Nexus 7000: How many VRF

Similar Messages

• How many VRF-Lite Routing Instances can a 6509-E with a 720-Sup module run?

  I know that in a 4500 style switch it supports a maximum of 64 VRF-lite routing instances. However what is the maximum amount of VRF-Lite routing instances can a 6509-E switch support with a Sup-720 sup module?

  Sup 720  supports 1024 VRF Lites
  see table-1 in this link:
  http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/product_data_sheet09186a0080159856.html
  HTH

• How many VRFs support a SUP7E

  Hello,
  I have a customer that wants to change his CORE devices, he is concerned about the VRFs instances that he can configure, I know that in the SUP2T from the 6500 supports 8,192 VRFs:
  MPLS in hardware to enable use of Layer 3 VPNs and EoMPLS tunneling. Up to 8192 VRFs with a total of up to 256K* forwarding entries per system.
  According to the next link:
  http://www.cisco.com/c/en/us/products/collateral/interfaces-modules/catalyst-6500-series-supervisor-engine-2t/data_sheet_c78-648214.html
  I want to make a comparison between a 6500 with SUP2T and a 4500 with sUP7E but I can't find anything about the VRFs instances in the SUP7E.
  Could anyone please help me answering that question???
  Thanks a lot

  This is the problem. The customer has 2 4507 with SUP-V I think and he want to upgrade. He asked me about one 6509 with SUP2T but I suggested to upgrade to 4507R+E with SUP7E and VSS, I think that the budget of the customer is low...
  He needs at least 4 modules of 48 ports so he can receive all their customers. Regarding SUP7 vs SUP8 the main difference is that the SUP8 supports WLC in the module, and has more switching capacity (928 Gbps vs 848 Gbps of the SUP7).
  Thanks again
  Let me send a copy of the configuration:
  CORE-SWITCH#show run
  Building configuration...
  Current configuration : 77236 bytes
  version 12.2
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  service password-encryption
  service compress-config
  hostname CORE-SWITCH
  boot-start-marker
  boot system flash bootflash:cat4500-entservicesk9-mz.122-31.SGA9.bin
  boot-end-marker
  ip vrf TMX1
  ip vrf TMX2
  ip vrf TMX3
  ip vrf TMX4
  interface Vlan51
   description TMX1
   ip vrf forwarding TMX1
   ip address 192.168.150.65 255.255.255.240
  interface Vlan52
   description TMX2
   ip vrf forwarding TMX2
   ip address 192.168.150.113 255.255.255.240
  As you can see the configuration is so simple, I copy only the VRF side so you can see the VRF configuration that he is doing, as far as I know this is VRF-LITE, BTW he has a lot of static routing with VRFs

• How many Nexus 7000, Nexus 5000 and 2000 can a DCNM deployment support?

  Hi Everyone,
  Good Day! I would like to inquire how many Nexus boxes can a single DCNM deployment support given that we have the recommended server specifications?
  Thanks and Regards,
  Albert

  Hi Lucien,
  I have 2 pair of Nexus switches in my setup as follows
  The first pair connection as below
  ==========================
  Nexus 1 (configured with vpc 1)----- 2 connections------ 6500 catalyst sw1(po 9)
  Nexus 2 (configured with vpc 1) ----- 2 connections------ 6500 catalyst sw2 (po9)
  po2 on nexus pair for vpc peer link
  Spanning tree on Nexus 1
  po1     root fwd1      p2p peer stp
  po2    desg fwd 1   vpc peer link
  Spanning tree on Nexus 2
  po1      altn blk1     p2p peer stp
  po2      root fwd1   vpc peer link
  The second pair connection
  =====================
  Nexus3 (configured with vpc 20 ) ------ 1 connection ------- 6500 catalyst sw1 (po20)
                (configured with vpc 30) ------- 1 connection ------- 6500 catalyst sw2 (po30)
  Nexus4 (configured with vpc 20) ----- 1connection ---- 6500 catalyst sw1 (po20)(stp guard root)
                (configured with vpc 30) ----- 1 connection ----6500 catalyst sw2 (po30)(stp guard root)
  po1 on nexus pair for vpc peer link
  Spanning tree on Nexus 3
  po1      desg fwd1        vpc peer link
  po20    root fwd1           p2p peer stp
  po30    altn blk1            p2p peer stp
  Spanning tree on Nexus 4
  po1      root fwd1           vpc peer link
  po20    root fwd 1          p2p peer stp
  po30    altn blk1               p2p peer stp
  Problem Observed :  High Ping response
  Source server on 1st pair of switches  ; Destination server on 2nd pair of switches
  Ping response from 1st pair of switches to destination server : normal (between 1 to 3 ms)
  Ping response fron 2nd pair of switches to source server  :   (jumping from 3ms to 100+ ms).
  There is no errors or packet drops on any of the above ports, I cannot understand why the ping response is high for connections from second pair.

• Nexus 7000 route leak from GRT (default VRF) to other VRF's

  Hello
  We have a Nexus 7000 infrastructure whereby we have had multiple VDC's and VRF's deployed. A requirement has now come about whereby one of these VRF's needs to be able to see our GRT (default VRF) so we need to leak the GRT routes into the VRF and vice versa.
  I have been doing a lot of reading and I am happy with the how this works with inter-VRF route leaking but I seem to missing a few things in respect of how this works with the GRT.
  I have also read on another forum that this is not supported. See link below.
  https://supportforums.cisco.com/document/133711/vrf-configuration-and-verification-nexus-7000
  Does anyone have experience of this? I can also see how this works in IOS and I have GNS3 and got this working.
  We use BGP currently so we are able to use MP-BGP if required.
  Any help would be very useful.

  Hi,
  In Table 14 of the Cisco Nexus 7000 Series NX-OS Verified Scalability Guide the verified limit is specified as 1000 per system i.e., across all VDCs for NX-OS release 5.2, 6.0 and 6.1.
  There is a footnote associated with this number which states:
  With each new VDC configured, the number of configurable VRFs per system is reduced by two as each VDC has a default VRF and management VRFs that are not removable. For example, with 8 configured VDCs on Cisco NX-OS Release 5.2, you can configure up to 984 VRFs per system (either all in one VDC or across VDCs).
  Regards

• Privilege Level for Tacacs Account in Nexus 7000

  Hi,
  I have configured the Tacacs (ACS 4.2v) on Nexus 7000 (as mentioned below) and works fine but unlike IOS (6509) It's doesn't prompt that you are in userexec mode (>) and then need to type enable and password for full privilege.
  In n7k when I entered into "configure terminal" It won't allow me to access other commands.
  How to login into level 15 privilege mode after authenticating from tacacs
  (config)# show running-config tacacs+
  tacacs-server key 7 "xxxxx"
  tacacs-server host x.x.x.x key 7 "xxxx"
  aaa group server tacacs+ TacServer
      server x.x.x.x (same ip as tacacs-server host)
      use-vrf management
      source-interface Vlan2
  (config)# show running-config aaa
  aaa authentication login default group TacServer
  aaa authentication login console local
  aaa user default-role
  Here below are the commands accessible in "Terminal" currently
  (config)# ?
    no        Negate a command or set its defaults
    username  Configure user information.
    end       Go to exec mode
    exit      Exit from command interpreter
  isb.n7k-dcn-agg-1-sw(config)#

  Hi Jan.nielsen
  Issue is resolved but by another way.
  I have found the same resolution too of custom attirbute command but the Custom attribute Option for shell command wasn't available in ACS v4.2, so after enabling shell for users and by clicking exec--> Shell Exec and enabling priviledge level 15 in the same box of Shell options, It start working without any command

• Smart call home - HTTPS transport from the Nexus 7000 to Cisco

  hi
  i try configured call home on nexus 7000 with https transport and proxy server
  i follow this guide -
  http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/QuickStart_NX7000.pdf
  and configured this :
  callhome
    email-contact XXXXXXXXXXX
    phone-contact XXXXXXXXXXX
    streetaddress XXXXXXXXXXXXXXXX
    destination-profile CiscoTAC-1 transport-method http
    destination-profile CiscoTAC-1 http https://tools.cisco.com/its/service/oddce/services/DDCEService
     transport http use-vrf management
    transport http proxy server XXXXXXXXXX port 8080                --------- XXXXXXXXX = my proxy server
    transport http proxy enable
    enable
    periodic-inventory notification interval  30
  i have a problem to install the security certificate , i follow thw guide but i get the error :
  failed to load or parse certificate
  could not perform CA authentication
  when i try test call home eith the command : callhome test
  trying to send test callhome message
  warning:no callhome message sent
  email configuration incomplete for destination profile:full_txt
  email configuration incomplete for destination profile:short_txt
  Error in transporting http message for CiscoTAC-1
  http: Received HTTP code 407 from proxy after CONNECT
  i guess the problem is because i didnt install the certificate , how can i install the certificate ?
  is this the real problem ?

  I agree with Bryan that the easiest proxy server to setup for the  nexus 7000 is the Transport Gateway. The documentation (certificates) is  setup to allow you to connect to a Cisco Transport Gateway or directly  into tools.cisco.com. Both have a Cisco certificate.
  But that doesn't explain your issue. To answer your issue, you need to look here
  http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/SCH31_Ch6.html#wp1039385
  except  you need your proxy server's chained certificate in PEM format since  the Nexus 7000 is going to terminate at your proxy server. Take a look  at this line in the documentation.
  Input (cut & paste) the CA certificate (chain) in PEM format
  The error code 407 you indicated makes sense and  indicates "Proxy Authentication Required". You need the certificate  installed first. NX-OS uses the openssl crypto library to implement the  cert-pki feature if that helps. A complete certificate chain is required. Also,  you might make sure the CRL (certificate revocation list) is set to none  so it doesn't do that first.
  revocation-check none
  The 4 chained certificates given in the documentation are tools.cisco.com.cer, Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer,  Verisign-Root-CA.cer. The non-nexus 7000 devices just use the last one. Most likely you need a certificate that looks like
  your proxy server.cer,Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer,  Verisign-Root-CA.cer
  If you are using your own root CA (which typically are taken  off-line after authorizing subordinate CAs for security reasons) , then  make sure that their certificates are in the correct order to be  processed so each can be authenticated.
  Now you can see why a Cisco proxy server (Transport Gateway) is easier to setup.

• Netflow Nexus 7000

  Hi all,
  A few months ago I have configured netflow on a Nexus 7000 with NX-OS version 6.0.2.
  This was my config:
  flow exporter Fluke_NetflowTracker
    description export netflow to Fluke_NetflowTracker
    destination x.x.x.x use-vrf management
    transport udp 2055
    source mgmt0
    version 9
  flow exporter Fluke_Optiview
    description export netflow to Fluke_Optiview
    destination x.x.x.x  transport udp 2055
    source Vlanx
    version 9
  flow monitor MonitorTrafficToFluke
    record netflow-original
    exporter Fluke_NetflowTracker
    exporter Fluke_Optiview
  This flow was activated on some SVI's. "ip flow monitor MonitorTrafficToFluke input"
  Recently we have upgraded the NX-OS to version 6.1.3. The netflow keeps on working, but the syntax of the netflow configuration has changed. Now you have to add a sampler as well.
  So I have created the following sampler.
  sampler NetFlow-Sampler
    description Netflow Sampler
    mode 1 out-of 1000
  When I want to update the current configuration with the sampler I can't adapt or remove the existing netflow configuration on the SVI.
  NK7(config-if)# no ip flow monitor MonitorTrafficToFluke input
  ERROR: A sampler must be configured for an interface on an F2 card
  NK7(config-if)# ip flow monitor MonitorTrafficToFluke input sampler NetFlow-Sampler
  An additional 1:100 sampler, over the configured sampler is applicable for F2 ports
  Error: Sampler can not be changed on Interface Vlanx. Remove flow monitor first.
  ERROR: Command has failed
  How do I update or remove the existing configuration on the SVI.
  I want the config to be "ip flow monitor MonitorTrafficToFluke input sampler NetFlow-Sampler"
  Thank you,
  Best Regards,
  Joris

  Hi Joris,
  Try no feature netflow under the interface and try to re-apply the whole configs. Since its a F2 we dont support config changes until 6.2(2) only way is to remove the configs using no feature netflow and re-applying it.
  Thanks,
  Richard.
  *Rate if its useful

• How many DCNM license would be needed?

  I am considering DCNM Enterprise features activation in my fabric. I have Nexus 1x 7000, 1x 5000 and 2x 4000.
  In official description, DCNM license is only an option in Nexus 7000 and has a specific part number of N7K.
  If I would like to active all enterprise features on my all Nexus Switches. Can someone tell me how many DCNM-N7K-K9 would be needed?
  Or just one can cover all my Nexus?
  Thanks very much

  Salut !
  As far as I know you'll need one license per nexus 7k you want to manage. If you want to manage several types of nexus switches, take a look to the "DCNM enterprise license".
  http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6505/ps9369/data_sheet_c78-631924.html

• Query Nexus 7000 Enviroment Status

  Hi,
  I am trying to figure out how to query a Nexus 7010 Chassis about its enviroment. For our IOS Switches we use SNMP and OID 1.3.6.1.4.1.9.9.13.1 and the related sub OIDs. But this does not work on the Nexus 7010 with version 5.1. Is querying the information not supported or is there another OID?

  Hi,I am trying to figure out how to query a Nexus 7010 Chassis about its enviroment. For our IOS Switches we use SNMP and OID 1.3.6.1.4.1.9.9.13.1 and the related sub OIDs. But this does not work on the Nexus 7010 with version 5.1. Is querying the information not supported or is there another OID?
  Hi,
  Check out the below link for nexus 7000 MIB reference ..
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/mib/quickreference/Cisco_Nexus_7000_Series_NX-0S_MIB_Quick_Reference_chapter1.html#con_40545
  Hope to Help !!
  Ganesh.H

• Rule based span on Nexus 7000

  Hi all,
  I'm trying to configure rule based span on my Nexus 7000.
  I want to monitor some vlans, but limit the traffic going to my monitor station by using frame-type ipv4 filter.
  The link below explains how to configure it, but my nexus doesn't recognise the command "mode extended".
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_14span.html#wp1286697
  Am I missing something? I'm running version 6.1.3.
  Thanks,
  Joris
  NEXUS(config)# monitor session 1
  NEXUS(config-monitor)# mode extended
                                     ^
  % Invalid command at '^' marker.
  NEXUS(config-monitor)# mode ?
  *** No matching command found in current mode, matching in (exec) mode ***
    connect  Notify system on modem connection
    restart  Reenabling modem port

  Hi Joris,
  The rule based SPAN filtering was not introduced until NX-OS 6.2 so will not be available to you with NX-OS 6.1(3).
  See the section SPAN in the NX-OS 6.2 release notes.
  Regards

• Log configuration changes to syslog on Nexus 7000?

  I need to be able to log any configuration changes to syslog on our Nexus switches. On IOS this is easy with the archive commands, but I'm a little stuck trying to do this on our Nexus gear. On the IOS gear I run the commands:
  archive
  log config
  logging enable
  logging size 100
  hidekeys
  notify syslog
  How do I do the equivalent on NX-OS?

  ​Cisco NX-OS can log configuration change events along with the individual changes when AAA command accounting is enabled.
  With command accounting enabled, all CLI commands entered, including configuration commands, are logged to the configured AAA server. Using this information, a forensic trail for configuration change events along with the individual commands entered for those changes can be recorded and reviewed.
  Because of this capability, it is strongly advised that AAA command accounting be enabled and configured.
  Refer to the “TACACS+ Command Accounting” section of this document for more information.
  The Nexus 7000, by default keeps a local accounting log of all the configuration commands entered on the device; you can view this with the 'show accounting log' command.
  In NX-OS, we changed the way logging works.  We keep a local accounting log of all the
  configuration changes ("show accounting log"), but if you want to send those logs to a
  server, it must be done with through a TACACS server.  Please see the below documentation:
  Configuring AAA on Nexus
  TACACS command accounting
  -Thanks
  Vinod
  **Encourage Contributors. RATE Them.**

• Nexus 7000, 2000, FCOE and Fabric Path

  Hello,
  I have a couple of design questions that I am hoping some of you can help me with.
  I am working on a Dual DC Upgrade. It is pretty standard design, customer requires a L2 extension between the DC for Vmotion etc. Customer would like to leverage certain features of the Nexus product suite, including:
  Trust Sec
  VDC
  VPC
  High Bandwidth Scalability
  Unified I/O
  As always cost is a major issue and consolidation is encouraged where possible. I have worked on a couple of Nexus designs in the past and have levergaed the 7000, 5000, 2000 and 1000 in the DC.
  The feedback that I am getting back from Customer seems to be mirrored in Cisco's technology roadmap. This relates specifically to the features supported in the Nexus 7000 and Nexus 5000.
  Many large enterprise Customers ask the question of why they need to have the 7000 and 5000 in their topologies as many of the features they need are supported in both platforms and their environments will never scale to meet such a modular, tiered design.
  I have a few specific questions that I am hoping can be answered:
  The Nexus 7000 only supports the 2000 on the M series I/O Modules; can FCOE be implemented on a 2000 connected to a 7000 using the M series I/O Module?
  Is the F Series I/O Module the only I/O Module that supports FCOE?
  Are there any plans to introduce the native FC support on the Nexus 7000?
  Are there any plans to introduce full fabric support (230 Gbps) to the M series I/O module?
  Are there any plans to introduce Fabric path to the M series I/O module?
  Are there any plans to introduce L3 support to the F series I/O Module?
  Is the entire 2000 series allocated to a single VDC or can individual 2000 series ports be allocated to a VDC?
  Is Trust Sec only support on multi hop DCI links when using the ASR on EoMPLS pwire?
  Are there any plans to inroduce Trust Sec and VDC to the Nexus 5500?
  Thanks,
  Colm

  Hello Allan
  The only IO card which cannot co-exist with other cards in the same VDC is F2 due to specific hardware realisation.
  All other cards can be mixed.
  Regarding the Fabric versions - Fabric-2 gives much bigger throughoutput in comparing with Fabric-1
  So in order to get full speed from F2/M2 modules you will need Fab-2 modules.
  Fab2 modules won't give any advantages to M1/F1 modules.
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/data_sheet_c78-685394.html
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/prodcut_bulletin_c25-688075.html
  HTH,
  Alex

• Nexus 7000 supervisor replacement

       I'm trying to get my head around how to replace a supervisor module on a nexus 7000 with a single supervisor.  The setup has the default vdc and one other defined.  So if a sup  was faulty  what is the best way to handle this? I have the default vdc config and the other vdc on a tftpboot server. Whats the easiest  and fastest way to hand this .  In the default vdc add address    and copy  the default vdc config and then when that's in copy the other vdc config file.    Just used to IOS where you normally had a single file and you got the box on the air enough to copy the config file into startup and reloaded .  Hope this makes sense.   Tried to read some  of the docs but it's still not clear what exactly needs to be done.   Thanks for any help...

  That makes sense.
  1. Restore the default VDC config.
  2. Create your second VDC.
  3. Restore the second VDC config.
  Don't forget to have a backup of any license files that you may have purchased, for example MPLS.

• Nexus 7000 fcoe expert advice

  Hi,
  I have one Nexus 7000 with a fcoe supported blade N7K-F132XP-15.
  Want to deply this in the LAB. I created a fcoe port for test purpose which is working. But some things are not very clear to me. I am pointing them below.
  How to create the interface membership for storage VDC. Right now i created shared interfcae with the default VDC. But can i create the interfcae dedicated? What is the difference between when the interface is shared and dedicated ?
  Also, on my shared interfcae while configuring FCoE port, it did not allow me to create priority flow control settings. See the error below.
  fcoe-dvt(config-if)# priority-flow-control mode auto
  ERROR: pfc config not allowed on shared interface (0x1a000000)
  fcoe-dvt(config-if)#
  On Nexus 5020, we have priority flow control settings as "auto" for eahc fcoe interface. In the nexus 7000 case, i dont know what and how priority flow control is taking place.
  Any white paper on Nexus 7000 fcoe will be greatly appreciated.
  Thanks,

  Marko,
  Yes it is supported, here is a link to the interoperability matrix for storage, also  you can find CNA compatibility
  here as well. It is a difficult to find on cisco.com because it has been added in with the MDS.
  http://www.cisco.com/en/US/docs/switches/datacenter/mds9000/interoperability/matrix/Matrix1.html
  Thanks,
  Bill