SPAN in Nexus 5548

Hello All,
Please find the attached diagram.
In N7K has SVI for VLAN 115 & 135 and N5Ks has L2 VLAN for 115 & 135.
Requirement is to SPAN all the traffic leaving IN/OUT of both VLANS needs to forwarded to Ethanalyzer which is connected in N5K.
If I configure SPAN in 5K will it capture all the traffic both IN/OUT traffic in those both VLANS. Nexus 7K has the gateway but no servers are connected on that switch. By configuring SPAN in 5K will it fulfil our requirement ?
If not then can i configure ERSPAN source in Nexus 5K and move my Ethanalyzer to Nexus 7K and make that port as ERSPAN destination ? Will this work out ?
Thanks in advance.

span in general is oversubscribed feature. span traffic gets rate limited only during period of congested span. Congestion of span could occur under following circumstances:
- when we have total of more than 10gig traffic being monitored over multiple 10gig ports to one 10gig port (span destination oversubscription)
- when we are monitoring more than 5gig per port with multiple such ports to single 10gig port (fabric link oversubscription)
if this is just single 10gig to single 10gig port span, then we should be able to span upto 5gig
without a problem, after which rate limiting would kick in for the reasons you mentioned before.
Vin

Similar Messages

Upgrading Nexus 5548

Hi,
We want to upgrade our pair of Nexus 5548 to the new NX-OS 5.1(3)N2(1a) from the 5.0(3)N1(1c) version. We would like to use the ISSU procedure. But when we execute the command "show spannig-tree issu-impact" we get the following output:
No Active Topology change Found!
Criteria 1 PASSED !!
No Ports with BA Enabled Found!
Criteria 2 PASSED!!
List of all the Non-Edge Ports
Port VLAN Role Sts Tree Type Instance
Ethernet2/8 1803 Desg FWD PVRST 1803
The 1803 vlan is only used for the peer-keepalive link and it only exists on these two Nexus. So one of the two Nexus needs to be the STP root. That makes the ports on that vlan to be in designated-forwarding state, which is not supported for the ISSU:
sh run int e2/8
!Command: show running-config interface Ethernet2/8
!Time: Fri Jun 8 17:04:33 2012
version 5.0(3)N1(1c)
interface Ethernet2/8
switchport access vlan 1803
speed 1000
That is the only port that belongs to that VLAN and it is directly connected to the other Nexus 5548. So the only way we see to avoid this port of being in designated-forwarding state is to apply the "no spanning-tree vlan 1803" command. Would it be a problem?
We can imagine that introducing the "spanning-tree port type edge" should not be a good idea, shouldn´t it?
Thank you very much for your help!
Josu

Hi,
Reviewing all the prerequisites for the ISSU, we have seen the following:
SSU and Layer 3
Cisco Nexus 5500 Platform switches support Layer 3 functionality. However, the system cannot be upgraded with the ISSU process (non disruptive upgrade) when Layer 3 is enabled. It is required to unconfigure all Layer 3 features to be able to upgrade in a non disruptive way with an ISSU.
We have the interface-vlan feature enabled. But it is only used for two interfaces:
- interface-vlan 510 --> It is only used in order connect to the switch
- interface-vlan 1803 --> The one used for the keepalive
We could administratevely shutdown the interface-vlan 510. But we could not do so with the interface-vlan 1803, since it is used for the keepalive. If we execute "no feature interface-vlan", would the keepalive stop working?
When we execute "sh install all impact ..." command the Nexus does not tell anything about this feature. Is really recommended to disable it? Is it needed for the ISSU procedure?
Thank you very much in advance!!
JOSU

FCoE with Cisco Nexus 5548 switches and VMware ESXi 4.1

Can someone share with me what needs to be setup on the Cisco Nexus side to work with VMware in the following scenario?
Two servers with two cards dual port FCoE cards with two ports connected to two Nexus 5548 switches that are clusterd together. We want to team the ports together on the VMware side using IP Hash so what should be done on the cisco side for this to work?
Thanks...

Andres,
The Cisco Road Map for the 5010 and 5020 doesn't include extending the current total (12) FEX capabities. The 5548 and 5596 will support more (16) per 55xxk, and with the 7K will support upto 32 FEX's.
Documentation has been spotty on this subject, because the term 5k indicates that all 5000 series switches will support extended FEX's which is not the case only the 55xx will support more than 12 FEX. Maybe in the future the terminology for the 5k series should be term 5000 series and 5500 series Nexus, there are several differences and advancements between the two series.

Prime Infrastructure 2.0 and Nexus 5548, SSH credentials fail

Hi,
I'm having problem getting the Prime Infrastructure 2.0 to login with SSH to a Nexus 5548 to do an inventory. I get "Wrong Telnet/SSH credentials". But when I use the same credentials from another SSH-client it works fine. I also tested to SSH from the console of the Prime-server and that also works fine.
Any ideas???
Regards,
Stefan Lindkvist

I have PI 2.0 working against Nexus 5k's in two different installations. See below for an example (click to enlarge).
Have you put in an entry in both the login and enable fields (even though they are not separately required when logging in directly)?

Telephony Issues on Nexus 5548

Dear Viewers,
I have Nexus 5548 devices in one of my client data centers and i have one 3750 switch to which all of these Avaya voice servers connect.
The 3750 switch was initially connected through a L2 Link to a 6509 catalyst switch and the telephony applications were working correctly.
The problem arises when i move this 3750 layer 2 link to a Nexus 5548 (OS version 5.1(3)N1 switch. All telephony calls coming from the outside (External calls) are not working as required but the internal calls work as usual.
What is odd is that when i migrate this L2 link back to the 6509 switch, all works as usual. This is just a layer 2 connection and i am wondering why this is not possible.
The vlan is accepted on all relevant trunks. I also deactivated igmp snooping on this voice vlan on the Nexus 5548 thinking it would help but in vain.
Any ideas and suggestions are welcome.
regards.
Alain

This is my radius config...... on a 5K
radius-server timeout 7
radius-server host 10.28.42.20 key 7 "Password" auth-port 1645 acct-port 1646 authentication accounting
radius-server host 10.28.42.21 key 7 "Password" auth-port 1645 acct-port 1646 authentication accounting
aaa group server radius Radius-Servers
server 10.28.42.20
server 10.28.42.21
aaa authentication login default group Radius-Servers
ip radius source-interface Vlan1
aaa authentication login default fallback error local
And it is currently working. On the radius server i also had to do this to make the users admins once logged in:
https://supportforums.cisco.com/document/137181/nexus-integration-admin-access-free-radius

Fabric with two Nexus-5548 and a brocade switch does not get fabric updates

We have a fabric containing two Nexus 5548 and a Brocade 5000 switch in interop mode 2. When i make changes to the zoning, the first nexus (the fabric principal) and the brocade switch see the zone changes. The second Nexus switch does not see it. There are no error messages but the change just can't be seen. What can i do to find out, what goes wrong ?

Ouch, deprecated is not the word i wanted to read
We are using 5.1(3)N1(1a) on nexus-rz1-a
and 6.0(2)N1(2) on nexus-rz2-a.
The fabric can be seen :
nexus-rz2-a# show fcs ie vsan 10
IE List for VSAN: 10
IE-WWN                   IE     Mgmt-Id Mgmt-Addr (Switch-name)
10:00:00:05:1e:90:57:27 S(Rem) 0xfffc01 10.88.133.110 (bc-san1)
20:0a:00:2a:6a:72:ba:01 S(Loc) 0xfffc1c 10.88.133.105 (nexus-rz2-a)
20:0a:54:7f:ee:7f:dc:01 S(Adj) 0xfffc0b 10.88.133.100 (nexus-rz1-a)
[Total 3 IEs in Fabric]
nexus-rz1-a# show fcs ie vsan 10
IE List for VSAN: 10
IE-WWN                   IE     Mgmt-Id Mgmt-Addr (Switch-name)
10:00:00:05:1e:90:57:27 S(Adj) 0xfffc01 10.88.133.110 (bc-san1)
20:0a:00:2a:6a:72:ba:01 S(Adj) 0xfffc1c 10.88.133.105 (nexus-rz2-a)
20:0a:54:7f:ee:7f:dc:01 S(Loc) 0xfffc0b 10.88.133.100 (nexus-rz1-a)
[Total 3 IEs in Fabric]
I try to distribute the zoneset this way:
zoneset distribute vsan 10
Zoneset distribution initiated. check zone status
nexus-rz1-a# show zone status
VSAN: 10 default-zone: deny distribute: full Interop: 2
    mode: basic merge-control: allow
    session: none
    hard-zoning: enabled broadcast: disabled
Default zone:
    qos: none broadcast: disabled ronly: unsupported
Full Zoning Database :
    DB size: 6291 bytes
    Zonesets:1 Zones:62 Aliases: 44
Active Zoning Database :
    DB size: 10243 bytes
    Name: FABRIC1 Zonesets:1 Zones:60
Status: Zoneset distribution completed at 08:06:00 UTC Dec 3 2013
nexus-rz2-a# show zone status
VSAN: 1 default-zone: deny distribute: active only Interop: default
    mode: basic merge-control: allow
    session: none
    hard-zoning: enabled broadcast: disabled
Default zone:
    qos: none broadcast: disabled ronly: unsupported
Full Zoning Database :
    DB size: 4 bytes
    Zonesets:0 Zones:0 Aliases: 0
Active Zoning Database :
    Database Not Available
Status:
VSAN: 10 default-zone: deny distribute: full Interop: 2
    mode: basic merge-control: allow
    session: none
    hard-zoning: enabled broadcast: disabled
Default zone:
    qos: none broadcast: disabled ronly: unsupported
Full Zoning Database :
    DB size: 6291 bytes
    Zonesets:1 Zones:62 Aliases: 44
Active Zoning Database :
    DB size: 10243 bytes
    Name: FABRIC1 Zonesets:1 Zones:60
Status: Activation completed at 13:03:42 UTC Dec 2 2013

Install pbr feature nexus 5548

I am in need of Policy Based Routing for a new project. At my core I have a couple of Nexus 5548s clustered together. I go into configure terminal and run the command "feature pbr" and the return is invalid. So I check the license with the command "show license usage" and I get the following output:
Feature Ins Lic Status Expiry Date Comments
Count
FCOE_NPV_PKG No - Unused -
FM_SERVER_PKG No - Unused -
ENTERPRISE_PKG Yes - Unused Never -
FC_FEATURES_PKG Yes - Unused Never -
VMFEX_FEATURE_PKG No - Unused -
ENHANCED_LAYER2_PKG No - Unused -
LAN_BASE_SERVICES_PKG Yes - In use Never -
LAN_ENTERPRISE_SERVICES_PKG Yes - Unused Never -
From here I see that the enterprise package is installed and is unused. How can I gain access to the enterprise features? I found a document here that says "Ensure that you are in the correct VDC (or use the switchto vdc command). " The switchto vdc command is also invalid. What am I missing?
Eric

I realise this is a very old post however I wanted to post here in case others are still looking for this feature. PBR is now supported in version 6.0(2)N2(1) on Nexus 5k.
RELEASE NOTES: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/notes/6_02/Nexus5500_Release_Notes_6_02.html#pgfId-472355

Command to see transmit qeueing drops in Nexus 5548

Hello, 10g links in our core are getting rather congested as seen by MRTG graphs. Any command on Nexus 5548 to show transmit queuing drops on a given interface?

You could use #show queing interface eth 1/1
it shows you output similar as below:
NEXUS-1# show queuing interface ethernet 1/1
Ethernet1/1 queuing information:
TX Queuing
    qos-group sched-type oper-bandwidth
        0       WRR            100
RX Queuing
    qos-group 0
    q-size: 470080, HW MTU: 9216 (9216 configured)
    drop-type: drop, xon: 0, xoff: 470080
    Statistics:
        Pkts received over the port             : 222434
        Ucast pkts sent to the cross-bar        : 199674
        Mcast pkts sent to the cross-bar        : 22760
        Ucast pkts received from the cross-bar : 101087
        Pkts sent to the port                   : 145083
        Pkts discarded on ingress               : 0
        Per-priority-pause status               : Rx (Active), Tx (Inactive)
Total Multicast crossbar statistics:
    Mcast pkts received from the cross-bar      : 43996

TACACS Nexus 5548 Authorization

I am having an issue with authorization on the Nexus 5548. Note: The tacacs configuration has and still works correctly with all non-Nexus gear.
Authentication succeeds, and initiatial authorization passes. However, all sh and config commands fail, though AAA Autho Config-Commands .... and Commands Default Group <Grp Name), are configured.
ACS generates the following error: 13025 Command failed to match a Permit rule. The Selected Command Set is DenyAllCommands. I created an AllowAll, but am unclear how to associate this with Access Policy.
Any help would be greatly appreciated.

Hello,
Hope the attached document points you into the right direction.
Regards.

Nexus 5548 L3 daughter card flapping

Hi guys,
Anyone of you here that experienced the logs below on their Nexus box:
2011 Dec 12 06:24:45 GDCNXS5K01 %BTCM-2-BTCM_LOG_ROUTER_ERR: router card in slot 3 has internal link(s) flapped: router ports down: 0x1a108000 0x1a109000 0x1a10a000 0x1a10b000 0x1a10c000 0x1a10d000 0x1a10e000 0x1a10f000
I am getting this log at least once a day. Seems like it is shutting down the SVI of the box after the said log occured. Good thing I have enable vPC and I am able to access the NXS5K through the vCP keepalive link (mgmt).
I have two Nexus 5548, but only one is experiencing the said error.
Any inputs, suggestions would be greatly appreciated.
Thanks,
Edzel

We had this same problem this past weekend, only in module 2 on a 5596.
In our case, we had rebooted our primary Nexus and found the following message immediately preceeded the BTCM error you noted:
%$ VDC-1 %$ %NOHMS-2-NOHMS_DIAG_ERROR: Module 2: Bootup diag detected major event: Forwarding ASIC failure: Ethernet2/9 Ethernet2/10 Ethernet2/11 Ethernet2/12 Ethernet2/13 Ethernet2/14 Ethernet2/15 Ethernet2/16
We replaced the module. A "show diag results module 3" would probably show you the same thing. However, I don't think the error message will show up until you reboot.
If your flapping Nexus is secondary, you probably won't notice anything major, but if it is your primary, it would probably affect your routing.

Servers connected to Nexus 5548 only getting 200 Mbps of throughput

Servers connected to NExus 5k were only getting 100 Mbps of throughput. So I disabled Flow control recieve on all the ports. After this we are getting 200 Mbps of speed. The servers are connected throuh 10 gig port. Could you guys please suggest why the throguhput is still low? Atleast we should get 1Gbps of thrpoughput.

Hi Adam,
I think we probably need a little more information to go on. Can you answer the following?
What type of servers and NICs?
What OS are you running on the servers?
What cables do you have from the servers to the switch?
Are the two servers in the same subnet or is the traffic between them routed?
If routed, is that in the Nexus 5548 or some other router?
How are you testing throughput?
Presumably you're not seeing any errors on the switch ports that the servers are connected to?
Regards

Configuring FET-10G-SR for NEXUS 5548/2248

Hey everyone-
I am a little newer with configuring switches and routers, and I have been asked to troubleshoot a FET-10G-SR in our NEXUS 5548 and NEXUS 2248. I am aware that the ports need to be configured to except FET parts, and I have tried using the "switchport mode fex-fabric" command to configure the ports, but the command will not work for some reason. Can anyone help me with configurations step by step to have these parts work properly? Any help will be greatly appreciated. Thank you!
Chris Hazell

It should normally work unless the port is not the proper type of has a configuraiton applied that's incompatible.
Can you provide the output for "show run int eth ___" and "show int eth___" (substituting your interface number for the "___") for the interface in question?
Also, if it's the first fex you are adding, you must have enabled "feature fex" globally.

EEM on Nexus 5548

Hi all,
I'm new to EEM and we are investigating using it to solve some issues that we are having, However, I can't seem to find any definitive information which tells me whether EEM is available in the nexus 5548 switches. Can anyone here help to confirm if this is the case? If not yet avalable for the 5548s, are there any indications as to when it might become available?
thanks,
Ram

Might want to try the 6.0(2)N1(2) and later code. I have it loaded on a N6004 and EEM is available there. It is of course the NX-OS flavor of EEM but it is there.
N6K-Switch# show ver | grep 'System version'
System version: 6.0(2)N1(2)
N6K-Switch# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N6K-Switch(config)# event manager ?
applet Create/Modify an Event Manager Policy
environment Configure an environment variable
policy Register a script policy and activate it
N6K-Switch(config)# event manager
Mike

FC ports on nexus 5548?

Hi, I would like to know how many maximum FC ports can one have on a Nexus 5548 (N5K-C5548UP) without any expansion module? I have the FC_FEATURES_PKG license installed.

Cisco Nexus 5548UP Switch
The Cisco Nexus 5548UP (Figure 2) is a 1RU 10 Gigabit Ethernet, Fibre Channel, and FCoE switch offering up to 960 Gbps of throughput and up to 48 ports. The switch has 32 unified ports and one expansion slot.

Help please with TACACS authentication from a Nexus 5548

I cannot get login working via TACACS from my Nexus 5548. I've tried creating a group and a single server with key etc.
Config is simple:
tacacs-server key 7 ************
ip tacacs source-interface Vlanx
aaa group server tacacs+ tacacs
server 10.x.y.z
The test aaa command shows it's authenticating:
NEX01# test aaa server tacacs+ 10.x.y.z <username> <password)
user has been authenticated
Debug shows this:
NEX01# 2011 Jun 8 12:31:03 NEX01 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user <username> from 10.x.y.z- login[1691]
Am I doing something glaringly wrong here?
Any advice is greatly appreciated.
Thank you.

Hi Paul,
Looks like may be the packet dont have the route ACS when you try to login .
Can you share sh run of the switch ?
Also do you see failed attempt on tacacs server side. ?
Can you ping tacacs server with source interface Vlanx?
Thanks
Waris Hussain

SPAN in Nexus 5548

Similar Messages

Maybe you are looking for