Nexus 7010 Upgrade to 6.2(6)
We recently discovered that due to an issue with Netflow ingress/DHCP Relay on the same interface, we are going to have to upgrade to 6.2(6)
In the release notes, I do not see anything specific about ISSU from 6.2(2a) to 6.2(6) but I am assuming that an ISSU upgrade can be achieved. Can someone let me know that has performed this upgrade path.
We did exactly same upgrade from 6.2.2 to 6.2.6 with ISSU; just make sure you don’t have any
aclmgr inactive configurations so before ISSU run these two commands on each VDC
sh run aclmgr inactive-if-config
clear inactive-config acl
Also I had one failed upgrade on my first try due MST changes so try to make this when n the network is more quite
Hope it helps
Similar Messages
-
We currently have two Nexus 7010 with 5.0(2a) as system images.
We would need to know the correct upgrade path to 6.1(1). On the release notes it reads the path is from 4.2(8), 5.0(5) or 5.1(6) to 5.2(5) then to 6.1(1).
Also if ISSU is possible or, because we may need to upgrade EPLD, if there is no upgrade path to do a non-disruptive upgrade.You probably need to dig a little deeper to get a definitive answer (sup1 or 2, type of cards, etc..) but here is a diagram in the release notes for 6.1 found here:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/release/notes/61_nx-os_release_note.html
If this posts answers your question or is helpful, please consider rating it and/or marking as answered. -
I am trying to find the documentation to upgrade my nexus 7010 from SUP1 to SUP2. But I cannot seem to find it. Anyone know where it is hiding?
Of corse i find it 5 minutes after posting this.........
http://www.cisco.com/en/US/docs/switches/datacenter/hw/nexus7000/installation/guide/n7k_replacing.html#wp1410535 -
Nexus 7010 fabric extender timing out
Hello -
We have a Nexus 7010 and we are testing out using the fabric extenders for a need. We have a demo 2224 unit and have it connected to our M132XP-12 10G blade in the 7K but the FEX won't come online. I would have figured a possible software incompatability but looking at the supported list for that as well as hardware everything seems to be in order. This is what the status shows after it spends about 15 mins in the image download state.
FEX: 111 Description: FEX0111 state: Offline
FEX version: 4.2(1)N2(1a) [Switch version: 5.1(2)]
FEX Interim version: 4.2(1)N2(1a)
Switch Interim version: 5.1(2)
Module Sw Gen: 21 [Switch Sw Gen: 21]
pinning-mode: static Max-links: 1
Fabric port for control traffic: Eth2/20
Fabric interface state:
Po11 - Interface Up. State: Active
Eth2/20 - Interface Up. State: Active
Fex Port State Fabric Port Primary Fabric
This is looped in the log details until it times out:
04/25/2011 15:31:41.986978: Module register received
04/25/2011 15:31:41.987713: Registration response sent
04/25/2011 15:31:41.987889: Requesting satellite to download image
04/25/2011 15:32:00.105031: Module register received
04/25/2011 15:32:00.105779: Registration response sent
04/25/2011 15:32:00.105956: Requesting satellite to download image
04/25/2011 15:32:20.191181: Module register received
04/25/2011 15:32:20.191957: Registration response sent
04/25/2011 15:32:20.192144: Requesting satellite to download image
We ran a debug during this and these entries are displayed when looking for errors.
2011 Apr 25 15:30:31.443745 fex: Reg resp: Failed to get card info for swcardid 132
2011 Apr 25 15:30:35.472721 fex: Cardinfo: Unknown card id to get (132)
2011 Apr 25 15:30:35.472753 fex: Reg resp: Failed to get card info for swcardid 132
2011 Apr 25 15:30:41.495302 fex: Cardinfo: Unknown card id to get (132)
I'm still doing some more searching which so far hasn't turned up much, wanted to see if anyone has some other insight??
Thanks!Hi Jack -
Thanks for the response. Unfortunately, yes that is already complete. I was hoping that would be an easy fix. When we upgraded to 5.1(2) we did the 5.1 EPLD. I ran the install all impact command noted below for the 5.1 EPLD just to make sure it didn't report anything else as needing upgrade.
sho install all impact epld bootflash:n7000-s1-epld.5.1.1.img
Compatibility check:
Module Type Upgradable Impact Reason
1 LC Yes disruptive Module Upgradable
2 LC Yes disruptive Module Upgradable
5 SUP Yes disruptive Module Upgradable
1 Xbar Yes disruptive Module Upgradable
2 Xbar Yes disruptive Module Upgradable
3 Xbar Yes disruptive Module Upgradable
1 FAN Yes disruptive Module Upgradable
2 FAN Yes disruptive Module Upgradable
3 FAN Yes disruptive Module Upgradable
4 FAN Yes disruptive Module Upgradable
Copy complete, now saving to disk (please wait)...
Retrieving EPLD versions... Please wait.
Images will be upgraded according to following table:
Module Type EPLD Running-Version New-Version Upg-Required
1 LC Power Manager 4.008 4.008 No
1 LC IO 1.006 1.006 No
1 LC Forwarding Engine 1.006 1.006 No
1 LC SFP 1.004 1.004 No
2 LC Power Manager 4.008 4.008 No
2 LC IO 1.016 1.016 No
2 LC Forwarding Engine 1.006 1.006 No
2 LC FE Bridge(1) 186.006 186.006 No
2 LC FE Bridge(2) 186.006 186.006 No
2 LC Linksec Engine(1) 2.006 2.006 No
2 LC Linksec Engine(2) 2.006 2.006 No
2 LC Linksec Engine(3) 2.006 2.006 No
2 LC Linksec Engine(4) 2.006 2.006 No
2 LC Linksec Engine(5) 2.006 2.006 No
2 LC Linksec Engine(6) 2.006 2.006 No
2 LC Linksec Engine(7) 2.006 2.006 No
2 LC Linksec Engine(8) 2.006 2.006 No
5 SUP Power Manager 3.009 3.009 No
5 SUP IO 3.028 3.028 No
5 SUP Inband 1.008 1.008 No
5 SUP Local Bus CPLD 3.000 3.000 No
5 SUP CMP CPLD 6.000 6.000 No
1 Xbar Power Manager 2.010 2.010 No
2 Xbar Power Manager 2.010 2.010 No
3 Xbar Power Manager 2.010 2.010 No
1 FAN Fan Controller (1) 0.007 0.007 No
1 FAN Fan Controller (2) 0.007 0.007 No
2 FAN Fan Controller (1) 0.007 0.007 No
2 FAN Fan Controller (2) 0.007 0.007 No
3 FAN Fan Controller (1) 0.007 0.007 No
3 FAN Fan Controller (2) 0.007 0.007 No
4 FAN Fan Controller (1) 0.007 0.007 No
4 FAN Fan Controller (2) 0.007 0.007 No -
Hi all.
The problem.
Today I updated my Nexus 7010 sup1 from 6.1.4a to 6.2.8.
I want did it in ISSU mode, but after impact check I got this:
Compatibility check is done:
Module bootable Impact Install-type Reason
1 yes non-disruptive rolling
2 yes non-disruptive rolling
3 yes non-disruptive rolling
4 yes non-disruptive rolling
5 yes disruptive reset Some LACP ports not in steady state or operating in 'rate fast' mode.
6 yes disruptive reset Some LACP ports not in steady state or operating in 'rate fast' mode.
7 yes non-disruptive rolling
8 yes non-disruptive rolling
9 yes non-disruptive rolling
10 yes non-disruptive rolling
Additional info for this installation:
Service "lacp" in vdc 1: LACP: Upgrade will be disruptive as 6 switch ports and 0 fex ports are not upgrade ready!!
Issue the "show lacp issu-impact" cli for more details.
(modified the impact to <Hitful> for module <6>)
Do you want to continue with the installation (y/n)? [n] y
I went on with yes and update script reboot both sups after updated all modules.
It was quite a surprise for me (yes I know I must see word "disruptive" opposite my sups 5 and 6). Because I already had done two ISSU updates on two nexuses (from 5.1.* ->5.2.7 and 5.2.7 -> 6.1.4a) and didn`t have any trouble with LACP timers. Is it a new feature of the 6.* train?
I have another Nexus that I want to update. And it also has same problem with LACP timers.
show install all impact give me the same disruptive result because of LACP.
Can I somehow suppress such ISSU behavior? In case of LACP. I don`t have vPC, just ordinal PC.
It is a way better if some LACP interfaces flap in process, than an almost 14 minutes of all 7010 chassis reboot that I had.
Although problem with LACP timers is that they must be the same on the switch side and on the other side. And in case of switches, linux boxes or HP VCs changing LACP timers isn`t a big problem. IT is a biggg problem in case of the Windows Server.
sh lacp interface ethernet 8/13
Interface Ethernet8/13 is up
Channel group is 13 port channel is Po13
Local Port: Eth8/13 MAC Address= 40-55-39-23-1e-c1
System Identifier=0x8000, Port Identifier=0x8000,0x80d
Operational key=12
LACP_Activity=active
LACP_Timeout=Long Timeout (30s)
Neighbor: 0x1
MAC Address= ac-16-2d-a4-f2-54
System Identifier=0xffff, Port Identifier=0xff,0x1
Operational key=17
LACP_Activity=active
LACP_Timeout=short Timeout (1s)
They must be the same and equal 30s for successful ISSUYou probably need to dig a little deeper to get a definitive answer (sup1 or 2, type of cards, etc..) but here is a diagram in the release notes for 6.1 found here:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/release/notes/61_nx-os_release_note.html
If this posts answers your question or is helpful, please consider rating it and/or marking as answered. -
In reviewing the Cisco Licensing Guide, there is a license part number for MPLS on the Nexus 7010. Part Number is N7K-MPLS1K9. Is there a corresponding part number for the Nexus 7710?
For the benefit of others, here is what we found. The N7K was hitting the bug CSCtg95381.
Symptom
Nexus 7000 may punt traffic to CPU; so that the traffic may experience random delay or drop.
Further looking, ARP is learned and FIB adjacency is in FIB adjacency table.
Conditions
The problem is caused by race condition. Some hosts have not responded to the ARP refresh sent by
N7k which in turn trigger to delete ARP entry due to expiry. As a result the route delete notification is
sent to URIB from the process. However there is still traffic coming to given IP address as a result the next packet that hit glean resulting in triggering ARP and hope ARP is learnt from the host this time.
Workaround
(s):
Clear ip route < host>.
Not totally explains why it was working for certain client-server combination but yet the workaround is holding well for end-points when implemented.
There would be no host route for the destination server in the adjacency manager on N7K-01. The only thing thats there is the subnet route pointing towards the vlan gateway address. Implementing the work-around, a new /32 route can now be seen in the adjacency manager for the server.
The bug is fixed in releases starting 5.1(5). Planning to upgrade to 5.2(3a).
Regards, Rashid. -
I need to restrict management to ssh on Nexus 7010.
I need to turn off or restrict ssl.
or upgrade to a newer version of OpensslYou can restrict access with ACL. Or turn off SSH completely. But you can't install any SSL version you want since the NX-OS is not a regular Linux box.
HTH,
jerry -
Critical Alarm for Nexus 7010 device
Hi Team,
We are getting Critical Alarm for the Data center device Nexus 7010 continuously from 28-Oct.
error (device hde1) in start_transaction: Journal has aborted - kernel
2012 Oct 29 10:00:18.227 DC-Core-Switch2 29 10:00:18 %KERN-2-SYSTEM_MSG: EXT3-fs
error (device hde1) in start_transaction: Journal has aborted - kernel
2012 Oct 29 10:28:37.497 DC-Core-Switch2 29 10:28:37 %KERN-2-SYSTEM_MSG: EXT3-fs
error (device hde1) in start_transaction: Journal has aborted - kernel
2012 Oct 29 10:28:42.398 DC-Core-Switch2 29 10:28:42 %KERN-2-SYSTEM_MSG: EXT3-fs
Also attaching the complete logs collected for this device and suggest if there is any Hardware related issue or some Software related issue.
Regards,
AshutoshHello
hde1 is the logflash device. Looks like there were IO errors and the kernel mounted the fs read-only. You can try to reload the device and if logflash will come back up fine after the reload, its a transient issue; if the issue comes back, the logflash device most likely is damaged bad and needs to be replaced. You will need to open a service request with TAC to get it replaced.
HTH,
Alex -
Nexus 7010 bgp state change alert not triggered to NNM
Hi ,
BGP state change alert not triggered to NNM on Nexus -7010 for Monitoring.
Details of the Device:
Nexus 7010 :
Software
BIOS: version 3.22.0
kickstart: version 5.1(3)
system: version 5.1(3)
BGP neighbor status :
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.1.2 4 65505 5089234 5194515 51359 0 0 6w2d 391
172.16.1.3 4 65505 5044293 5146859 51359 0 0 30w4d 378
172.31.11.3 4 15404 120744 114811 51359 0 0 1w6d 1
172.31.42.3 4 65501 5261796 5264413 51359 0 0 2d06h 0
Snmp trap enabled:
snmp-server user admin network-admin auth md5 0x690c4ede8a88ba7f2de791dbe7a77f0a
priv 0x690c4ede8a88ba7f2de791dbe7a77f0a localizedkey
snmp-server host 172.30.0.55 traps version 2c xxxx
snmp-server enable traps bgp
Downloaded cisco-bgp4-mib version, bgp4-mib tried and performed snmpwalk as given below
nnmsnmpwalk.ovpl -c xxx 172.31.15.130 .1.3.6.1.4.1.9.9.187.0.6
Error : No MIB objects contained under subtree
nnmsnmpwalk.ovpl -v 2 -c xxx 172.31.15.130 .1.3.6.1.2.1.15.3.
No MIB objects contained under subtree
Kindly advise to resolve the issue
Regards
HariYou can set an alert for Warning State. This is feasible.
Juke Chou
TechNet Community Support -
Question about Nexus 7010.
Hello everybody,
Just a quick question, how do you restore a running-config (or a Nexus .bin file) to a Nexus 7010. Is it thesame process as the IOS base scenario. Please explain and help. Thank you in advance.
--chieCopy tftp: running-config should work. See below there are other options as well.
NX7K02-agg# copy ?
bootflash: Select source filesystem
core: Select source filesystem
debug: Select source filesystem
ftp: Select source filesystem
log: Select source filesystem
logflash: Select source filesystem
nvram: Select source filesystem
running-config Copy running configuration to destination
scp: Select source filesystem
sftp: Select source filesystem
slot0: Select source filesystem
startup-config Copy startup configuration to destination
system: Select source filesystem
tftp: Select source filesystem
usb1: Select source filesystem
usb2: Select source filesystem
volatile: Select source filesystem
NX7K02-agg# copy tftp: ?
bootflash: Select destination filesystem
debug: Select destination filesystem
log: Select destination filesystem
logflash: Select destination filesystem
nvram: Select destination filesystem
running-config Copy from source to running configuration
slot0: Select destination filesystem
startup-config Copy from source to startup configuration
system: Select destination filesystem
usb1: Select destination filesystem
usb2: Select destination filesystem
volatile: Select destination filesystem
NX7K02-agg# copy tftp: running-config -
MGTM0 Interface only in Admin VDC in Nexus 7010
Hi guys,
I created two new VDCs in a Nexus 7010 (NX-OS 6.2.6) and I can see the MGTM0 interface only in the Admin VDC
I wanted to see the MGTM0 in all VDCs.
Does someone get this problem too ?
My Best Regards,
Andre Gustavo LomonacoHi Reza,
Thanks for your reply.
If the user run the setup wizard, the interface mgtm0 will be created in VDC.
If the user don't run the setup wizard, the interface mgtm0 will not be created and you will need
to only use the interface mgtm 0 command to create the interface.
Thanks a lot -
How to do routing on N7K-F248XP-25E (Nexus 7010) ?
Hi all,
Please educate me the following scenario : I have Nexus 7010 with 2 L3 modules, N7K-M132XP-12L and N7K-M148GT-11L. Now to increase more ports for end devices, I add in the module N7K-F248XP-25E and believe it's for Layer 2 switching only. Is there a way to do routing on these L2 modules without having to go to the L3 modules ? Thanks for all help.Is there a way to do routing on these L2 modules without having to go to the L3 modules ?
No. If you have an M1/M2 card and routing is enabled, the F2E card will "step down" and do Layer 2 work. All Layer 3 work will be done by the M1/M2 card. -
Data Center Hall Temperature for Cisco Nexus 7010
Hi,
I Have a Nexus 7010 that sometimes raise an alarm about temperature thresholds that are being exceeded.... I was wondering if Cisco has a recommendation (or best practice) about the correct temperature that the Nexus need in the cold and hot hall of the data room. I know that the operative temperature of nexus is 0 - 40°C but i´m not sure if my halls are in the best temperature.Hi Salvador,
As long as you keep your Data Center environment in this operative range your N7K will be fine.
The usual is around 18°C and 24°C.
Richard -
Hi,
Can any one please let me know how to enable http/https access on cisco nexus 7010
Regards
Asif NaveedFollowing objects from conventional CISCO-PROCESS-MIB provides you details on CPU on devices:
cpmCPUTotal5secRev 1.3.6.1.4.1.9.9.109.1.1.1.1.6
cpmCPUTotal1minRev 1.3.6.1.4.1.9.9.109.1.1.1.1.7
cpmCPUTotal5minRev 1.3.6.1.4.1.9.9.109.1.1.1.1.8
Following document will be helpful as well:
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a94.shtml
As many MIBs are not completely implemented on NX-OS so there is one more MIB which can help, i.e CISCO-SYSTEM-EXT-MIB :
cseSysCPUUtilization(1.3.6.1.4.1.9.9.305.1.1.1)
Unlike the averaged values from CISCO-PROCESS-MIB, cseSysCPUUtilization returns an un-smoothed value and typically shows more erratic results. It only shares the the average utilization of CPU on the active supervisor. So usually it is recommended to use the CISCO-PROCESS-MIB, ie. cpmCPUTotal5secRev instead.
-Thanks
Vinod
**Rating Encourages contributors, and its really free. ** -
Nexus 7010 mgmt0 useage opinion
As a Senior Network Engineer I have entered into a bit of a debate with our Architect about the use of the mgmt0 interfaces on the nexus 7010 switch (dual-sups, M2 and F2 linecards).
I would like to know opinion of the Cisco support network.
I believe the mgmt0 interface should left alone for control plane traffic only and Out Of Band management access (ie ssh). At the moment I have made a subnet for all VDCs with the mgmt0 (vrf management) sitting in a common subnet. The physical mgmt0 interfaces from both SUPs are connected a management hand off switch. The mgmt0s also serves as our control plane for VPCs. The VPC peer-link however is using main interfaces of the line-cards.
The opinions;
- The Architect thinks we should use all the mgmt0 interfaces for snmp, ntp, tacacs netflow-analysis and switch management.
- However, I think I should use a traditional Loopback to perform these functions within the linecards. The mgmt0 should only be used if traditional restricted switch access has failed.
My Basis;
the Loopback never goes down, uses multiple paths (the OOB hand off switch could fail closing switch management access completely). The mgmt0 should be used as a last resort of management access to CMP.
Thoughts please - CheersI see your point about wanting to mitigate the impact of losing the OOB switch. I don't think the mgmt0 interface going down is considered the level of failure that will trigger a Supervisor switchover though. That's the way I read the Nexus 7000 HA whitepaper (and what I've seen based on some limited experience with taking apart a 7k pair).
So, no the 7k can't send you an SNMP trap or syslog message if it's configured management path is offline. Mitigation of that could be via your NMS polling the devices's mgmt0 addresses. No response = trouble in paradise. Investigation step would be to log into the 7ks using the loopback IP and local authentication since your TACACS source-interface (mgmt0) is offline and going from there.
The handful I've built (mostly 5k setups) I go for a Cat 3k switch with dual power supplies as the OOB switch. Once one of those is setup and seen not to be DOA, it's generally going to stay up until someone goes in and uplugs it or initiates a system reload.
Maybe you are looking for
-
Two Delivery dates in Sale Order against one item
Dear All I need two delivery dates in sale order. one is default at the time of creation sale order. second i need actual delivery date which will be confirmed by production planning department after analysis the order whether material can be ready o
-
Connect Fios to Cat5e home network AND Coax connections?
My Verizon fios system was recently installed. My home is wired for a Cat5e home network and standard Coax in all rooms. The fios system is currently connected to the Coax connections and the TVs and Fios router all work fine. Problem is that I wo
-
I can't add files into the library!
For some reason i cannot add files or maps in the music library of itunes, when i click "add a file to the library" and i choose a music file(for example .mp3 or .m4a) it just doesn't show in the library so i cannot play anything in this program, i t
-
Recent photostream photos not in iphoto
I've had iCloud for some time; I have Photostream enabled for iPhoto. Up until last week all was fine. Tonight I opened iPhoto on my Macbook & saw that photos taken today, and the past three days, had not been imported into Photostream on the Macbook
-
is there anyone know how to convert the idwt(inverse discrete wavelet transform) output in to 2d array?. plz reply its urgent for my final year project