"The `Inline' mode also supports `Port-Channel'" ?

Similar Messages

• Will the iphone 3G also support Nike+ now that the iphone S does?

  According to the website the new iphone S includes built-in Nike + iPod support. Will the iphone 3G support it now with the new OS 3.0?
  Its really annoying how it works on the nano and touch but not the iphone! very poor form.

  As far as I know, iPhone 3G will not support the nike feature.

• Does the SLM224G switch support port-based VLAN's?

  I am looking for a simple solution to create two LAN's. One for my own and one for my customers, who will be able to use desktop PC's with internet access. I have only one internet connection (DSL over ISDN) and wil not getting another just for my customers.
  My own network should not be accessible or visible to users who are using the customers-PC's. The other way around is allowed, but not really necessary. My setup requires me to hook up the switch to the (ISP) router, and that router just has one LAN port not able to do anything related to VLAN's.
  I read about port-based VLAN's here, where it is stated that creating seperate LAN's is just putting ports into VLAN's on the switch, nothing else needs to be done... However, they used a NetGear smart switch.
  I checked out Cisco's SLM224G as it is affordable, has 24 ports (instead of 8 for the NetGear) and should support VLAN's. I have read a lot about VLAN's, including:
  "- Port-based VLAN's means that you can reconfigure ports to be in different VLAN's. Port-based VLAN's do not confirm 802.1q VLAN support.
  - 802.1q VLAN's means that you can tag VLAN's with 802.1q headers to create a trunk between two devices that carries frames for multiple VLAN's. 802.1q VLAN's confirm that there is also Port-based VLAN support."
  I known from the spec sheets that the SLM224G supports 802.1q (tagged) trunking. So it should, given found text above, also support port-based VLAN's.
  My question is whether it indeed will support port-based VLAN's?
  Am I able to use it directly behind my ISP's router and create two seperate LAN's?
  If so, one extra question: how are the PC's behind the switch (inside the two VLAN's) get their IP-adresses from the ISP-router? Or will it service only one of the two LAN's and should I install a DHCP-server in the other LAN?
  Any information is very welcome!
  Thank you.

  Thanks for your responce, mr. Carr.
  I have read more about vlan's and their setup. I think the article about port based vlan's was lacking some information about the router/firewall. May be it was set up to work with different vlan's from the start. Strangely, in the text it is said that nothing needs to be set up besides the (Netgear) vlan-capable switch.
  So, from your response and other texts I learned I needed a vlan-capable router. I have to say that I need to be able to manage a server on the LAN from the outside (internet). I already tried to set up a Cisco/Linksys WRT54G router behind the ISP's (ZyXel) single LAN-ported router and that would not work at all (even when the Linksys was set in router-mode). I lost the connection to internet setting it up that way. I even tried to setup the Linksys in the DMZ of the ZyXel, with no luck. I was unable to set that up with working internet-access form the LAN. So I was not too happy with the suggestion to set up a (second) vlan-capable gigabit router behind the ISP's router....
  Eventually, I bridged the ZyXel to get rid of the double NAT/gateway mode of the two routers as routing mode did not work on the Linksys. The Linksys is now getting the WAN-ip from the ISP on it's WAN port and I furthermore used DD-WRT's firmware to enable the build-in vlan-capabilities of the Linksys.
  Now I have set up the Linksys with two vlan's and I bought the SLM224G as an inexpensive manageable 24-port vlan-capable switch to provide the number of ports I needed. I devided the SLM in two vlan's and used two wires from the Linksys to the SLM. So the SLM does support port-based vlan's by simply setting up two ranges of ports with different PVID settings. Trunking and 802.1q tagging isn't needed that way. I know I could have used two dumb switches to get two separate subnetted networks, but this way I get just enough ports in a single device where I have ample space to put it.
  Anyway, thanks for helping me understanding the way vlan-capable switches work.

• Sg300-28 port-channel options

  i have an sg300-28 running the latest firmware, and would like some insight on port-channel options.  below are the port configs i have for a LAG to my router.  i am currently using 802.3ad with LACP.  my router is a linux machine pulling duty as a basic (no dynamic routing) router, firewall and internet gateway.  the bonding options on the routers side explained at
  http://docs.fedoraproject.org/en-US/Fedora/16/html/System_Administrators_Guide/sec-Using_Channel_Bonding.html.  the mode is 4 or 802.3ad and the xmit_hash_policy is 2 or layer2+3.  i also have 2 servers setup in a similar fashion with 2 interfaces in a LAG.
  when i run a bandwidth test, iperf, between the two servers, i only get 900+ mbps which indicates that the GB ports are running fine.  this also indicates to me that the traffic is not being "striped" across the port-channeled interfaces, thereby giving me the aggregated bandwidth of all interfaces in the LAG.  i have found no options to use the balance-xor mode to create port-channels, which as i understand it, would aggregate the total bandwidth of all interfaces in the LAG.  is the sg300 capable of creating a LAG that will combine the throughput of all the members of the LAG?  for example, create a 2 GB pipe when 2 interfaces are port-channeled?  is the balance-xor mode what would do this (regardless of the sg300's ability to do this)
  interface gigabitethernet25
  description "Port Channel to Router"                
  channel-group 1 mode auto
  lldp notifications enable
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  lldp management-address automatic
  interface gigabitethernet26
  description "Port Channel to Router"
  channel-group 1 mode auto
  lldp notifications enable
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  lldp management-address automatic
  interface gigabitethernet27
  description "Port Channel to Router"
  channel-group 1 mode auto
  lldp notifications enable
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  lldp management-address automatic
  interface gigabitethernet28
  description "Port Channel to Router"
  channel-group 1 mode auto                           
  lldp notifications enable
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  lldp management-address automatic
  interface Port-channel1
  description "Port Channel to Router"
  switchport mode general
  switchport general allowed vlan add 2-3,25,37,50,52,253-255 tagged
  switchport general pvid 255

  Hi Brendan,
  You said "i only get 900+ mbps which indicates that the GB ports are running fine.  this also indicates to me that the traffic is not being "striped" across the port-channeled interfaces, thereby giving me the aggregated bandwidth of all interfaces in the LAG.  i have found no options to use the balance-xor mode to create port-channels, which as i understand it, would aggregate the total bandwidth of all interfaces in the LAG."
  As the Admin guide says on page 130, http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf
  Load Balancing
  Traffic forwarded to a LAG is load-balanced across the active member ports, thus achieving an effective bandwidth close to the aggregate bandwidth of all the active member ports of the LAG.
  Traffic load balancing over the active member ports of a LAG is managed by a hash-based distribution function that distributes Unicast and Multicast traffic based on Layer 2 or Layer 3 packet header information.
  The switch supports two modes of load balancing:
  By MAC Addresses—Based on the destination and source MAC addresses of all packets.
  By IP and MAC Addresses—Based on the destination and source IP addresses for IP packets, and destination and source MAC addresses for
  non-IP packets.
     So,  an IP host running running IPERF maybe checking unicast throughput between the two IP hosts.  There will be a Source and Desination IP address in that test.  The switch will direct the traffic over one of the LAG port members .  It wont Round robin the unicast traffic over multiple LAG ports, if the Source and Desination IP address of the traffic is the same.  .
  If the  PC  running IPerf,  had  another concurrent IPerf session to another or different IP host, the hash algorithm on the switch may direct that stream , maybe, over a different physical LAG interface.
  So your comment about  achieving  900+mbps  sounds normal   Yes LAG spreads the load, the benefit comes when lots of hosts on  both sides of the switches.
  You hay find with just two hosts on either side of a LAG, that the switch may run the traffic between two hosts over just one member of the LAG group.
  regards Dave

• FWSM Default port channel?

  I'm doing some L2 cleanups across mutliple 6509E environments and I've found something consistent that I can't find in documentation.
  On all my pairs of 6509s where I have FWSMs bundled (6509-A has FWSM-1 is Slot 1 and 6509-B has FWSM-2 in Slot 1) I also have a port channel 305. Obviously when I do a "show run" or "show int desc" I don't see anything in slot one. It's a service module. But the port channel is referencing ports 1/1-6. And it's all in service/up. I was about to delete this as I thought it was some leftover config (TEST 6509s) until I went and saw the same things on our PROD 6509s. Can anyone explain this or provide some documentation on it? Is it cosmetic? Necessary? Can I delete it as part of my audit cleanup? Don't want to mess with it even in TEST without some information. Nothing on google that's clear and I can't find anything on CCO.
  6509-1#sho etherch 305 summ
  Flags:  D - down        P - bundled in port-channel
          I - stand-alone s - suspended
          H - Hot-standby (LACP only)
          R - Layer3      S - Layer2
          U - in use      N - not in use, no aggregation
          f - failed to allocate aggregator
          M - not in use, no aggregation due to minimum links not met
          m - not in use, port not aggregated due to minimum links not met
          u - unsuitable for bundling
          d - default port
          w - waiting to be aggregated
  Number of channel-groups in use: 11
  Number of aggregators:           11
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  305    Po305(SU)        -        Gi1/1(P)       Gi1/2(P)       Gi1/3(P)      
                                   Gi1/4(P)       Gi1/5(P)       Gi1/6(P)      
  Last applied Hash Distribution Algorithm:   -
  6509-1#sho etherch 305 det 
  Group state = L2
  Ports: 6   Maxports = 8
  Port-channels: 1 Max Port-channels = 1
  Protocol:    -
  Minimum Links: 0
                  Ports in the group:
  Port: Gi1/1
  Port state    = Up Mstr In-Bndl
  Channel group = 305         Mode = On      Gcchange = -
  Port-channel  = Po305       GC   =   -         Pseudo port-channel = Po305
  Port index    = 0           Load = 0x41        Protocol =    -
  Age of the port in the current state: 46d:06h:53m:39s
  Port: Gi1/2
  Port state    = Up Mstr In-Bndl
  Channel group = 305         Mode = On      Gcchange = -
  Port-channel  = Po305       GC   =   -         Pseudo port-channel = Po305
  Port index    = 1           Load = 0x02        Protocol =    -
  Age of the port in the current state: 46d:06h:53m:39s
  Port: Gi1/3
  Port state    = Up Mstr In-Bndl
  Channel group = 305         Mode = On      Gcchange = -
  Port-channel  = Po305       GC   =   -         Pseudo port-channel = Po305
  Port index    = 2           Load = 0x04        Protocol =    -
  Age of the port in the current state: 46d:06h:53m:41s
  Port: Gi1/4
  Port state    = Up Mstr In-Bndl
  Channel group = 305         Mode = On      Gcchange = -
  Port-channel  = Po305       GC   =   -         Pseudo port-channel = Po305
  Port index    = 3           Load = 0x88        Protocol =    -
  Age of the port in the current state: 46d:06h:53m:41s
  Port: Gi1/5
  Port state    = Up Mstr In-Bndl
  Channel group = 305         Mode = On      Gcchange = -
  Port-channel  = Po305       GC   =   -         Pseudo port-channel = Po305
  Port index    = 4           Load = 0x10        Protocol =    -
  Age of the port in the current state: 46d:06h:53m:41s
  Port: Gi1/6
  Port state    = Up Mstr In-Bndl
  Channel group = 305         Mode = On      Gcchange = -
  Port-channel  = Po305       GC   =   -         Pseudo port-channel = Po305
  Port index    = 5           Load = 0x20        Protocol =    -
  Age of the port in the current state: 46d:06h:53m:41s
                  Port-channels in the group:
  Port-channel: Po305
  Age of the Port-channel   = 46d:06h:55m:56s
  Logical slot/port   = 14/11          Number of ports = 6
  GC                  = 0x00000000      HotStandBy port = null
  Port state          = Port-channel Ag-Inuse
  Protocol            =    -
  Fast-switchover     = disabled
  Load share deferral = disabled  
  Ports in the Port-channel:
  Index   Load   Port     EC state        No of bits
  ------+------+------+------------------+-----------
    0     41     Gi1/1    On    2
    1     02     Gi1/2    On    1
    2     04     Gi1/3    On    1
    3     88     Gi1/4    On    2
    4     10     Gi1/5    On    1
    5     20     Gi1/6    On    1
  Time since last port bundled:    46d:06h:53m:41s    Gi1/6
  Last applied Hash Distribution Algorithm:   -
  NOC-SW-ITEST-AGG1#

  The connection between the FWSM and the switch is a 6-GB 802.1Q trunking EtherChannel. This EtherChannel is automatically created when you install the FWSM.
  http://cisconetwork.org.ua/1587051893/ch04lev1sec1.html
  http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/switch.pdf
  Thanks
  Ajay

• Span port channel

  Hi All,
     Is there any option to span port channel of Cisco 6500 Switch.If possible What is the configuration for the same..
  Pls help..
  Regards,
  Ajith

  Hi,
  You can, but the Portchannel has to be in on mode.  You cannot use it wilt LACP or PAGP.
  Note:
  From Cisco IOS Software Release  12.2(33)SXH and later, PortChannel interface can be a destination port.  Destination EtherChannels do not support the Port Aggregation Control  Protocol (PAgP) or Link Aggregation Control Protocol (LACP) EtherChannel  protocols; only the on mode is supported, with all EtherChannel  protocol support disabled.
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml
  HTH
  Reza

• IOS to NXOS VPC PORT CHANNEL

  Hello
  I have a pair of Nexus 5K's in a VPC domain and some 2960's as VPC members, with a port channel to the domain.
  Topology is as follows:
  5K1 and 5K2 in VPC domain
  VPC from 5K1 and 5K2 to 2960
  2960 has gi0/1 and gi0/2 in 1 port channel
  gi0/1 to 5k1, gi0/2 to 5k2
  I know that what I am going to ask may be totally against the purpose of VPC, but, I am looking for a way to favour gi0/1 for traffic, rather than load balancing over gi0/1 and gi0/2. The reaon for this is that I would like to benefit from the lack of loop that VPC provides, but would also like to have a primary and secondary link as the majority of traffic should actually go via 5K1, rather than 5K2.
  Any suggestions welcome.
  Many thanks in advance
  Anthony

  Hi Anthony,
  The Cisco NX-OS software load balances traffic across all operational interfaces in a portchannel by hashing the addresses in the frame to a numerical value that selects one of the links in the channel. Port channels provide load balancing by default. Port-channel load-balancing uses MAC addresses, IP addresses, or Layer 4 port numbers to select the link. Port-channel load balancing uses either source or destination addresses or ports, or both source and destination addresses or ports.
  You can configure the load-balancing mode to apply to all port channels that are configured on the entire device or on specified modules. The per-module configuration takes precedence over the load-balancing configuration for the entire device. You can configure one load-balancing mode for the entire device, a different mode for specified
  modules, and another mode for the other specified modules. You cannot configure the load-balancing method per port channel.
  You can configure the type of load-balancing algorithm used. You can choose the load-balancing algorithm that determines which member port to select for egress traffic by looking at the fields in the frame.
  Note:  The default load-balancing mode for Layer 3 interfaces is the source and destination IP address, and the default load-balancing mode for non-IP interfaces is the source and destination MAC address.
  From the config mode you can try different load-balacing method ,
  port-channel load-balance {dest-ip-port | dest-ip-port-vlan |
  destination-ip-vlan | destination-mac | destination-port | source-dest-ip-port | source-dest-ip-port-vlan | source-dest-ip-vlan | source-dest-mac | source-dest-port | source-ip-port | source-ip-port-vlan | source-ip-vlan | source-mac | source-port} [module-number]
  To Summarize: I cannot say which port would be selected, it purely depends on type of frame you are sending with the combination of the load-balance method.
  After tweaking you can also know from the command which link the traffic is taking,
  NEXUS2-SPAN# show port-channel load-balance forwarding-path interface port-channel 71 src-ip 1.1.1.1 dst-ip 2.2.2.2 vlan 51 module 2
  Module 2: Missing params will be substituted by 0's.
  Load-balance Algorithm: src-dst ip-l4port
  RBH: 0xb0       Outgoing port id: Ethernet8/8
  we can also try tweaking the same load-balancing on the 2960 also. It purely depends on the load-balancing algorithm. Below is for 2960 Load-balancing tweaking,
  http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_53_se/configuration/guide/swethchl.html
  Even after doing this i wouldnt say 100% it would select one link.
  Hope this helps!
  Thanks,
  Richard.
  *Rate if this is useful

• How to configure a port channel with VLAN trunking (and make it work..)

  We're trying to configure a port channel group with trunked ports to connect a NetApp HA pair. We want to create two data LIFs and connect them to the switch stack.  We are trying to create 2 data lifs, one for cifs and one for nfs that are on different vlans.
  We want the same ports to be able to allow multiple vlans to communicate. (trunked)
  These data lifs should be able to fail over to different nodes in the HA pair and still be able to communicate on the network.
  What this means is that we have to connect 4 ports each for each node in the NetApp HA Pair to the switches and create a port channel of some type that allows for trunked vlans. When we configure the ports, the configuration is as follows (below):
  We are only able to configure an IP on one of the vlans.
  When we configure an IP from another vlan for the data lif, it does not respond to a ping.
  Does anyone have any idea what I'm doing wrong on the Cisco switch?
  interface GigabitEthernet4/0/12
  description Netapp2-e0a
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface GigabitEthernet4/0/13
  description Netapp2-e0c
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface GigabitEthernet6/0/12
  description Netapp2-e0b
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface GigabitEthernet6/0/13
  description Netapp2-e0d
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  channel-protocol lacp
  channel-group 20 mode active
  end
  interface Port-channel20
  description Netapp2-NFS
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  spanning-tree portfast
  spanning-tree bpduguard enable
  end

  Our problem was fixed by the storage people.  They changed the server end to trunk, and the encapsulation / etherchannel.
  I like all the suggestions, and they probably helped out with the configuration getting this to work.
  Thanks!
  interface Port-channel20
  description Netapp2-NFS
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  interface GigabitEthernet4/0/12
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active
  interface GigabitEthernet4/0/13
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active
  interface GigabitEthernet6/0/12
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active
  interface GigabitEthernet6/0/13
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,511,519
  switchport mode trunk
  channel-protocol lacp
  channel-group 20 mode active

• OSPF load balancing across multiple port channels

  I have googled/searched for this everywhere but haven't been able to find a solution. Forgive me if I leave something out but I will try to convey all relevant information. Hopefully someone can provide some insight and many thanks in advance.
  I have three switches (A, B, and C) that are all running OSPF and LACP port channelling among themselves on a production network. Each port channel interface contains two physical interfaces and trunks a single vlan (so a vlan connecting each switch over a port channel). OSPF is running on each vlan interface.
  Switch A - ME3600
  Switch B - 3550
  Switch C - 3560G
  This is just a small part of a much larger topology. This part forms a triangle, if you will, where A is the source and C is the destination. A and C connect directly via a port channel and are OSPF neighbors. A and B connect directly via a port channel and are OSPF neighbors. B and C connect directly via a port channel and are OSPF neighbors. Currently, all traffic from A to C traverses B. I would like to load balance traffic sourced from A with a destination of C on the direct link and on the links through B. If all traffic is passed through B, traffic is evenly split on the two interfaces on the port channel. If all traffic is pushed onto the direct A-C link, traffic is evenly balanced on the two interfaces on that port channel. If OSPF load balancing is configured on the two vlans from A (so A-C and A-B), the traffic is divided to each port channel but only one port on each port channel is utilized while the other one passes nothing. So half of each port channel remains unused. The port channel on B-C continues to load balance, evenly splitting the traffic received from half of the port channel from A.
  A and C port channel load balancing is configured for src-dst-ip. B is a 3550 and does not have this option, so it is set to src-mac.
  Relevant configuration:
  Switch A:
  interface Port-channel1
  description Link to B
   port-type nni
   switchport trunk allowed vlan 11
   switchport mode trunk
  interface Vlan11
   ip address x.x.x.134 255.255.255.254
  interface Port-channel3
  description Link to C
   port-type nni
   switchport trunk allowed vlan 10
   switchport mode trunk
  interface Vlan10
   ip address x.x.x.152 255.255.255.254
  Switch B:
  interface Port-channel1
   description Link to A
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 11
   switchport mode trunk
  interface Vlan11
   ip address x.x.x.135 255.255.255.254
  interface Port-channel2
   description Link to C
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 12
   switchport mode trunk
  interface Vlan12
   ip address x.x.x.186 255.255.255.254
  Switch C:
  interface Port-channel1
   description Link to B
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 12
   switchport mode trunk
  interface Vlan12
   ip address x.x.x.187 255.255.255.254
  interface Port-channel3
   description Link to A
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 10
   switchport mode trunk
  interface Vlan10
   ip address x.x.x.153 255.255.255.254

  This is more FYI. 10.82.4.0/24 is a subnet on switch C. The path to it is split across vlans 10 and 11 but once it hits the port channel interfaces only one side of each is chosen. I'd like to avoid creating more vlan interfaces but right now that appears to be the only way to load balance equally across the four interfaces out of switch A.
  ME3600#sh ip route 10.82.4.0
  Routing entry for 10.82.4.0/24
    Known via "ospf 1", distance 110, metric 154, type extern 1
    Last update from x.x.x.153 on Vlan10, 01:20:46 ago
    Routing Descriptor Blocks:
      x.x.x.153, from 10.82.15.1, 01:20:46 ago, via Vlan10
        Route metric is 154, traffic share count is 1
    * x.x.x.135, from 10.82.15.1, 01:20:46 ago, via Vlan11
        Route metric is 154, traffic share count is 1
  ME3600#sh ip cef 10.82.4.0
  10.82.4.0/24
    nexthop x.x.x.135 Vlan11
    nexthop x.x.x.153 Vlan10
  ME3600#sh ip cef 10.82.4.0 internal       
  10.82.4.0/24, epoch 0, RIB[I], refcount 5, per-destination sharing
  sources: RIB 
  ifnums:
  Vlan10(1157): x.x.x.153
  Vlan11(1192): x.x.x.135
  path 093DBC20, path list 0937412C, share 1/1, type attached nexthop, for IPv4
  nexthop x.x.x.135 Vlan11, adjacency IP adj out of Vlan11, addr x.x.x.135 08EE7560
  path 093DC204, path list 0937412C, share 1/1, type attached nexthop, for IPv4
  nexthop x.x.x.153 Vlan10, adjacency IP adj out of Vlan10, addr x.x.x.153 093A4E60
  output chain:
  loadinfo 088225C0, per-session, 2 choices, flags 0003, 88 locks
  flags: Per-session, for-rx-IPv4
  16 hash buckets             
  < 0 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 1 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  < 2 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 3 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  < 4 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 5 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  < 6 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 7 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  < 8 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  < 9 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  <10 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  <11 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  <12 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  <13 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  <14 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
  <15 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
  Subblocks:                                                                                  
  None

• Port Channel Best Practice

  Hi All,
  I have a MDS9509 with port channels going to my Cisco blade switches on my HP Proliant blade enclosure.
  I have NO ports left on my MDS9509, but DO have some remaining on the blade enclosure.
  The question is, can i port channel from the blade enclosure to another edge switch (MDS9148)?
  Is that a supported configuration/Best Practice and what are the ramifications if I do that?
  So I'm going from Core, to edge and then to edge switch with port channel.
  Thanks,
  Matt

  Hi Matthew,
  Sorry for the misunderstanding,  your to-be diagram cleared up a lot for me :-)
  First off, yes, it will work. There's no reason it shouldn't and if you have the external ports free on your 9124e, you can hook up a new switch.
  It's far from a conventional design, because blade switches are supposed to go in the Edge. It's not a best practice.
  What I would recommend is that you move some of the storage from your edge to the 9148, and treat it as a collapsed core, sharing an edge switch (the blade switch).  You can then ISL the 9148 and the 9509 together into a somewhat sensible topology.
  So for one fabric this would be
  (disk)---9148  --- 9509 -- (disks) (some moved to the left to free up space for ISLs)
                  9124e
  Or you can contact your sales team and look to swap some Linecards with higher port density ones.
  Lastly I would like to note that, however you link up the switches, most combinations available to you will 'work'.  So as a temp solution you can go ahead with the (core - blade - edge) scenario.  Just know that you'll be introducing bottlenecks and potential weak points into your network. 

• About n1000v with port channel

  there is a n1000v connected to multiple upstream switches in the customer's production environment.
  the following is from the Cisco Nexus 1000V Interface Configuration Guide, Release4.2(1)SV2(2.1).
  You use vPC-HM mode to create a port channel when the switch is connected to multiple upstream switches
  that are not clustered.
  my question is,
  can I use LACP with multiple upstream switches that are not clustered?
  can I use LACP with multiple upstream switches that are stacked?
  if I stack multiple upstream switches,does it mean clustered?
  thanks.

  Hi,
  See some of the guidelines:
  Guidelines and Limitations
  Port channeling has the following guidelines and restrictions:
  •All ports in the port channel must be in the same Cisco Nexus 1000V module; you cannot configure port channels across Cisco Nexus 1000V modules.
  •Port channels can be formed with multiple upstream links only when they satisfy the compatibility requirements and under the following conditions:
  –The uplinks from the host are going to the same upstream switch.
  –The uplinks from the host going to multiple upstream switches are configured with vPC-HM.
  •You can configure multiple port channels on a device.
  •After you configure a port channel, the configuration that you apply to the port channel interface affects the port channel member ports. The configuration that you apply to the member ports affects only the member port where you apply the configuration.
  •You must remove the port security information from a port before you can add that port to a port channel. Similarly, you cannot apply the port security configuration to a port that is a member of a channel group.
  •You can configure ports that belong to a port channel group as PVLAN ports.
  •Any configuration changes that you apply to the port channel is applied to every member interface of that port channel.
  •Channel member ports cannot be a source or destination SPAN port.
  That said LACP should work on switches that are not clustered and meet the conditions above.
  A stack is treated as one unit which means that would be like you have just one big chassis.
  Stacking does not the same as clustering it works different. so if you stack them that would be a stack not a cluster
  http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_1_4/interface/configuration/guide/n1000v_if_5portchannel.html#wp1270746
  Hope this helps.

• IDSM-2 Inline mode operation - cat6000 Hybrid

  Hello, is the inline mode operation on the IDSM-2 IPS 5.1 only supported with catos 8.4(1)?
  Thanks!

  I agree, the IPS 5.1 release notes http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps4077/prod_release_note09186a0080574954.html#wp1068104 says it requires 8.5(1) go figure.

• ASR 1001 OTV Port-Channel

  I saw in the release notes that 3.10 for the ASR 1001 supports port-channel for the internal otv interface.  I upgraded to that release and it lets me use a port-channel interface, but it won't let me use the serivce instance command on the L2 interface.  I can add the channel-group command but not any otv commands.  Has anyone seen this yet?
  Thanks,
  Tom

  Hi tom,
  Not sure if you have resolved this issue, but, I hope you are configuring the port-channel with all the service-instance configurations. If yes, and you are getting into issues, please do post the output of the issue, we can have a look at the same.

• N7K Port Channel Layer 3 VLAN Question

  I have 2 N7K switches and would like to connect them via port channel and put the channel in VLAN 101. I have the following config, does it make sense? Thanks in advance!
  interface eth 3/1
  switchport
  channel-group 101 mode active
  interface eth 3/2
  switchport
  channel-group 101 mode active
  interface port-channel 101
  switchport
  switchport mode access
  switchport access vlan 10
  spanning-tree network type edge
  interface vlan 10
  ip address 10.1.1.1/24

  Could be something like this in the both sides (if the port numbers match):
  conf t
  feature lacp
  feature interface-vlan
  interface eth 3/1
  switchport
  channel-group 101 mode active
  interface eth 3/2
  switchport
  channel-group 101 mode active
  interface port-channel 101
  switchport
  switchport mode access
  switchport access vlan 101
  spanning-tree port type network
  interface vlan 101
  ip address 10.1.1.1/24
  no shut
  end
  vlan 101
  end
  *(This ip address will be available in only one box, you can use a FHRP as well, to increase the level of reachability)

• 6880 L2 Port-Channel

  Hi
  I want to configure a port-channel with a downstream 2960x switch. The 6880 does not let me configure a L2 port-channel. On the 6880 when I configure the port-channel first, the the interfaces, during the interface configs the error states either the switchport is L2 or port-channel, or vice versa
  I have managed this easily on other switches. Is there any special command on the 6880 to configure a l2 port-channel
  Attempted the following configs
  2960x
  Interface port-channel 1
  switchport mode trunk
  interface gig 1/0/28
  switchport mode trunk
  udld port aggressive
  channel-protocol lacp
  channel-group 1 mode Active
  mls qos trust dscp
  interface gig 2/0/28
  switchport mode trunk
  udld port aggressive
  channel-protocol lacp
  channel-group 1 mode Active
  mls qos trust dscp
  6880x
  interface Tengig 1/5/2
  switchport mode trunk
  channel-group 11 mode Active
  ******at this stage when I try to add the switchport mode trunk command as below under the interfac, the error states command rejected, either the switchport is in L3 mode and the port-channel l2 or vice versa
  interface Tengig 2/5/2 
  switchport mode trunk
  channel-group 11 mode Active
  interface port-channel11
  switchport
  switchport mode trunk

  Hi,
  After adding "channel-group 11 mode Active" to both ports 1/5/2 and 2/5/2.
  Now go to the Portchannel interface and add the "switchport mode trunk" there.
  int po 11
  switchport mode trunk
  no sh
  now "switchport mode trunk" should propagate to both physical interfaces.
  HTH