Nexus 7010 mgmt0 useage opinion
As a Senior Network Engineer I have entered into a bit of a debate with our Architect about the use of the mgmt0 interfaces on the nexus 7010 switch (dual-sups, M2 and F2 linecards).
I would like to know opinion of the Cisco support network.
I believe the mgmt0 interface should left alone for control plane traffic only and Out Of Band management access (ie ssh). At the moment I have made a subnet for all VDCs with the mgmt0 (vrf management) sitting in a common subnet. The physical mgmt0 interfaces from both SUPs are connected a management hand off switch. The mgmt0s also serves as our control plane for VPCs. The VPC peer-link however is using main interfaces of the line-cards.
The opinions;
- The Architect thinks we should use all the mgmt0 interfaces for snmp, ntp, tacacs netflow-analysis and switch management.
- However, I think I should use a traditional Loopback to perform these functions within the linecards. The mgmt0 should only be used if traditional restricted switch access has failed.
My Basis;
the Loopback never goes down, uses multiple paths (the OOB hand off switch could fail closing switch management access completely). The mgmt0 should be used as a last resort of management access to CMP.
Thoughts please - Cheers
I see your point about wanting to mitigate the impact of losing the OOB switch. I don't think the mgmt0 interface going down is considered the level of failure that will trigger a Supervisor switchover though. That's the way I read the Nexus 7000 HA whitepaper (and what I've seen based on some limited experience with taking apart a 7k pair).
So, no the 7k can't send you an SNMP trap or syslog message if it's configured management path is offline. Mitigation of that could be via your NMS polling the devices's mgmt0 addresses. No response = trouble in paradise. Investigation step would be to log into the 7ks using the loopback IP and local authentication since your TACACS source-interface (mgmt0) is offline and going from there.
The handful I've built (mostly 5k setups) I go for a Cat 3k switch with dual power supplies as the OOB switch. Once one of those is setup and seen not to be DOA, it's generally going to stay up until someone goes in and uplugs it or initiates a system reload.
Similar Messages
-
Critical Alarm for Nexus 7010 device
Hi Team,
We are getting Critical Alarm for the Data center device Nexus 7010 continuously from 28-Oct.
error (device hde1) in start_transaction: Journal has aborted - kernel
2012 Oct 29 10:00:18.227 DC-Core-Switch2 29 10:00:18 %KERN-2-SYSTEM_MSG: EXT3-fs
error (device hde1) in start_transaction: Journal has aborted - kernel
2012 Oct 29 10:28:37.497 DC-Core-Switch2 29 10:28:37 %KERN-2-SYSTEM_MSG: EXT3-fs
error (device hde1) in start_transaction: Journal has aborted - kernel
2012 Oct 29 10:28:42.398 DC-Core-Switch2 29 10:28:42 %KERN-2-SYSTEM_MSG: EXT3-fs
Also attaching the complete logs collected for this device and suggest if there is any Hardware related issue or some Software related issue.
Regards,
AshutoshHello
hde1 is the logflash device. Looks like there were IO errors and the kernel mounted the fs read-only. You can try to reload the device and if logflash will come back up fine after the reload, its a transient issue; if the issue comes back, the logflash device most likely is damaged bad and needs to be replaced. You will need to open a service request with TAC to get it replaced.
HTH,
Alex -
Nexus 7010 bgp state change alert not triggered to NNM
Hi ,
BGP state change alert not triggered to NNM on Nexus -7010 for Monitoring.
Details of the Device:
Nexus 7010 :
Software
BIOS: version 3.22.0
kickstart: version 5.1(3)
system: version 5.1(3)
BGP neighbor status :
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.1.2 4 65505 5089234 5194515 51359 0 0 6w2d 391
172.16.1.3 4 65505 5044293 5146859 51359 0 0 30w4d 378
172.31.11.3 4 15404 120744 114811 51359 0 0 1w6d 1
172.31.42.3 4 65501 5261796 5264413 51359 0 0 2d06h 0
Snmp trap enabled:
snmp-server user admin network-admin auth md5 0x690c4ede8a88ba7f2de791dbe7a77f0a
priv 0x690c4ede8a88ba7f2de791dbe7a77f0a localizedkey
snmp-server host 172.30.0.55 traps version 2c xxxx
snmp-server enable traps bgp
Downloaded cisco-bgp4-mib version, bgp4-mib tried and performed snmpwalk as given below
nnmsnmpwalk.ovpl -c xxx 172.31.15.130 .1.3.6.1.4.1.9.9.187.0.6
Error : No MIB objects contained under subtree
nnmsnmpwalk.ovpl -v 2 -c xxx 172.31.15.130 .1.3.6.1.2.1.15.3.
No MIB objects contained under subtree
Kindly advise to resolve the issue
Regards
HariYou can set an alert for Warning State. This is feasible.
Juke Chou
TechNet Community Support -
Nexus 7010 fabric extender timing out
Hello -
We have a Nexus 7010 and we are testing out using the fabric extenders for a need. We have a demo 2224 unit and have it connected to our M132XP-12 10G blade in the 7K but the FEX won't come online. I would have figured a possible software incompatability but looking at the supported list for that as well as hardware everything seems to be in order. This is what the status shows after it spends about 15 mins in the image download state.
FEX: 111 Description: FEX0111 state: Offline
FEX version: 4.2(1)N2(1a) [Switch version: 5.1(2)]
FEX Interim version: 4.2(1)N2(1a)
Switch Interim version: 5.1(2)
Module Sw Gen: 21 [Switch Sw Gen: 21]
pinning-mode: static Max-links: 1
Fabric port for control traffic: Eth2/20
Fabric interface state:
Po11 - Interface Up. State: Active
Eth2/20 - Interface Up. State: Active
Fex Port State Fabric Port Primary Fabric
This is looped in the log details until it times out:
04/25/2011 15:31:41.986978: Module register received
04/25/2011 15:31:41.987713: Registration response sent
04/25/2011 15:31:41.987889: Requesting satellite to download image
04/25/2011 15:32:00.105031: Module register received
04/25/2011 15:32:00.105779: Registration response sent
04/25/2011 15:32:00.105956: Requesting satellite to download image
04/25/2011 15:32:20.191181: Module register received
04/25/2011 15:32:20.191957: Registration response sent
04/25/2011 15:32:20.192144: Requesting satellite to download image
We ran a debug during this and these entries are displayed when looking for errors.
2011 Apr 25 15:30:31.443745 fex: Reg resp: Failed to get card info for swcardid 132
2011 Apr 25 15:30:35.472721 fex: Cardinfo: Unknown card id to get (132)
2011 Apr 25 15:30:35.472753 fex: Reg resp: Failed to get card info for swcardid 132
2011 Apr 25 15:30:41.495302 fex: Cardinfo: Unknown card id to get (132)
I'm still doing some more searching which so far hasn't turned up much, wanted to see if anyone has some other insight??
Thanks!Hi Jack -
Thanks for the response. Unfortunately, yes that is already complete. I was hoping that would be an easy fix. When we upgraded to 5.1(2) we did the 5.1 EPLD. I ran the install all impact command noted below for the 5.1 EPLD just to make sure it didn't report anything else as needing upgrade.
sho install all impact epld bootflash:n7000-s1-epld.5.1.1.img
Compatibility check:
Module Type Upgradable Impact Reason
1 LC Yes disruptive Module Upgradable
2 LC Yes disruptive Module Upgradable
5 SUP Yes disruptive Module Upgradable
1 Xbar Yes disruptive Module Upgradable
2 Xbar Yes disruptive Module Upgradable
3 Xbar Yes disruptive Module Upgradable
1 FAN Yes disruptive Module Upgradable
2 FAN Yes disruptive Module Upgradable
3 FAN Yes disruptive Module Upgradable
4 FAN Yes disruptive Module Upgradable
Copy complete, now saving to disk (please wait)...
Retrieving EPLD versions... Please wait.
Images will be upgraded according to following table:
Module Type EPLD Running-Version New-Version Upg-Required
1 LC Power Manager 4.008 4.008 No
1 LC IO 1.006 1.006 No
1 LC Forwarding Engine 1.006 1.006 No
1 LC SFP 1.004 1.004 No
2 LC Power Manager 4.008 4.008 No
2 LC IO 1.016 1.016 No
2 LC Forwarding Engine 1.006 1.006 No
2 LC FE Bridge(1) 186.006 186.006 No
2 LC FE Bridge(2) 186.006 186.006 No
2 LC Linksec Engine(1) 2.006 2.006 No
2 LC Linksec Engine(2) 2.006 2.006 No
2 LC Linksec Engine(3) 2.006 2.006 No
2 LC Linksec Engine(4) 2.006 2.006 No
2 LC Linksec Engine(5) 2.006 2.006 No
2 LC Linksec Engine(6) 2.006 2.006 No
2 LC Linksec Engine(7) 2.006 2.006 No
2 LC Linksec Engine(8) 2.006 2.006 No
5 SUP Power Manager 3.009 3.009 No
5 SUP IO 3.028 3.028 No
5 SUP Inband 1.008 1.008 No
5 SUP Local Bus CPLD 3.000 3.000 No
5 SUP CMP CPLD 6.000 6.000 No
1 Xbar Power Manager 2.010 2.010 No
2 Xbar Power Manager 2.010 2.010 No
3 Xbar Power Manager 2.010 2.010 No
1 FAN Fan Controller (1) 0.007 0.007 No
1 FAN Fan Controller (2) 0.007 0.007 No
2 FAN Fan Controller (1) 0.007 0.007 No
2 FAN Fan Controller (2) 0.007 0.007 No
3 FAN Fan Controller (1) 0.007 0.007 No
3 FAN Fan Controller (2) 0.007 0.007 No
4 FAN Fan Controller (1) 0.007 0.007 No
4 FAN Fan Controller (2) 0.007 0.007 No -
We currently have two Nexus 7010 with 5.0(2a) as system images.
We would need to know the correct upgrade path to 6.1(1). On the release notes it reads the path is from 4.2(8), 5.0(5) or 5.1(6) to 5.2(5) then to 6.1(1).
Also if ISSU is possible or, because we may need to upgrade EPLD, if there is no upgrade path to do a non-disruptive upgrade.You probably need to dig a little deeper to get a definitive answer (sup1 or 2, type of cards, etc..) but here is a diagram in the release notes for 6.1 found here:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/release/notes/61_nx-os_release_note.html
If this posts answers your question or is helpful, please consider rating it and/or marking as answered. -
Hello everybody,
Just a quick question, how do you restore a running-config (or a Nexus .bin file) to a Nexus 7010. Is it thesame process as the IOS base scenario. Please explain and help. Thank you in advance.
--chieCopy tftp: running-config should work. See below there are other options as well.
NX7K02-agg# copy ?
bootflash: Select source filesystem
core: Select source filesystem
debug: Select source filesystem
ftp: Select source filesystem
log: Select source filesystem
logflash: Select source filesystem
nvram: Select source filesystem
running-config Copy running configuration to destination
scp: Select source filesystem
sftp: Select source filesystem
slot0: Select source filesystem
startup-config Copy startup configuration to destination
system: Select source filesystem
tftp: Select source filesystem
usb1: Select source filesystem
usb2: Select source filesystem
volatile: Select source filesystem
NX7K02-agg# copy tftp: ?
bootflash: Select destination filesystem
debug: Select destination filesystem
log: Select destination filesystem
logflash: Select destination filesystem
nvram: Select destination filesystem
running-config Copy from source to running configuration
slot0: Select destination filesystem
startup-config Copy from source to startup configuration
system: Select destination filesystem
usb1: Select destination filesystem
usb2: Select destination filesystem
volatile: Select destination filesystem
NX7K02-agg# copy tftp: running-config -
Disruptive ISSU 6.1.4a- 6.2.8 on Nexus 7010 sup1 because of LACP timers.
Hi all.
The problem.
Today I updated my Nexus 7010 sup1 from 6.1.4a to 6.2.8.
I want did it in ISSU mode, but after impact check I got this:
Compatibility check is done:
Module bootable Impact Install-type Reason
1 yes non-disruptive rolling
2 yes non-disruptive rolling
3 yes non-disruptive rolling
4 yes non-disruptive rolling
5 yes disruptive reset Some LACP ports not in steady state or operating in 'rate fast' mode.
6 yes disruptive reset Some LACP ports not in steady state or operating in 'rate fast' mode.
7 yes non-disruptive rolling
8 yes non-disruptive rolling
9 yes non-disruptive rolling
10 yes non-disruptive rolling
Additional info for this installation:
Service "lacp" in vdc 1: LACP: Upgrade will be disruptive as 6 switch ports and 0 fex ports are not upgrade ready!!
Issue the "show lacp issu-impact" cli for more details.
(modified the impact to <Hitful> for module <6>)
Do you want to continue with the installation (y/n)? [n] y
I went on with yes and update script reboot both sups after updated all modules.
It was quite a surprise for me (yes I know I must see word "disruptive" opposite my sups 5 and 6). Because I already had done two ISSU updates on two nexuses (from 5.1.* ->5.2.7 and 5.2.7 -> 6.1.4a) and didn`t have any trouble with LACP timers. Is it a new feature of the 6.* train?
I have another Nexus that I want to update. And it also has same problem with LACP timers.
show install all impact give me the same disruptive result because of LACP.
Can I somehow suppress such ISSU behavior? In case of LACP. I don`t have vPC, just ordinal PC.
It is a way better if some LACP interfaces flap in process, than an almost 14 minutes of all 7010 chassis reboot that I had.
Although problem with LACP timers is that they must be the same on the switch side and on the other side. And in case of switches, linux boxes or HP VCs changing LACP timers isn`t a big problem. IT is a biggg problem in case of the Windows Server.
sh lacp interface ethernet 8/13
Interface Ethernet8/13 is up
Channel group is 13 port channel is Po13
Local Port: Eth8/13 MAC Address= 40-55-39-23-1e-c1
System Identifier=0x8000, Port Identifier=0x8000,0x80d
Operational key=12
LACP_Activity=active
LACP_Timeout=Long Timeout (30s)
Neighbor: 0x1
MAC Address= ac-16-2d-a4-f2-54
System Identifier=0xffff, Port Identifier=0xff,0x1
Operational key=17
LACP_Activity=active
LACP_Timeout=short Timeout (1s)
They must be the same and equal 30s for successful ISSUYou probably need to dig a little deeper to get a definitive answer (sup1 or 2, type of cards, etc..) but here is a diagram in the release notes for 6.1 found here:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/release/notes/61_nx-os_release_note.html
If this posts answers your question or is helpful, please consider rating it and/or marking as answered. -
MGTM0 Interface only in Admin VDC in Nexus 7010
Hi guys,
I created two new VDCs in a Nexus 7010 (NX-OS 6.2.6) and I can see the MGTM0 interface only in the Admin VDC
I wanted to see the MGTM0 in all VDCs.
Does someone get this problem too ?
My Best Regards,
Andre Gustavo LomonacoHi Reza,
Thanks for your reply.
If the user run the setup wizard, the interface mgtm0 will be created in VDC.
If the user don't run the setup wizard, the interface mgtm0 will not be created and you will need
to only use the interface mgtm 0 command to create the interface.
Thanks a lot -
How to do routing on N7K-F248XP-25E (Nexus 7010) ?
Hi all,
Please educate me the following scenario : I have Nexus 7010 with 2 L3 modules, N7K-M132XP-12L and N7K-M148GT-11L. Now to increase more ports for end devices, I add in the module N7K-F248XP-25E and believe it's for Layer 2 switching only. Is there a way to do routing on these L2 modules without having to go to the L3 modules ? Thanks for all help.Is there a way to do routing on these L2 modules without having to go to the L3 modules ?
No. If you have an M1/M2 card and routing is enabled, the F2E card will "step down" and do Layer 2 work. All Layer 3 work will be done by the M1/M2 card. -
Data Center Hall Temperature for Cisco Nexus 7010
Hi,
I Have a Nexus 7010 that sometimes raise an alarm about temperature thresholds that are being exceeded.... I was wondering if Cisco has a recommendation (or best practice) about the correct temperature that the Nexus need in the cold and hot hall of the data room. I know that the operative temperature of nexus is 0 - 40°C but i´m not sure if my halls are in the best temperature.Hi Salvador,
As long as you keep your Data Center environment in this operative range your N7K will be fine.
The usual is around 18°C and 24°C.
Richard -
Hi,
Can any one please let me know how to enable http/https access on cisco nexus 7010
Regards
Asif NaveedFollowing objects from conventional CISCO-PROCESS-MIB provides you details on CPU on devices:
cpmCPUTotal5secRev 1.3.6.1.4.1.9.9.109.1.1.1.1.6
cpmCPUTotal1minRev 1.3.6.1.4.1.9.9.109.1.1.1.1.7
cpmCPUTotal5minRev 1.3.6.1.4.1.9.9.109.1.1.1.1.8
Following document will be helpful as well:
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a94.shtml
As many MIBs are not completely implemented on NX-OS so there is one more MIB which can help, i.e CISCO-SYSTEM-EXT-MIB :
cseSysCPUUtilization(1.3.6.1.4.1.9.9.305.1.1.1)
Unlike the averaged values from CISCO-PROCESS-MIB, cseSysCPUUtilization returns an un-smoothed value and typically shows more erratic results. It only shares the the average utilization of CPU on the active supervisor. So usually it is recommended to use the CISCO-PROCESS-MIB, ie. cpmCPUTotal5secRev instead.
-Thanks
Vinod
**Rating Encourages contributors, and its really free. ** -
Hi,
I needed to add vlans on the bladecenter, So added to ports on the bladecenter and then to the main trunk port of BC as well as i created the vlan on BC.
This BC connects to two main NEXUS 7010 core switch, I added to trunk port of these switches as well and vlan was already created in the nexus core switch.
but i was unable to ping the subnet gateway from the nexus core switch and gets the error as "no route to host"
Is this something there is no routing define for this subnet. As OSPF is running on the core switch.
Thanks
SagarThanks Alex
VLAN was allowed on the trunk, everything related vlan is fine.
but there was no static route defined on the switch as the routing for the subnet was done on the firewall
so what i thought is to give a static route for network with next hop as firewall interface and guess what it started to work
Thanks
Sagar -
Nexus 7010 Loses Config after power off
Recently we installed a pair of Nexus 7010's and we recently moved them to an APC rack better suited for their size. Upon powering them up we found out that the VDC's lost their configurations. The VDC's and the alloated resources were still there as well as the default VDC configuration but the other 2 we have configured had their configurations missing. We have been observing best practices and saving the configuration to NVRAM with the copy run start comand as well as the copy run start vdc-all commands yet the configurations were still lost.
Can anyone shed some light on what the problem may be?
Thank you in advance for your help!We had the same issue TAC told us to reset the supv
,,,,, you might want to save your config ;-) it worked for us -
Nexus 7010 - redistribute host routes in to OSPF
In my Nexus 7010 infrastructure, I have a requirement to redistribute host routes in to OSPF so that the other connected sites receive the host routes through OSPF.
These hosts are part of the connected network (192.168.100.0/24) on Nexus, I dont want this network to be advertised in to OSPF but I want the hosts inside this subnet (192.168.100.11 and 192.168.100.12) to be advertised.
I tried to create a prefix list with these two hosts and added them to a route-map and then using the "redistribute direct" command called this route-map in to OSPF, but this is not working.
However, if I add the entire subnet (the connected network) in to this route-map, it shows up in OSPF.
Is there a way I could have only the hosts to be part of the OSPF database?Hello, There is no need for VDC or VRF I think. are we missing a trick here. I also just tested for my own sanity. (Or am I completely under-thinking this)
N7K-1 has vlan 24 and the host route will be to 172.25.24.20
N7K-1 Config:
conf t
ip route 172.25.24.20/32 Vlan24
ip prefix-list TEST seq 5 permit 172.25.24.20/32
route-map STATIC_TO_OSPF permit 10
match ip address prefix-list TEST
router ospf 1
bfd
router-id 192.168.101.1
redistribute static route-map STATIC_TO_OSPF
here is what I see on its neighbour N7K2:
DC1-N7K2# show ip route 172.25.24.20
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.25.24.20/32, ubest/mbest: 1/0
*via 192.168.102.5, Eth8/1, [110/20], 00:00:07, ospf-1, type-2
DC1-N7K2#
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
172.25.24.20 192.168.101.1 479 0x80000002 0x0eed 0
So in essence point the host routes statically to the directly connected interface.
hth.
Bilal -
I like to monitored the status of both Nexus 7010 Supervisor Modules with my NMS (e.g., active, stand-by or failed...) Does anyone the OID that I should be monitoring?
Hi Norman,
The MIB that contains the information you are after re Nexus 7000 Supervisor card status, is the CISCO-ENTITY-FRU-CONTROL-MIB. In particular the object cefcModuleOperStatus (.1.3.6.1.4.1.9.9.117.1.2.1.1.2) which belongs to cefcModuleTable. If you go to Cisco's SNMP Object Navigator at http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en , you'll be able to look up the list of values returned by cefcModuleOperStatus for the different statuses, plus you'll be able to see other objects in cefcModuleTable that may be of interest eg cefcModuleResetReason .
Entries in cefcModuleTable are indexed by entPhysicalIndex which comes from entPhysicalTable. In order to relate entries in cefcModuleTable to modules in your Nexus 7kdo the following :
1. Perform an snmpwalk of entPhysicalDescr (.1.3.6.1.2.1.47.1.1.1.1.2) and entPhysicalName (.1.3.6.1.2.1.47.1.1.1.1.7)
2. Perform an snmpwalk of cefcModuleOperStatus
The relationship should be apparent , but if you need help with this please send me the output from these snmpwalks and I'll explain it to you.
Regards
Derek Clothier
Maybe you are looking for
-
Hi, I noticed my drop box folder wasnt saving the work I had done so decided to use a clean up app to delete it, then I went to and downloaded it again. Now I get this???
-
Pulling row numbers out of tables.
I have been looking for different ways to pull row numbers from tables. There appears to be two main methods, one of which works for me and the other that does not. The first is: NameDataSet.Tables.Rows(0).Count This gives me the number of rows in
-
Can't scan (HP All in One) with my MacBook
My HP All in One scanner works fine with my iMac desktop, but I can't get it to work with my MacBook. The device scans (but says "Enter Fax Number") but won't transfer the scanned sheet to the desktop. Thanks for any suggestions!
-
IPhoto "damaged or incomplete"
Hello all. I'm hoping somebody might be able to help me out. I'm running the latest version of Mountain Lion on a new MacBook Pro. I installed iLife 11 so I could get iWeb back and the install bugged out my current iPhoto. The icon is "ghost busters"
-
I used a 25 dollar gift card on my account and I spent it all and now I can't even download free apps is there a way to fix this?