Vpc bind-vrf on Nexus 7000/N7k to ensure forwarding of multicast traffic over peer-link?

Similar Messages

• Commnad to see all configs under a VRF in nexus-os

  Please i want to find out if there is any command that will show you all the configurations under a vrf in nexus 7000 Switch.
  For example you can have VRF A, B, C but you want to quickly see all the configurations under VRF A only
  thanks in advance.             

  Dear Petrock
  I did as you proposed me - here is the result:
  MacBookPro:~ hkurt$ ls -lde ~/
  drwx------ 24 hkurt staff 816 Jan 28 21:52 /Users/hkurt/
  MacBookPro:~ hkurt$ ls -lde ~/Desktop
  drwx------ 26 hkurt staff 884 Jan 28 23:32 /Users/hkurt/Desktop
  MacBookPro:~ hkurt$
  For another user and a guest account:
  MacBookPro:~ tina$ ls -lde ~/
  drwxr-xr-x+ 22 tina tina 748 Jan 29 21:32 /Users/tina/
  0: group:everyone deny delete
  MacBookPro:~ tina$ ls -lde ~/Desktop
  drwxr-xr-x+ 28 tina staff 952 Jan 26 22:25 /Users/tina/Desktop
  0: group:everyone deny delete
  MacBookPro:~ gast$ ls -lde ~/
  drwxr-xr-x+ 14 gast gast 476 Jan 29 06:43 /Users/gast/
  0: group:everyone deny delete
  MacBookPro:~ gast$ ls -lde ~/Desktop
  drwx------+ 3 gast gast 102 Aug 25 2005 /Users/gast/Desktop
  0: group:everyone deny delete
  MacBookPro:~ gast$
  Can you read out anything out of these data ?
  Thanks for your help !

• Nexus 7000 - unexpected shutdown of vPC-Ports during reload of the primary vPC Switch

  Dear Community,
  We experienced an unusual behavior of two Nexus 7000 switches within a vPC domain.
  According to the attached sketch, we have four N7Ks in two data centers - two Nexus 7Ks are in a vPC domain for each data center.
  Both data centers are connected via a Multilayer-vPC.
  We had to reload one of these switches and I expected the other N7K in this vPC domain to continue forwarding over its vPC-Member-ports.
  Actually, all vPC ports have been disabled on the secondary switch until the reload of the first N7K (vPC-Role: primary) finished.
  Logging on Switch B:
  20:11:51 <Switch B> %VPC-2-VPC_SUSP_ALL_VPC: Peer-link going down, suspending all vPCs on secondary
  20:12:01 <Switch B> %VPC-2-PEER_KEEP_ALIVE_RECV_FAIL: In domain 1, VPC peer keep-alive receive has failed
  In case of a Peer-link failure, I would expect this behavior if the other switch is still reachable via the Peer-Keepalive-Link (via the Mgmt-Port), but since we reloaded the whole switch, the vPCs should continue forwarding. 
  Could this be a bug or are there any timers to be tuned?
  All N7K switches are running on NX-OS 6.2(8)
  Switch A:
  vpc domain 1
    peer-switch
    role priority 2048
    system-priority 1024
    peer-keepalive destination <Mgmt-IP-Switch-B>
    delay restore 360
    peer-gateway
    auto-recovery reload-delay 360
    ip arp synchronize
  interface port-channel1
    switchport mode trunk
    switchport trunk allowed vlan <x-y>
    spanning-tree port type network
    vpc peer-link
  Switch B:
  vpc domain 1
    peer-switch
    role priority 1024
    system-priority 1024
    peer-keepalive destination <Mgmt-IP-Switch-A>
    delay restore 360
    peer-gateway
    auto-recovery reload-delay 360
    ip arp synchronize
  interface port-channel1
    switchport mode trunk
    switchport trunk allowed vlan <x-y>
    spanning-tree port type network
    vpc peer-link
  Best regards

  Problem solved:
  During the reload of the Nexus 7K, the linecards were powerd off a short time earlier than the Mgmt-Interface. As a result of this behavior, the secondary Nexus 7K received at least one vPC-Peer-Keepalive Message while its peer-link was already powerd off. To avoid a split brain scenario, the VPC-member-ports have been shut down.
  Now we are using dedicated interfaces on the linecards for the VPC-Peer-Keepalive-Link and a reload of one N7K won't result in a total network outage any more.

• Nexus 7000 with VPC and HSRP Configuration

  Hi Guys,
  I would like to know how to implement HSRP with the following setup:
  There are 2 Nexus 7000 connected with VPC Peer link. Each of the Nexus 7000 has a FEX attached to it.
  The server has two connections going to the FEX on each Nexus 7k (VPC). FEX's are not dual homed as far as I now they are not supported currently.
  R(A)              R(S)
  |                     |
  7K Peer Link 7K
  |                     |
  FEX              FEX
  Server connected to both FEX
  The question is we have two routers connected to each of the Nexus 7k in HSRP (active and one is standby). How can I configure HSRP on the nexus switches and how the traffic will routed from the Standby Nexus switch to Active Nexus switch (I know HSRP works differently here as both of them can forward packets). Will the traffic go to the secondary switch and then via the peer link to the active switch and then to the active router ? (From what I read the packet from end hosts which will go via the peer link will get dropped)
  Has anyone implemented this before ?
  Thanks

  Hi Kuldeep,
  If you intend to put those routers on a non-vpc vlan, you  may create  a new inter-switch trunk between the N7K and allow that non-vpc vlan . However if those will be on a VPC vlan, best to create two links to the N7K pair and create a VPC, otherwise configure those ports as orphan ports which will leverage the VPC peer link .
  HTH
  Jay Ocampo

• Nexus 7000 and 2000. Is FEX supported with vPC?

  I know this was not supported a few months ago, curious if anything has changed?

  Hi Jenny,
  I think the answer will depend on what you mean by is FEX supported with vPC?
  When connecting a FEX to the Nexus 7000 you're able to run vPC from the Host Interfaces of a pair of FEX to an end system running IEEE 802.1AX (802.3ad) Link Aggregation. This is shown is illustration 7 of the diagram shown on the post Nexus 7000 Fex Supported/Not Supported Topologies.
  What you're not able to do is run vPC on the FEX Network Interface that connect up to the Nexus 7000 i.e., dual-homing the FEX to two Nexus 7000. This is shown in illustrations 8 and 9 of under the FEX topologies not supported on the same page.
  There's some discussion on this in the forum post DualHoming 2248TP-E to N7K that explains why it's not supported, but essentially it offers no additional resilience.
  From that post:
  The view is that when connecting FEX to the Nexus 7000, dual-homing does not add any level of resilience to the design. A server with dual NIC can attach to two FEX  so there is no need to connect the FEX to two parent switches. A server with only a single NIC can only attach to a single FEX, but given that FEX is supported by a fully redundant Nexus 7000 i.e., SE, fabrics, power, I/O modules etc., the availability is limited by the single FEX and so dual-homing does not increase availability.
  Regards

• Nexus 7000 - Moving vPC keep alive

  We have two Nexus 7010 switches running a vPC domain between the two switches.  On one of the 7010B, the peer keep alive (from the mgmt VRF) is connected to a 3560B *and* that 3560B also has a data connection back to the same 7010B.  Everything is fine with that setup.
  Our second 7010A, the peer keep alive link is also connected to a coresponding 3560A switch.  However, that 3560A switch is not connected to 7010A.
  I want to move the uplink from the 3560A from where it is to the 7010A which will break the keep alive.  However, I will not be breaking the vPC peer link as it is a pair of 10G connections between the two 7010 switches.
  I have read that the vPC won't come up unless the peer keep alive is present, but it wasn't clear about taking down the keep alive link momentarily.  Moving the cable would be quick, but I know the mac table will need to update since 7010B switch will now see the keep alive across it's peer link instead of some other direction.
  Can I take the peer keep alive link down providing the peer link stays up?
  We are running kickstart and system version 5.0(3).
  Thanks!
  /alan

  Peer keepalive works on UDP port 3200 over IP with 1 sec interval and 5 sec timeout.
  Iit is not requirement to have peer-keepalive destination IP in same subnet but if you do not have it in same subnet then you need to make sure you route it properly and your IP routed infrastructure that carries keeplive satisfies above requirement to make sure not a single event cause on that IP infrastructure causes keeplives to loose packets since peer-keepalive is UDP it is not reliable delivery method.
  Recommendation in past i heard was to use your managemet ports as peer-keepalive. But one problem happens during ISSU with dual sup, the each supervisor reboots and after it comes up role of active and standby gets switch at the end. So If you did not connect two managment ports(one from each supervisor) to your management network then you will loose keepalives during software upgrade because supervisor switch over occurs and new maangement port becomes active.
  So second recomendation is to create one peer-keepalive vrf so that it will have its own address space, if you have M1 1 gig card in each switch then connect one cable between switch and assign IP address (like 1.1.1.1-2/30) and put it in peer-keepalive vrf. With this set up during ISSU you do not loose peer keepalives because line cards does not need to reboot and your peer-keepalive UDP traffic will not depend on any other switch or router.    

• Nexus 7000 vPC modification - avoiding type1 inconsistencies

  Hi Everyone,
  I need to configure some features on a pair of Nexus 7000's running 4.2(6) - one of them is Root Guard.
  I am aware that when I enable Root Guard on the first vPC peer, the vPC will go into suspended state until I configure the other vPC peer identically.
  This is causing me a big service disruption headache as I need to do this for a whole Data Centre.
  I see on the Nexus 5k, you can do port-profiles which seems to enabled config synchronisation across vPC peers - so I assume the vPC would stay up due to both peers receiving config at exactly the same time - but this feature is not available on Nexus 7k.
  Does anybody know for sure if I were to create a scheduled job to run at the same time on both vPC peers with identical config content - i.e. apply Root Guard to vPC - would this prevent the vPC going into suspend state?
  If not, do you know of any other ways to prevent vPC going into suspend?
  Thanks in advance for any advice!

  Hi Raj,
  thankyou for your response.
  We have VPC between Core - Aggregation - all 7k and Aggregation to Access (5ks). VPC down from Core all the way to Access and also up all the way from Access to Core.
  So from a STP point of view, the topology is a single switch for Core, Aggregation and Access - so no loops.
  I agree this limits the potential for trouble if a switch is plugged into the access layer by mistake for example - but the customer is adamant they want it (RootGuard).
  Thanks,
  Oswaldo

• Nexus 7000 route leak from GRT (default VRF) to other VRF's

  Hello
  We have a Nexus 7000 infrastructure whereby we have had multiple VDC's and VRF's deployed. A requirement has now come about whereby one of these VRF's needs to be able to see our GRT (default VRF) so we need to leak the GRT routes into the VRF and vice versa.
  I have been doing a lot of reading and I am happy with the how this works with inter-VRF route leaking but I seem to missing a few things in respect of how this works with the GRT.
  I have also read on another forum that this is not supported. See link below.
  https://supportforums.cisco.com/document/133711/vrf-configuration-and-verification-nexus-7000
  Does anyone have experience of this? I can also see how this works in IOS and I have GNS3 and got this working.
  We use BGP currently so we are able to use MP-BGP if required.
  Any help would be very useful.

  Hi,
  In Table 14 of the Cisco Nexus 7000 Series NX-OS Verified Scalability Guide the verified limit is specified as 1000 per system i.e., across all VDCs for NX-OS release 5.2, 6.0 and 6.1.
  There is a footnote associated with this number which states:
  With each new VDC configured, the number of configurable VRFs per system is reduced by two as each VDC has a default VRF and management VRFs that are not removable. For example, with 8 configured VDCs on Cisco NX-OS Release 5.2, you can configure up to 984 VRFs per system (either all in one VDC or across VDCs).
  Regards

• Nexus 7000 vPC suspended VLAN problem

  I am trying to connect a Cat3560G switch to an N7K pair via a vPC.  The VLANs I wish to trunk are being suspended, I am getting the following error messages:
  2010 Jun 22 17:03:36 N7K-Core1 %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 2,301 on Interface port-channel2 are being suspended. (Reason: Vlan is not allowed on Peer-link)
  The VLANs do exist , but a STP instance isnt created for it (I am using RPVST);
  N7K-Core1# sh vlan id 2
  VLAN Name                             Status    Ports
  2    VLAN0002                         active    Po2, Po75
  N7K-Core1# sh spanning-tree vlan 2
  ERROR: Spanning tree instance(s) for vlan does not exist.
  Port       Vlans Err-disabled on Trunk
  Eth1/9     none
  Eth1/10    none
  Eth1/17    2,301
  Eth1/18    2,301
  Eth1/25    2,301
  Eth1/26    2,301
  Eth2/2     none
  Eth10/1    none
  Eth10/2    2,301
  Po2        2,301
  Po75       2,301
  Po99       none
  The VLANs are allowed on the trunk (it by default allows all)
  interface port-channel1
    description * vPC Peer-Link *
    vpc peer-link
    spanning-tree port type network
  I have turned off bridge assurance as a test but no no avail.
  Any ideas?

  I'm having the same issue between a pair of vPC'd 5020s going to a 6500 using a vPC.
  All VLANs which are supposed to go over the trunk/vPC, are showing as err-disable on trunk.  I've checked all configs and they are the same... allowed vlans match on all po interfaces and physical interfaces.
  6509:
  interface Port-channel78
  description Connection to n5020s @ in the MDC
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 2240
  switchport trunk allowed vlan 2002-2006,2010,2014,2018,2022,2024,2026,2240
  switchport trunk allowed vlan add 2244,2248,2252,2254,4050,4052,4054
  switchport mode trunk
  end
  N5020-1:
  interface port-channel100
    description Uplink to dist01 @ A building
    switchport mode trunk
    switchport trunk native vlan 2240
    switchport trunk allowed vlan 2002-2006,2010,2014,2018,2022,2024
    switchport trunk allowed vlan add 2026,2240,2244,2248,2252,2254,4050
    switchport trunk allowed vlan add 4052,4054
    vpc 100
  N5020-2:
  interface port-channel100
    description Uplink to dist01 @ A building
    switchport mode trunk
    switchport trunk native vlan 2240
    switchport trunk allowed vlan 2002-2006,2010,2014,2018,2022,2024
    switchport trunk allowed vlan add 2026,2240,2244,2248,2252,2254,4050
    switchport trunk allowed vlan add 4052,4054
    vpc 100
  All member ports reflect the correct config.
  Both 5020s have the same config for the peer-link:
  interface port-channel2
    description VPC Peer-link
    vpc peer-link
    spanning-tree port type network
  Output form 'show interface trunk"
  n5020-1# sh int tru
  Port          Native  Status        Port
                Vlan                  Channel
  Eth1/1        2240    trnk-bndl     Po100
  Eth1/2        1       trnk-bndl     Po200
  Eth1/17       2240    trnk-bndl     Po78
  Eth1/18       2240    trnk-bndl     Po78
  Eth1/19       2240    trnk-bndl     Po87
  Eth1/20       2240    trnk-bndl     Po87
  Po78          2240    trunking      --
  Po87          2240    trunking      --
  Po100         2240    trunking      --
  Po200         1       trunking      --
  Port          Vlans Allowed on Trunk
  Eth1/1        2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
  050,4052,4054
  Eth1/2        180-183
  Eth1/17       180-183
  Eth1/18       180-183
  Eth1/19       2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
  050,4052,4054
  Eth1/20       2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
  050,4052,4054
  Po78          180-183
  Po87          2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
  050,4052,4054
  Po100         2002-2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2254,4
  050,4052,4054
  Po200         180-183
  Port          Vlans Err-disabled on Trunk
  Eth1/1        2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
  254,4050,4052,4054
  Eth1/2        180-183
  Eth1/17       180-183
  Eth1/18       180-183
  Eth1/19       2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
  254,4050,4052,4054
  Eth1/20       2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
  254,4050,4052,4054
  Po78          180-183
  Po87          2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
  254,4050,4052,4054
  Po100         2002-2004,2006,2010,2014,2018,2022,2024,2026,2240,2244,2248,2252,2
  254,4050,4052,4054
  Po200         180-183
  Port          STP Forwarding
  Eth1/1        none
  Eth1/2        none
  Eth1/17       none
  Eth1/18       none
  Eth1/19       none
  Eth1/20       none
  Po78          none
  Po87          none
  Po100         none
  Po200         none
  Thank you,
  Chris Perkins
  INX Inc.

• Privilege Level for Tacacs Account in Nexus 7000

  Hi,
  I have configured the Tacacs (ACS 4.2v) on Nexus 7000 (as mentioned below) and works fine but unlike IOS (6509) It's doesn't prompt that you are in userexec mode (>) and then need to type enable and password for full privilege.
  In n7k when I entered into "configure terminal" It won't allow me to access other commands.
  How to login into level 15 privilege mode after authenticating from tacacs
  (config)# show running-config tacacs+
  tacacs-server key 7 "xxxxx"
  tacacs-server host x.x.x.x key 7 "xxxx"
  aaa group server tacacs+ TacServer
      server x.x.x.x (same ip as tacacs-server host)
      use-vrf management
      source-interface Vlan2
  (config)# show running-config aaa
  aaa authentication login default group TacServer
  aaa authentication login console local
  aaa user default-role
  Here below are the commands accessible in "Terminal" currently
  (config)# ?
    no        Negate a command or set its defaults
    username  Configure user information.
    end       Go to exec mode
    exit      Exit from command interpreter
  isb.n7k-dcn-agg-1-sw(config)#

  Hi Jan.nielsen
  Issue is resolved but by another way.
  I have found the same resolution too of custom attirbute command but the Custom attribute Option for shell command wasn't available in ACS v4.2, so after enabling shell for users and by clicking exec--> Shell Exec and enabling priviledge level 15 in the same box of Shell options, It start working without any command

• Nexus 7000-Error Message

  Hi
  We are having 2 nexus switches configured in the network as core with HSRP configured between them..The access switches are connected withdual 10G links to both core switches with VPC configured in Nexus..In both core switches 10G module is used for uplink termination..In one of the core switch for this 10 G module we get the follwoing error
  Module-1 reported minor temperature alarm. Sensor=20 Temperature=101 MinThreshold=100 2011 Dec 22 08:10:19 CORE-SEC %PLATFORM-2-MOD_TEMPOK:
  Module-1 recovered from minor temperature alarm. Sensor=20 Temperature=99 MinThreshold=100 even though the room temprature is 23 Degree still we get this error wherein as per the nexus documenation allowed room temparature is 0-40 Degree (Operating temperature: 32º to 104ºF (0º to 40ºC) `
  show module`
  Mod  Ports  Module-Type                      Model                            Status
  1    8      10 Gbps Ethernet XL Module      N7K-M108X2-12L        ok
  2    32    1/10 Gbps Ethernet Module        N7K-F132XP-15          ok
  3    48    10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L    ok
  5    0      Supervisor module-1X            N7K-SUP1                      active *
  As per the nexus module documentation for module1 the allwed temparature is 0-40degree wherein the actual room temparatue is 23degree..below is the exception message for module1
  exception information --- exception instance 1 ----
  Module Slot Number: 1
  Device Id         : 49
  Device Name       : Temperature-sensor
  Device Errorcode : 0xc3114203
  Device ID         : 49 (0x31)
  Device Instance   : 20 (0x14)
  Dev Type (HW/SW) : 02 (0x02)
  ErrNum (devInfo) : 03 (0x03)
  System Errorcode : 0x4038001e Module recovered from minor temperature alarm
  Error Type       : Minor error
  PhyPortLayer     :
  Port(s) Affected :
  DSAP             : 39 (0x27)
  UUID             : 24 (0x18
  Same module exists in second Nexus 7000 which is in same datacenter but not getting this alarm..
  can anyone please suggest on the same..Software details are as below
  Software
    BIOS:      version 3.22.0
  kickstart: version 5.1(3)
    system:    version 5.1(3)
    BIOS compile time:       02/20/10
    kickstart image file is: bootflash:///n7000-s1-kickstart.5.1.3.bin
    kickstart compile time:  12/25/2020 12:00:00 [03/11/2011 07:42:56]
    system image file is:    bootflash:///n7000-s1-dk9.5.1.3.bin
    system compile time:     1/21/2011 19:00:00 [03/11/2011 08:37:35]

  Hi Sameer
  Temperature alarm means that one particular sensor on the linecard warms up to 101 degree.
  This can be caused by damaged sensor or problems with cooling in that particular part of chassis.
  You can check temperature on the module using following command:
  show environment temperature module 1
  Tru to move the module to another slot. If the issue reoccure - open a TAC case.
  HTH,
  Alex

• EtherChannel problem on Nexus 7000

  Dear NetPro gurus,
  One of my customer is trying to setup an EtherChannel (LACP) on a pair of Nexus 7000.  However, doesn't matter what we do, the port Eth 1/17 always become suspended.  We have tried swapping fiber cables and also swapping SFPs, but no help.
  The 1st Nexus 7010 - called 'VIWLRCA'
  The 2nd Nexus 7010 - called 'VIWLRCB'
  Originally port eth 1/17 are left as 'normal' trunk port, and we can see eth 1/17 shows up fine under 'show interface brief'
  viwlrca-PROD# sh run int eth 1/17
  interface Ethernet1/17
    switchport
    switchport mode trunk
    udld disable
    no shutdown
  viwlrca-PROD# sh run int eth 1/18
  interface Ethernet1/18
    switchport
    switchport mode trunk
    udld disable
    channel-group 20 mode active
    no shutdown
  viwlrca-PROD# sh int brief
  Ethernet      VLAN    Type Mode   Status  Reason                   Speed     Port
  Interface                                                                    Ch #
  Eth1/17       1       eth  trunk  up      none                        10G(S) --
  Eth1/18       1       eth  trunk  up      none                        10G(S) 20
  Eth1/19       --      eth  routed down    SFP not inserted           auto(S) --
  Eth1/20       --      eth  routed down    SFP not inserted           auto(S) --
  Eth1/21       --      eth  routed down    Administratively down      auto(S) --
  Eth1/22       --      eth  routed down    Administratively down      auto(S) --
  Eth1/23       --      eth  routed down    Administratively down      auto(S) --
  Eth1/24       --      eth  routed down    Administratively down      auto(S) --
  Eth2/25       --      eth  routed down    Administratively down      auto(D) --
  Eth2/26       --      eth  routed down    Administratively down      auto(D) --
  Eth2/27       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/28       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/29       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/30       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/31       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/32       --      eth  routed down    SFP not inserted           auto(D) --
  viwlrca-PROD#
  But as soon as I add the Eth 1/17 back onto PortChannel 20
  The Eth 1/17 becomes "Suspended" straight away
  viwlrca-PROD# sh int brief
  Ethernet      VLAN    Type Mode   Status  Reason                   Speed     Por
  t
  Interface                                                                    Ch
  Eth1/17       1       eth  trunk  down    suspended                  auto(S) 20
  Eth1/18       1       eth  trunk  up      none                        10G(S) 20
  Eth1/19       --      eth  routed down    SFP not inserted           auto(S) --
  Eth1/20       --      eth  routed down    SFP not inserted           auto(S) --
  Eth1/21       --      eth  routed down    Administratively down      auto(S) --
  Eth1/22       --      eth  routed down    Administratively down      auto(S) --
  Eth1/23       --      eth  routed down    Administratively down      auto(S) --
  Eth1/24       --      eth  routed down    Administratively down      auto(S) --
  Eth2/25       --      eth  routed down    Administratively down      auto(D) --
  Eth2/26       --      eth  routed down    Administratively down      auto(D) --
  Eth2/27       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/28       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/29       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/30       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/31       --      eth  routed down    SFP not inserted           auto(D) --
  Eth2/32       --      eth  routed down    SFP not inserted           auto(D) --
  viwlrca-PROD#
  viwlrca-PROD# sh port-channel summary
  Flags:  D - Down        P - Up in port-channel (members)
          I - Individual  H - Hot-standby (LACP only)
          s - Suspended   r - Module-removed
          S - Switched    R - Routed
          U - Up (port-channel)
          M - Not in use. Min-links not met
  Group Port-       Type     Protocol  Member Ports
        Channel
  20    Po20(SU)    Eth      LACP      Eth1/17(s)   Eth1/18(P)  
  viwlrca-PROD#
  Config on Primary Nexus:-
  viwlrca-PROD# sh run
  !Command: show running-config
  !Time: Tue Mar 22 06:04:26 2011
  version 5.1(1a)
  hostname PROD
  cfs eth distribute
  feature udld
  feature interface-vlan
  feature lacp
  feature vpc
  feature vtp
  username admin password 5 $1$pkJaKHZW$Sx4wpDG5xXYkD.QfDk/Cg.  role vdc-admin
  no ip domain-lookup
  ip domain-name vfc.com
  crypto key param rsa label viwlrca-PROD.vfc.com modulus 2048
  snmp-server user admin vdc-admin auth md5 0x05f7328e3b39a70be09abc3056ec2819 pri
  v 0x05f7328e3b39a70be09abc3056ec2819 localizedkey
  vrf context management
  spanning-tree pathcost method long
  spanning-tree port type edge bpduguard default
  spanning-tree loopguard default
  spanning-tree vlan 1-3967,4048-4093 priority 4096
  interface Vlan1
  interface Vlan161
    ip address 172.30.161.2/24
  interface Vlan162
    ip address 172.30.162.2/24
  interface Vlan163
    ip address 172.30.163.2/24
  interface Vlan164
    ip address 172.30.164.2/24
  interface Vlan165
    ip address 172.30.165.2/24
  interface Vlan190
    ip address 172.30.190.2/24
  interface port-channel20
    switchport
    switchport mode trunk
  interface Ethernet1/17
    switchport
    switchport mode trunk
    udld disable
    channel-group 20 mode active
    no shutdown
  interface Ethernet1/18
    switchport
    switchport mode trunk
    udld disable
    channel-group 20 mode active
    no shutdown
  interface Ethernet1/19
  interface Ethernet1/20
  interface Ethernet1/21
  interface Ethernet1/22
  interface Ethernet1/23
  interface Ethernet1/24
  interface Ethernet2/25
  interface Ethernet2/26
  interface Ethernet2/27
  interface Ethernet2/28
  interface Ethernet2/29
  interface Ethernet2/30
  interface Ethernet2/31
  interface Ethernet2/32
  interface Ethernet2/33
  interface Ethernet2/34
  interface Ethernet2/35
  interface Ethernet2/36
  interface Ethernet3/25
  interface Ethernet3/26
  interface Ethernet3/27
  interface Ethernet3/28
  interface Ethernet3/29
  interface Ethernet3/30
  interface Ethernet3/31
  interface Ethernet3/32
  interface Ethernet3/33
  interface Ethernet3/34
  interface Ethernet3/35
  interface Ethernet3/36
  line vty
  viwlrca-PROD#
  Config for Secondary Nexus 7000
  VIWLRCB-PROD# sh run
  !Command: show running-config
  !Time: Tue Mar 22 09:19:22 2011
  version 5.1(1a)
  hostname PROD
  cfs eth distribute
  feature interface-vlan
  feature lacp
  feature vpc
  feature vtp
  username admin password 5 $1$Lc486EOm$EtKhZWuxGjWWokfeuUsMk.  role vdc-admin
  no ip domain-lookup
  ip domain-name vfc.com
  crypto key param rsa label VIWLRCB-PROD.vfc.com modulus 2048
  snmp-server user admin vdc-admin auth md5 0xeb607b54234985ed6740c5fdbb8d84c6 pri
  v 0xeb607b54234985ed6740c5fdbb8d84c6 localizedkey
  vrf context management
  spanning-tree pathcost method long
  spanning-tree port type edge bpduguard default
  spanning-tree loopguard default
  spanning-tree vlan 1-3967,4048-4093 priority 8192
  interface Vlan1
  interface port-channel20
    switchport
    switchport mode trunk
  interface Ethernet1/17
    switchport
    switchport mode trunk
    channel-group 20 mode active
    no shutdown
  interface Ethernet1/18
    switchport
    switchport mode trunk
    channel-group 20 mode active
    no shutdown
  interface Ethernet1/19
  interface Ethernet1/20
  interface Ethernet1/21
  interface Ethernet1/22
  interface Ethernet1/23
  interface Ethernet1/24
  interface Ethernet2/25
  interface Ethernet2/26
  interface Ethernet2/27
  interface Ethernet2/28
  interface Ethernet2/29
  interface Ethernet2/30
  interface Ethernet2/31
  interface Ethernet2/32
  interface Ethernet2/33
  interface Ethernet2/34
  interface Ethernet2/35
  interface Ethernet2/36
  interface Ethernet3/25
  interface Ethernet3/26
  interface Ethernet3/27
  interface Ethernet3/28
  interface Ethernet3/29
  interface Ethernet3/30
  interface Ethernet3/31
  interface Ethernet3/32
  interface Ethernet3/33
  interface Ethernet3/34
  interface Ethernet3/35
  interface Ethernet3/36
  line vty
  VIWLRCB-PROD#
  Cheers,
  Hunt

  Quick troubleshoot:
  Default all interfaces in newly created port-channel as well as the port-channel interface, then delete port-channel interface.  Recreate port-channel without the LACP protocol:
  interface e1/17,e1/18
    switchport
    channel-group 20 mode on
    no shutdown
    exit
  interface port-channel20
    switchport
    switchport mode trunk
    no shutdown
    exit
  show port-channel summ
  show int trunk
  HTH,
  Sean

• Catalyst 6500 - Nexus 7000 migration

  Hello,
  I'm planning a platform migration from Catalyst 6500 til Nexus 7000. The old network consists of two pairs of 6500's as serverdistribution, configured with HSRPv1 as FHRP, rapid-pvst and ospf as IGP. Futhermore, the Cat6500 utilize mpls/l3vpn with BGP for 2/3 of the vlans. Otherwise, the topology is quite standard, with a number of 6500 and CBS3020/3120 as serveraccess.
  In preparing for the migration, VTP will be discontinued and vlans have been manually "copied" from the 6500 to the N7K's. Bridge assurance is enabled downstream toward the new N55K access-switches, but toward the 6500, the upcoming etherchannels will run in "normal" mode, trying to avoid any problems with BA this way. For now, only L2 will be utilized on the N7K, as we're avaiting the 5.2 release, which includes mpls/l3vpn. But all servers/blade switches will be migrated prior to that.
  The questions arise, when migrating Layer3 functionality, incl. hsrp. As per my understanding, hsrp in nxos has been modified slightly to better align with the vPC feature and to avoid sub-optimal forwarding across the vPC peerlink. But that aside, is there anything that would complicate a "sliding" FHRP migration? I'm thinking of configuring SVI's on the N7K's, configuring them with unused ip's and assign the same virtual ip, only decrementing the prio to a value below the current standby-router. Also spanning-tree prio will, if necessary, be modified to better align with hsrp.
  From a routing perspective, I'm thinking of configuring ospf/bgp etc. similar to that of the 6500's, only tweaking the metrics (cost, localpref etc) to constrain forwarding on the 6500's and subsequently migrate both routing and FHRP at the same time. Maybe not in a big bang style, but stepwise. Is there anything in particular one should be aware of when doing this? At present, for me this seems like a valid approach, but maybe someone has experience with this (good/bad), so I'm hoping someone has some insight they would like to share.
  Topology drawing is attached.
  Thanks
  /Ulrich

  In a normal scenario, yes. But not in vPC. HSRP is a bit different in the vPC environment. Even though the SVI is not the HSRP primary, it will still forward traffic. Please see the below white paper.
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11-516396.html
  I will suggest you to set up the SVIs on the N7K but leave them in the down state. Until you are ready to use the N7K as the gateway for the SVIs, shut down the SVIs on the C6K one at a time and turn up the N7K SVIs. When I said "you are ready", it means the spanning-tree root is at the N7K along with all the L3 northbound links (toward the core).
  I had a customer who did the same thing that you are trying to do - to avoid down time. However, out of the 50+ SVIs, we've had 1 SVI that HSRP would not establish between C6K and N7K, we ended up moving everything to the N7K on a fly during of the migration. Yes, they were down for about 30 sec - 1 min for each SVI but it is less painful and waste less time because we don't need to figure out what is wrong or any NXOS bugs.
  HTH,
  jerry

• Dell Servers with Nexus 7000 + Nexus 2000 extenders

  << Original post by smunzani. Answered by Robert. Moving from Document section to Discussions>>
  Team,
  I would like to use some of the existing Dell Servers for new network design of Nexus 7000 + Nexus 2000 extenders. What are my options for FEC to the hosts? All references of M81KR I found on CCO are related to UCS product only.
  What's best option for following setup?
  N7K(Aggregation Layer) -- N2K(Extenders) -- Dell servers
  Need 10G to the servers due to dense population of the VMs. The customer is not up for dumping recently purchased dell boxes in favor of UCS. Customer VMware license is Enterprise Edition.
  Thanks in advance.

  To answer your question, the M81KR-VIC is a Mezz card for UCS blades only.  For Cisco rack there is a PCIe version which is called the P81.  These are both made for Cisco servers only due to the integration with server management and virtual interface functionality.
  http://www.cisco.com/en/US/prod/collateral/ps10265/ps10493/data_sheet_c78-558230.html
  More information on it here:
  Regards,
  Robert

• Ask the Expert: Basic Introduction and Troubleshooting on Cisco Nexus 7000 NX-OS Virtual Device Context

  With Vignesh R. P.
  Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions of Cisco expert Vignesh R. P. about the Cisco® Nexus 7000 Series Switches and support for the Cisco NX-OS Software platform .
  The Cisco® Nexus 7000 Series Switches introduce support for the Cisco NX-OS Software platform, a new class of operating system designed for data centers. Based on the Cisco MDS 9000 SAN-OS platform, Cisco NX-OS introduces support for virtual device contexts (VDCs), which allows the switches to be virtualized at the device level. Each configured VDC presents itself as a unique device to connected users within the framework of that physical switch. The VDC runs as a separate logical entity within the switch, maintaining its own unique set of running software processes, having its own configuration, and being managed by a separate administrator.
  Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
  Remember to use the rating system to let Vignesh know if you have received an adequate response. 
  Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Data Center sub-community discussion forum shortly after the event. This event lasts through through January 18, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Vignesh
  Is there is any limitation to connect a N2K directly to the N7K?
  if i have a an F2 card 10G and another F2 card 1G and i want to creat 3 VDC'S
  VDC1=DC-Core
  VDC2=Aggregation
  VDC3=Campus core
  do we need to add a link between the different VDC's
  thanks