RADIUS authentication request to external RADIUS Proxy server.
Could not find above information in Cisco SNS-3400 Series Appliance Ports Reference.
http://www.cisco.com/en/US/docs/security/ise/1.2/installation_guide/ise_app_c-ports.html
Thanks
Kumar

Thanks Ahmad for the reply.
Cisco ISE uses standard RADIUS authentication and authorization port to send request to Exteranl RADIUS proxy. As per the interface/port refrence guide of version 1.2 this is listed that is causing a confusion :-
Eth0
Eth1
Eth2
Eth3
Policy Service node
Session
•UDP:1645, 1812 (RADIUS Authentication)
•UDP:1646, 1813 (RADIUS Accounting)
•UDP: 1700 (RADIUS change of authorization Send)
•UDP: 1700, 3799 (RADIUS change of authorization Listen/Relay)
External Identity Stores
and Resources
•TCP: 389, 3268, UDP: 389 (LDAP)
•TCP: 445 (SMB)
•TCP: 88, UDP: 88 (KDC)
•TCP: 464 (KPASS)
•UDP: 123 (NTP)
•TCP: 53, UDP: 53 (DNS)
(Admin user interface authentication and endpoint authentication)
In external Identity Stores and Resources it says Eth0 is used for (Admin user interface authentication and endpoint authentication), where under sessions it lists that all ports can be used for RADIUS Authentication and Authorization.
I am not sure what I am missing to understand between the two if you can highlight that.
Thanks
Kumar

Nexus 5548UP with 1Gb ether to 10Gb ether on same switch

I have a Nexus 5548UP switch with a couple of systems some of which have been configured with 1Gb nic's running various OS's and other that have 10Gb nic's. When I try to SSH from 1Gb box to a 1Gb box everything is fine, when I SSH from 1Gb to 10Gb box it does not work but 10Gb to 10Gb boxes will work. The switch is a fresh install and has one VLAN 51 the first 2 ports are setup with LACP and the only differences is speed of 1000 and 10000 for the boxes attached. Is there some trick or additional configuration that is needed to make 1Gb to 10Gb work for SSH and other applications? I trying to setup some test boxes now to have a repeatable environment and will update when completed.
!Command: show running-config
!Time: Fri Jan 9 18:30:44 2009
version 5.2(1)N1(4)
hostname ISC5548B
no feature telnet
feature lacp
feature lldp
...... account info removed
ssh key rsa 2048
ip domain-lookup
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
vrf context management
ip route 0.0.0.0/0 192.168.52.1
vlan 1
vlan 51
name InfoSec
port-profile default max-ports 512
interface port-channel1
switchport access vlan 51
speed 1000
interface Ethernet1/1
lacp port-priority 500
switchport access vlan 51
speed 1000
channel-group 1 mode active
interface Ethernet1/2
switchport access vlan 51
speed 1000
channel-group 1 mode active
interface Ethernet1/3
switchport access vlan 51
speed 1000
interface Ethernet1/4
switchport access vlan 51
speed 1000
interface Ethernet1/5
switchport access vlan 51
speed 1000
interface Ethernet1/6
switchport access vlan 51
speed 1000
interface Ethernet1/7
switchport access vlan 51
speed 1000
interface Ethernet1/8
switchport access vlan 51
speed 1000
interface Ethernet1/9
switchport access vlan 51
speed 1000
interface Ethernet1/32
switchport access vlan 51
speed 1000
interface Ethernet2/1
switchport access vlan 51
interface Ethernet2/2
switchport access vlan 51
interface Ethernet2/3
switchport access vlan 51
interface Ethernet2/4
switchport access vlan 51
interface Ethernet2/5
switchport access vlan 51
interface Ethernet2/6
switchport access vlan 51
interface Ethernet2/7
switchport access vlan 51
interface Ethernet2/8
switchport access vlan 51
interface Ethernet2/14
switchport access vlan 51
interface Ethernet2/15
switchport access vlan 51
interface Ethernet2/16
switchport access vlan 51
interface mgmt0
ip address 192.168.52.4/24
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.2.1.N1.4.bin
boot system bootflash:/n5000-uk9.5.2.1.N1.4.bin
ISC5548B# show int brief
Ethernet      VLAN    Type Mode   Status Reason                   Speed     Port
Interface                                                                    Ch #
Eth1/1        51      eth access up      none                       1000(D) 1
Eth1/2        51      eth access up      none                       1000(D) 1
Eth1/3        51      eth access up      none                       1000(D) --
Eth1/4        51      eth access up      none                       1000(D) --
Eth1/5        51      eth access up      none                       1000(D) --
Eth1/6        51      eth access up      none                       1000(D) --
Eth1/7        51      eth access up      none                       1000(D) --
Eth1/8        51      eth access up      none                       1000(D) --
Eth1/9        51      eth access up      none                       1000(D) --
Eth1/10       51      eth access up      none                       1000(D) --
Eth1/11       51      eth access up      none                       1000(D) --
Eth1/12       51      eth access up      none                       1000(D) --
Eth1/13       51      eth access down    Link not connected         1000(D) --
Eth1/14       51      eth access down    Link not connected         1000(D) --
Eth1/15       51      eth access up      none                       1000(D) --
Eth1/16       51      eth access down    Link not connected         1000(D) --
Eth1/17       51      eth access down    SFP not inserted           1000(D) --
Eth1/18       51      eth access down    SFP not inserted           1000(D) --
Eth1/28       51      eth access down    SFP not inserted           1000(D) --
Eth1/29       51      eth access down    SFP not inserted           1000(D) --
Eth1/30       51      eth access down    SFP not inserted           1000(D) --
Eth1/31       51      eth access down    SFP not inserted           1000(D) --
Eth1/32       51      eth access down    SFP not inserted           1000(D) --
Eth2/1        51      eth access up      none                        10G(D) --
Eth2/2        51      eth access up      none                        10G(D) --
Eth2/3        51      eth access up      none                        10G(D) --
Eth2/4        51      eth access up      none                        10G(D) --
Eth2/5        51      eth access up      none                        10G(D) --
Eth2/6        51      eth access up      none                        10G(D) --
Eth2/7        51      eth access down    SFP not inserted            10G(D) --
Eth2/8        51      eth access down    SFP not inserted            10G(D) --
Eth2/9        51      eth access down    SFP not inserted            10G(D) --
Eth2/10       51      eth access down    SFP not inserted            10G(D) --
Eth2/11       51      eth access down    SFP not inserted            10G(D) --
Eth2/12       51      eth access down    SFP not inserted            10G(D) --
Eth2/13       51      eth access down    Link not connected          10G(D) --
Eth2/14       51      eth access down    SFP not inserted            10G(D) --
Eth2/15       51      eth access down    Link not connected          10G(D) --
Eth2/16       51      eth access down    Link not connected          10G(D) --
Port-channel VLAN    Type Mode   Status Reason                    Speed   Protocol
Interface
Po1          51      eth access up      none                      a-1000(D) lacp
Port   VRF          Status IP Address                              Speed    MTU
mgmt0 --           up     192.168.52.4                            100      1500
ISC5548B# show interface ethernet 1/3
Ethernet1/3 is up
Dedicated Interface
Hardware: 1000/10000 Ethernet, address: 8c60.4f49.818a (bia 8c60.4f49.818a)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is access
full-duplex, 1000 Mb/s, media type is 10G
Beacon is turned off
Input flow-control is off, output flow-control is off
Rate mode is dedicated
Switchport monitor is off
EtherType is 0x8100
Last link flapped 1d02h
Last clearing of "show interface" counters 1d20h
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 304 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
    input rate 0 bps, 0 pps; output rate 200 bps, 0 pps
RX
    0 unicast packets 0 multicast packets 0 broadcast packets
    0 input packets 0 bytes
    0 jumbo packets 0 storm suppression bytes
    0 runts 0 giants 0 CRC 0 no buffer
    0 input error 0 short frame 0 overrun   0 underrun 0 ignored
    0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
    0 input with dribble 0 input discard
    0 Rx pause
TX
    202 unicast packets 87027 multicast packets 1077 broadcast packets
    88306 output packets 7601016 bytes
    0 jumbo packets
    0 output errors 0 collision 0 deferred 0 late collision
    0 lost carrier 0 no carrier 0 babble 0 output discard
    0 Tx pause
4 interface resets
ISC5548B# show interface ethernet 2/1
Ethernet2/1 is up
Dedicated Interface
Hardware: 1000/10000 Ethernet, address: 8c60.4f23.5de0 (bia 8c60.4f23.5de0)
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is access
full-duplex, 10 Gb/s, media type is 10G
Beacon is turned off
Input flow-control is off, output flow-control is off
Rate mode is dedicated
Switchport monitor is off
EtherType is 0x8100
Last link flapped 1d20h
Last clearing of "show interface" counters never
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 312 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
    input rate 0 bps, 0 pps; output rate 200 bps, 0 pps
RX
    285 unicast packets 0 multicast packets 218 broadcast packets
    503 input packets 32724 bytes
    0 jumbo packets 0 storm suppression bytes
    0 runts 0 giants 0 CRC 0 no buffer
    0 input error 0 short frame 0 overrun   0 underrun 0 ignored
    0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
    0 input with dribble 0 input discard
    0 Rx pause
TX
    406 unicast packets 89109 multicast packets 1077 broadcast packets
    90592 output packets 7827146 bytes
    0 jumbo packets
    0 output errors 0 collision 0 deferred 0 late collision
    0 lost carrier 0 no carrier 0 babble 0 output discard
    0 Tx pause
1 interface resets

I have a laptop connected to a port on the switch and I am currently adding a SUSE 11 SP2 to another port that has a 10G card for a NIC. Once I finished the install I will post more specific tests using ping and SSH to illustrate.
Here is the output you requested.
ISC5548B# show port-channel summary
Flags: D - Down        P - Up in port-channel (members)
        I - Individual H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        S - Switched    R - Routed
        U - Up (port-channel)
        M - Not in use. Min-links not met
Group Port-       Type     Protocol Member Ports
      Channel
1     Po1(SU)     Eth      LACP      Eth1/1(P)    Eth1/2(P)
ISC5548B# sh int po1
port-channel1 is up
Hardware: Port-Channel, address: 8c60.4f49.8188 (bia 8c60.4f49.8188)
MTU 1500 bytes, BW 2000000 Kbit, DLY 10 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is access
full-duplex, 1000 Mb/s
Input flow-control is off, output flow-control is off
Switchport monitor is off
EtherType is 0x8100
Members in this channel: Eth1/1, Eth1/2
Last clearing of "show interface" counters never
30 seconds input rate 560 bits/sec, 0 packets/sec
30 seconds output rate 3064 bits/sec, 2 packets/sec
Load-Interval #2: 5 minute (300 seconds)
    input rate 128 bps, 0 pps; output rate 2.74 Kbps, 2 pps
RX
    578695 unicast packets 11167 multicast packets 1056 broadcast packets
    590918 input packets 760063851 bytes
    0 jumbo packets 0 storm suppression bytes
    0 runts 0 giants 0 CRC 0 no buffer
    0 input error 0 short frame 0 overrun   0 underrun 0 ignored
    0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
    0 input with dribble 0 input discard
    0 Rx pause
TX
    392417 unicast packets 434693 multicast packets 2984 broadcast packets
    830094 output packets 320257324 bytes
    0 jumbo packets
    0 output errors 0 collision 0 deferred 0 late collision
    0 lost carrier 0 no carrier 0 babble 0 output discard
    0 Tx pause
1 interface resets

Include multiple sub-interfaces in Cisco ASA for VPN tunnel

I am trying to create a VPN tunnel between two Cisco ASAs where one ASA has multiple sub-interfaces.
Say, In Cisco ASA 5550(in datacentre), I created multiple subinterfaces with VLAN ID as below:
Inside, int0/1 : 10.1.1.0/24
DMZ, int0/1.100: 10.1.100.0/24 (VLAN 100)
Production, int 0/1.101 : 10.1.101.0/24 (VLAN 101)
Management, int 0/1.102: 10.1.102.0/24 (VLAN 102)
And another Cisco ASA 5505 is only configured with 1 x inside interface Inside, int 0/1: 192.168.1.0/24
So far, I have only been able to provide outside access to one of the sub-interfaces as NAT rule on inside interface didn't work for VLANs. Hence had to issue Global NAT rule to be applied on Production subinterface so that production VLAN can have outside access. I have managed to establish VPN tunnel between two ASAs on Production sub-interface only, Source interface = Production subinterface
Additional settings:
Have ACL to allow all sub interfaces to access outsite ( lower security level)
NAT rules is configured on Production subinterface with Source NAT Type as Dynamic PAT; when this was configured with source interface as inside, PCs behind various VLAN coun't access internet.
I want to establish a site-to-site VPN tunnel with multiple sub-interfaces of Cisco ASA 5550 to Cisco ASA 5505. Would you please suggest what I am missing in my configuration? I need to be able to access multiple VLANs of datacentre from remote site.

I am trying to create a VPN tunnel between two Cisco ASAs where one ASA has multiple sub-interfaces.
Say, In Cisco ASA 5550(in datacentre), I created multiple subinterfaces with VLAN ID as below:
Inside, int0/1 : 10.1.1.0/24
DMZ, int0/1.100: 10.1.100.0/24 (VLAN 100)
Production, int 0/1.101 : 10.1.101.0/24 (VLAN 101)
Management, int 0/1.102: 10.1.102.0/24 (VLAN 102)
And another Cisco ASA 5505 is only configured with 1 x inside interface Inside, int 0/1: 192.168.1.0/24
So far, I have only been able to provide outside access to one of the sub-interfaces as NAT rule on inside interface didn't work for VLANs. Hence had to issue Global NAT rule to be applied on Production subinterface so that production VLAN can have outside access. I have managed to establish VPN tunnel between two ASAs on Production sub-interface only, Source interface = Production subinterface
Additional settings:
Have ACL to allow all sub interfaces to access outsite ( lower security level)
NAT rules is configured on Production subinterface with Source NAT Type as Dynamic PAT; when this was configured with source interface as inside, PCs behind various VLAN coun't access internet.
I want to establish a site-to-site VPN tunnel with multiple sub-interfaces of Cisco ASA 5550 to Cisco ASA 5505. Would you please suggest what I am missing in my configuration? I need to be able to access multiple VLANs of datacentre from remote site.

Single Nexus 5548UP- FCoE configuration with multiple server ports

Hello Everyone,
I am new to Networking so please bear with me.
Here is some background information. We have a SINGLE Nexus 5548 UP switch to which we are connecting both the storage and the UCS C240 M3 servers (with CNA). Both the storage and server has 2 ports each going to this nexus switch.
We want to implement FCoE with this solution.
Below are the steps (for server ports) that I have followed to configure the nexus. But the port not logging into the SAN (no flogi) with the config.
Enable Features
config t
feature lacp
feature dot1x
feature interface-vlan
feature sshServer
feature npiv
end
Confgure Ethernet Ports - Server
configure
interface ethernet 1/17
description To_UCS_rack_server_1_FCoE_port_1
switchport mode trunk
switchport trunk native vlan 6
switchport trunk allowed vlan 1,6
spanning-tree port type edge trunk
priority-flow-control mode on
no shutdown
end
configure
interface ethernet 1/18
description To_UCS_rack_server_1_FCoE_port_2
switchport mode trunk
switchport trunk native vlan 6
switchport trunk allowed vlan 1,6
spanning-tree port type edge trunk
priority-flow-control mode on
no shutdown
end
Create VLAN
configure
vlan 6
name FCOE_VLAN
fcoe vsan 6
end
Setup FCoE QOS
configure terminal
system qos
service-policy type qos input fcoe-default-in-policy
service-policy type queuing input fcoe-default-in-policy
service-policy type queuing output fcoe-default-out-policy
service-policy type network-qos fcoe-default-nq-policy
end
Create vfc for Initiators (UCS Servers)
configure
interface vfc 17
bind interface ethernet 1/17
switchport description virtual_fiber_channel_Server1_Port1
end
configure
interface vfc 18
bind interface ethernet 1/18
switchport description virtual_fiber_channel_Server1_Port2
end
Adding vFC’s to VSAN
configure
vsan database
vsan 6 interface vfc 17
vsan 6 interface vfc 18
Create Zonesets and Zones
configure
show flogi database vsan 6 ----> Do not see any pwwn here???
show fcns database vsan 6
Any help in the regard would be highly appreciated.
Cheers,
KS

Fixed the issue. "switchport trunk native vlan 6" was causing the issue. Maybe the storage and Servers were not configured with proper VLAN's. I removed the native vlan and everything logged in fine.
Any how I have configured a single zone with all 3 servers pWWN's. I know single initiator zoning is the way to go.
Can you please guide me if I can move these servers in their separate zones without any outages? If it helps, all severs have 2 pWWN's. The current zoneset is active with that single zone.
Please let me know if you need any additional details.
Cheers,
KS

Multiple Public IP's on one physical interface for devices behind Router.

Hi guys, I am trying to find information on applying multiple IP addresses to a router
basically one for the Router itself and then some for the devices behind the router, Which i am sure I need to apply some 1 to 1 NATs. I just do not know if i need to specify all the IP addresses on the main interface.
Example being I have a router with WAN ip of xxx.xxx.xxx.xxx/25 , it only has 2 interface one for WAN one for LAN, i have a server I would like assigned its own public IP address. but still on the same LAN network.
Could someone help me out and point me in the right direction with a sample config

I agree with the previous response that you need a static NAT to allow outside resources to initiate traffic to your server. You also will need NAT or PAT using the router interface address to allow the other hosts in your network to access outside.
You do not need to configure any other of the addresses on the router interface other than the primary IP that you assign to the router interface. As long as the other addresses are used for NAT/PAT they are configured in the nat statements and not on the physical interface.
HTH
Rick

C-200 M2 with P81E to Nexus 5548UP

Hi all,
I'm working on a project which is about to set up a Cisco UCS Lab.
Actually the topology looks simple and easy but there must be some missconfiguration on my side because i can't see any of IDs (P81E's wwpn and mac address info) from the Nexus 5548UP.
I connected my 5548UP to MDS 9124 for providing the FCoE traffic to the C-200 Farm.
Then i configured the MDS with NPIV and converted couple of ethernet ports to the FC ports on 5548UP (which i'm using to connect to the MDS)
Finally i connected my C-200M2's VIC to the 5548UP but i couldn't see any information about server. The ports actually are up. But can't see nothing.
Some help and advises will be appreciated.

Padma,
Right now i connected the N5548 directly to the storage for that reason you can not see the fc uplink connections on running-configuration.
On Nexus 5548 ;
     Ethernet 1/1 and Ethernet 1/2 are the server ports (P81E)
     Ethernet 1/15 is the Uplink Ethernet port
     Fc 1/31 1/32 is the Storage Ports
     Storage has been configured for the wwpns and LUNs.
And here is the configuration :
N5548(config-if)# show running-config
!Command: show running-config
!Time: Tue Jan 24 13:32:53 2012
version 5.0(3)N2(1)
feature fcoe
feature telnet
feature lldp
username admin password 5 $1$XCMHODt3$yEItwOs0Vl.LLYyXBPjZu0 role network-admin
no password strength-check
ip domain-lookup
hostname N5548
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
slot 1
port 1-24 type ethernet
port 25-32 type fc
snmp-server user admin network-admin auth md5 0x29cde3d41c6724dcbec14cf28387824d
priv 0x29cde3d41c6724dcbec14cf28387824d localizedkey
snmp-server enable traps entity fru
vrf context management
vlan 1
fcoe vsan 1
fcdomain fcid database
vsan 1 wwn 50:06:0e:80:10:4d:03:60 fcid 0xa10000 dynamic
vsan 1 wwn 50:06:0e:80:10:4d:03:62 fcid 0xa10001 dynamic
interface vfc1
bind interface Ethernet1/1
no shutdown
interface vfc2
bind interface Ethernet1/2
no shutdown
interface fc1/25
interface fc1/26
interface fc1/27
interface fc1/28
interface fc1/29
interface fc1/30
interface fc1/31
no shutdown
interface fc1/32
no shutdown
interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
interface Ethernet1/4
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet1/10
interface Ethernet1/11
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
switchport mode trunk
speed 1000
interface Ethernet1/16
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface mgmt0
ip address 192.168.10.210/24
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.3.N2.1.bin
interface fc1/25
interface fc1/26
interface fc1/27
interface fc1/28
interface fc1/29
interface fc1/30
interface fc1/31
interface fc1/32
N5548(config-if)#

Timesten replication with multiple interfaces sharing the same hostname

Hi,
we have in our environment two Sun T2000 nodes, running SunOS 5.10 and hosting a TT server currently in Release 7.0.5.9.0, replicated between each other.
I would like to have some more information on the behavior of the replication w.r.t. network reliability when using two interfaces associated to the same hostname, the one used to define the replication element.
To make an example we have our nodes sharing this common /etc/hosts elements:
151.98.227.5 TBMAS10df2 TBMAS10df2-10 TBMAS10df2-ttrep
151.98.226.5 TBMAS10df2 TBMAS10df2-01 TBMAS10df2-ttrep
151.98.227.4 TBMAS9df1 TBMAS9df1-10 TBMAS9df1-ttrep
151.98.226.4 TBMAS9df1 TBMAS9df1-01 TBMAS9df1-ttrep
with the following element defined for replication:
ALTER REPLICATION REPLSCHEME
ADD ELEMENT HDF_GNP_CDPN_1 TABLE HDF_GNP_CDPN
CHECK CONFLICTS BY ROW TIMESTAMP
COLUMN ConflictResTimeStamp
REPORT TO '/sn/sps/HDF620/datamodel/tt41dataConflict.rpt'
MASTER tt41data ON "TBMAS9df1-ttrep"
SUBSCRIBER tt41data ON "TBMAS10df2-ttrep"
RETURN RECEIPT BY REQUEST
ADD ELEMENT HDF_GNP_CDPN_2 TABLE HDF_GNP_CDPN
CHECK CONFLICTS BY ROW TIMESTAMP
COLUMN ConflictResTimeStamp
REPORT TO '/sn/sps/HDF620/datamodel/tt41dataConflict.rpt'
MASTER tt41data ON "TBMAS10df2-ttrep"
SUBSCRIBER tt41data ON "TBMAS9df1-ttrep"
RETURN RECEIPT BY REQUEST;
On this subject moving from 6.0.x to 7.0.x there has been some changes I would like to better understand.
6.0.x reported in the documentation for Unix systems:
If a host contains multiple network interfaces (with different IP addresses),
TimesTen replication tries to connect to the IP addresses in the same order as
returned by the gethostbyname call. It will try to connect using the first address;
if a connection cannot be established, it tries the remaining addresses in order
until a connection is established.
Now On Solaris I don't know how to let gethostbyname return more than one interface (the documention notes at this point:
If you have multiple network interface cards (NICs), be sure that “multi
on” is specified in the /etc/host.conf file. Otherwise, gethostbyname will not
return multiple addresses).
But I understand this could be valid for Linux based systems not for Solaris.
Now if I properly understand the above, how was the 6.0.x able to realize the first interface in the list (using the same -ttrep hostname) was down and use the other, if gethostbyname was reporting only a single entry ?
Once upgraded to 7.0.x we realized the ADD ROUTE option was added to teach TT how to use different interfaces associated to the same hostname. In our environment we did not include this clause, but still the replication was working fine regardless of which interface we were bringing down.
My both questions in the end lead to the same doubt on which is the algorithm used by TT to reach the replicated node w.r.t. entries in the /etc/hosts.
Looking at the nodes I can see that by default both routes are being used:
TBMAS10df2:/-# netstat -an|grep "151.98.227."
151.98.225.104.45312 151.98.227.4.14000 1049792 0 1049800 0 ESTABLISHED
151.98.227.5.14005 151.98.227.4.47307 1049792 0 1049800 0 ESTABLISHED
151.98.227.5.14005 151.98.227.4.48230 1049792 0 1049800 0 ESTABLISHED
151.98.227.5.46050 151.98.227.4.14005 1049792 0 1049800 0 ESTABLISHED
TBMAS10df2:/-# netstat -an|grep "151.98.226."
151.98.226.5.14000 151.98.226.4.47699 1049792 0 1049800 0 ESTABLISHED
151.98.226.5.14005 151.98.226.4.47308 1049792 0 1049800 0 ESTABLISHED
151.98.226.5.44949 151.98.226.4.14005 1049792 0 1049800 0 ESTABLISHED
Tried to trace with ttTraceMon but once I brought down one of the interfaces did not see any reaction on either node, if you have some info it would be really appreciated !
Cheers,
Mike

Hi Chris,
Thanks for the reply, I have few more queries on this.
1.Using the ROUTE CLAUSE we can use multiple IPs using priority level set, so that if highest priority level set in thr ROUTE clause for the IP is not active it will fall back to the next level priority 2 set IP. But cant we use ROUTE clause to use the multiple route IPs for replication simultaneously?
2. can we execute multiple schema for the same DSN and replication scheme but with different replication route IPs?
for example:
At present on my system, I have a replication scheme running for a specific DSN with stand alone Master-Subscriber mechanism, with a specific route IP through VLAN-xxx for replication.
Now I want to create and start another replication scheme for the same DSN and replication mechanism with a different VLAN-yyy route IP to be used for replication in parallel to the existing replication scheme. without making any changes to the pre-existing replication scheme.
for the above scenarios, will there be any specific changes respective to the different replication schema mechanism ie., Active Standby and Standalone Master Subscriber mechanism etc.,
If so what are the steps. like how we need to change the existing schema?
Thanks In advance.
Naveen

Mapping in Services Interface with multiple operation... ?

Hi ALL,
I have a SOAP to SOAP scenario here Just PI 7.1 with EHP1 acting a bus no mapping nothing .
1) I have the WSDL file from the receiver system with multiple synchronous operations in it ..i imported the wsdl as External Definition .. i used the same the WSDL file to create the sender Service interface also...
when i created the service interface with the operation in it , i just gave the same operation name from the WSDL.this i followed for the sender and receiver service interface.
1)now the issue is do i need any operation mapping if the service interface has more than one operation ...?
2) I compelted the scenario without any operation mapping ..but i am getting this error ..Problem occurred in receiver agreement for sender -ICRM_D to receiver -EXACTTGETWEBSERVICE_D,http://ICRMtoExactTaetWebservice.com.si_os_ICRM_EXACTTETWEBSERVICE: No standard agreement found for , ICRM_D, , EXACTTARGEBSERVICE_D, http://ICRMtoExactarebservice.com, si_os_ICRM_EXACGETWEBSERVICE..?
pls help me in this issue..
Thanks
Souz

you might want to read this /people/shabarish.vijayakumar/blog/2010/09/08/service-interface-and-multiple-operations--is-it-just-an-hype
you will need to create additional configurations for multiple operations to be supported

How to handle multiple inbound interfaces with WSDL messages

Hi All,
We have a synchronous: Abap Proxy -> XI -> WebService Scenario. The webservice has multiple SoapActions e.g. SearchForProduct_WithX, SearchForProduct_WithY each with different message types. We have tried to use the receiver determination to send the request to the correct soapaction using conditions e.g. if field X in the request is populated use SearchForProduct_WithX action/message.
But when we run it through the proxy we get this error:
<CODE>IF_DETERMINATION.TOO_MANY_IIFS_CASE_BE</CODE>
<ERRORTEXT>Multiple inbound interfaces not supported for synchronous calls</ERRORTEXT>
Does anybody know how we can get around this or how best to deal with the multiple soap actions per wsdl situation.

Hi Yaghya,
We have used conditions in the Interface Determination. Interestingly if we use an HTTP sender adapter we can use this configuration ... but once we try and use ABAP proxies we get the previous error.
Another related question ... when we use the http adapter we get a connection time out exception. Same thing happens if we try and use the wsdl tester at /wsnavigator but we can open the wsdl through the browser. Any idea on this one?
Thanks for all your help.

Nexus 5548UP VFC with multiple physical interfaces

Similar Messages

Maybe you are looking for