Nexus 7000 DNS VRF-aware
Hi all,
I want to implement DNS VRF-aware in Nexus 7k running 5.2.X. My goal is to define a domain name and static IP hosts in Nexus per VRF which will serve DNS requests.
I looked into documentation and mentions only DNS VRF aware as DNS client. The following link describes the functionality Im looking for:
http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/ipaddr/configuration/guide/xe_3s/iad_xe_3s_book/iad_vrf-aw_dns_xe.html#wp1069798
Please find network diagram attached upload with the original post.
Similar Messages
-
Nexus 7000 route leak from GRT (default VRF) to other VRF's
Hello
We have a Nexus 7000 infrastructure whereby we have had multiple VDC's and VRF's deployed. A requirement has now come about whereby one of these VRF's needs to be able to see our GRT (default VRF) so we need to leak the GRT routes into the VRF and vice versa.
I have been doing a lot of reading and I am happy with the how this works with inter-VRF route leaking but I seem to missing a few things in respect of how this works with the GRT.
I have also read on another forum that this is not supported. See link below.
https://supportforums.cisco.com/document/133711/vrf-configuration-and-verification-nexus-7000
Does anyone have experience of this? I can also see how this works in IOS and I have GNS3 and got this working.
We use BGP currently so we are able to use MP-BGP if required.
Any help would be very useful.Hi,
In Table 14 of the Cisco Nexus 7000 Series NX-OS Verified Scalability Guide the verified limit is specified as 1000 per system i.e., across all VDCs for NX-OS release 5.2, 6.0 and 6.1.
There is a footnote associated with this number which states:
With each new VDC configured, the number of configurable VRFs per system is reduced by two as each VDC has a default VRF and management VRFs that are not removable. For example, with 8 configured VDCs on Cisco NX-OS Release 5.2, you can configure up to 984 VRFs per system (either all in one VDC or across VDCs).
Regards -
Privilege Level for Tacacs Account in Nexus 7000
Hi,
I have configured the Tacacs (ACS 4.2v) on Nexus 7000 (as mentioned below) and works fine but unlike IOS (6509) It's doesn't prompt that you are in userexec mode (>) and then need to type enable and password for full privilege.
In n7k when I entered into "configure terminal" It won't allow me to access other commands.
How to login into level 15 privilege mode after authenticating from tacacs
(config)# show running-config tacacs+
tacacs-server key 7 "xxxxx"
tacacs-server host x.x.x.x key 7 "xxxx"
aaa group server tacacs+ TacServer
server x.x.x.x (same ip as tacacs-server host)
use-vrf management
source-interface Vlan2
(config)# show running-config aaa
aaa authentication login default group TacServer
aaa authentication login console local
aaa user default-role
Here below are the commands accessible in "Terminal" currently
(config)# ?
no Negate a command or set its defaults
username Configure user information.
end Go to exec mode
exit Exit from command interpreter
isb.n7k-dcn-agg-1-sw(config)#Hi Jan.nielsen
Issue is resolved but by another way.
I have found the same resolution too of custom attirbute command but the Custom attribute Option for shell command wasn't available in ACS v4.2, so after enabling shell for users and by clicking exec--> Shell Exec and enabling priviledge level 15 in the same box of Shell options, It start working without any command -
Smart call home - HTTPS transport from the Nexus 7000 to Cisco
hi
i try configured call home on nexus 7000 with https transport and proxy server
i follow this guide -
http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/QuickStart_NX7000.pdf
and configured this :
callhome
email-contact XXXXXXXXXXX
phone-contact XXXXXXXXXXX
streetaddress XXXXXXXXXXXXXXXX
destination-profile CiscoTAC-1 transport-method http
destination-profile CiscoTAC-1 http https://tools.cisco.com/its/service/oddce/services/DDCEService
transport http use-vrf management
transport http proxy server XXXXXXXXXX port 8080 --------- XXXXXXXXX = my proxy server
transport http proxy enable
enable
periodic-inventory notification interval 30
i have a problem to install the security certificate , i follow thw guide but i get the error :
failed to load or parse certificate
could not perform CA authentication
when i try test call home eith the command : callhome test
trying to send test callhome message
warning:no callhome message sent
email configuration incomplete for destination profile:full_txt
email configuration incomplete for destination profile:short_txt
Error in transporting http message for CiscoTAC-1
http: Received HTTP code 407 from proxy after CONNECT
i guess the problem is because i didnt install the certificate , how can i install the certificate ?
is this the real problem ?I agree with Bryan that the easiest proxy server to setup for the nexus 7000 is the Transport Gateway. The documentation (certificates) is setup to allow you to connect to a Cisco Transport Gateway or directly into tools.cisco.com. Both have a Cisco certificate.
But that doesn't explain your issue. To answer your issue, you need to look here
http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/SCH31_Ch6.html#wp1039385
except you need your proxy server's chained certificate in PEM format since the Nexus 7000 is going to terminate at your proxy server. Take a look at this line in the documentation.
Input (cut & paste) the CA certificate (chain) in PEM format
The error code 407 you indicated makes sense and indicates "Proxy Authentication Required". You need the certificate installed first. NX-OS uses the openssl crypto library to implement the cert-pki feature if that helps. A complete certificate chain is required. Also, you might make sure the CRL (certificate revocation list) is set to none so it doesn't do that first.
revocation-check none
The 4 chained certificates given in the documentation are tools.cisco.com.cer, Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer, Verisign-Root-CA.cer. The non-nexus 7000 devices just use the last one. Most likely you need a certificate that looks like
your proxy server.cer,Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer, Verisign-Root-CA.cer
If you are using your own root CA (which typically are taken off-line after authorizing subordinate CAs for security reasons) , then make sure that their certificates are in the correct order to be processed so each can be authenticated.
Now you can see why a Cisco proxy server (Transport Gateway) is easier to setup. -
Hi all,
A few months ago I have configured netflow on a Nexus 7000 with NX-OS version 6.0.2.
This was my config:
flow exporter Fluke_NetflowTracker
description export netflow to Fluke_NetflowTracker
destination x.x.x.x use-vrf management
transport udp 2055
source mgmt0
version 9
flow exporter Fluke_Optiview
description export netflow to Fluke_Optiview
destination x.x.x.x transport udp 2055
source Vlanx
version 9
flow monitor MonitorTrafficToFluke
record netflow-original
exporter Fluke_NetflowTracker
exporter Fluke_Optiview
This flow was activated on some SVI's. "ip flow monitor MonitorTrafficToFluke input"
Recently we have upgraded the NX-OS to version 6.1.3. The netflow keeps on working, but the syntax of the netflow configuration has changed. Now you have to add a sampler as well.
So I have created the following sampler.
sampler NetFlow-Sampler
description Netflow Sampler
mode 1 out-of 1000
When I want to update the current configuration with the sampler I can't adapt or remove the existing netflow configuration on the SVI.
NK7(config-if)# no ip flow monitor MonitorTrafficToFluke input
ERROR: A sampler must be configured for an interface on an F2 card
NK7(config-if)# ip flow monitor MonitorTrafficToFluke input sampler NetFlow-Sampler
An additional 1:100 sampler, over the configured sampler is applicable for F2 ports
Error: Sampler can not be changed on Interface Vlanx. Remove flow monitor first.
ERROR: Command has failed
How do I update or remove the existing configuration on the SVI.
I want the config to be "ip flow monitor MonitorTrafficToFluke input sampler NetFlow-Sampler"
Thank you,
Best Regards,
JorisHi Joris,
Try no feature netflow under the interface and try to re-apply the whole configs. Since its a F2 we dont support config changes until 6.2(2) only way is to remove the configs using no feature netflow and re-applying it.
Thanks,
Richard.
*Rate if its useful -
Nexus 7000 vPC modification - avoiding type1 inconsistencies
Hi Everyone,
I need to configure some features on a pair of Nexus 7000's running 4.2(6) - one of them is Root Guard.
I am aware that when I enable Root Guard on the first vPC peer, the vPC will go into suspended state until I configure the other vPC peer identically.
This is causing me a big service disruption headache as I need to do this for a whole Data Centre.
I see on the Nexus 5k, you can do port-profiles which seems to enabled config synchronisation across vPC peers - so I assume the vPC would stay up due to both peers receiving config at exactly the same time - but this feature is not available on Nexus 7k.
Does anybody know for sure if I were to create a scheduled job to run at the same time on both vPC peers with identical config content - i.e. apply Root Guard to vPC - would this prevent the vPC going into suspend state?
If not, do you know of any other ways to prevent vPC going into suspend?
Thanks in advance for any advice!Hi Raj,
thankyou for your response.
We have VPC between Core - Aggregation - all 7k and Aggregation to Access (5ks). VPC down from Core all the way to Access and also up all the way from Access to Core.
So from a STP point of view, the topology is a single switch for Core, Aggregation and Access - so no loops.
I agree this limits the potential for trouble if a switch is plugged into the access layer by mistake for example - but the customer is adamant they want it (RootGuard).
Thanks,
Oswaldo -
Banner login/exec on Nexus 7000
Hi chaps,
do you know where did the banner login/exec go on nexus 7000? :-) Are you aware of any way possible to display custom message to all users, following a successful authentication? (e.g. post-authentication and not a motd, which is prior to user auth)
I now only have banner motd command available on 7k9 with NX-OS 6.2(10).
Thanks in advance!
P.s. I am aware that I can possibly do that using RADIUS or TACACS, but I need it for situations where AAA server is unavailable.Hi Joris,
The rule based SPAN filtering was not introduced until NX-OS 6.2 so will not be available to you with NX-OS 6.1(3).
See the section SPAN in the NX-OS 6.2 release notes.
Regards -
EtherChannel problem on Nexus 7000
Dear NetPro gurus,
One of my customer is trying to setup an EtherChannel (LACP) on a pair of Nexus 7000. However, doesn't matter what we do, the port Eth 1/17 always become suspended. We have tried swapping fiber cables and also swapping SFPs, but no help.
The 1st Nexus 7010 - called 'VIWLRCA'
The 2nd Nexus 7010 - called 'VIWLRCB'
Originally port eth 1/17 are left as 'normal' trunk port, and we can see eth 1/17 shows up fine under 'show interface brief'
viwlrca-PROD# sh run int eth 1/17
interface Ethernet1/17
switchport
switchport mode trunk
udld disable
no shutdown
viwlrca-PROD# sh run int eth 1/18
interface Ethernet1/18
switchport
switchport mode trunk
udld disable
channel-group 20 mode active
no shutdown
viwlrca-PROD# sh int brief
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
Eth1/17 1 eth trunk up none 10G(S) --
Eth1/18 1 eth trunk up none 10G(S) 20
Eth1/19 -- eth routed down SFP not inserted auto(S) --
Eth1/20 -- eth routed down SFP not inserted auto(S) --
Eth1/21 -- eth routed down Administratively down auto(S) --
Eth1/22 -- eth routed down Administratively down auto(S) --
Eth1/23 -- eth routed down Administratively down auto(S) --
Eth1/24 -- eth routed down Administratively down auto(S) --
Eth2/25 -- eth routed down Administratively down auto(D) --
Eth2/26 -- eth routed down Administratively down auto(D) --
Eth2/27 -- eth routed down SFP not inserted auto(D) --
Eth2/28 -- eth routed down SFP not inserted auto(D) --
Eth2/29 -- eth routed down SFP not inserted auto(D) --
Eth2/30 -- eth routed down SFP not inserted auto(D) --
Eth2/31 -- eth routed down SFP not inserted auto(D) --
Eth2/32 -- eth routed down SFP not inserted auto(D) --
viwlrca-PROD#
But as soon as I add the Eth 1/17 back onto PortChannel 20
The Eth 1/17 becomes "Suspended" straight away
viwlrca-PROD# sh int brief
Ethernet VLAN Type Mode Status Reason Speed Por
t
Interface Ch
Eth1/17 1 eth trunk down suspended auto(S) 20
Eth1/18 1 eth trunk up none 10G(S) 20
Eth1/19 -- eth routed down SFP not inserted auto(S) --
Eth1/20 -- eth routed down SFP not inserted auto(S) --
Eth1/21 -- eth routed down Administratively down auto(S) --
Eth1/22 -- eth routed down Administratively down auto(S) --
Eth1/23 -- eth routed down Administratively down auto(S) --
Eth1/24 -- eth routed down Administratively down auto(S) --
Eth2/25 -- eth routed down Administratively down auto(D) --
Eth2/26 -- eth routed down Administratively down auto(D) --
Eth2/27 -- eth routed down SFP not inserted auto(D) --
Eth2/28 -- eth routed down SFP not inserted auto(D) --
Eth2/29 -- eth routed down SFP not inserted auto(D) --
Eth2/30 -- eth routed down SFP not inserted auto(D) --
Eth2/31 -- eth routed down SFP not inserted auto(D) --
Eth2/32 -- eth routed down SFP not inserted auto(D) --
viwlrca-PROD#
viwlrca-PROD# sh port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
Group Port- Type Protocol Member Ports
Channel
20 Po20(SU) Eth LACP Eth1/17(s) Eth1/18(P)
viwlrca-PROD#
Config on Primary Nexus:-
viwlrca-PROD# sh run
!Command: show running-config
!Time: Tue Mar 22 06:04:26 2011
version 5.1(1a)
hostname PROD
cfs eth distribute
feature udld
feature interface-vlan
feature lacp
feature vpc
feature vtp
username admin password 5 $1$pkJaKHZW$Sx4wpDG5xXYkD.QfDk/Cg. role vdc-admin
no ip domain-lookup
ip domain-name vfc.com
crypto key param rsa label viwlrca-PROD.vfc.com modulus 2048
snmp-server user admin vdc-admin auth md5 0x05f7328e3b39a70be09abc3056ec2819 pri
v 0x05f7328e3b39a70be09abc3056ec2819 localizedkey
vrf context management
spanning-tree pathcost method long
spanning-tree port type edge bpduguard default
spanning-tree loopguard default
spanning-tree vlan 1-3967,4048-4093 priority 4096
interface Vlan1
interface Vlan161
ip address 172.30.161.2/24
interface Vlan162
ip address 172.30.162.2/24
interface Vlan163
ip address 172.30.163.2/24
interface Vlan164
ip address 172.30.164.2/24
interface Vlan165
ip address 172.30.165.2/24
interface Vlan190
ip address 172.30.190.2/24
interface port-channel20
switchport
switchport mode trunk
interface Ethernet1/17
switchport
switchport mode trunk
udld disable
channel-group 20 mode active
no shutdown
interface Ethernet1/18
switchport
switchport mode trunk
udld disable
channel-group 20 mode active
no shutdown
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet2/25
interface Ethernet2/26
interface Ethernet2/27
interface Ethernet2/28
interface Ethernet2/29
interface Ethernet2/30
interface Ethernet2/31
interface Ethernet2/32
interface Ethernet2/33
interface Ethernet2/34
interface Ethernet2/35
interface Ethernet2/36
interface Ethernet3/25
interface Ethernet3/26
interface Ethernet3/27
interface Ethernet3/28
interface Ethernet3/29
interface Ethernet3/30
interface Ethernet3/31
interface Ethernet3/32
interface Ethernet3/33
interface Ethernet3/34
interface Ethernet3/35
interface Ethernet3/36
line vty
viwlrca-PROD#
Config for Secondary Nexus 7000
VIWLRCB-PROD# sh run
!Command: show running-config
!Time: Tue Mar 22 09:19:22 2011
version 5.1(1a)
hostname PROD
cfs eth distribute
feature interface-vlan
feature lacp
feature vpc
feature vtp
username admin password 5 $1$Lc486EOm$EtKhZWuxGjWWokfeuUsMk. role vdc-admin
no ip domain-lookup
ip domain-name vfc.com
crypto key param rsa label VIWLRCB-PROD.vfc.com modulus 2048
snmp-server user admin vdc-admin auth md5 0xeb607b54234985ed6740c5fdbb8d84c6 pri
v 0xeb607b54234985ed6740c5fdbb8d84c6 localizedkey
vrf context management
spanning-tree pathcost method long
spanning-tree port type edge bpduguard default
spanning-tree loopguard default
spanning-tree vlan 1-3967,4048-4093 priority 8192
interface Vlan1
interface port-channel20
switchport
switchport mode trunk
interface Ethernet1/17
switchport
switchport mode trunk
channel-group 20 mode active
no shutdown
interface Ethernet1/18
switchport
switchport mode trunk
channel-group 20 mode active
no shutdown
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet2/25
interface Ethernet2/26
interface Ethernet2/27
interface Ethernet2/28
interface Ethernet2/29
interface Ethernet2/30
interface Ethernet2/31
interface Ethernet2/32
interface Ethernet2/33
interface Ethernet2/34
interface Ethernet2/35
interface Ethernet2/36
interface Ethernet3/25
interface Ethernet3/26
interface Ethernet3/27
interface Ethernet3/28
interface Ethernet3/29
interface Ethernet3/30
interface Ethernet3/31
interface Ethernet3/32
interface Ethernet3/33
interface Ethernet3/34
interface Ethernet3/35
interface Ethernet3/36
line vty
VIWLRCB-PROD#
Cheers,
HuntQuick troubleshoot:
Default all interfaces in newly created port-channel as well as the port-channel interface, then delete port-channel interface. Recreate port-channel without the LACP protocol:
interface e1/17,e1/18
switchport
channel-group 20 mode on
no shutdown
exit
interface port-channel20
switchport
switchport mode trunk
no shutdown
exit
show port-channel summ
show int trunk
HTH,
Sean -
Connecting Cisco ASA TenGig to Nexus 7000
I am attempting to connect an ASA 5585 TenGig to a Nexus 7000 F2 TenGig port.
I am seeing the error message Transceiver validation failed when I insert the SFP into the port. I know that the error is removed when I enter the command switchport mode fex-fabric, and have tried the configuration, but am unable to get the link to come up.at either end. I am also aware that LACP is not supported when switchport mode fex-fabric is configured.
ASA is in multiple context mode with portchannel interfaces allocated to the relevant ASA context. Anyone know if I am overlooking something? Anyone run into this issue before?
Nexus 7000:
Eth1/1 1 eth access down Transceiver validation fa auto(D) 2
Eth1/2 1 eth access down Transceiver validation fa auto(D) 2
interface Ethernet1/1
switchport mode trunk
switchport trunk allowed vlan 1-10
channel-group 2 mode active
no shutdown
interface Ethernet1/2
switchport mode trunk
switchport trunk allowed vlan 2-10
channel-group 2 mode active
no shutdown
interface port-channel2
switchport mode trunk
switchport trunk allowed vlan 2-10
ASA5585:
interface TenGigabitEthernet0/6
channel-group 2 mode active
interface TenGigabitEthernet0/7
channel-group 2 mode active
interface Port-channel2
interface Port-channel2.2
vlan 2
interface Port-channel2.3
vlan 3
context inside
allocate-interface Port-channel2.1
allocate-interface Port-channel2.2
config-url disk0:/inside.cfgIn my case, I was getting this error on a interface of a Nexus C6001 with the FET-10G transceiver. I was able to clear it up by temorarily replacing and configuring a slower GLC-T which worked as expected. I then removed all the settings an got the FET-10G to link.
-
Virtualized Lab Infrastructure - 3560G connecting to a Nexus 7000 - Help!
Hi all,
I've been struggling with the configuration for my small environment for a week or so now, and being a Cisco beginner, I'm worried about going down the wrong path, so I'm hoping someone on here would be able to help with my lab configuration.
As you can see from the graphic, I have been allocated VLANs 16-22 for my use, on the Nexus 7000. There are lots of other VLANs in use on the Nexus, by other groups, most of which are routable between one another. VLAN 99 is used for switch management, and VLAN 11, is where the Domain Controller, DHCP and Windows Deployment Server reside for the lab domain. Servers across different VLANs use this DC/DHCP/WDS set of servers. These VLANS route out to the internet successfully.
I have been allocated eth 3/26 on the Nexus, as my uplink connection to my own ToR 3560G. All of my servers, of which there are around 8 in total, are connected to the 3560. I have enabled IP routing on the 3560, and created VLANs 18-22, providing an IP on each. This config has been assigned to all 48 gigabit ports on the 3560 (using the commands in the graphic), and each Windows Server 2012 R2 Hyper-V host connects to the 3560 via 4 x 1GbE connections. On each Hyper-V host, the 4 x 1GbE ports are teamed, and a Hyper-V vSwitch is bound to that team. I then assign the VLAN ID at the vNIC level.
Routing between the VLANs is currently working fine - As a test, i can put 2 of the servers on different VLANs, each with their respective VLAN default gateway, and they can ping between one another.
My challenge is, I'm not quite sure what i need to do for the following:
1) How should I configure the uplink gi 0/52 on the 3560 to enable my VLANs to reach the internet?
2) How should I configure eth 3/26 on the Nexus?
3) I need to ensure that the 3560 is also on the management VLAN 99 so it can be managed successfully.
4) I do not want to route to VLAN 11, as i intend to have my own domain (DC/DNS/DHCP/WDS)
Any help or guidance you can provide would be much appreciated!
Thanks!
MattHi again Jon,
OK, been battling with it a little more.
Here's the config for the 3560:
Current configuration : 11643 bytes
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname CSP_DX_Cluster
no aaa new-model
vtp mode transparent
ip subnet-zero
ip routing
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 16,18-23,99
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 18
switchport trunk allowed vlan 18-22
switchport mode trunk
spanning-tree portfast trunk
<same through interface GigabitEthernet0/48>
interface GigabitEthernet0/52
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 16,99
switchport mode trunk
interface Vlan1
no ip address
interface Vlan16
ip address 10.0.6.2 255.255.255.252
interface Vlan18
ip address 10.0.8.1 255.255.255.0
interface Vlan19
ip address 10.0.9.1 255.255.255.0
interface Vlan20
ip address 10.0.12.1 255.255.255.0
interface Vlan21
no ip address
interface Vlan22
ip address 10.0.14.1 255.255.255.0
interface Vlan99
ip address 10.0.99.87 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.6.1
ip http server
control-plane
l
end
At the Nexus end, the port connecting to the 3560 is configured as:
interface Ethernet3/26
description DX_3560_uplink
switchport
switchport mode trunk
switchport trunk allowed vlan 16,99
no shutdown
Now, the problem I'm currently having, is that on the 3560, things route fine, between VLANs. However, from on a server within one of the VLANs, say, 18, trying to ping the default gateway of the 3560 fails. I can ping 10.0.6.2 which is the 3560-end of VLAN 16, but i can't get over to 10.0.6.1 and beyond. I suspect, it's relating to what you said about "the only thing missing is you also need routes on the Nexus switch for the IP subnets on your 3560 and the next hop IP would be 10.0.6.2 ie the vlan 16 SVI IP on the 3560"
I suspect that, in layman's (my terms!) terms, the Nexus simply doesn't know about the networks 10.0.8.1 (VLAN 18), 10.0.9.1 (VLAN 19) and so on.
So, i need routes on my Nexus to fix this. The problem is, I'm not quite sure what that looks like.
Would it be:
ip route 10.0.8.0 255.255.255.0 10.0.6.2
ip route 10.0.9.0 255.255.255.0 10.0.6.2 and so on?
To give a bit of history, prior to me creating VLANs 18-22 on the 3560, all VLANs originally existing on the Nexus. Everything routed fine out to the internet, for all of the VLANs (with the same subnet settings that i have configured, i.e. 10.0.8.x for VLAN 18 etc), so i'm presuming once I get the Nexus to understand that the IP subnets live on the 3560, traffic should flow successfully to the internet.
Should.... :-) -
Catalyst 6500 - Nexus 7000 migration
Hello,
I'm planning a platform migration from Catalyst 6500 til Nexus 7000. The old network consists of two pairs of 6500's as serverdistribution, configured with HSRPv1 as FHRP, rapid-pvst and ospf as IGP. Futhermore, the Cat6500 utilize mpls/l3vpn with BGP for 2/3 of the vlans. Otherwise, the topology is quite standard, with a number of 6500 and CBS3020/3120 as serveraccess.
In preparing for the migration, VTP will be discontinued and vlans have been manually "copied" from the 6500 to the N7K's. Bridge assurance is enabled downstream toward the new N55K access-switches, but toward the 6500, the upcoming etherchannels will run in "normal" mode, trying to avoid any problems with BA this way. For now, only L2 will be utilized on the N7K, as we're avaiting the 5.2 release, which includes mpls/l3vpn. But all servers/blade switches will be migrated prior to that.
The questions arise, when migrating Layer3 functionality, incl. hsrp. As per my understanding, hsrp in nxos has been modified slightly to better align with the vPC feature and to avoid sub-optimal forwarding across the vPC peerlink. But that aside, is there anything that would complicate a "sliding" FHRP migration? I'm thinking of configuring SVI's on the N7K's, configuring them with unused ip's and assign the same virtual ip, only decrementing the prio to a value below the current standby-router. Also spanning-tree prio will, if necessary, be modified to better align with hsrp.
From a routing perspective, I'm thinking of configuring ospf/bgp etc. similar to that of the 6500's, only tweaking the metrics (cost, localpref etc) to constrain forwarding on the 6500's and subsequently migrate both routing and FHRP at the same time. Maybe not in a big bang style, but stepwise. Is there anything in particular one should be aware of when doing this? At present, for me this seems like a valid approach, but maybe someone has experience with this (good/bad), so I'm hoping someone has some insight they would like to share.
Topology drawing is attached.
Thanks
/UlrichIn a normal scenario, yes. But not in vPC. HSRP is a bit different in the vPC environment. Even though the SVI is not the HSRP primary, it will still forward traffic. Please see the below white paper.
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11-516396.html
I will suggest you to set up the SVIs on the N7K but leave them in the down state. Until you are ready to use the N7K as the gateway for the SVIs, shut down the SVIs on the C6K one at a time and turn up the N7K SVIs. When I said "you are ready", it means the spanning-tree root is at the N7K along with all the L3 northbound links (toward the core).
I had a customer who did the same thing that you are trying to do - to avoid down time. However, out of the 50+ SVIs, we've had 1 SVI that HSRP would not establish between C6K and N7K, we ended up moving everything to the N7K on a fly during of the migration. Yes, they were down for about 30 sec - 1 min for each SVI but it is less painful and waste less time because we don't need to figure out what is wrong or any NXOS bugs.
HTH,
jerry -
Hello,
We recently had a power supply failure in one of our Nexus 7000s, and I noticed that the syslog for the Platform is only present in the default VDC, and not in any of the other VDCs syslogs. Is this by design, or is there a logging level I can turn up in another VDC to capture this log? Thanks for any input
syslog from default VDC -
2013 Mar 18 23:10:34 %PLATFORM-2-PS_CAPACITY_CHANGE: Power supply PS3 changed i
ts capacity. possibly due to power cable removal/insertion (Serial number xxxxxxxx)
nothing in the VDC where I would like to get the logging
default VDC logging level -
xxx7K02# show log level platform
Facility Default Severity Current Session Severity
platform 5 5
0(emergencies) 1(alerts) 2(critical)
3(errors) 4(warnings) 5(notifications)
6(information) 7(debugging)
xxx7K02#
loggging from the specific VDC where we have management tools.
xxx-LOW# show log level platform
Facility Default Severity Current Session Severity
platform 5 5
0(emergencies) 1(alerts) 2(critical)
3(errors) 4(warnings) 5(notifications)
6(information) 7(debugging)
xxx-LOW#Hello Carl,
What version of code are you running on your Nexus 7k?
The expected behavior is:
"When a hardware issue occurs, syslog messages are sent to all VDCs."
http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/virtual_device_context/configuration/guide/vdc_mgmt.html#wp1170241
Dave -
Dell Servers with Nexus 7000 + Nexus 2000 extenders
<< Original post by smunzani. Answered by Robert. Moving from Document section to Discussions>>
Team,
I would like to use some of the existing Dell Servers for new network design of Nexus 7000 + Nexus 2000 extenders. What are my options for FEC to the hosts? All references of M81KR I found on CCO are related to UCS product only.
What's best option for following setup?
N7K(Aggregation Layer) -- N2K(Extenders) -- Dell servers
Need 10G to the servers due to dense population of the VMs. The customer is not up for dumping recently purchased dell boxes in favor of UCS. Customer VMware license is Enterprise Edition.
Thanks in advance.To answer your question, the M81KR-VIC is a Mezz card for UCS blades only. For Cisco rack there is a PCIe version which is called the P81. These are both made for Cisco servers only due to the integration with server management and virtual interface functionality.
http://www.cisco.com/en/US/prod/collateral/ps10265/ps10493/data_sheet_c78-558230.html
More information on it here:
Regards,
Robert -
With Vignesh R. P.
Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions of Cisco expert Vignesh R. P. about the Cisco® Nexus 7000 Series Switches and support for the Cisco NX-OS Software platform .
The Cisco® Nexus 7000 Series Switches introduce support for the Cisco NX-OS Software platform, a new class of operating system designed for data centers. Based on the Cisco MDS 9000 SAN-OS platform, Cisco NX-OS introduces support for virtual device contexts (VDCs), which allows the switches to be virtualized at the device level. Each configured VDC presents itself as a unique device to connected users within the framework of that physical switch. The VDC runs as a separate logical entity within the switch, maintaining its own unique set of running software processes, having its own configuration, and being managed by a separate administrator.
Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
Remember to use the rating system to let Vignesh know if you have received an adequate response.
Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community discussion forum shortly after the event. This event lasts through through January 18, 2013. Visit this forum often to view responses to your questions and the questions of other community members.Hi Vignesh
Is there is any limitation to connect a N2K directly to the N7K?
if i have a an F2 card 10G and another F2 card 1G and i want to creat 3 VDC'S
VDC1=DC-Core
VDC2=Aggregation
VDC3=Campus core
do we need to add a link between the different VDC's
thanks -
LMS 4.2.2 Interface utilisation on Nexus 7000
Hi All,
I'm trying to poll some interfaces for their utilization on a nexus 7000 through LMS 4.2.2.
When I create a poller fot the specific instances, the LMS recognises the instances, but after activating the poller I get the error "No Such Instance - The specified instance is not available".
No info is displayed when I generate an interface utilization report for the specific nexus.
When I activate the automonitor for interface utilization, the interfaces on the nexus are polled.
On the cisco website there are some features listed which LMS does not support on the Nexus 7000, but polling is not in that list (neither in the supported feature list).
Any tips?
Thanks for your help.
JorisAny Idea..??
Maybe you are looking for
-
Is it possible to preview a LabVIEW queue at the opposite end? I'm using LabVIEW 8.6 Many thanks for your help Conway Solved! Go to Solution.
-
Client request / response from a specific jpd instance
Hi all, I have a business process whose instances are long running and need to be individually accessed by multiple clients (mostly pageflow controllers on numerous portlets). How can I possibly target a client receive/send call to/from a specific in
-
my nef files are.turning red in apertutre since latest update. i understand i need to uninstall this . how do i uninstall
-
Mac OSX for the 13-inch Early 2011 Thunderbolt 2.3 GHz Intel Core i5 model.
I got a refurb MacBook Pro two days ago. It is the 13-inch Early 2011 Thunderbolt 2.3 GHz Intel Core i5 model. It came from Apple with Mac OSX 10.7.1 Lion installed on it (and no media on disks). According to EveryMac.com this model originally shippe
-
QT Pro--won't delete the portions of audio I need it to delete
I'm running QT Pro on 64 bit Vista. For some reason, when I record audio (MOV format) on my laptop, I cannot edit portions of it out. I can trim off the ends of the file, but I cannot remove a portion from the middle. Yes, I know how to set the playh