NX-OS ( n7000-s1-dk9.5.1.3.bin ) BASH VULNERABILITY - CVE-2014-6271 and CVE-2014-7169
Hi ,
Nexus 7000 evaluation for CVE-2014-6271 and CVE-2014-7169 , I am referring below link to check for NX OS - n7000-s1-dk9.5.1.3.bin
https://tools.cisco.com/bugsearch/bug/CSCur04856
5.1.3 is not mentioned in the affected list.Need help to know if 5.1 is affected with BASH Vulnerability .
Thanks for help in advance .
The concern with the bash shell is that services MAY be setup to run as
users which use those shells, and therefore be able to have things
injected into those shells. Nothing on NetWare uses bash by default,
because NetWare is not anything like Linux/Unix in its use of shells.
Sure, you can load bash for fun and profit on NetWare, but unless you
explicitly request it the bash.nlm file is never used. On NetWare I do
not think it is even possible to have any normal non-Bash environment
variable somehow be exported/inherited into a bash shell, though I've
never tried.
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
Similar Messages
-
Nexus 7010 - SUP 1- CMP No response
Hi Everyone.
i have two Nexus devices, last week i upgraded from NXOS 6.03 to 6.1(5a), but when the device had done, i saw the CMP module no response status in on SUP.
Here is output in two devices. Everyone have any idea about it.
SB-CORE-NX7010-001# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
Software
BIOS: version 3.22.0
kickstart: version 6.1(5a)
system: version 6.1(5a)
BIOS compile time: 02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.6.1.5a.bin
kickstart compile time: 12/25/2020 12:00:00 [10/06/2014 02:11:42]
system image file is: bootflash:///n7000-s1-dk9.6.1.5a.bin
system compile time: 10/3/2014 17:00:00 [10/06/2014 03:22:02]
Hardware
cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor module-1X")
Intel(R) Xeon(R) CPU with 4104300 kB of memory.
Processor Board ID JAF1304AGAQ
Device name: SB-CORE-NX7010-001
bootflash: 2030616 kB
slot0: 0 kB (expansion flash)
Kernel uptime is 1 day(s), 6 hour(s), 38 minute(s), 51 second(s)
Last reset
Reason: Unknown
System version: 6.1(5a)
Service:
plugin
Core Plugin, Ethernet Plugin
CMP (Module 5) ok
CMP Software
CMP BIOS version: 02.01.05
CMP Image version: 4.0(4) [build 4.0(4)]
CMP BIOS compile time: 7/13/2008 19:44:27
CMP Image compile time: 10/20/2008 12:00:00
CMP (Module 6) no response
SB-CORE-NX7010-001#
SB-CORE-NX7010-002# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
Software
BIOS: version 3.22.0
kickstart: version 6.1(5a)
system: version 6.1(5a)
BIOS compile time: 02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.6.1.5a.bin
kickstart compile time: 12/25/2020 12:00:00 [10/06/2014 02:11:42]
system image file is: bootflash:///n7000-s1-dk9.6.1.5a.bin
system compile time: 10/3/2014 17:00:00 [10/06/2014 03:22:02]
Hardware
cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor module-1X")
Intel(R) Xeon(R) CPU with 4104300 kB of memory.
Processor Board ID JAF1306AMTC
Device name: SB-CORE-NX7010-002
bootflash: 2030616 kB
slot0: 0 kB (expansion flash)
Kernel uptime is 1 day(s), 6 hour(s), 43 minute(s), 57 second(s)
Last reset at 566133 usecs after Sun Mar 22 03:39:09 2015
Reason: Reset triggered due to Switchover Request by User
System version: 6.1(5a)
Service:
plugin
Core Plugin, Ethernet Plugin
CMP (Module 5) ok
CMP Software
CMP BIOS version: 02.01.05
CMP Image version: 4.0(4) [build 4.0(4)]
CMP BIOS compile time: 7/13/2008 19:44:27
CMP Image compile time: 10/20/2008 12:00:00
CMP (Module 6) no response
SB-CORE-NX7010-002#did you upgrade CMP, because could be that with the new upgrade to nx-os not responde the CMP.
if you want you check verify that documentation in that link.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/hw/nexus7000/cmp/configuration/guide/n7cmp/n7cmp_configuring.html -
How to download MIB for NXOS or platform Nexus 7010 and Nexus 7004
Hello,
I need to monitor my Nexus 7004 and 7010 by my SNMP Agent, but I can't find the way to donload the required MIBs.
For information I'm running the folling images:
bootflash:///n7000-s2-dk9.6.2.6b.bin
bootflash:///n7000-s1-dk9.6.1.5.bin
By advance thanks for the support
GildasThe module you are running requires a minimum software version of 5.1.
You are currently running 5.0.3 which is why the module is not
recognized.
Below is a link that explains this:
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/data_s
heet_c78-605482.html
Product Specification
Table 3 lists the specifications for the Cisco Nexus 7000 32-Port 10 Gigabit Ethernet
Module with XL Option.
Table 3. Product Specifications
Item
Specifications
System
Product compatibility
Supported in all Cisco Nexus 7000 Series chassis
Software compatibility
Cisco NX-OS Software Release 5.1 or later (minimum requirement)
You would need to upgrade you software.
Hope this helps.
Regards
Muhammed M -
Nexus7009 Howto Install NON NPE NX-OS on NPE installed system
I bought 2 SUP2Es; they are factory installed with
Software
BIOS: version 2.11.0
kickstart: version 6.2(2)
system: version 6.2(2)
BIOS compile time: 01/09/2013
kickstart image file is: bootflash:///n7000-s2-kickstart-npe.6.2.2.bin
kickstart compile time: 7/9/2013 20:00:00 [08/14/2013 07:51:20]
system image file is: bootflash:///n7000-s2-dk9-npe.6.2.2.bin
system compile time: 7/9/2013 20:00:00 [08/14/2013 10:27:51]
I want to upgrade the system to NX-OS
6.2(2a )
n7000-s2-dk9.6.2.2a.bin
Using the following command I get an error message
switch# install all kickstart bootflash:n7000-s2-kickstart.6.2.2a.bin system bootflash:n7000-s2-dk9.6.2.2a.bin
Installer will perform compatibility check first. Please wait.
Verifying image bootflash:/n7000-s2-kickstart.6.2.2a.bin for boot variable "kickstart".
[####################] 100% -- SUCCESS
Verifying image bootflash:/n7000-s2-dk9.6.2.2a.bin for boot variable "system".
[# ] 0% -- FAIL.
Return code 0x40930077 (Install is not supported between NPE and non-NPE system image).
Pre-upgrade check failed. Return code 0x40930011 (Image verification failed).
HOW CAN I CHANGE TO NON NPE Softwareversion ?
Thanks in advance
ManfredHi Manfred,
Please try and change the boot variables, "copy run start" and reload the device. They are located toward the bottom of the configuration. Let me know if that resolves the situation.
Thanks
Ant -
Enabling FCoE on N7K-F132XP-15
I ran into a problem not being able to license FCoE on N7K-F132XP-15 module. I have the license file installed properly, but still getting "
ERROR: Cannot obtain license, line card is not supported". It seems the problem is with version of HW on this particular module 1.0. Anyone has experience with this ?
switch(config)# show module
Mod Ports Module-Type Model Status
1 32 10 Gbps Ethernet Module N7K-M132XP-12 ok
2 32 1/10 Gbps Ethernet Module N7K-F132XP-15 ok
5 0 Supervisor module-1X N7K-SUP1 active *
Mod Sw Hw
1 6.0(4) 1.8
2 6.0(4) 1.0
5 6.0(4) 1.4
Mod MAC-Address(es) Serial-Num
1 d0-d0-fd-f1-5d-00 to d0-d0-fd-f1-5d-24 JAF1429CJCR
2 f8-66-f2-e4-d5-4c to f8-66-f2-e4-d5-90 JAF1704BFTD
5 00-24-f7-1d-c3-08 to 00-24-f7-1d-c3-10 JAF1317BDBF
Mod Online Diag Status
1 Pass
2 Pass
==================================================================================
switch(config)# show license usage
Feature Ins Lic Status Expiry Date Comments
Count
MPLS_PKG No - Unused -
STORAGE-ENT No - Unused -
ENTERPRISE_PKG No - Unused -
FCOE-N7K-F132XP Yes 1 Unused 30 Jan 2014 -
ENHANCED_LAYER2_PKG No - Unused -
SCALABLE_SERVICES_PKG No - Unused -
TRANSPORT_SERVICES_PKG No - Unused -
LAN_ADVANCED_SERVICES_PKG Yes - Unused Never license missing
LAN_ENTERPRISE_SERVICES_PKG Yes - Unused Never license missing
=======================================================================================
switch(config)# install feature-set fcoe
feature set is installed already(0x40aa0011)
switch(config)# li
license line
switch(config)# license fcoe module 2
ERROR: Cannot obtain license, line card is not supported
switch(config)#Padma, I think you solved the problem. The "license fcoe module 2 force" took affect (see output below). The "force" option is hidden, so I didn't make that guess on my own. I hope from here on the card should be able to handle FCoE configuration. If you know of any other pitfalls with this particular hardware revision, please share.
n7k# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_serie
s_home.html
Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
Software
BIOS: version 3.22.0
kickstart: version 6.0(4)
system: version 6.0(4)
BIOS compile time: 02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.6.0.4.bin
kickstart compile time: 12/25/2020 12:00:00 [06/22/2012 19:26:16]
system image file is: bootflash:///n7000-s1-dk9.6.0.4.bin
system compile time: 6/6/2012 18:00:00 [06/22/2012 21:03:20]
Hardware
cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor module-1X")
Intel(R) Xeon(R) CPU with 8245320 kB of memory.
Processor Board ID JAF1330AHKM
Device name: n7k
bootflash: 2030616 kB
slot0: 2075246 kB (expansion flash)
Kernel uptime is 0 day(s), 1 hour(s), 36 minute(s), 46 second(s)
Last reset
Reason: Unknown
System version: 6.0(4)
Service:
plugin
Core Plugin, Ethernet Plugin
CMP (Module 5) ok
CMP Software
CMP BIOS version: 02.01.05
CMP Image version: 5.1(1) [build 5.0(0.66)]
CMP BIOS compile time: 7/13/2008 19:44:27
CMP Image compile time: 11/29/2010 12:00:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
n7k# attach module 2
module-2# show hardware internal dev-version
Name InstanceNum Version
Orion Fwding Driver 1 3.0
Orion Fwding Driver 2 3.0
Orion Fwding Driver 3 3.0
Orion Fwding Driver 4 3.0
Orion Fwding Driver 5 3.0
Orion Fwding Driver 6 3.0
Orion Fwding Driver 7 3.0
Orion Fwding Driver 8 3.0
Orion Fwding Driver 9 3.0
Orion Fwding Driver 10 3.0
Orion Fwding Driver 11 3.0
Orion Fwding Driver 12 3.0
Orion Fwding Driver 13 3.0
Orion Fwding Driver 14 3.0
Orion Fwding Driver 15 3.0
Orion Fwding Driver 16 3.0
PHY 1 56778642.1291
PHY 2 56778642.1291
PHY 3 56778642.1291
PHY 4 56778642.1291
PHY 5 56778642.1291
PHY 6 56778642.1291
PHY 7 56778642.1291
PHY 8 56778642.1291
PHY 9 56778642.1291
PHY 10 56778642.1291
PHY 11 56778642.1291
PHY 12 56778642.1291
PHY 13 56778642.1291
PHY 14 56778642.1291
PHY 15 56778642.1291
PHY 16 56778642.1291
Santa-Cruz-Module 1 0.4
Santa-Cruz-Module 2 0.4
Falcon 1 2.0
IO FPGA 1 0.045
PM FPGA 1 1.001
BIOS version v1.10.17(04/25/11)
Alternate BIOS version v1.10.17(04/25/11)
module-2#
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
n7k(config)# license fcoe module 2
ERROR: Cannot obtain license, line card is not supported
n7k(config)# license fcoe module 2 force
n7k(config)# show license usage
Feature Ins Lic Status Expiry Date Comments
Count
MPLS_PKG No - Unused -
STORAGE-ENT No - Unused Grace 119D 23H
ENTERPRISE_PKG No - Unused Grace 119D 22H
FCOE-N7K-F132XP No 0 Rsrved Grace 81D 3H
ENHANCED_LAYER2_PKG Yes - In use Never license missing
SCALABLE_SERVICES_PKG No - Unused -
TRANSPORT_SERVICES_PKG Yes - Unused Never license missing
LAN_ADVANCED_SERVICES_PKG Yes - In use Never license missing
LAN_ENTERPRISE_SERVICES_PKG Yes - Unused Never license missing -
N7K Can´t add or remove Layer 2 Vlans
Hello,
we have a vpc domain of 2 N7K with each with 2 N7K-SUP1 . When i want to add a vlan i´get the following message. It happens only at one of the N7K.
Switch(config)# vlan 1408
Service not responding
Any idea?
Regards HorstHi Madhu
system image file is: bootflash:///n7000-s1-dk9.6.2.10.bin
Switch# sh mac address-table dynamic | in 1308
* 1308 0026.982e.9543 dynamic ~~~ F F Po20
* 1308 18ef.63e6.6cc3 dynamic ~~~ F F Po20
* 1308 a229.0000.0194 dynamic ~~~ F F Po137 -
Nexus 7009: Downgrading from 6.2.1 to 5.2.9
Hello!
When i try to downgrade a N7009 from 6.2.1 to 5.2.9, i got htis error
switch# show install all impact kickstart n7000-s1-kickstart.5.2.9.bin system n7000-s1-dk9.5.2.9.bin
Installer will perform impact only check. Please wait.
Verifying image bootflash:/n7000-s1-kickstart.5.2.9.bin for boot variable "kickstart".
[# ] 0% -- FAIL.
Return code 0x40450030 (Digital signature verification failed).
Pre-upgrade check failed. Return code 0x40930011 (Image verification failed).
Still the MD5 checksum from both files are absolutely identical! Need you help.
DavidHi David,
Is NX-OS 6.2(1) the correct version? The reason I ask this is because as far as I'm aware this release is not officially available at this time. I've just checked again and there are no release notes or download option for NX-OS 6.2 on CCO currently.
Assuming you've not made a typo in the release you're trying to downgrade from, the best advice I can offer at this point would be to attempt a multistep downgrade to either NX-OS 6.1 or 6.0 first. It may be that a single step downgrade from NX-OS 6.2 to 5.2 is not a supported option, but as there's no documentation for NX-OS 6.2 at this time we don't know.
At least if you can get to either a 6.1 or 6.0 release, then when you attempt the downgrade to NX-OS 5.2 it'll be one shown as supported.
Regards -
Hi
We are having 2 nexus switches configured in the network as core with HSRP configured between them..The access switches are connected withdual 10G links to both core switches with VPC configured in Nexus..In both core switches 10G module is used for uplink termination..In one of the core switch for this 10 G module we get the follwoing error
Module-1 reported minor temperature alarm. Sensor=20 Temperature=101 MinThreshold=100 2011 Dec 22 08:10:19 CORE-SEC %PLATFORM-2-MOD_TEMPOK:
Module-1 recovered from minor temperature alarm. Sensor=20 Temperature=99 MinThreshold=100 even though the room temprature is 23 Degree still we get this error wherein as per the nexus documenation allowed room temparature is 0-40 Degree (Operating temperature: 32º to 104ºF (0º to 40ºC) `
show module`
Mod Ports Module-Type Model Status
1 8 10 Gbps Ethernet XL Module N7K-M108X2-12L ok
2 32 1/10 Gbps Ethernet Module N7K-F132XP-15 ok
3 48 10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L ok
5 0 Supervisor module-1X N7K-SUP1 active *
As per the nexus module documentation for module1 the allwed temparature is 0-40degree wherein the actual room temparatue is 23degree..below is the exception message for module1
exception information --- exception instance 1 ----
Module Slot Number: 1
Device Id : 49
Device Name : Temperature-sensor
Device Errorcode : 0xc3114203
Device ID : 49 (0x31)
Device Instance : 20 (0x14)
Dev Type (HW/SW) : 02 (0x02)
ErrNum (devInfo) : 03 (0x03)
System Errorcode : 0x4038001e Module recovered from minor temperature alarm
Error Type : Minor error
PhyPortLayer :
Port(s) Affected :
DSAP : 39 (0x27)
UUID : 24 (0x18
Same module exists in second Nexus 7000 which is in same datacenter but not getting this alarm..
can anyone please suggest on the same..Software details are as below
Software
BIOS: version 3.22.0
kickstart: version 5.1(3)
system: version 5.1(3)
BIOS compile time: 02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.5.1.3.bin
kickstart compile time: 12/25/2020 12:00:00 [03/11/2011 07:42:56]
system image file is: bootflash:///n7000-s1-dk9.5.1.3.bin
system compile time: 1/21/2011 19:00:00 [03/11/2011 08:37:35]Hi Sameer
Temperature alarm means that one particular sensor on the linecard warms up to 101 degree.
This can be caused by damaged sensor or problems with cooling in that particular part of chassis.
You can check temperature on the module using following command:
show environment temperature module 1
Tru to move the module to another slot. If the issue reoccure - open a TAC case.
HTH,
Alex -
Hello
I have a doubt, I need to know if is necessary upgrade NX-OS, I have a Nexus 7010 with ios n7000-s1-dk9.4.2.4.bin, I don't have access to use bug toolkit,
Someone can I tell me if is there a bug in IOS n7000-s1-dk9.4.2.4.bin?
thanksWhile every customer's environment is impacted differently, several are known to exist in 4.2(4).
4.2(6) is the minimum preferred release in the 4.2 train though you may wish to consider a 5.x or 6.x release for additional features and patches. Please consult the Release Notes for specific defect & feature information. -
Cisco nexus 5020 OS upgrade failed.
Hi All,
I have cisco 5020 nexus switch which is currently running with
kickstart: version 4.0(0)N1(2)
system: version 4.0(0)N1(2)
I want to upgrade for
kickstart: version 4.2(1)N2(1)
system: version 4.2(1)N2(1)
i believe it requires chain upgrade , hence i tried going for immediate next versions and also tried required version
4.0.1a.N2.1
4.0.1a.N1.1a
4.2.1.N2.1
But whenever i upload images and verify by giving
show install all impact kickstart bootflash:n5000-uk9-kickstaart.4.0.1a.N1.1a.bin system bootflash:n5000-uk9.4.0.1a.N1.1a.bin
i get the following error.
Verifying image bootflash:/n5000-uk9-kickstart.4.0.1a.N1.1a.bin for boot variabl
e "kickstart".
[# ] 0%[####################] 100% -- SUCCESS
Verifying image bootflash:/n5000-uk9.4.0.1a.N1.1a.bin for boot variable "system"
[# ] 0%[####################] 100% -- SUCCESS
Verifying image package type.
[# ] 0%[##### ] 20%[####################] 100% -- SUCCESS
Extracting "system" version from image bootflash:/n5000-uk9.4.0.1a.N1.1a.bin.
[# ] 0%[# ] 0% -- FAIL. Return code 0x404F0003 (SRG file not presen
t/cannot be opened).
Version Compatibility check failed. Return code 0x40930012 (SRG extraction failed).
Please help in getting this issue solve.
Thanks,
AtifI get this:
show install all impact kickstart bootflash:n7000-s1-kickstart.5.2.7.bin system bootflash:n7000-s1-dk9.5.2.7.bin
Verifying image bootflash:/n7000-s1-kickstart.5.2.7.bin for boot variable "kickstart".
[####################] 100% -- SUCCESS
Verifying image bootflash:/n7000-s1-dk9.5.2.7.bin for boot variable "system".
[####################] 100% -- SUCCESS
Verifying image type.
[####################] 100% -- SUCCESS
Extracting "lc1n7k" version from image bootflash:/n7000-s1-dk9.5.2.7.bin.
[# ] 0% -- FAIL. Return code 0x404F0003 (SRG file not present/cannot be opened).
Extracting "lc1n7k" version from image bootflash:/n7000-s1-dk9.5.2.7.bin.
[# ] 0% -- FAIL. Return code 0x404F0003 (SRG file not present/cannot be opened).
Extracting "bios" version from image bootflash:/n7000-s1-dk9.5.2.7.bin.
[####################] 100% -- SUCCESS
Extracting "lc1n7k" version from image bootflash:/n7000-s1-dk9.5.2.7.bin.
[# ] 0% -- FAIL. Return code 0x404F0003 (SRG file not present/cannot be opened).
Extracting "lc1n7k" version from image bootflash:/n7000-s1-dk9.5.2.7.bin.
[# ] 0% -- FAIL. Return code 0x404F0003 (SRG file not present/cannot be opened).
Extracting "system" version from image bootflash:/n7000-s1-dk9.5.2.7.bin.
[# ] 0% -- FAIL. Return code 0x404F0003 (SRG file not present/cannot be opened).
Extracting "kickstart" version from image bootflash:/n7000-s1-kickstart.5.2.7.bin.
[####################] 100% -- SUCCESS
Extracting "system" version from image bootflash:/n7000-s1-dk9.5.2.7.bin.
[# ] 0% -- FAIL. Return code 0x404F0003 (SRG file not present/cannot be opened).
Pre-Upgrade check failed. Return code 0x40930012 (SRG extraction failed).
A show version:
Software
BIOS: version 3.22.0
kickstart: version 5.1(1a)
system: version 5.1(1a)
BIOS compile time: 02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.5.1.1a.bin
kickstart compile time: 12/25/2020 12:00:00 [11/05/2010 00:14:37]
system image file is: bootflash:///n7000-s1-dk9.5.1.1a.bin
system compile time: 11/4/2010 11:00:00 [11/05/2010 01:25:15]
Thanks in advance -
Multicast: duplicated packets on nexus 7k with vpc and HSRP
Hi guys,
I'm testing multicast deployment on the lab shown below. The sender and the receiver are connected to the 6500 in two different vlans. The sender is in vlan 23 and the reciever in vlan 500. They are connected to the 6500 with a trunk link. There is VPc between the two nexus 7k and the 6500.
Furthermore, there is HSRP running on the two vlan interface 23 and 500 on both nexus.
I have configured the minimum to use PIM-SM with static RP. The RP is the 3750 above the nexus. (*,G) and (S,G) states are created correctly.
IGMP snopping is enabled on 6500, and the two nexus.
I'm using iperf to generate my flow, and netflow and snmp to monitor what happens.
All works correctly, my receiver receive the flow and it takes the good route. My problem is that I have four times more multicast traffic on the vlan interface 500 on both nexus but this traffic is only sent one time to the receiver (which is the good comportment) and the rest of the traffic is not shown on any other physical interface in outbound.
Indeed, I'm sending one flow, the two nexus receive it (one from peer link and the other from the 6500) in the vlan 23 (for example 25 packets inbound).
But when the flow is routed in the vlan 500, there is 100 packets on each interface vlan 500 on each nexus in outbound.
And when monitoring all physical interfaces, I only see 25 packets outbound on the interface linked with the receiver and the overflow isn't outgone.
I have joined the graphs I obtain on one of the nexus for the vlan 23 and the vlan 500. Netflow says the same things in bits/s.
Had someone already seen that? Any idea about the duplication of the packets?
Thanks for any comment,
Regards,
Configuration:
Nexus 1: n7000-s1-dk9.5.2.7.bin, 2 SUP1, 1 N7K-M132XP-12, 1 N7K-M148GS-11
Nexus 2: n7000-s1-dk9.5.2.7.bin, 2 SUP1, 1 N7K-M132XP-12, 1 N7K-M148GS-11
6500: s72033-adventerprisek9_wan-mz.122-33.SXI5.bin (12.2(33)SXI5)
3750: c3750-ipservicesk9-mz.122-50.SE5.bin (12.2(50)SE5)Hi Kuldeep,
If you intend to put those routers on a non-vpc vlan, you may create a new inter-switch trunk between the N7K and allow that non-vpc vlan . However if those will be on a VPC vlan, best to create two links to the N7K pair and create a VPC, otherwise configure those ports as orphan ports which will leverage the VPC peer link .
HTH
Jay Ocampo -
Does the F2 linecard (N7k-F248XP-25) on Nexus 7010 support Layer 3?
Hi All,
I am sure that F1 linecards on Nexus weren’t able to support L3 functionality, so my query is does the F2 linecard (N7k-F248XP-25) on Nexus 7010 support Layer 3?
Regards,
MayankHi, Im know that this is resolved but i have a f2e Card
Model: N7K-F248XP-25E
Type (SFP capable): 1000base-SX
and i can not configure an interface as l3
NX7K-1-VDC-3T-S1-L3FP(config)# interface ethernet 7/2
NX7K-1-VDC-3T-S1-L3FP(config-if)# no switchport
ERROR: Ethernet7/2: requested config change not allowed
whats the problem??
Software
BIOS: version 2.12.0
kickstart: version 6.2(2)
system: version 6.2(2)
BIOS compile time: 05/29/2013
kickstart image file is: bootflash:///n7000-s2-kickstart-npe.6.2.2.bin
kickstart compile time: 7/9/2013 20:00:00 [08/22/2013 04:51:27]
system image file is: bootflash:///n7000-s2-dk9.6.2.2.bin
system compile time: 7/9/2013 20:00:00 [08/22/2013 08:07:03]
Hardware
cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor Module-2")
Intel(R) Xeon(R) CPU with 12224956 kB of memory. -
Hi,
I have a problem with high CPU on Nexus 7010
DC_Core_SW1# sh system resources
Load average: 1 minute: 2.59 5 minutes: 2.46 15 minutes: 2.23
Processes : 1085 total, 6 running
CPU states : 0.0% user, 100.0% kernel, 0.0% idle
Memory usage: 8254672K total, 3327920K used, 4926752K free
Current memory status: OK
oftware
BIOS: version 3.22.0
kickstart: version 5.2(7)
system: version 5.2(7)
BIOS compile time: 02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.5.2.7.bin
kickstart compile time: 12/25/2020 12:00:00 [09/17/2012 00:00:14]
system image file is: bootflash:///n7000-s1-dk9.5.2.7.bin
system compile time: 8/17/2012 17:00:00 [09/17/2012 00:59:04]
Hardware
cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor module-1X")
Intel(R) Xeon(R) CPU with 8254672 kB of memory.
Processor Board ID XXXXXXX
Device name: DC_Core_SW1
bootflash: 2000880 kB
slot0: 2044854 kB (expansion flash)
It would be nice if someone can help me, it looks like a BUG
Best regars
GoceOr hardware issue :(
-
Nexus N7k 10 slot ISSU failure
Hi,
I am trying to ISSU upgrade our Nexus 7K 10 slot switch from 5.2.7 to 6.2.8a The ISSU has failed multiple times due to the Standby Supervisor failing to come back online with the message
Install has failed. Return code 0x4093001e (Standby failed to come online)
Please identify the cause of the failure, and try 'install all' again.
Start type: SRV_OPTION_RESTART_STATELESS (23)
Death reason: SYSMGR_DEATH_REASON_NEED_COPYRS (19)
Last heartbeat 0.00 secs ago
System image name: n7000-s1-dk9.6.2.8a.bin
System image version: 6.2(8a) S2
Exit code: SYSMGR_EXITCODE_NEED_COPYRS (66)
Has anyone else experienced this before and found a solution?, any suggestions are welcome at this stage. I've followed the ISSU guidelines to the core. Please help!!
thanks, SujohnHi,
Are you following these guide lines before attempting to upgrade?
efore attempting to use ISSU to upgrade to any software image version, follow these guidelines:
Scheduling Schedule the upgrade when your network is stable and steady. Ensure that everyone who has access to the device or the network is not configuring the device or the network during this time. You cannot configure a device during an upgrade.
Space Verify that sufficient space is available in the location where you are copying the images. This location includes the active and standby supervisor module bootflash: (internal to the device). Internal bootflash: has approximately 250 MB of free space available.
Hardware Avoid power interruption during any install procedure, which can corrupt the software image.
Connectivity to remote servers
Configure the IPv4 address or IPv6 address for the 10/100/1000 BASE-T Ethernet port connection (interface mgmt0).
Ensure that the device has a route to the remote server. The device and the remote server must be in the same subnetwork if you do not have a router to route traffic between subnets.
Software images
Ensure that the specified system and kickstart images are compatible with each other.
If the kickstart image is not specified, the device uses the current running kickstart image.
If you specify a different system image, ensure that it is compatible with the running kickstart image.
Retrieve the images in one of two ways:
Locally
Images are locally available on the switch.
Remotely
Images are in a remote location and you specify the destination using the remote server parameters and the filename to be used locally.
Before an upgrade from Cisco NX-OS Release 6.1(x) to Release 6.2, apply either "limit-resource module-type f1" or "limit-resource module-type f2" to the storage VDC, and check that the following storage VDC configurations are removed:
Shared F2(F1) interfaces with a storage VDC that supports only F1(F2)
F1 and F2 interfaces in the same storage VDC
The default Control Plane Policing (CoPP) policy does not change when you upgrade the Cisco NX-OS software.
CoPP MAC policies are supported beginning with Cisco NX-OS Release 5.1, and default policies are installed upon execution of the initial setup script. However, if you use ISSU to upgrade to Cisco NX-OS Release 6.0(1), the default CoPP policies for the following features must be manually configured: FabricPath, OTV, L2PT, LLDP, DHCP, and DOT1X. For more information on the default CoPP policies, see the Cisco Nexus 7000 Series NX-OS Security Configuration Guide.
When you upgrade to Cisco NX-OS Release 6.0(1), the policy attached to the control plane is treated as a user-configured policy. Check the CoPP profile using the show copp profile command and make any required changes.
The upgrade to Cisco NX-OS Release 6.0(1) in an OTV network is disruptive. You must upgrade all edge devices in the site and configure the site identifier on all edge devices in the site before traffic is restored. You can prepare OTV for ISSU to Cisco NX-OS Release 6.0(1) in a dual-homed site to minimize this disruption. See the Cisco Nexus 7000 Series NX-OS OTV Configuration Guide for information on how to prepare OTV for ISSU to Cisco NX-OS Release 6.0(1) in a dual-homed site. An edge device with an older Cisco NX-OS release in the same site can cause traffic loops. You should upgrade all edge devices in the site during the same upgrade window. You do not need to upgrade edge devices in other sites as OTV interoperates between sites with different Cisco NX-OS versions.
The upgrade from Cisco NX-OS Release 5.2(1) or from Release 6.0(1) to Release 6.1(1) in an OTV network is non-disruptive.
VPC peers can only operate dissimilar versions of the Cisco NX-OS software during the upgrade or downgrade process. Operating VPC peers with dissimilar versions, after the upgrade or downgrade process is complete, is not supported.
Starting with Cisco NX-OS Release 6.1(1), Supervisor 2 is supported. Therefore, there is no upgrade of Supervisor 2 from a previous Cisco NX-OS release.
Link:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/upgrade/guide/b_Cisco_Nexus_7000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guide_Release_6-x.html#con_317522
HTH -
ASDM 7.1 fails to start on MacOS
Hi,
I have an ASA-5505 which I have been managing using ASDM from a PC and a Mac.
I just happens that the Mac has not been used in a little while and when I tried to use ASDM on it, it fails.
I've had a trawl through various posts and release notes (after updating various components in the process, incl Java with all the diabling/security updates of late) but am still having the problem and this is where I'm at:
- the ASA runs v8.4(2) and ASDM 7.1(1)52
- release notes state that ASDM 7.1 should work on Java 7 on Windows 7 and MacOS 10.7
- ASDM starts fine on my Windows 7 PC running Java 1.7.0_13
- I am also running Java 1.7.0_13 on MacOS 10.7.5
- on MacOS, ASDM starts, asks for credentials, download/refreshes the cached app... and then crashes with the following exception message:
Java Web Start 10.13.2.20
Using JRE version 1.7.0_13-b20 Java HotSpot(TM) 64-Bit Server VM
User home directory = /Users/[myusername]
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
0-5: set trace level to <n>
CacheEntry[https://192.168.1.1/admin/public/asdm.jnlp]: updateAvailable=false,lastModified=Mon Dec 17 19:55:35 GMT 2012,length=-1
Match: beginTraversal
Match: digest selected JREDesc: JREDesc[version 1.6+, heap=67108864-536870912, args=-XX:MaxNewSize=1024k, href=null, sel=false, null, null], JREInfo: JREInfo for index 0:
platform is: 1.7
product is: 1.7.0_13
location is: http://java.sun.com/products/autodl/j2se
path is: /Library/Internet Plug-ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
args is: null
native platform is: Mac OS X, x86_64 [ x86_64, 64bit ]
JavaFX runtime is: JavaFX 2.2.5 found at /Library/Internet Plug-ins/JavaAppletPlugin.plugin/Contents/Home/
enabled is: true
registered is: true
system is: true
Match: selecting maxHeap: 536870912
Match: selecting InitHeap: 67108864
Match: digesting vmargs: -XX:MaxNewSize=1024k
Match: digested vmargs: [JVMParameters: isSecure: true, args: -XX:MaxNewSize=1024k]
Match: JVM args after accumulation: [JVMParameters: isSecure: true, args: -XX:MaxNewSize=1024k]
Match: digest LaunchDesc: https://192.168.1.1/admin/public/asdm.jnlp
Match: digest properties: [-Dhttp.agent=ASDM/]
Match: JVM args: [JVMParameters: isSecure: true, args: -XX:MaxNewSize=1024k -Dhttp.agent=ASDM/]
Match: endTraversal ..
Match: JVM args final: -Xmx512m -XX:MaxNewSize=1024k -Dhttp.agent=ASDM/
Match: Running JREInfo Version match: 1.7.0.13 == 1.7.0.13
Match: Running JVM args mismatch: have:<-Xmx512m -Dhttp.agent=ASDM/> !satisfy want:<-Xmx512m -XX:MaxNewSize=1024k -Dhttp.agent=ASDM/>
Application Logging Started at Thu Feb 07 14:01:25 GMT 2013
Local Launcher Version = 1.5.56
Local Launcher Version Display = 1.5(56)
OK button clicked
Trying for ASDM Version file; url = https://192.168.1.1/admin/
Server Version = 7.1(1)52
Server Launcher Version = 1.5.56, size = 758784 bytes
invoking SGZ Loader..
Cache location = /Users/[myusername]/.asdm/cache
Exception in thread "SGZ Loader: launchSgzApplet" java.lang.NoClassDefFoundError: apple/laf/AquaTableHeaderUI
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:791)
at com.cisco.nm.dice.loader.l.loadClass(DashoA19*..:232)
at java.lang.ClassLoader.loadClass(ClassLoader.java:356)
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:791)
at com.cisco.nm.dice.loader.l.loadClass(DashoA19*..:232)
at java.lang.ClassLoader.loadClass(ClassLoader.java:356)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:188)
at dla.updateUI(Unknown Source)
at javax.swing.table.JTableHeader.<init>(JTableHeader.java:159)
at dlz.<init>(Unknown Source)
at dla.<init>(Unknown Source)
at do6.<init>(Unknown Source)
at do5.createDefaultTableHeader(Unknown Source)
at javax.swing.JTable.initializeLocalVars(JTable.java:5531)
at javax.swing.JTable.<init>(JTable.java:635)
at javax.swing.JTable.<init>(JTable.java:574)
at dns.<init>(Unknown Source)
at dlk.<init>(Unknown Source)
at dn5.<init>(Unknown Source)
at dk9.<init>(Unknown Source)
at dk5.<init>(Unknown Source)
at dkv.<init>(Unknown Source)
at do5.<init>(Unknown Source)
at ds.<init>(ds.java:64)
at ds.<init>(ds.java:60)
at _d.<init>(_d.java:36)
at _f.<init>(_f.java:36)
at _g.<init>(_g.java:71)
at bb6.a(bb6.java:98)
at px.b(px.java:461)
at px.<init>(px.java:280)
at com.cisco.pdm.PDMApplet.start(PDMApplet.java:160)
at com.cisco.nm.dice.loader.r.run(DashoA19*..:410)
Caused by: java.lang.ClassNotFoundException: apple.laf.AquaTableHeaderUI
at com.cisco.nm.dice.loader.l.loadClass(DashoA19*..:246)
at java.lang.ClassLoader.loadClass(ClassLoader.java:356)
... 36 more
The root cause of the issue seems to be that a Java class called apple.laf.AquaTableHeaderUI is not found...
Now, I don't know much about Java, but that seems to be an Apple UI related class - I presume that it would be good to use this to give ASDM a more native look and feel, but why on earth is there no fallback? or am I missing something?
Any information or help on the matter will be very welcome... even if it's only to say that you are experiencing the same issue!
OlivierI had exactly the same problem on a Mac mini running OS X 10.9.3 and 10.9.4 with Java 1.7.0_60. I spent any amount of time flushing caches, deleting my ~/.asdm directory and re-installing the dm-launcher.dmg file.
I eventually got it running by installing Apple's Java for OS X 2014-001 from http://support.apple.com/kb/dl1572, deleting my ~/.asdm directory, using the Java Control Panel to delete all cached files and installed apps, then reinstalling from a fresh download of the dm-installer.dmg file.
Bit of a blunderbus approach, I know, but it worked for me. I think the Apple Java installation was what tipped the balance, but who knows, as it really ought to have been there already, shouldn't it?!
YMMV :-)
[followup comment]
I just checked the Software Installations history on my Macbook Air on which ASDM has been working just fine. It had Java for OS X 2013-005, which is the predecessor of 2014-001, and I remember having to install it to sort out compatibility problems between Java 6, Java 7 and ASDM 7.1. The Mac mini, on the other hand, had Java for OS X 2012-005, which I suspect is the root of my problems.
You can find out which Java you have by running "java -version" from a Terminal, and cross-check against the table on https://developer.apple.com/library/mac/technotes/tn2002/tn2110.html.
Maybe you are looking for
-
Transferring large volume of files from mac to PC?
Hi i have a mac with osx 10.4.8 and a pc, i need to transfer a large amount of files from mac to pc (around 200GB) Now i have lots of external HDs which are all used by either the PC or the macs. the ones formatted for the macs cannot be read atall b
-
Is this a chat with adobe customer service or general public that use adobe
is this a chat with adobe customer service or general public that use adobe
-
SQL Developer 4.0 EA bugs
One bug and one improvement. Bug: Clicking the data tab on tables that include XMLTYPE columns do not display any rows or column headings. You can redproduce with the following script and then click the table in connections or schema view and then cl
-
Picture not downloaded in new PCs
Hi, Not sure if this the right forum category, but i'll just try my luck. And pls direct me to the correct forum if i'm wrong. I have a customized program (copied from RPLPBSR1_ALV), what the program does is downloading a ms word office document and
-
It seems the admin server loses contact with some (not all) managed servers, all of these are responsive and work correctly, but you can't use the admin console for monitoring or everything else. In the server list view you can see they show as RUNNI