Nexus 7000 Supervisor Management Port

Hi,
I have a deployment with 2 x Nexus 7009. Both N7K's have dual supervisor modules.
Each Supervisor Module is connected to alternate management switches.
Supervisor 1 is connected to Management Switch 1
Supervisor 2 is connected to Management Switch 2
In the event of a failure of Management Switch 1, access to Supervisor 1 is lost and in turn all access to the N7K.
Is there any method of achieving connectivity to the Active Supervisor (1) when this scenario occurs.Can connectivity be achieved via the Standby Supervisor (other than making the Standby Supervisor the Active Supervisor).
Thanks,
Colm

That is the correct behavior. As long as the primary sup is up, you will see the mgmt0 for the primary Sup up. The second you fail over to the stand-by sup, the mgmt0 for that sup will come up and the old primary will go down. So, it is only one mgmt0 is up at a time.
Make sure both mgmt0 interfaces are in the same vlan and also port fast is turned on so the mgmt ports comes up as soon as possible.
HTH

Similar Messages

Nexus 7K Supervisor Management Port

Hello Everyone,
Any help would be greatly appreciated. Scenario: Currently managing 7K through the active* supervisor's management interface via the defualt VRF (management). In the case of a failover, how would one configure the second supervisor, the one in "ha-standgy"? Would the configuration be copied over to that interface and would just need to provide another link to the OBN switch? Thanks again.

As this post is now a couple of days ago you may have already discovered the answer. However, the vPC requires a unique Port-Channel group for each downstream device between the vPC peer devices, the two N7Ks in this case. Essentially you need to configure three port-channels, one for each of your downstream N5Ks on both your N7K vPC peer devices:-
For example:-
N7K-1
interface ethernet 7/1-2
description to N5k-1
switchport mode trunk
switchport trunk allowed vlan 1-50
channel-group 100 mode active
interface port-channel 100
vpc 100
N7K-2
interface ethernet 7/1-2
description to N5k-1
switchport mode trunk
switchport trunk allowed vlan 1-50
channel-group 100 mode active
interface port-channel 100
vpc 100
N7K-1
interface ethernet 7/9-10
description to N5k-2
switchport mode trunk
switchport trunk allowed vlan 1-50
channel-group 101 mode active
interface port-channel 101
vpc 101
N7K-2
interface ethernet 7/9-10
description to N5k-2
switchport mode trunk
switchport trunk allowed vlan 1-50
channel-group 101 mode active
interface port-channel 101
vpc 101
etc.
Hope this helps
Allan.

Nexus 7000 supervisor replacement

I'm trying to get my head around how to replace a supervisor module on a nexus 7000 with a single supervisor. The setup has the default vdc and one other defined. So if a sup was faulty what is the best way to handle this? I have the default vdc config and the other vdc on a tftpboot server. Whats the easiest and fastest way to hand this . In the default vdc add address and copy the default vdc config and then when that's in copy the other vdc config file. Just used to IOS where you normally had a single file and you got the box on the air enough to copy the config file into startup and reloaded . Hope this makes sense. Tried to read some of the docs but it's still not clear what exactly needs to be done. Thanks for any help...

That makes sense.
1. Restore the default VDC config.
2. Create your second VDC.
3. Restore the second VDC config.
Don't forget to have a backup of any license files that you may have purchased, for example MPLS.

Using SNMP to monitor Nexus 7000 Series Supervisor Module

Hello,
I got a Nexus 7000 supervisor module recently, I met a SNMP problem for this module
I would like to know which specific OIDs to use to monitor the following using SNMP on a Nexus 7000 supervisor module:
- Port status
- CPU total utilization
- Power Supply status
- Chassis Fan status
etc.
The Nexus is quite different from other Cisco devices - any help will be appreciated!

hope help, and
port status OID is ifOperStatus
CPU total utilization OID is 1.3.6.1.4.1.9.9.109.1.1.1.1.6.1
[root@NET-MONITOR-1 ~]#
[root@NET-MONITOR-1 ~]# snmpwalk -On -v 2c -c 360buy 172.17.0.253 ifDescr.83886080
.1.3.6.1.2.1.2.2.1.2.83886080 = STRING: mgmt0
[root@NET-MONITOR-1 ~]#
[root@NET-MONITOR-1 ~]# snmpwalk -On -v 2c -c 360buy 172.17.0.253 ifOperStatus.83886080
.1.3.6.1.2.1.2.2.1.8.83886080 = INTEGER: up(1)
[root@NET-MONITOR-1 ~]#
[root@NET-MONITOR-1 ~]# snmpwalk -On -v 2c -c 360buy 172.17.0.253 1.3.6.1.4.1.9.9.109.1.1.1.1.6.1
.1.3.6.1.4.1.9.9.109.1.1.1.1.6.1 = Gauge32: 21
[root@NET-MONITOR-1 ~]#

Management port of Nexus5020 CMP ?

Hello,
Has the management port of a Nexus 5020 a dedicated CMP processor as on the Nexus 7K switches ?
(ie. does it stay up during a reboot ?)
regards,
Geert

In Nexus 5k, the management port does go down when the switch is rebooted.

Connecting Cisco ASA TenGig to Nexus 7000

I am attempting to connect an ASA 5585 TenGig to a Nexus 7000 F2 TenGig port.
I am seeing the error message Transceiver validation failed when I insert the SFP into the port. I know that the error is removed when I enter the command switchport mode fex-fabric, and have tried the configuration, but am unable to get the link to come up.at either end. I am also aware that LACP is not supported when switchport mode fex-fabric is configured.
ASA is in multiple context mode with portchannel interfaces allocated to the relevant ASA context. Anyone know if I am overlooking something? Anyone run into this issue before?
Nexus 7000:
Eth1/1 1 eth access down Transceiver validation fa auto(D) 2
Eth1/2 1 eth access down Transceiver validation fa auto(D) 2
interface Ethernet1/1
switchport mode trunk
switchport trunk allowed vlan 1-10
channel-group 2 mode active
no shutdown
interface Ethernet1/2
switchport mode trunk
switchport trunk allowed vlan 2-10
channel-group 2 mode active
no shutdown
interface port-channel2
switchport mode trunk
switchport trunk allowed vlan 2-10
ASA5585:
interface TenGigabitEthernet0/6
channel-group 2 mode active
interface TenGigabitEthernet0/7
channel-group 2 mode active
interface Port-channel2
interface Port-channel2.2
vlan 2
interface Port-channel2.3
vlan 3
context inside
allocate-interface Port-channel2.1
allocate-interface Port-channel2.2
config-url disk0:/inside.cfg

In my case, I was getting this error on a interface of a Nexus C6001 with the FET-10G transceiver. I was able to clear it up by temorarily replacing and configuring a slower GLC-T which worked as expected. I then removed all the settings an got the FET-10G to link.

Nexus 7000 - unexpected shutdown of vPC-Ports during reload of the primary vPC Switch

Dear Community,
We experienced an unusual behavior of two Nexus 7000 switches within a vPC domain.
According to the attached sketch, we have four N7Ks in two data centers - two Nexus 7Ks are in a vPC domain for each data center.
Both data centers are connected via a Multilayer-vPC.
We had to reload one of these switches and I expected the other N7K in this vPC domain to continue forwarding over its vPC-Member-ports.
Actually, all vPC ports have been disabled on the secondary switch until the reload of the first N7K (vPC-Role: primary) finished.
Logging on Switch B:
20:11:51 <Switch B> %VPC-2-VPC_SUSP_ALL_VPC: Peer-link going down, suspending all vPCs on secondary
20:12:01 <Switch B> %VPC-2-PEER_KEEP_ALIVE_RECV_FAIL: In domain 1, VPC peer keep-alive receive has failed
In case of a Peer-link failure, I would expect this behavior if the other switch is still reachable via the Peer-Keepalive-Link (via the Mgmt-Port), but since we reloaded the whole switch, the vPCs should continue forwarding.
Could this be a bug or are there any timers to be tuned?
All N7K switches are running on NX-OS 6.2(8)
Switch A:
vpc domain 1
peer-switch
role priority 2048
system-priority 1024
peer-keepalive destination <Mgmt-IP-Switch-B>
delay restore 360
peer-gateway
auto-recovery reload-delay 360
ip arp synchronize
interface port-channel1
switchport mode trunk
switchport trunk allowed vlan <x-y>
spanning-tree port type network
vpc peer-link
Switch B:
vpc domain 1
peer-switch
role priority 1024
system-priority 1024
peer-keepalive destination <Mgmt-IP-Switch-A>
delay restore 360
peer-gateway
auto-recovery reload-delay 360
ip arp synchronize
interface port-channel1
switchport mode trunk
switchport trunk allowed vlan <x-y>
spanning-tree port type network
vpc peer-link
Best regards

Problem solved:
During the reload of the Nexus 7K, the linecards were powerd off a short time earlier than the Mgmt-Interface. As a result of this behavior, the secondary Nexus 7K received at least one vPC-Peer-Keepalive Message while its peer-link was already powerd off. To avoid a split brain scenario, the VPC-member-ports have been shut down.
Now we are using dedicated interfaces on the linecards for the VPC-Peer-Keepalive-Link and a reload of one N7K won't result in a total network outage any more.

Smart call home - HTTPS transport from the Nexus 7000 to Cisco

hi
i try configured call home on nexus 7000 with https transport and proxy server
i follow this guide -
http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/QuickStart_NX7000.pdf
and configured this :
callhome
email-contact XXXXXXXXXXX
phone-contact XXXXXXXXXXX
streetaddress XXXXXXXXXXXXXXXX
destination-profile CiscoTAC-1 transport-method http
destination-profile CiscoTAC-1 http https://tools.cisco.com/its/service/oddce/services/DDCEService
transport http use-vrf management
transport http proxy server XXXXXXXXXX port 8080 --------- XXXXXXXXX = my proxy server
transport http proxy enable
enable
periodic-inventory notification interval 30
i have a problem to install the security certificate , i follow thw guide but i get the error :
failed to load or parse certificate
could not perform CA authentication
when i try test call home eith the command : callhome test
trying to send test callhome message
warning:no callhome message sent
email configuration incomplete for destination profile:full_txt
email configuration incomplete for destination profile:short_txt
Error in transporting http message for CiscoTAC-1
http: Received HTTP code 407 from proxy after CONNECT
i guess the problem is because i didnt install the certificate , how can i install the certificate ?
is this the real problem ?

I agree with Bryan that the easiest proxy server to setup for the nexus 7000 is the Transport Gateway. The documentation (certificates) is setup to allow you to connect to a Cisco Transport Gateway or directly into tools.cisco.com. Both have a Cisco certificate.
But that doesn't explain your issue. To answer your issue, you need to look here
http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/SCH31_Ch6.html#wp1039385
except you need your proxy server's chained certificate in PEM format since the Nexus 7000 is going to terminate at your proxy server. Take a look at this line in the documentation.
Input (cut & paste) the CA certificate (chain) in PEM format
The error code 407 you indicated makes sense and indicates "Proxy Authentication Required". You need the certificate installed first. NX-OS uses the openssl crypto library to implement the cert-pki feature if that helps. A complete certificate chain is required. Also, you might make sure the CRL (certificate revocation list) is set to none so it doesn't do that first.
revocation-check none
The 4 chained certificates given in the documentation are tools.cisco.com.cer, Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer, Verisign-Root-CA.cer. The non-nexus 7000 devices just use the last one. Most likely you need a certificate that looks like
your proxy server.cer,Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer, Verisign-Root-CA.cer
If you are using your own root CA (which typically are taken off-line after authorizing subordinate CAs for security reasons) , then make sure that their certificates are in the correct order to be processed so each can be authenticated.
Now you can see why a Cisco proxy server (Transport Gateway) is easier to setup.

Netflow Nexus 7000

Hi all,
A few months ago I have configured netflow on a Nexus 7000 with NX-OS version 6.0.2.
This was my config:
flow exporter Fluke_NetflowTracker
description export netflow to Fluke_NetflowTracker
destination x.x.x.x use-vrf management
transport udp 2055
source mgmt0
version 9
flow exporter Fluke_Optiview
description export netflow to Fluke_Optiview
destination x.x.x.x transport udp 2055
source Vlanx
version 9
flow monitor MonitorTrafficToFluke
record netflow-original
exporter Fluke_NetflowTracker
exporter Fluke_Optiview
This flow was activated on some SVI's. "ip flow monitor MonitorTrafficToFluke input"
Recently we have upgraded the NX-OS to version 6.1.3. The netflow keeps on working, but the syntax of the netflow configuration has changed. Now you have to add a sampler as well.
So I have created the following sampler.
sampler NetFlow-Sampler
description Netflow Sampler
mode 1 out-of 1000
When I want to update the current configuration with the sampler I can't adapt or remove the existing netflow configuration on the SVI.
NK7(config-if)# no ip flow monitor MonitorTrafficToFluke input
ERROR: A sampler must be configured for an interface on an F2 card
NK7(config-if)# ip flow monitor MonitorTrafficToFluke input sampler NetFlow-Sampler
An additional 1:100 sampler, over the configured sampler is applicable for F2 ports
Error: Sampler can not be changed on Interface Vlanx. Remove flow monitor first.
ERROR: Command has failed
How do I update or remove the existing configuration on the SVI.
I want the config to be "ip flow monitor MonitorTrafficToFluke input sampler NetFlow-Sampler"
Thank you,
Best Regards,
Joris

Hi Joris,
Try no feature netflow under the interface and try to re-apply the whole configs. Since its a F2 we dont support config changes until 6.2(2) only way is to remove the configs using no feature netflow and re-applying it.
Thanks,
Richard.
*Rate if its useful

Nexus 7000 - Moving vPC keep alive

We have two Nexus 7010 switches running a vPC domain between the two switches. On one of the 7010B, the peer keep alive (from the mgmt VRF) is connected to a 3560B *and* that 3560B also has a data connection back to the same 7010B. Everything is fine with that setup.
Our second 7010A, the peer keep alive link is also connected to a coresponding 3560A switch. However, that 3560A switch is not connected to 7010A.
I want to move the uplink from the 3560A from where it is to the 7010A which will break the keep alive. However, I will not be breaking the vPC peer link as it is a pair of 10G connections between the two 7010 switches.
I have read that the vPC won't come up unless the peer keep alive is present, but it wasn't clear about taking down the keep alive link momentarily. Moving the cable would be quick, but I know the mac table will need to update since 7010B switch will now see the keep alive across it's peer link instead of some other direction.
Can I take the peer keep alive link down providing the peer link stays up?
We are running kickstart and system version 5.0(3).
Thanks!
/alan

Peer keepalive works on UDP port 3200 over IP with 1 sec interval and 5 sec timeout.
Iit is not requirement to have peer-keepalive destination IP in same subnet but if you do not have it in same subnet then you need to make sure you route it properly and your IP routed infrastructure that carries keeplive satisfies above requirement to make sure not a single event cause on that IP infrastructure causes keeplives to loose packets since peer-keepalive is UDP it is not reliable delivery method.
Recommendation in past i heard was to use your managemet ports as peer-keepalive. But one problem happens during ISSU with dual sup, the each supervisor reboots and after it comes up role of active and standby gets switch at the end. So If you did not connect two managment ports(one from each supervisor) to your management network then you will loose keepalives during software upgrade because supervisor switch over occurs and new maangement port becomes active.
So second recomendation is to create one peer-keepalive vrf so that it will have its own address space, if you have M1 1 gig card in each switch then connect one cable between switch and assign IP address (like 1.1.1.1-2/30) and put it in peer-keepalive vrf. With this set up during ISSU you do not loose peer keepalives because line cards does not need to reboot and your peer-keepalive UDP traffic will not depend on any other switch or router.

Nexus 7000-Error Message

Hi
We are having 2 nexus switches configured in the network as core with HSRP configured between them..The access switches are connected withdual 10G links to both core switches with VPC configured in Nexus..In both core switches 10G module is used for uplink termination..In one of the core switch for this 10 G module we get the follwoing error
Module-1 reported minor temperature alarm. Sensor=20 Temperature=101 MinThreshold=100 2011 Dec 22 08:10:19 CORE-SEC %PLATFORM-2-MOD_TEMPOK:
Module-1 recovered from minor temperature alarm. Sensor=20 Temperature=99 MinThreshold=100 even though the room temprature is 23 Degree still we get this error wherein as per the nexus documenation allowed room temparature is 0-40 Degree (Operating temperature: 32º to 104ºF (0º to 40ºC) `
show module`
Mod Ports Module-Type                      Model                            Status
1    8      10 Gbps Ethernet XL Module      N7K-M108X2-12L        ok
2    32    1/10 Gbps Ethernet Module        N7K-F132XP-15          ok
3    48    10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L    ok
5    0      Supervisor module-1X            N7K-SUP1                      active *
As per the nexus module documentation for module1 the allwed temparature is 0-40degree wherein the actual room temparatue is 23degree..below is the exception message for module1
exception information --- exception instance 1 ----
Module Slot Number: 1
Device Id         : 49
Device Name       : Temperature-sensor
Device Errorcode : 0xc3114203
Device ID         : 49 (0x31)
Device Instance   : 20 (0x14)
Dev Type (HW/SW) : 02 (0x02)
ErrNum (devInfo) : 03 (0x03)
System Errorcode : 0x4038001e Module recovered from minor temperature alarm
Error Type       : Minor error
PhyPortLayer     :
Port(s) Affected :
DSAP             : 39 (0x27)
UUID             : 24 (0x18
Same module exists in second Nexus 7000 which is in same datacenter but not getting this alarm..
can anyone please suggest on the same..Software details are as below
Software
BIOS:      version 3.22.0
kickstart: version 5.1(3)
system:    version 5.1(3)
BIOS compile time:       02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.5.1.3.bin
kickstart compile time: 12/25/2020 12:00:00 [03/11/2011 07:42:56]
system image file is:    bootflash:///n7000-s1-dk9.5.1.3.bin
system compile time:     1/21/2011 19:00:00 [03/11/2011 08:37:35]

Hi Sameer
Temperature alarm means that one particular sensor on the linecard warms up to 101 degree.
This can be caused by damaged sensor or problems with cooling in that particular part of chassis.
You can check temperature on the module using following command:
show environment temperature module 1
Tru to move the module to another slot. If the issue reoccure - open a TAC case.
HTH,
Alex

EtherChannel problem on Nexus 7000

Dear NetPro gurus,
One of my customer is trying to setup an EtherChannel (LACP) on a pair of Nexus 7000. However, doesn't matter what we do, the port Eth 1/17 always become suspended. We have tried swapping fiber cables and also swapping SFPs, but no help.
The 1st Nexus 7010 - called 'VIWLRCA'
The 2nd Nexus 7010 - called 'VIWLRCB'
Originally port eth 1/17 are left as 'normal' trunk port, and we can see eth 1/17 shows up fine under 'show interface brief'
viwlrca-PROD# sh run int eth 1/17
interface Ethernet1/17
switchport
switchport mode trunk
udld disable
no shutdown
viwlrca-PROD# sh run int eth 1/18
interface Ethernet1/18
switchport
switchport mode trunk
udld disable
channel-group 20 mode active
no shutdown
viwlrca-PROD# sh int brief
Ethernet      VLAN    Type Mode   Status Reason                   Speed     Port
Interface                                                                    Ch #
Eth1/17       1       eth trunk up      none                        10G(S) --
Eth1/18       1       eth trunk up      none                        10G(S) 20
Eth1/19       --      eth routed down    SFP not inserted           auto(S) --
Eth1/20       --      eth routed down    SFP not inserted           auto(S) --
Eth1/21       --      eth routed down    Administratively down      auto(S) --
Eth1/22       --      eth routed down    Administratively down      auto(S) --
Eth1/23       --      eth routed down    Administratively down      auto(S) --
Eth1/24       --      eth routed down    Administratively down      auto(S) --
Eth2/25       --      eth routed down    Administratively down      auto(D) --
Eth2/26       --      eth routed down    Administratively down      auto(D) --
Eth2/27       --      eth routed down    SFP not inserted           auto(D) --
Eth2/28       --      eth routed down    SFP not inserted           auto(D) --
Eth2/29       --      eth routed down    SFP not inserted           auto(D) --
Eth2/30       --      eth routed down    SFP not inserted           auto(D) --
Eth2/31       --      eth routed down    SFP not inserted           auto(D) --
Eth2/32       --      eth routed down    SFP not inserted           auto(D) --
viwlrca-PROD#
But as soon as I add the Eth 1/17 back onto PortChannel 20
The Eth 1/17 becomes "Suspended" straight away
viwlrca-PROD# sh int brief
Ethernet      VLAN    Type Mode   Status Reason                   Speed     Por
t
Interface                                                                    Ch
Eth1/17       1       eth trunk down    suspended                  auto(S) 20
Eth1/18       1       eth trunk up      none                        10G(S) 20
Eth1/19       --      eth routed down    SFP not inserted           auto(S) --
Eth1/20       --      eth routed down    SFP not inserted           auto(S) --
Eth1/21       --      eth routed down    Administratively down      auto(S) --
Eth1/22       --      eth routed down    Administratively down      auto(S) --
Eth1/23       --      eth routed down    Administratively down      auto(S) --
Eth1/24       --      eth routed down    Administratively down      auto(S) --
Eth2/25       --      eth routed down    Administratively down      auto(D) --
Eth2/26       --      eth routed down    Administratively down      auto(D) --
Eth2/27       --      eth routed down    SFP not inserted           auto(D) --
Eth2/28       --      eth routed down    SFP not inserted           auto(D) --
Eth2/29       --      eth routed down    SFP not inserted           auto(D) --
Eth2/30       --      eth routed down    SFP not inserted           auto(D) --
Eth2/31       --      eth routed down    SFP not inserted           auto(D) --
Eth2/32       --      eth routed down    SFP not inserted           auto(D) --
viwlrca-PROD#
viwlrca-PROD# sh port-channel summary
Flags: D - Down        P - Up in port-channel (members)
        I - Individual H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        S - Switched    R - Routed
        U - Up (port-channel)
        M - Not in use. Min-links not met
Group Port-       Type     Protocol Member Ports
      Channel
20    Po20(SU)    Eth      LACP      Eth1/17(s)   Eth1/18(P)
viwlrca-PROD#
Config on Primary Nexus:-
viwlrca-PROD# sh run
!Command: show running-config
!Time: Tue Mar 22 06:04:26 2011
version 5.1(1a)
hostname PROD
cfs eth distribute
feature udld
feature interface-vlan
feature lacp
feature vpc
feature vtp
username admin password 5 $1$pkJaKHZW$Sx4wpDG5xXYkD.QfDk/Cg. role vdc-admin
no ip domain-lookup
ip domain-name vfc.com
crypto key param rsa label viwlrca-PROD.vfc.com modulus 2048
snmp-server user admin vdc-admin auth md5 0x05f7328e3b39a70be09abc3056ec2819 pri
v 0x05f7328e3b39a70be09abc3056ec2819 localizedkey
vrf context management
spanning-tree pathcost method long
spanning-tree port type edge bpduguard default
spanning-tree loopguard default
spanning-tree vlan 1-3967,4048-4093 priority 4096
interface Vlan1
interface Vlan161
ip address 172.30.161.2/24
interface Vlan162
ip address 172.30.162.2/24
interface Vlan163
ip address 172.30.163.2/24
interface Vlan164
ip address 172.30.164.2/24
interface Vlan165
ip address 172.30.165.2/24
interface Vlan190
ip address 172.30.190.2/24
interface port-channel20
switchport
switchport mode trunk
interface Ethernet1/17
switchport
switchport mode trunk
udld disable
channel-group 20 mode active
no shutdown
interface Ethernet1/18
switchport
switchport mode trunk
udld disable
channel-group 20 mode active
no shutdown
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet2/25
interface Ethernet2/26
interface Ethernet2/27
interface Ethernet2/28
interface Ethernet2/29
interface Ethernet2/30
interface Ethernet2/31
interface Ethernet2/32
interface Ethernet2/33
interface Ethernet2/34
interface Ethernet2/35
interface Ethernet2/36
interface Ethernet3/25
interface Ethernet3/26
interface Ethernet3/27
interface Ethernet3/28
interface Ethernet3/29
interface Ethernet3/30
interface Ethernet3/31
interface Ethernet3/32
interface Ethernet3/33
interface Ethernet3/34
interface Ethernet3/35
interface Ethernet3/36
line vty
viwlrca-PROD#
Config for Secondary Nexus 7000
VIWLRCB-PROD# sh run
!Command: show running-config
!Time: Tue Mar 22 09:19:22 2011
version 5.1(1a)
hostname PROD
cfs eth distribute
feature interface-vlan
feature lacp
feature vpc
feature vtp
username admin password 5 $1$Lc486EOm$EtKhZWuxGjWWokfeuUsMk. role vdc-admin
no ip domain-lookup
ip domain-name vfc.com
crypto key param rsa label VIWLRCB-PROD.vfc.com modulus 2048
snmp-server user admin vdc-admin auth md5 0xeb607b54234985ed6740c5fdbb8d84c6 pri
v 0xeb607b54234985ed6740c5fdbb8d84c6 localizedkey
vrf context management
spanning-tree pathcost method long
spanning-tree port type edge bpduguard default
spanning-tree loopguard default
spanning-tree vlan 1-3967,4048-4093 priority 8192
interface Vlan1
interface port-channel20
switchport
switchport mode trunk
interface Ethernet1/17
switchport
switchport mode trunk
channel-group 20 mode active
no shutdown
interface Ethernet1/18
switchport
switchport mode trunk
channel-group 20 mode active
no shutdown
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet2/25
interface Ethernet2/26
interface Ethernet2/27
interface Ethernet2/28
interface Ethernet2/29
interface Ethernet2/30
interface Ethernet2/31
interface Ethernet2/32
interface Ethernet2/33
interface Ethernet2/34
interface Ethernet2/35
interface Ethernet2/36
interface Ethernet3/25
interface Ethernet3/26
interface Ethernet3/27
interface Ethernet3/28
interface Ethernet3/29
interface Ethernet3/30
interface Ethernet3/31
interface Ethernet3/32
interface Ethernet3/33
interface Ethernet3/34
interface Ethernet3/35
interface Ethernet3/36
line vty
VIWLRCB-PROD#
Cheers,
Hunt

Quick troubleshoot:
Default all interfaces in newly created port-channel as well as the port-channel interface, then delete port-channel interface. Recreate port-channel without the LACP protocol:
interface e1/17,e1/18
switchport
channel-group 20 mode on
no shutdown
exit
interface port-channel20
switchport
switchport mode trunk
no shutdown
exit
show port-channel summ
show int trunk
HTH,
Sean

Virtualized Lab Infrastructure - 3560G connecting to a Nexus 7000 - Help!

Hi all,
I've been struggling with the configuration for my small environment for a week or so now, and being a Cisco beginner, I'm worried about going down the wrong path, so I'm hoping someone on here would be able to help with my lab configuration.
As you can see from the graphic, I have been allocated VLANs 16-22 for my use, on the Nexus 7000. There are lots of other VLANs in use on the Nexus, by other groups, most of which are routable between one another. VLAN 99 is used for switch management, and VLAN 11, is where the Domain Controller, DHCP and Windows Deployment Server reside for the lab domain. Servers across different VLANs use this DC/DHCP/WDS set of servers. These VLANS route out to the internet successfully.
I have been allocated eth 3/26 on the Nexus, as my uplink connection to my own ToR 3560G. All of my servers, of which there are around 8 in total, are connected to the 3560. I have enabled IP routing on the 3560, and created VLANs 18-22, providing an IP on each. This config has been assigned to all 48 gigabit ports on the 3560 (using the commands in the graphic), and each Windows Server 2012 R2 Hyper-V host connects to the 3560 via 4 x 1GbE connections. On each Hyper-V host, the 4 x 1GbE ports are teamed, and a Hyper-V vSwitch is bound to that team. I then assign the VLAN ID at the vNIC level.
Routing between the VLANs is currently working fine - As a test, i can put 2 of the servers on different VLANs, each with their respective VLAN default gateway, and they can ping between one another.
My challenge is, I'm not quite sure what i need to do for the following:
1) How should I configure the uplink gi 0/52 on the 3560 to enable my VLANs to reach the internet?
2) How should I configure eth 3/26 on the Nexus?
3) I need to ensure that the 3560 is also on the management VLAN 99 so it can be managed successfully.
4) I do not want to route to VLAN 11, as i intend to have my own domain (DC/DNS/DHCP/WDS)
Any help or guidance you can provide would be much appreciated!
Thanks!
Matt

Hi again Jon,
OK, been battling with it a little more.
Here's the config for the 3560:
Current configuration : 11643 bytes
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname CSP_DX_Cluster
no aaa new-model
vtp mode transparent
ip subnet-zero
ip routing
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 16,18-23,99
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 18
switchport trunk allowed vlan 18-22
switchport mode trunk
spanning-tree portfast trunk
<same through interface GigabitEthernet0/48>
interface GigabitEthernet0/52
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 16,99
switchport mode trunk
interface Vlan1
no ip address
interface Vlan16
ip address 10.0.6.2 255.255.255.252
interface Vlan18
ip address 10.0.8.1 255.255.255.0
interface Vlan19
ip address 10.0.9.1 255.255.255.0
interface Vlan20
ip address 10.0.12.1 255.255.255.0
interface Vlan21
no ip address
interface Vlan22
ip address 10.0.14.1 255.255.255.0
interface Vlan99
ip address 10.0.99.87 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.6.1
ip http server
control-plane
l
end
At the Nexus end, the port connecting to the 3560 is configured as:
interface Ethernet3/26
description DX_3560_uplink
switchport
switchport mode trunk
switchport trunk allowed vlan 16,99
no shutdown
Now, the problem I'm currently having, is that on the 3560, things route fine, between VLANs. However, from on a server within one of the VLANs, say, 18, trying to ping the default gateway of the 3560 fails. I can ping 10.0.6.2 which is the 3560-end of VLAN 16, but i can't get over to 10.0.6.1 and beyond. I suspect, it's relating to what you said about "the only thing missing is you also need routes on the Nexus switch for the IP subnets on your 3560 and the next hop IP would be 10.0.6.2 ie the vlan 16 SVI IP on the 3560"
I suspect that, in layman's (my terms!) terms, the Nexus simply doesn't know about the networks 10.0.8.1 (VLAN 18), 10.0.9.1 (VLAN 19) and so on.
So, i need routes on my Nexus to fix this. The problem is, I'm not quite sure what that looks like.
Would it be:
ip route 10.0.8.0 255.255.255.0 10.0.6.2
ip route 10.0.9.0 255.255.255.0 10.0.6.2 and so on?
To give a bit of history, prior to me creating VLANs 18-22 on the 3560, all VLANs originally existing on the Nexus. Everything routed fine out to the internet, for all of the VLANs (with the same subnet settings that i have configured, i.e. 10.0.8.x for VLAN 18 etc), so i'm presuming once I get the Nexus to understand that the IP subnets live on the 3560, traffic should flow successfully to the internet.
Should.... :-)

Nexus 7000 Platform Logging

Hello,
We recently had a power supply failure in one of our Nexus 7000s, and I noticed that the syslog for the Platform is only present in the default VDC, and not in any of the other VDCs syslogs. Is this by design, or is there a logging level I can turn up in another VDC to capture this log? Thanks for any input
syslog from default VDC -
2013 Mar 18 23:10:34 %PLATFORM-2-PS_CAPACITY_CHANGE: Power supply PS3 changed i
ts capacity. possibly due to power cable removal/insertion (Serial number xxxxxxxx)
nothing in the VDC where I would like to get the logging
default VDC logging level -
xxx7K02# show log level platform
Facility        Default Severity        Current Session Severity
platform                5                       5
0(emergencies)          1(alerts)       2(critical)
3(errors)               4(warnings)     5(notifications)
6(information)          7(debugging)
xxx7K02#
loggging from the specific VDC where we have management tools.
xxx-LOW# show log level platform
Facility        Default Severity        Current Session Severity
platform                5                       5
0(emergencies)          1(alerts)       2(critical)
3(errors)               4(warnings)     5(notifications)
6(information)          7(debugging)
xxx-LOW#

Hello Carl,
What version of code are you running on your Nexus 7k?
The expected behavior is:
"When a hardware issue occurs, syslog messages are sent to all VDCs."
http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/virtual_device_context/configuration/guide/vdc_mgmt.html#wp1170241
Dave

Dell Servers with Nexus 7000 + Nexus 2000 extenders

<< Original post by smunzani. Answered by Robert. Moving from Document section to Discussions>>
Team,
I would like to use some of the existing Dell Servers for new network design of Nexus 7000 + Nexus 2000 extenders. What are my options for FEC to the hosts? All references of M81KR I found on CCO are related to UCS product only.
What's best option for following setup?
N7K(Aggregation Layer) -- N2K(Extenders) -- Dell servers
Need 10G to the servers due to dense population of the VMs. The customer is not up for dumping recently purchased dell boxes in favor of UCS. Customer VMware license is Enterprise Edition.
Thanks in advance.

To answer your question, the M81KR-VIC is a Mezz card for UCS blades only. For Cisco rack there is a PCIe version which is called the P81. These are both made for Cisco servers only due to the integration with server management and virtual interface functionality.
http://www.cisco.com/en/US/prod/collateral/ps10265/ps10493/data_sheet_c78-558230.html
More information on it here:
Regards,
Robert

Nexus 7000 Supervisor Management Port

Similar Messages

Maybe you are looking for