Nexus 6004 TOR connectivity to Brocade DCX

Hi Experts,
I am facing an issues in our new data centre. We want to install Nexus 6004 in the TOR and connect the FC links back to the existing DCX?
I see from the datasheets that the 6004 now has native FC capability. Is it supported to set the 6004 to NPIV mode and connect as an Access gateway to the edge for the Brocade SAN?
Any advise appreciated as I really want to push CISCO at the TOR.
digduggo

See Figure 6-2 Converged Multi-hop FCoE Network Design Using FCoE NPV
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/fcoe/513_n1_1/ops_fcoe/ops_fcoe_npv.html
You have to use NPV on N5k, there is no FC interop support on N5k, to connect to Brocade.

Similar Messages

Highest supported Brocade DCX firmware version to be interoperable with Cisco Nexus 5020

A Cisco Nexus 5020 (FCoE) switch is connected to Brocade DCX-B switch.
5020 is at latest firmware level of 5.0.2.N2.1
Brocade is at firmware level of 6.2.1b
If we need to upgrade brocade firmware, what is the maximum revision we can go to? Is there some documentation available for interoperability between the code levels of the two hardwares?

Hi Anwarul,
Please refer to "Table 7-10 Nexus InterOp Matrix" near the end of this link:
http://www.cisco.com/en/US/docs/switches/datacenter/mds9000/interoperability/matrix/Matrix7.html
Regards,
Ken

Nexus 5596 connection to Brocade 5100

Hi All
I would like to connect the Nexus 5500 to a Brocade 5100 FC switch. I was hoping is somebody has done this before and can provide sample configuration. The Brocade connects to the SAN. The Nexus 5500 will connect to a server with a CNA.
Any help or direction would be much appreciated.
Regards
Ahmed

Hi All
I would like to connect the Nexus 5500 to a Brocade 5100 FC switch. I was hoping is somebody has done this before and can provide sample configuration. The Brocade connects to the SAN. The Nexus 5500 will connect to a server with a CNA.
Any help or direction would be much appreciated.
Regards
Ahmed

Nexus 6004 EIGRP Relationship between the two switches

Hi All,
I will try to explain this as best as I can. In our current TEST LAB we have a Pair of Cisco ASA5585x running in Active/Passive mode. We use a VRF transit to connect the 10 GB interface to a Pair of Cisco Nexus 6004 (L3) switches running vPC between them. Downstream we also have a pair of Cisco 9372 switches (L2) also running vPC between the two.
As of right now we have EIGRP neighbor relationship formed between the two N6K's and the ASA.
ASA
ciscoasa# sh eigrp neighbors
EIGRP-IPv4 neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.230.9 Te0/8.451 12 01:30:25 1 200 0 52
0 172.16.230.10 Te0/8.451 12 01:30:25 1 200 0 48
The ASA formed relationship with both N6K's
SWITCH1
Nexus6-1# sh ip eigrp neighbors vrf inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.8.3 Vlan680 11 01:28:28 1 50 0 45
1 172.16.230.10 Vlan451 13 01:28:28 1 50 0 46
2 172.16.230.11 Vlan451 10 01:28:00 4 50 0 13
Nexus6-1#
SWITCH2
Nexus6-2# sh ip eigrp neighbors vrf Inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
2 172.16.8.2 Vlan680 14 01:30:11 23 138 0 48
0 172.16.230.9 Vlan451 13 01:30:11 480 2880 0 50
1 172.16.230.11 Vlan451 13 01:29:48 1598 5000 0 13
Nexus6-2#
Both Nexus Switches formed EIGRP neighbors using the vPC Peer-Link. There is enough documentation out there that strongly suggest not to use vPC Peer-Links for EIGRP anything.
We do have additional interfaces available on the 6K's that we can use as a cross connect for EIGRP. What we are having trouble understanding how we can force EIGRP traffic over those ports?
Here is a complete Switch config:
Switch1
Nexus6-1# sh run
feature telnet
cfs eth distribute
feature eigrp
feature interface-vlan
feature lacp
feature vpc
feature lldp
vlan 1
vlan 451
name P2P_VRF_SVI
vlan 652
name Management
vlan 680
name Inside
vrf context Inside
vrf context management
ip route 0.0.0.0/0 172.16.52.1
vrf context peer-keepalive
vpc domain 99
role priority 1
peer-keepalive destination 10.200.50.2 source 10.200.50.1 vrf peer-keepalive
delay restore 120
interface Vlan1
interface Vlan451
description Inside p2p to ASA
no shutdown
vrf member Inside
ip address 172.16.230.9/29
ip router eigrp 100
no ip passive-interface eigrp 100
interface Vlan651
interface Vlan680
description Inside Network
no shutdown
vrf member Inside
ip address 172.16.8.2/22
ip router eigrp 100
interface port-channel99
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel102
switchport mode trunk
vpc 102
interface Ethernet1/1
description vPC Peer Link 1.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet1/6
interface Ethernet1/7
description vPC Peer Link 1.7 to Nexus 9372 PRI
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet2/1
description vPC Peer Link 2.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet2/2
interface Ethernet2/7
description vPC Peer Link 2.1 to Nexus SEC
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet2/8
interface Ethernet8/1
description keep-alive peer-link to ALNSWI02
no switchport
vrf member peer-keepalive
ip address 10.200.50.1/30
interface Ethernet8/2
description Uplink to ASA
switchport mode trunk
interface Ethernet8/3
interface mgmt0
vrf member management
ip address 172.16.52.3/23
line console
line vty
boot kickstart bootflash:/n6000-uk9-kickstart.7.0.1.N1.1.bin
boot system bootflash:/n6000-uk9.7.0.1.N1.1.bin
router eigrp 100
passive-interface default
default-information originate
vrf Inside
autonomous-system 100
default-information originate
poap transit
Nexus6-1#
Nexus6-1# sh ip eigrp neighbors vrf inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.8.3 Vlan680 11 01:28:28 1 50 0 45
1 172.16.230.10 Vlan451 13 01:28:28 1 50 0 46
2 172.16.230.11 Vlan451 10 01:28:00 4 50 0 13
Nexus6-1#
Nexus6-1# sh ip eigrp topology vrf Inside
IP-EIGRP Topology Table for AS(100)/ID(172.16.8.2) VRF Inside
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 172.16.8.0/22, 1 successors, FD is 2816
via Connected, Vlan680
P 172.16.230.8/29, 1 successors, FD is 2816
via Connected, Vlan451
Nexus6-1# sh vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 99
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
id Port Status Active vlans
1 Po99 up 1,451,652,680
vPC status
id Port Status Consistency Reason Active vlans
102 Po102 up success success 1,451,652,6
80
Nexus6-1# sh spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 1005.caf5.88ff
Cost 2
Port 4197 (port-channel102)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
Eth8/3 Desg FWD 2 128.1027 P2p
VLAN0451
Spanning tree enabled protocol rstp
Root ID Priority 33219
Address 8c60.4f2d.2ffc
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33219 (priority 32768 sys-id-ext 451)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Desg FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
VLAN0652
Spanning tree enabled protocol rstp
Root ID Priority 33420
Address 1005.caf5.88ff
Cost 2
Port 4197 (port-channel102)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33420 (priority 32768 sys-id-ext 652)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
VLAN0680
Spanning tree enabled protocol rstp
Root ID Priority 33448
Address 1005.caf5.88ff
Cost 2
Port 4197 (port-channel102)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33448 (priority 32768 sys-id-ext 680)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
Nexus6-1#
Switch2
Nexus6-2# sh run
!Command: show running-config
!Time: Sat Feb 12 19:02:44 2011
version 7.0(1)N1(1)
hostname Nexus6-2
feature telnet
cfs eth distribute
feature eigrp
feature interface-vlan
feature lacp
feature vpc
feature lldp
vlan 1
vlan 451
name P2P_VRF_SVI
vlan 652
name Management
vlan 680
name Inside
vrf context Inside
vrf context P2P_Inside_VRF
vrf context management
ip route 0.0.0.0/0 172.16.52.1
vrf context peer-keepalive
vpc domain 99
role priority 2
peer-keepalive destination 10.200.50.1 source 10.200.50.2 vrf peer-keepalive
delay restore 120
interface Vlan1
interface Vlan451
description Inside p2p to ASA
no shutdown
vrf member Inside
ip address 172.16.230.10/29
ip router eigrp 100
no ip passive-interface eigrp 100
interface Vlan680
description Inside Network
no shutdown
vrf member Inside
ip address 172.16.8.3/22
ip router eigrp 100
interface port-channel99
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel102
switchport mode trunk
vpc 102
interface Ethernet1/1
description vPC Peer Link 1.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet1/2
interface Ethernet1/6
interface Ethernet1/7
description vPC Link 1.7 to Nexus 9372 SEC
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet1/8
interface Ethernet1/12
interface Ethernet2/1
description vPC Peer Link 2.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet2/2
interface Ethernet2/6
interface Ethernet2/7
description vPC Link 2.1 to Nexus PRI
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet2/8
interface Ethernet2/12
interface Ethernet8/1
description keep-alive peer-link to ALNSWI01
no switchport
vrf member peer-keepalive
ip address 10.200.50.2/30
interface Ethernet8/2
description Uplink to ASA
switchport mode trunk
switchport trunk allowed vlan 1,451,652,680
interface Ethernet8/3
interface Ethernet8/20
interface mgmt0
vrf member management
ip address 172.16.52.4/23
line console
line vty
boot kickstart bootflash:/n6000-uk9-kickstart.7.0.1.N1.1.bin
boot system bootflash:/n6000-uk9.7.0.1.N1.1.bin
router eigrp 100
vrf Inside
autonomous-system 100
default-information originate
poap transit
logging logfile messages 6
Nexus6-2#
Nexus6-2#
Nexus6-2# sh ip eigrp neighbors vrf Inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
2 172.16.8.2 Vlan680 14 01:30:11 23 138 0 48
0 172.16.230.9 Vlan451 13 01:30:11 480 2880 0 50
1 172.16.230.11 Vlan451 13 01:29:48 1598 5000 0 13
Nexus6-2#
Nexus6-2# sh ip eigrp topology vrf Inside
IP-EIGRP Topology Table for AS(100)/ID(172.16.8.3) VRF Inside
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 172.16.8.0/22, 1 successors, FD is 2816
via Connected, Vlan680
P 172.16.230.8/29, 1 successors, FD is 2816
via Connected, Vlan451
Nexus6-2#
Nexus6-2#
Nexus6-2# sh vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 99
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
id Port Status Active vlans
1 Po99 up 1,451,652,680
vPC status
id Port Status Consistency Reason Active vlans
102 Po102 up success success 1,451,652,6
80
Nexus6-2#
Nexus6-2#
Nexus6-2# sh spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 1005.caf5.88ff
Cost 3
Port 4194 (port-channel99)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 8c60.4f2d.777c
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Root FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
Eth8/3 Desg FWD 2 128.1027 P2p
VLAN0451
Spanning tree enabled protocol rstp
Root ID Priority 33219
Address 8c

Jon,
Are you ready for the mass confusion?
when Looking at the ASA EIGRP neighbors output here is what I see.
ASA# sh eigrp neighbors
EIGRP-IPv4 neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO Q Seq
                                            (sec)         (ms)       Cnt Num
3   172.16.230.1            Te0/8.450        13 16:45:14 1    200   0   64
2   172.16.230.2            Te0/8.450        11 16:45:14 1    200   0   84
1   172.16.230.10           Te0/8.451        11 16:45:20 1    200   0   178
0   172.16.230.9            Te0/8.451        13 16:45:20 1    200   0   148
For simplicity sake lets just concetrate on Interface TenGigabit0/8.451 which is the SVI on the Nexus switch that is VLAN451
From the Nexus Switch 6004 that is directly connected to the ASA here is what I see
SWI01# sh ip eigrp neighbors vrf Inside
IP-EIGRP neighbors for process 100 VRF Inside
H   Address                 Interface       Hold Uptime SRTT   RTO Q Seq
                                            (sec)         (ms)       Cnt Num
0   172.16.8.3              Vlan680         10   17:04:30 54   324   0   177
1   172.16.230.10           Vlan451         11   16:59:10 819 4914 0   178
2   172.16.230.11           Vlan451         14   16:53:48 24   144   0   20
The Inside VRF that is tied to both SVI's on the Switch vlans 451 and 680 is in EIGRP 100 on the switch
SWI01# sh run int vlan 451
interface Vlan451
description Inside p2p to ASA
no shutdown
vrf member Inside
ip address 172.16.230.9/29
ip router eigrp 100
no ip passive-interface eigrp 100
SWI01# sh run int vlan 680
interface Vlan680
description Inside Network
no shutdown
vrf member Inside
ip address 172.16.8.2/22
ip router eigrp 100
hsrp 1
    authentication text test
    preempt
    priority 250
    ip 172.16.8.1
so you with me so far?
If you are you have noticed that on the ASA neighbors the ASA sees 172.16.230.11 as a neighbor which is the Secondary Nexus SW. That is becauise they all share the same subnet.
172.16.230.8/29
Brakedown:
PRI Nexus 6004 - 172.16.230.9
SEC NEXUS 6004 - 172.16.230.10
PRI ASA 5585x - 172.16.230.11
SEC ASA 5585x - 172.16.230.12
Because the ASA EIGRP network is a /29 it learns the Secondary Nexus via the Primary Nexus.
I am not sure that the link we created between the two Nexus Switches is doing anything but consuming ports right now.
SWI01# sh run int ethernet 8/9
interface Ethernet8/9
description EIGRP PORT to Secondary Nexus
switchport mode trunk
switchport trunk allowed vlan 450-451
SWI02# sh run int ethernet 8/9
interface Ethernet8/9
description EIGRP PORT to Primary Nexus
switchport mode trunk
switchport trunk allowed vlan 450-451
So the SVI's that go up to the ASA for inspection are 450 and 451. The network SVI's are 600 and 680 all of them live on the switch, and 680, and 600 are extended over the peer links down to the 9372's.
I think that we are breaking the golden rule of vPC BUT.. I am not 100% sure. Some of the documents read that we should not be allowing network vlans over peer links, but then how do you extend the vlans down to the leaf switch?
This is giving me nightmares at the moment…
does this make sense?

Brocade DCX Fiberchannel trunk via Cisco ONS not working

We have a SAN environment over 2 locations. On each location they placed a Brocade DCX 8510 SAN switch. The Inter site link is provided via CISCO ONS.
We use at both sites a MXP_MR_10DME card with two interfaces. We created two circuits and configured the ports at FC4G.
So when we connect the brocade switches directly to the ONS it works perfect. We then have 2 4GB fiberchannel connections.
However we would like to trunk these connection to a 2x 4GB channel.
On the Brocade switches we configured both interfaces connected to the ONS as Trunk.
Both switches see each other but no traffic will run over this trunk. When we disable one port of the Brocade in this trunk then traffic starts to flow.
Questions:
Is it possible to create a trunk between the brocades via ONS?. ( we know that it will work with a direct fiber connection).
I know you can do trunking by using other cards but is this possible with the 1-DMEX-C cards.
So is the ONS aware of a trunk. I suppose that the ONS should be transparent.
If anybody has done did before, do we need to configure something specific on the ONS or Brocade switches..?
THX.

Nevermind...
I have been given the wrong SFP modules.

Nexus 6004 vs 6509 for Cores?

My organization is in the process of implementing two projects:
*Replacing our cores
*Upgrading our server access switches
Our current cores are dual WS-C6509's running in HSRP mode. We are upgrading them to new 6509's so we can implement VSS. They have not been installed yet, but we do have the equipment in our posession and mostly configured.
We are also in talks to purchase two Nexus 6004 chassis along with sixty 2232TM-E FEX's. It looks like this is going to happen soon. We use 4506's for our server access layer and are looking for the 6004/2000 Nexus platform to replace all of these 4506's.
What are the pro's and con's of skipping the 6509's and instead using the 6004/2232TM-E setup as our Core and Access layer?

You can just use the 6000 and eliminate the 6500 altogether. I am deploying 6004 as layer-3 and also for FEXs and server connectivity. One thing to remember is that with the current Nexus-OS if you are using the 6ks as layer-3, you can only connect 24 FEXa to a pair of 6ks. If you are using them as layer-2 only then the number is 48.
The other thing you should know is that the 6ks are 40Gig only. So, in order to connect for example a FEX or another device to it using 10Gig, you need to purchase the special 40Gig to 10Gig cable. This cable has a 40gig interface and one side and 4 10gig on the other side. We get ours from Panduat and they work really well. These cables are not cheap. They cost is about $500 per cable.
If you need part number for the cable and you need more info let me know.
http://www.panduit.com/wcs/Satellite?c=Page&childpagename=Panduit_Global%2FPG_Layout&cid=1345564328975&packedargs=locale%3Den_us%26prod_cat_id%3D3%26prod_id%3D3&pagename=PG_Wrapper
HTH

Nexus 6004 FC NPIV

I am looking at replacing my MDS 9506 (2) with 4 nexus 6004.
FC will connect to the new 20 port UP cards on the nexus 6004
some info req.
Configurations simiilar to that of mDS
support for zoning
npiv support
what lic is required NPIV - FC
vsan
dcns
optics from MDS 9506 will work on nexus 6004
fcoe support - lic req

Please look at
http://www.cisco.com/c/en/us/products/collateral/switches/nexus-6000-series-switches/datasheet-c78-732277.html
which contains the hardware features as well as the licenses.
It is easy to migrate a configuration from MDS to Nexus 6004.
Be aware, that there might be features, which are not available on Nexus, e.g. IVR.
Also, the native FC speed limitation is 8 Gbps !
Cisco SFP's from MDS should work ok in Nexus 6004
http://www.cisco.com/c/en/us/products/collateral/storage-networking/mds-9000-series-multilayer-switches/product_data_sheet09186a00801bc698.html

Nexus 6004: Question about port-profile type port-channel

I'm setting up a new deployment of Nexus 6004 switches and want to utilize port-profiles as much as possible to simplify management down the road.
All uplinks to other switches, routers and firewalls will be connected using VPC:s. On the port-channels (vpc) the only thing that will change over time is the allowed vlans.
It seems that port-profiles of the type port-channel does not behave in the same way as those with type ethernet, at least not when adding vlans.
If I modify the port-profile using "switchport trunk allowed vlan add XXX" it will delete the previous config and only retain "switchport trunk allowed vlan add XXX", and not merge it with the previous config as is expected.
Question: Is this a bug or is it working as intended?
RH_N6K4_01(config-sync)# switch-profile rh
Switch-Profile started, Profile ID is 1
RH_N6K4_01(config-sync-sp)# port-profile type port-channel FIREWALL-UPLINK
RH_N6K4_01(config-sync-port-prof)# switchport trunk allowed vlan 3
RH_N6K4_01(config-sync-port-prof)# verify
Verification Successful
RH_N6K4_01(config-sync-sp)# commit
Verification successful...
Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Commit Successful
RH_N6K4_01(config-sync)# show port-profile
SHOW PORT_PROFILE
port-profile FIREWALL-UPLINK
type: Port-channel
description:
status: enabled
max-ports: 512
inherit:
config attributes:
switchport mode trunk
switchport trunk allowed vlan 3
evaluated config attributes:
switchport mode trunk
switchport trunk allowed vlan 3
assigned interfaces:
===================================
RH_N6K4_01(config-sync-sp)# port-profile type port-channel FIREWALL-UPLINK
RH_N6K4_01(config-sync-port-prof)# switchport trunk allowed vlan add 84
RH_N6K4_01(config-sync-port-prof)# verify
Verification Successful
RH_N6K4_01(config-sync-sp)# commit
Verification successful...
Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
Please avoid other configuration changes during this time.
Commit Successful
RH_N6K4_01(config-sync)# show port-profile
SHOW PORT_PROFILE
port-profile FIREWALL-UPLINK
type: Port-channel
description:
status: enabled
max-ports: 512
inherit:
config attributes:
switchport mode trunk
switchport trunk allowed vlan add 84
evaluated config attributes:
switchport mode trunk
switchport trunk allowed vlan add 84
assigned interfaces:
Expected behavior here would be "switchport trunk allowed vlan 3,84". This only occurs when using "port-profile type port-channel" not when using "port-profile type ethernet"

<> is template syntax and is generally the type of object a container holds.. So it is defining that the MSGQUEUE type is a deque holding struct_buffer*'s.

Issues with Tor connection

Hi,
First here is my network information.
I'm in university, where there is a direct connection to the internet. But the firewall blocks all outgoing ports except 80 and 443. In addition they seem to be preventing CONNECT calls over HTTP to tunnel other protocols.
I'm trying to use Tor. In my Torrc i set the following options
## CONFIGURED FOR ARCHLINUX
## Last updated 22 July 2005 for Tor 0.1.0.13.
## (May or may not work for older or newer versions of Tor.)
## See the man page, or http://tor.eff.org/tor-manual.html, for more
## options you can use in this file.
# On Unix, Tor will look for this file in someplace like "~/.tor/torrc" or
# "/etc/torrc"
# On Windows, Tor will look for the configuration file in someplace like
# "Application Data\tor\torrc" or "Application Data\<username>\tor\torrc"
# With the default Mac OS X installer, Tor will look in ~/.tor/torrc or
# /Library/Tor/torrc
# Set the Tor Circuit Build time to find faster tor servers, increments of seconds
CircuitBuildTimeout 2
# connections while Tor is not in use.
KeepalivePeriod 60
# Force Tor to consider whether to build a new circuit every NUM seconds.
NewCircuitPeriod 15
# Set How many entry guards we should we keep at a time
NumEntryGuards 8
## Replace this with "SocksPort 0" if you plan to run Tor only as a
## server, and not make any local application connections yourself.
SocksPort 9050 # what port to open for local application connections
SocksBindAddress 127.0.0.1 # accept connections only from localhost
#SocksBindAddress 192.168.0.1:9100 # listen on a chosen IP/port too
## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SocksPolicy is set, we accept
## all (and only) requests from SocksBindAddress.
#SocksPolicy accept 192.168.0.1/16
#SocksPolicy reject *
## Allow no-name routers (ones that the dirserver operators don't
## know anything about) in only these positions in your circuits.
## Other choices (not advised) are entry,exit,introduction.
AllowUnverifiedNodes middle,rendezvous
## Logs go to stdout at level "notice" unless redirected by something
## else, like one of the below lines. You can have as many log lines as
## you want.
## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
#Log notice file /var/log/tor/notices.log
## Send only debug and info messages to /var/log/tor/debug.log
#Log debug-info file /var/log/tor/debug.log
## Send ONLY debug messages to /var/log/tor/debug.log
#Log debug-debug file /var/log/tor/debug.log
## To use the system log instead of Tor's logfiles, uncomment these lines:
Log notice syslog
## To send all messages to stderr:
#Log debug stderr
## Uncomment this to start the process in the background... or use
## --runasdaemon 1 on the command line.
RunAsDaemon 1
User tor
Group tor
## Tor only trusts directories signed with one of these keys, and
## uses the given addresses to connect to the trusted directory
## servers. If no DirServer lines are specified, Tor uses the built-in
## defaults (moria1, moria2, tor26), so you can leave this alone unless
## you need to change it.
#DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441
#DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
#DirServer 86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
## The directory for keeping all the keys/etc. By default, we store
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
DataDirectory /var/lib/tor
## The port on which Tor will listen for local connections from Tor controller
## applications, as documented in control-spec.txt. NB: this feature is
## currently experimental.
#ControlPort 9051
############### This section is just for location-hidden services ###
## Look in .../hidden_service/hostname for the address to tell people.
## HiddenServicePort x y:z says to redirect a port x request from the
## client to y:z.
#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22
#HiddenServiceNodes moria1,moria2
#HiddenServiceExcludeNodes bad,otherbad
################ This section is just for servers #####################
## NOTE: If you enable these, you should consider mailing your identity
## key fingerprint to the tor-ops, so we can add you to the list of
## servers that clients will trust. See
## http://tor.eff.org/doc/tor-doc.html#server for details.
## Required: A unique handle for this server
#Nickname ididnteditheconfig
## The IP or fqdn for this server. Leave commented out and Tor will guess.
#Address noname.example.com
## Contact info that will be published in the directory, so we can
## contact you if you need to upgrade or if something goes wrong.
## This is optional but recommended.
#ContactInfo Random Person <nobody AT example dot com>
## You might also include your PGP or GPG fingerprint if you have one:
#ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com>
## Required: what port to advertise for tor connections
#ORPort 9001
## If you want to listen on a port other than the one advertised
## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment
## the line below. You'll need to do ipchains or other port forwarding
## yourself to make this work.
#ORBindAddress 0.0.0.0:9090
## Uncomment this to mirror the directory for others (please do)
#DirPort 9030 # what port to advertise for directory connections
## If you want to listen on a port other than the one advertised
## in DirPort (e.g. to advertise 80 but bind 9091), uncomment the line
## below. You'll need to do ipchains or other port forwarding yourself
## to make this work.
#DirBindAddress 0.0.0.0:9091
## A comma-separated list of exit policies. They're considered first
## to last, and the first match wins. If you want to *replace*
## the default exit policy, end this with either a reject *:* or an
## accept *:*. Otherwise, you're *augmenting* (prepending to) the
## default exit policy. Leave commented to just use the default, which is
## available in the man page or at http://tor.eff.org/documentation.html
## Look at http://tor.eff.org/faq-abuse.html#TypicalAbuses
## for issues you might encounter if you use the default exit policy.
## If certain IPs and ports are blocked externally, e.g. by your firewall,
## you should update your exit policy to reflect this -- otherwise Tor
## users will be told that those destinations are down.
#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
#ExitPolicy accept *:119 # accept nntp as well as default exit policy
#ExitPolicy reject *:* # middleman only -- no exits allowed
ReachableDirAddresses *:80
ReachableORAddresses *:443
But Tor is unable to connect. Here is the log
Tor[5442]: No current certificate known for authority moria1; launching request.
Tor[5442]: No current certificate known for authority tor26; launching request.
Tor[5442]: No current certificate known for authority dizum; launching request.
Tor[5442]: No current certificate known for authority ides; launching request.
Tor[5442]: No current certificate known for authority gabelmoo; launching request.
Tor[5442]: No current certificate known for authority dannenberg; launching request.
Tor[5442]: Your application (using socks4 to port 80) is giving Tor only an IP address. Applications t
hat do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more inf
ormation, please see http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS.
Tor[5442]: Application request when we're believed to be offline. Optimistically trying directory fetc
hes again.
I can't find any documentation about this issue.
Thanks.

## Tor only trusts directories signed with one of these keys, and
## uses the given addresses to connect to the trusted directory
## servers. If no DirServer lines are specified, Tor uses the built-in
## defaults (moria1, moria2, tor26), so you can leave this alone unless
## you need to change it.
#DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441
#DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
#DirServer 86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
Try uncomment this...
Maybe tor need this address
Sorry for my very bad english, i am from Brazil, add me in GTalk if you need more support.
[email protected]
Good luck!

Maximum Distance for FCOE on Nexus 6004

Hi,
We have a fabric composed by 2 Nexus 6004. The links between the 2 Nx 6004 are configured with vE_ports.
What is the maximum length for the links between the 2 Nexus 6004 ?
Many thanks in advance.
Nicolas.

I found the following, which is most likely not up to date
Q. Is the Nexus 6004 capable of long distance FCoE and will this functionality work at FCS?
The Nexus 6004 hardware allows FCoE distances up to 100km with 10GbE interface, 30km with 40GbE interface between two Nexus 6004 devices. However at FCS, the FCoE distance will be limited to 300m. Future software release will provide CLI tuning options to support longer distance.
•300m FCoE at FCS (optical transceiver distance limitation)
10-km FCoE for 10 GE and 40 GE ports with global QoS policy (roadmap)

The meaning of Interface Ethernet250/1 under the Nexus 2000 is connected to Nexus 5000 switch

Dear all,
Recently, I prepared and deploy a network monitoring system to monitor the new generation Nexus connected network. With using snmpwalk to query the interfacs information from the Nexus 5000 switch (one Nexus 2000 is connected to it via FlexLink), I found that other than normal Nexus 5000 and 2000 ports(ifName to be Ethernet1/1, Ethernet1/2, ... Ethernet190/1/1, Ethernet190/1/2...), a series of interface with ifName Ethernet250/1, Ethernet250/2, .... to be appeared in the interface SNMP tree. With logged into the Nexus 5000 and issue display interface command, I can only found the information on the normal interfaces but not the abnormal interface Ethernet250/1, ...
Would someone know what is it (do E250/1 is a logical interface like port channel or VLAN) and how to monitor it ? Thanks in advances.
HC Wong

I've not seen that myself. Could it perhaps be a VPC (Virtual Portchannel)?

Cisco Nexus 6004 | Fibre Tx and Rx Levels

Hi All,
On the Nexus 6004 series, does anybody know how to see the light levels for the optics.
I am using the command: show interface ethernet 2/5/4 transceiver details which outputs:
Ethernet2/5/4
    transceiver is present
    type is QSFP-40G-CSR4
    name is CISCO
    part number is AFBR-79EEPZ-CS2
    revision is 02
    serial number is XXXXXXXX
    nominal bitrate is 10300 MBit/sec
    Link length supported for 50/125um OM3 fiber is 300 m
    Link length supported for 50/125um OM2 fiber is 82 m
    cisco id is --
    cisco extended id number is 16
           SFP Detail Diagnostics Information (internal calibration)
                Current              Alarms                  Warnings
                Measurement     High        Low         High          Low
Temperature   47.63 C        75.00 C     -5.00 C     70.00 C        0.00 C
Voltage        3.32 V         3.63 V      2.97 V      3.46 V        3.09 V
Current        0.00 mA        0.00 mA     0.00 mA     0.00 mA       0.00 mA
Tx Power        N/A            N/A         N/A         N/A           N/A
Rx Power        N/A            N/A         N/A         N/A           N/A
Note: ++ high-alarm; + high-warning; -- low-alarm; - low-warning
Is it a case that the SFP's in this instance do not support the light level information? the controller, optics or wdm commands are not available on the Nexus.
Thanks all for your support.

Hi Marvin,
The System version: 6.0(2)N1(2)
Software
BIOS:      version 2.6.0
loader:    version N/A
kickstart: version 6.0(2)N2(2)
system:    version 6.0(2)N2(2)
Power Sequencer Firmware:
             Module 0: version v5.0
             Module 1: version v2.0
             Module 2: version v2.0
             Module 3: version v2.0
             Module 4: version v2.0
Fabric Power Sequencer Firmware: Module 0: version v3.0
Microcontroller Firmware:        version v1.1.0.3
QSFP Microcontroller Firmware:
             Module 1: v1.3.0.0
             Module 2: v1.3.0.0
             Module 3: v1.3.0.0
             Module 4: v1.3.0.0

Connecting many Brocade switches to Nexus 5548UP

Hello,
I have a SAN network composed of few separate PODs. Each POD is divided into SAN-A and SAN-B. Most of those PODs are Brocade switches (FOS 6.1). There are also few Nexus 5520s. Now, we have built new core infrastructure with Nexus 5548UPs and many MDS 9148s. We would like to move all servers and sotrage from old Brocades to the new SAN. As we cannot move all devices at the same time, all segments must be connected to the core for some time. Each POD has different zoning. Some zonings on Brocade switches are based on PWWN, some on Domain ID and Port ID. In my opinion, the only way of successfuly connecting all PODs together is to merge zones manualy (in excel, etc). and paste them on all switches. However, maybe there is some other way of merging all zones? What if I leave Nexus 5548UP in native mode (so zones from Brocade will not get merged), and only implement that manually merged zoneset on Nexus 5548UP? Will the ISL links get isolated due to zoning merge failure? Or they will maintain operational state even if zones are different on each POD? I do not have any lab boxes, so I cannot test it. Any advidse will be appreciated.
Best regards,
Krzyszof

well since you can not cluster the 45K as a virtual switch ( Cisco with new sup will start support VSS in the 4500 try to check which sup exactly and if you can upgrade as this will make a significant improvement to your design )
anyway the only method that you can use currently is the traditional way which is depending on STP ( use rapid-PVST)
from each N5K use one separate link to each 45K and STP will put on of the links in blocking mode
however you might do some STP and vlan design for load sharing where you can send vlan x over link1 and vlan y over link b to the 45K using STP cost
HTH

Nexus keeps loosing connection, any ideas???

Just got my Nexus yesterday but it keeps loosing data connection, wifi does the same. Help!

Hi,
If this is to the AIM server and you are using the SSL option try it without the SSL option ticked.
8:30 PM Tuesday; November 8, 2011
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
 G4/1GhzDual MDD (Leopard 10.5.8)
 MacBookPro 2Gb( 10.6.8)
 Mac OS X (10.6.8),
"Limit the Logs to the Bits above Binary Images."  No, Seriously

VSAN Configuration Connecting to Brocade Fabric

Hi All,
I'm connecting UCS 6120 fabric interconnects to 2 Brocade FC fabrics. Should I configure VSANs on the 6120's (I don't think Brocade supports them), or just use the default VSAN1?
Thanks.

You're correct. The brocade has no concept of VSAN. Just use the default VSAN 1. Also ensure the brocade has NPIV enabled.
Regards,
Robert

Nexus 6004 TOR connectivity to Brocade DCX

Similar Messages

Maybe you are looking for