Tacacs do not function in Nexus 5000
Dear Mister
By someone reason, the Tacas is not functioning in my Nexus 5000. I am using the next configuration :
tacacs-server key 7 "0310551D121F2D595D"
ip tacacs source-interface Vlan5
tacacs-server host 10.20.2.80
tacacs-server host 10.20.16.138
aaa group server tacacs+ TACSERVER
server 10.20.2.80
server 10.20.16.138
source-interface Vlan5
use-vrf default
aaa authentication login default group TACSERVER
no aaa user default-role
aaa authentication login error-enable
tacacs-server directed-request
I did a telnet to port 49, in address , and is functioning. That discard a Security problem (FW, ACL, etc).
When I do the test, nothing is showed in the Tacacs Logs Server.
The log messages are the next:
2012 Aug 22 15:54:45 NITE1 %TACACS-3-TACACS_ERROR_MESSAGE: received bad authentication packet from 10.20.2.80
2012 Aug 22 15:54:45 NITE1 %TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond
2012 Aug 22 15:54:48 NITE1 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user GPALAVE from 10.20.2.80 - login[3087]
The problem is very strange.
I need help.
Best regards
You config looks fine. Can you ping from VLAN5 to TACACS+? Also, did you add VLAN5's IP address to your TACACS+.
Regards,
jerry
Similar Messages
-
Hi
I want to distribute TACACS+ from the nexus 7000 to theo tne manuals nexus 5000
via CFS.
When i do the 'sh cfs app' i get this.... tacacs No Physical-fc-ip
However you cannot put in the distribute command for tacacs 'tacacs+ distribute'sl
You also cannot do the following command 'sh cfs app name tacacs'
Obviously there must be different commands ... but i cannot find them
If i cant distribute tacacs how can i make this work
many thanks
SteveI think the command set does not matter.
Because the Nexus takes only the role and does not use per-command authorization (AFAIK), then it will take the role from the shell profile but selecting the command set does not matter because it does not use per command authorization.
I used command sets with CRS-1 and they had no effect. Only the shell profile configuration matters.
What is the situation at your end? do things work fine with/without selecting the command set? or putting empty command set in place?
Rating useful replies is more useful than saying "Thank you" -
Kensington USB 3 Super Speed Dock not functioning
I have a Kensington USB 3.0 Super Speed Dock connected via a USB cable to my 13" macbook air (purchased in January 2014). Mid2013, 1.7 GHZ. Intel core i7. 8 GB 1600 MHz DDR3. Intel HD Graphics 5000 1536 MB
Since upgrade to Yosemite the dock is not recognized by the macbook air.
I have a second monitor running through the dock and this monitor is not visible. I also have a backup drive hooked up through the dock and this does not function either since the upgrade to Yosemite.
I spoke with kensington and we upgraded the display link driver with no success.
Any thoughts on how to get my second monitor working? The first monitor is connected from DVI to thunderbolt port. The second monitor is connected from VGA to USB 3.0 to the kensington dock.I've discovered it's not that USB 2.0 is not working. 3 out of 6 usb ports/busses seem to work properly. The other three seem totally dead. Obviously this was not the case under kernel 3.9.9-1. Downgrading to kernel 3.10.2 made no difference.
In practical terms this means that I can use my printer and access my external drive if I use the right port/bus. And I could probably work around the problem by plugging a USB hub in one of the working ports. But I would be happy to get rid of the error messages and have all 6 usb busses working as they did before... -
Ask the Expert: Different Flavors and Design with vPC on Cisco Nexus 5000 Series Switches
Welcome to the Cisco® Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Cisco® NX-OS.
The biggest limitation to a classic port channel communication is that the port channel operates only between two devices. To overcome this limitation, Cisco NX-OS has a technology called virtual port channel (vPC). A pair of switches acting as a vPC peer endpoint looks like a single logical entity to port channel attached devices. The two devices that act as the logical port channel endpoint are actually two separate devices. This setup has the benefits of hardware redundancy combined with the benefits offered by a port channel, for example, loop management.
vPC technology is the main factor for success of Cisco Nexus® data center switches such as the Cisco Nexus 5000 Series, Nexus 7000 Series, and Nexus 2000 Series Switches.
This event is focused on discussing all possible types of vPC along-with best practices, failure scenarios, Cisco Technical Assistance Center (TAC) recommendations and troubleshooting
Vishal Mehta is a customer support engineer for the Cisco Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in TAC for the past 3 years with a primary focus on data center technologies, such as the Cisco Nexus 5000 Series Switches, Cisco Unified Computing System™ (Cisco UCS®), Cisco Nexus 1000V Switch, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching, and service provider.
Nimit Pathak is a customer support engineer for the Cisco Data Center Server Virtualization TAC team based in San Jose, California, with primary focus on data center technologies, such as Cisco UCS, the Cisco Nexus 1000v Switch, and virtualization. Nimit holds a master's degree in electrical engineering from Bridgeport University, has CCNA® and CCNP® Nimit is also working on a Cisco data center CCIE® certification While also pursuing an MBA degree from Santa Clara University.
Remember to use the rating system to let Vishal and Nimit know if you have received an adequate response.
Because of the volume expected during this event, Vishal and Nimit might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure Community, under the subcommunity LAN, Switching & Routing, shortly after the event. This event lasts through August 29, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.Hello Gustavo
Please see my responses to your questions:
Yes almost all routing protocols use Multicast to establish adjacencies. We are dealing with two different type of traffic –Control Plane and Data Plane.
Control Plane: To establish Routing adjacency, the first packet (hello) is punted to CPU. So in the case of triangle routed VPC topology as specified on the Operations Guide Link, multicast for routing adjacencies will work. The hellos packets will be exchanged across all 3 routers and adjacency will be formed over VPC links
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999181
Now for Data Plane we have two types of traffic – Unicast and Multicast.
The Unicast traffic will not have any forwarding issues, but because the Layer 3 ECMP and port channel run independent hash calculations there is a possibility that when the Layer 3 ECMP chooses N5k-1 as the Layer 3 next hop for a destination address while the port channel hashing chooses the physical link toward N5k-2. In this scenario,N5k-2 receives packets from R with the N5k-1 MAC as the destination MAC.
Sending traffic over the peer-link to the correct gateway is acceptable for data forwarding, but it is suboptimal because it makes traffic cross the peer link when the traffic could be routed directly.
For that topology, Multicast Traffic might have complete traffic loss due to the fact that when a PIM router is connected to Cisco Nexus 5500 Platform switches in a vPC topology, the PIM join messages are received only by one switch. The multicast data might be received by the other switch.
The Loop avoidance works little different across Nexus 5000 and Nexus 7000.
Similarity: For both products, loop avoidance is possible due to VSL bit
The VSL bit is set in the DBUS header internal to the Nexus.
It is not something that is set in the ethernet packet that can be identified. The VSL bit is set on the port asic for the port used for the vPC peer link, so if you have Nexus A and Nexus B configured for vPC and a packet leaves Nexus A towards Nexus B, Nexus B will set the VSL bit on the ingress port ASIC. This is not something that would traverse the peer link.
This mechanism is used for loop prevention within the chassis.
The idea being that if the port came in the peer link from the vPC peer, the system makes the assumption that the vPC peer would have forwarded this packet out the vPC-enabled port-channels towards the end device, so the egress vpc interface's port-asic will filter the packet on egress.
Differences: In Nexus 5000 when it has to do L3-to-L2 lookup for forwarding traffic, the VSL bit is cleared and so the traffic is not dropped as compared to Nexus 7000 and Nexus 3000.
It still does loop prevention but the L3-to-L2 lookup is different in Nexus 5000 and Nexus 7000.
For more details please see below presentation:
https://supportforums.cisco.com/sites/default/files/session_14-_nexus.pdf
DCI Scenario: If 2 pairs are of Nexus 5000 then separation of L3/L2 links is not needed.
But in most scenarios I have seen pair of Nexus 5000 with pair of Nexus 7000 over DCI or 2 pairs of Nexus 7000 over DCI. If Nexus 7000 are used then L3 and L2 links are required for sure as mentioned on above presentation link.
Let us know if you have further questions.
Thanks,
Vishal -
UCS C-Series VIC-1225 to Nexus 5000 setup
Hello,
I have two nexus 5000 setup with a vpc peer link. I also have an cisco c240 m3 server with a vic-1225 card that will be running esx 5.1. I also have some 4 2248 fabric extenders. I have been searching for some best practice information on how to best setup this equipment. The nexus equipment is already running, so its more about connecting the c240 and the vic-1225 to the nexus switches. I guess this is better to do rather than to connect to the fabric extenders in order to minmize hops?
All documention I have found involves setup/configuration etc with fabric interconnects which I dont have, and have been told that I do not need. Does anyone have any info on this? and can point me in the right direction to setup this correctly?
More specifically, how should I setup the vic-1225 card to the nexus? just create a regular vpc/port-channel to the nexuses? use lacp and set it to active?
Do I need to make any configuration changes on the vic card via the cimc on the c240 server to make this work?Hello again, Im stuck
This is what I have done. I have created the vPC between my esx host and my two nexus 5000 switches, but it doesnt seem to come up:
S02# sh port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
Group Port- Type Protocol Member Ports
Channel
4 Po4(SD) Eth LACP Eth1/9(D)
vPC info:
S02# sh vpc 4
vPC status
id Port Status Consistency Reason Active vlans
4 Po4 down* success success -
vPC config:
interface port-channel4
switchport mode trunk
switchport trunk allowed vlan 20,27,30,50,100,500-501
spanning-tree port type edge trunk
vpc 4
interface Ethernet1/9
switchport mode trunk
switchport trunk allowed vlan 20,27,30,50,100,500-501
spanning-tree port type edge trunk
channel-group 4 mode active
Im unsure what I must configure on the cisco 240M3(esx host) side to make this work. I only have the two default interfaces(eth0 and eth1) on the vic-1225 installed in the esx host, and both have the vlan mode is set to TRUNK.
Any ideas on what I am missing?
Message was edited by: HDA -
VPC on Nexus 5000 with Catalyst 6500 (no VSS)
Hi, I'm pretty new on the Nexus and UCS world so I have some many questions I hope you can help on getting some answers.
The diagram below is the configuration we are looking to deploy, that way because we do not have VSS on the 6500 switches so we can not create only one Etherchannel to the 6500s.
Our blades inserted on the UCS chassis have INTEL dual port cards, so they do not support full failover.
Questions I have are.
- Is this my best deployment choice?
- vPC highly depend on the management interface on the Nexus 5000 for the keep alive peer monitoring, so what is going to happen if the vPC brakes due to:
- one of the 6500 goes down
- STP?
- What is going to happend with the Etherchannels on the remaining 6500?
- the Management interface goes down for any other reason
- which one is going to be the primary NEXUS?
Below is the list of devices involved and the configuration for the Nexus 5000 and 65000.
Any help is appreciated.
Devices
· 2 Cisco Catalyst with two WS-SUP720-3B each (no VSS)
· 2 Cisco Nexus 5010
· 2 Cisco UCS 6120xp
· 2 UCS Chassis
- 4 Cisco B200-M1 blades (2 each chassis)
- Dual 10Gb Intel card (1 per blade)
vPC Configuration on Nexus 5000
TACSWN01
TACSWN02
feature vpc
vpc domain 5
reload restore
reload restore delay 300
Peer-keepalive destination 10.11.3.10
role priority 10
!--- Enables vPC, define vPC domain and peer for keep alive
int ethernet 1/9-10
channel-group 50 mode active
!--- Put Interfaces on Po50
int port-channel 50
switchport mode trunk
spanning-tree port type network
vpc peer-link
!--- Po50 configured as Peer-Link for vPC
inter ethernet 1/17-18
description UCS6120-A
switchport mode trunk
channel-group 51 mode active
!--- Associates interfaces to Po51 connected to UCS6120xp-A
int port-channel 51
swithport mode trunk
vpc 51
spannig-tree port type edge trunk
!--- Associates vPC 51 to Po51
inter ethernet 1/19-20
description UCS6120-B
switchport mode trunk
channel-group 52 mode active
!--- Associates interfaces to Po51 connected to UCS6120xp-B
int port-channel 52
swithport mode trunk
vpc 52
spannig-tree port type edge trunk
!--- Associates vPC 52 to Po52
!----- CONFIGURATION for Connection to Catalyst 6506
Int ethernet 1/1-3
description Cat6506-01
switchport mode trunk
channel-group 61 mode active
!--- Associate interfaces to Po61 connected to Cat6506-01
Int port-channel 61
switchport mode trunk
vpc 61
!--- Associates vPC 61 to Po61
Int ethernet 1/4-6
description Cat6506-02
switchport mode trunk
channel-group 62 mode active
!--- Associate interfaces to Po62 connected to Cat6506-02
Int port-channel 62
switchport mode trunk
vpc 62
!--- Associates vPC 62 to Po62
feature vpc
vpc domain 5
reload restore
reload restore delay 300
Peer-keepalive destination 10.11.3.9
role priority 20
!--- Enables vPC, define vPC domain and peer for keep alive
int ethernet 1/9-10
channel-group 50 mode active
!--- Put Interfaces on Po50
int port-channel 50
switchport mode trunk
spanning-tree port type network
vpc peer-link
!--- Po50 configured as Peer-Link for vPC
inter ethernet 1/17-18
description UCS6120-A
switchport mode trunk
channel-group 51 mode active
!--- Associates interfaces to Po51 connected to UCS6120xp-A
int port-channel 51
swithport mode trunk
vpc 51
spannig-tree port type edge trunk
!--- Associates vPC 51 to Po51
inter ethernet 1/19-20
description UCS6120-B
switchport mode trunk
channel-group 52 mode active
!--- Associates interfaces to Po51 connected to UCS6120xp-B
int port-channel 52
swithport mode trunk
vpc 52
spannig-tree port type edge trunk
!--- Associates vPC 52 to Po52
!----- CONFIGURATION for Connection to Catalyst 6506
Int ethernet 1/1-3
description Cat6506-01
switchport mode trunk
channel-group 61 mode active
!--- Associate interfaces to Po61 connected to Cat6506-01
Int port-channel 61
switchport mode trunk
vpc 61
!--- Associates vPC 61 to Po61
Int ethernet 1/4-6
description Cat6506-02
switchport mode trunk
channel-group 62 mode active
!--- Associate interfaces to Po62 connected to Cat6506-02
Int port-channel 62
switchport mode trunk
vpc 62
!--- Associates vPC 62 to Po62
vPC Verification
show vpc consistency-parameters
!--- show compatibility parameters
Show feature
!--- Use it to verify that vpc and lacp features are enabled.
show vpc brief
!--- Displays information about vPC Domain
Etherchannel configuration on TAC 6500s
TACSWC01
TACSWC02
interface range GigabitEthernet2/38 - 43
description TACSWN01 (Po61 vPC61)
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
channel-group 61 mode active
interface range GigabitEthernet2/38 - 43
description TACSWN02 (Po62 vPC62)
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
channel-group 62 mode activeihernandez81,
Between the c1-r1 & c1-r2 there are no L2 links, ditto with d6-s1 & d6-s2. We did have a routed link just to allow orphan traffic.
All the c1r1 & c1-r2 HSRP communications ( we use GLBP as well ) go from c1-r1 to c1-r2 via the hosp-n5k-s1 & hosp-n5k-s2. Port channels 203 & 204 carry the exact same vlans.
The same is the case on the d6-s1 & d6-s2 sides except we converted them to a VSS cluster so we only have po203 with 4 *10 Gb links going to the 5Ks ( 2 from each VSS member to each 5K).
As you can tell what we were doing was extending VM vlans between 2 data centers prior to arrivals of 7010s and UCS chassis - which worked quite well.
If you got on any 5K you would see 2 port channels - 203 & 204 - going to each 6500, again when one pair went to VSS po204 went away.
I know, I know they are not the same things .... but if you view the 5Ks like a 3750 stack .... how would you hook up a 3750 stack from 2 6500s and if you did why would you run an L2 link between the 6500s ?
For us using 4 10G ports between 6509s took ports that were too expensive - we had 6704s - so use the 5Ks.
Our blocking link was on one of the links between site1 & site2. If we did not have wan connectivty there would have been no blocking or loops.
Caution .... if you go with 7Ks beware of the inability to do L2/L3 via VPCs.
better ?
one of the nice things about working with some of this stuff is as long as you maintain l2 connectivity if you are migrating things they tend to work, unless they really break -
What are best practices for connecting asa to nexus 5000
just trying to get a feel for the best way to connect redundant asa to redundant nexus 5000
using a vpc vlan is fine, but then running a routing protocol isn't supported, so putting static routes on 5000 works, but it doesn't support ip sla yet so you cant really stop distributing the default if your internet goes down. just looking for what was recommended.you want to test RAC upgrade on NON RAC database. If you ask me that is a risk but it depends on may things
Application configuration - If your application is configured for RAC, FAN etc. you cannot test it on non RAC systems
Cluster upgrade - If your standalone database is RAC one node you can probably test your cluster upgrade there. If you have non RAC database then you will not be able to test cluster upgrade or CRS
Database upgrade - There are differences when you upgrade RAC vs non RAC database which you will not be able to test
I think the best way for you is to convert your standalone database to RAC one node database and test it. that will take you close to multi node RAC -
New Trunking port Error Disabled on Nexus 5000
I configured my Nexus 5000 ports as so
Int Eth1000/1/48
switchport mode trunk
switchport trunk allowed vlan 8
speed 1000
channel-group 7 mode active
int Po7
switchport mode trunk
switchport trunk allowed vlan 8
vpc7
speed 1000
I configured my 3650 as so:
int Gig0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 8
switchport mode trunk
speed 1000
channel-group 1 mode active
Port channel 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 8
switchport mode trunk
speed 1000
Both of these ports are connected Int Eth1000/1/48 and int Gig0/23. Int Eth1000/1/48 shut down and when I checked the logs on the N5K it said for the port ErrorDisabled REASON BPDUguard. I did not configure bpdufilter or bpduguard on either side. What is causing it?
I found 3 other ports the have bpdufilter on them would that be it?
Since the 3560 is an older switch how can I also ensure it get demoted to not be root bridge or secondary root bridge?Hi,
1- You tried to bundle GE and E interfaces with LACP on both switch but you did not mention the other bundle members, however, it looks the etherchannel did not comes up and interfaces work separately.
As a result, STP has prevented bridging loop and put one of them in errdisable state. I think you must check your etherchannel configuration.
2- you can use "spanning-tree vlan <> priority 61400" on 3560 switch to make sure it won't be a root bridge.
HTH
Houtan -
Trunking on Nexus 5000 to Catalyst 4500
I have 2 devices on the each end of a Point to Point. One side has a Nexus 5000 the other end a Catalyst 4500. We want a trunk port on both sides to allow a single VLAN for the moment. I have not worked with Nexus before. Could someone look at the configurations of the Ports and let me know if it looks ok?
nexus 5000
interface Ethernet1/17
description
switchport mode trunk
switchport trunk allowed vlan 141
spanning-tree guard root
spanning-tree bpdufilter enable
speed 1000
Catalyst 4500
interface GigabitEthernet3/39
description
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 141
switchport mode trunk
speed 1000
spanning-tree bpdufilter enable
spanning-tree guard rootThanks guys, we found the issue. The Catalyst is on my side and the Nexus is on the side of the hosting center. The hosting center moved his connection to a different Nexus 5000 and the connection came right up. We dropped the spanning-tree guard root.
It was working on the previous nexus when we set the native vlan for 141. So we thought it was the point to point dropping the tags.
The hosting center engineer this it might have to do with the VPC Peer-Link loop prevention on the previous Nexus.
Anyway it is working the way we need it to. -
SAN Port-Channel between Nexus 5000 and Brocade 5100
I have a Nexus 5000 running in NPV mode connected to a Brocade 5100 FC switch using two FC ports on a native FC module in the Nexus 5000. I would like to configure these two physical links as one logical link using a SAN Port-Channel/ISL-Trunk. An ISL trunking license is already installed on the Brocade 5100. The Nexus 5000 is running NX-OS 4.2(1), the Brocade 5100 Fabric OS 6.20. Does anybody know if this is a supported configuration? If so, how can this be configured on the Nexus 5000 and the Brocade 5100? Thank you in advance for any comments.
Best regards,
FlorianI tried that and I could see the status light on the ports come on but it still showed not connected.
I configured another switch (a 3560) with the same config and the same layout with the fiber and I got the connection up on it. I just cant seem to get it on the 4506, would it be something with the supervisor? Could it be wanting to use the 10gb port instead of the 1gb ports? -
We run 6509 core routers as NTP servers to other IOS routers/switches & servers of several OS flavours.
All good.
Recently added some Nexus 5000s and cannot get them to lock.
No firewalls or ACLs in the path
6509 (1 of 4) state:
LNPSQ01CORR01>sh ntp ass
address ref clock st when poll reach delay offset disp
+ 10.0.1.2 131.188.3.220 2 223 1024 377 0.5 -6.23 0.7
+~130.149.17.21 .PPS. 1 885 1024 377 33.7 -0.26 0.8
*~138.96.64.10 .GPS. 1 680 1024 377 22.7 -2.15 1.0
+~129.6.15.29 .ACTS. 1 720 1024 377 84.9 -3.37 0.6
+~129.6.15.28 .ACTS. 1 855 1024 377 84.8 -3.30 2.3
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
Nexus state:
BL01R01B10SRVS01# sh ntp peer-status
Total peers : 4
* - selected for sync, + - peer mode(active),
- - peer mode(passive), = - polled in client mode
remote local st poll reach delay
=10.0.1.1 10.0.201.11 16 64 0 0.00000
=10.0.1.2 10.0.201.11 16 64 0 0.00000
=10.0.1.3 10.0.201.11 16 64 0 0.00000
=10.0.1.4 10.0.201.11 16 64 0 0.00000
Nexus config:
ntp distribute
ntp server 10.0.1.1
ntp server 10.0.1.2
ntp server 10.0.1.3
ntp server 10.0.1.4
ntp source 10.0.201.11
ntp commit
interface mgmt0
ip address 10.0.201.11/24
vrf context management
ip route 0.0.0.0/0 10.0.201.254
Reachability to the NTP source...
BL01R01B10SRVS01# ping 10.0.1.1 vrf management source 10.0.201.11
PING 10.0.1.1 (10.0.1.1) from 10.0.201.11: 56 data bytes
64 bytes from 10.0.1.1: icmp_seq=0 ttl=253 time=3.487 ms
64 bytes from 10.0.1.1: icmp_seq=1 ttl=253 time=4.02 ms
64 bytes from 10.0.1.1: icmp_seq=2 ttl=253 time=3.959 ms
64 bytes from 10.0.1.1: icmp_seq=3 ttl=253 time=4.053 ms
64 bytes from 10.0.1.1: icmp_seq=4 ttl=253 time=4.093 ms
--- 10.0.1.1 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 3.487/3.922/4.093 ms
BL01R01B10SRVS01#
Are we missing some NTP or managment vrf setup in the Nexus 5Ks??
Thanks
Rob Spain
UKI have multiple 5020's, 5548's, and 5596's, and they all experience this same problem. Mind you I run strictly layer 2. I don't even have feature interface-vlan enabled. I tried: "ntp server X.X.X.X use-vrf management" as well as "clock protocol ntpt". These didn't help.
I was told by TAC that there is a bug (sorry I do not have the ID), but basically NTP will not work over the management VRF. The only way I got NTP to work, was by enabling the feature interface-vlan, and adding a vlan interface with an IP and retrieving NTP through this interface.
I upgraded to 5.2 (1) in hopes that this would fix the issue. but it did not. -
Hola alguien me podria decir cual es el comendo en Nexus 5000 para mandar a Default una interface
Hi,
Disculpas, no hablo español. Apologies, I don't speak Spanish, but I think the answer you're looking for is as follows:
From the Resolved Caveats in Cisco NX-OS Release 5.2(1)N1(4) section of the Release Notes:
CSCth06584 The enhancement request filed requesting the "default interface" capability in Cisco Nexus 5000 and 5500 Series switches.
Regards -
Hi,
I have a Nexus 5000 conected with a UCS C-200 with qlogic CNA in FCoE. The ethernet traffic is ok, but FC dont work fine, i thinks that i have configured all ok, by the show int vfc show the trunk vsan in initializating mode and i dont find what is the problem
switch(config-if)# sh int vfc 1
vfc1 is trunking
Bound interface is Ethernet1/9
Port description is Conexion FC con UCS1
Hardware is Virtual Fibre Channel
Port WWN is 20:00:00:0d:ec:e8:2c:7f
Admin port mode is F, trunk mode is on
snmp link state traps are enabled
Port mode is TF
Port vsan is 1
Trunk vsans (admin allowed and active) (1)
Trunk vsans (up) ()
Trunk vsans (isolated) ()
Trunk vsans (initializing) (1)
1 minute input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
1 minute output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
0 frames input, 0 bytes
0 discards, 0 errors
0 frames output, 0 bytes
0 discards, 0 errors
last clearing of "show interface" counters never
Interface last changed at Mon Dec 20 19:59:31 2010
switch(config-if)# show port internal info interface vfc 1
vfc1 - if_index: 0x1E000000, phy_port_index: 0x1000
local_index: 0xffff
Admin Config - state(up), mode(F), speed(auto), trunk(on)
beacon(off), snmp trap(on), tem(false)
description(Conexion FC con UCS1)
port owner()
Operational Info - state(trunking), mode(TF), speed(auto), trunk(on)
state reason(None)
phy port enable (1), phy layer (FC), port_osm_mode(OSM)
participating(1), fcid(0x000000), bb_scn(0)
config port vsan (1), oper port vsan (1)
rx bb_credit(0), rx bb_credit multiplier(0)
rx bb_credit performance buffers(0), tx bb_credit(0)
not first time port bringup is 0
Port WWN is 20:00:00:0d:ec:e8:2c:7f
current state [PI_FSM_ST_TXPORT_INIT_TRUNKING_ENABLED]
port_init_eval_flag(0x00000401), cfg wait for none
FC_PORT_INIT_DATA_VALID (0)
FC_PORT_INIT_ADMIN_ST_DOWN_TO_UP (10)
FC_PORT_INIT_PHY_PORT_UP (49)
Mts node id 0x0
Lock Info: resource [vfc1]
type[0] p_gwrap[(nil)]
FREE @ 259535 usecs after Mon Dec 20 19:59:31 2010
type[1] p_gwrap[(nil)]
FREE @ 260559 usecs after Mon Dec 20 19:59:31 2010
type[2] p_gwrap[(nil)]
FREE @ 266012 usecs after Mon Dec 20 19:59:31 2010
0x10000001e000000
eport_init_flag(0x00000000), elp_chk_flag(0x00000000)
elp_rcvd_fc2_handle(0x00000000), elp_sent_fc2_handle(0x00000000)
esc_chk_flag(0x00000000), esc_fc2_handle(0x00000000)
elp_flags(0x0000), classes_supported(F), tx bb_credit(0)
Peer ELP Revision: 0
Timer active for PI_FSM_EV_TE_2_E_TIMER_EXPIRED
cnt_link_failure(0), cnt_link_success(0), cnt_port_up(0)
cnt_cfg_wait_timeout(2), cnt_port_cfg_failure(2), cnt_init_retry(0)
nos link failures (0), debounce window (300 ms), elp wait tout (750 ms)
link fail reason (0x0) num_elps_before_up (0)
internal_reinit_counter (0) external_reinit_counter (0)
Trunk Info -
trunk vsans (allowed active) (1)
trunk vsans (operational allowed) (1)
trunk vsans (up) ()
trunk vsans (isolated) ()
TE port per vsan information
vfc1, Vsan 1 - state(down), state reason(waiting for flogi), fcid(0x000000)
port init flag(0x0),
Lock Info: resource [vfc1, vsan 1]
type[0] p_gwrap[(nil)]
FREE @ 270103 usecs after Mon Dec 20 19:59:31 2010
type[1] p_gwrap[(nil)]
FREE @ 270104 usecs after Mon Dec 20 19:59:31 2010
type[2] p_gwrap[(nil)]
FREE @ 270105 usecs after Mon Dec 20 19:59:31 2010
0x40000011e000000
current state [TE_FSM_ST_WAIT_FOR_FLOGI]
RNID info not found.
first time elp: 1
Peer ELP Revision: 0
Pacer Info -
Pacer state: released credits due to timer expiry
PQP: not in progress
My configuration
vlan 701
fcoe vsan 1
name FCoE-Vsan1
interface vfc1
bind interface Ethernet1/9
switchport description Conexion FC con UCS1
no shutdown
interface Ethernet1/9
description Conexion FCoE con UCS1
switchport mode trunk
spanning-tree port type edge trunk
I need configure anything in UCS?.
Regards.Under your ethernet 1/9 try adding:
switchport trunk allowed vlan 1, 701
Assuming vlan 1 as your native default vlan and 701 is FCoE vlan, this should bring up vlan 701 to your CNA. -
CFS : how to disable application ? nexus 5000
1. Could you please help me out here. I am setting up syslog on Nexus switches and running into problems (error messages at bottom)
On Nexus 5000, I am trying to disable CFS distribution for application SYSLOGD, but do not find a command to do that.
Why I want to do that ?
With CFS enabled for syslogd, 'use-vrf' option is not allowed in the command 'logging server 167.54.254.23 6 ' and by default syslogd uses vrf management whereas I want it to use vrf default.
2. Also, any idea why this message pops up ?
CLIC-6-EXIT_CONFIG: Configured from 1 by systest
2010 Feb 12 10:40:13.308 ked1.dcacc.n01 LOG-3-SYSTEM_MSG: Syslog could not be send to serv
er(167.54.254.23) : No route to host
2010 Feb 12 10:40:46.162 ked1.dcacc.n01 %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty ....
2010 Feb 12 10:40:46.170 ked1.dcacc.n01 LOG-3-SYSTEM_MSG: Syslog could not be send to serv..) : No route to host
2010 Feb 12 10:40:46.170 ked1.dcacc.n01 11244]: CLIC-6-EXIT_CONFIG: Configured from 1 by systest
2010 Feb 12 10:40:46.181 ked1.dcacc.n01 snmpd: snmpd: send_trap: Failure in sendto (No route to host)
2010 Feb 12 10:40:46.183 ked1.dcacc.n01 last message repeated 2 times
2010 Feb 12 10:40:46.183 ked1.dcacc.n01 snmpd: NETWORK- UNREACHABLELearned the command is:
no logging distribute -
The meaning of Interface Ethernet250/1 under the Nexus 2000 is connected to Nexus 5000 switch
Dear all,
Recently, I prepared and deploy a network monitoring system to monitor the new generation Nexus connected network. With using snmpwalk to query the interfacs information from the Nexus 5000 switch (one Nexus 2000 is connected to it via FlexLink), I found that other than normal Nexus 5000 and 2000 ports(ifName to be Ethernet1/1, Ethernet1/2, ... Ethernet190/1/1, Ethernet190/1/2...), a series of interface with ifName Ethernet250/1, Ethernet250/2, .... to be appeared in the interface SNMP tree. With logged into the Nexus 5000 and issue display interface command, I can only found the information on the normal interfaces but not the abnormal interface Ethernet250/1, ...
Would someone know what is it (do E250/1 is a logical interface like port channel or VLAN) and how to monitor it ? Thanks in advances.
HC WongI've not seen that myself. Could it perhaps be a VPC (Virtual Portchannel)?
Maybe you are looking for
-
Trouble with interactive PDF made on MAC not working on PC
I am making an interactive PDF which will be sent out to many people. The PDF has links which open other PDFs. These all work perfectly on the Mac. When on a PC half open half dont. I dont know much about PCs at all, they are using acrobat V9 pro. Ha
-
Can I use skip logic in Acrobat X forms, or do I need to go to Forms Central?
-
Components required for each operation
Hi Friends, In production order there are many operations. How can I know components required for each operation. Thanks, Kiran
-
PSE 8 Licensing problem on Mac with OSX 10.8.4
Hi, Trying to edit some Aperture pics with my PSE 8 on my Mac with OSX 10.8.4 the following messge appeared: Then found I could not open PSE independently of Aperture (version 3.4.5) - and kept getting the same message each time. Not sure of the cur
-
I did a search and see people have been asking for some easy way to rotate a custom brush in Photoshop similar to using the brackets to resize the brush. I have a Wacom Intuos 4 tablet. I can change the brush angle by tilting the pen, but as far as I