Does ACS v4.2 support the addition of the Nexus switches? We have a few new Nexus devices that have been added to ACS, but cannot be accessed successfully. A msg re: role based authentication is received. Do I have to do something special in ACS to support this?
Nexus 5596 v5.1(3)N2(1)
I have 2 Nexus 5596UPs with a layer 3 cards that are exhibiting some very peculiar behavior. The systems are running 5.1(3)N1(1).I have configured 2 VRF contexts each running their own OSPF process. There is a static gateway of last resort configured on each VRF, which is to an upstream pair of 5585X's in Active/Active. Each OSPF process has the "default-information originate always" command configured, however, backbone neighbors are not recieving a gateway of last resort from the 5596UPs. The applicable configurations are show below. All other routing information is passing correctly between devices in the network. This network is not production, it is a proof of concept for a larger implementation.
View 26 Replies View RelatedI am running LMS 3.2 and can not see the Nexus 5596 / ME-3600X-24FS-M Cisco switches on Cisco works LMS 3.2. Where I need them most is DFM the devices come up as unknown. An example below 10.125.202.1 is NExus 5596 and the rest are ME3600.
208.10.125.202.1UnknownN/AN/A209.10.115.1.4UnknownN/AN/A210.10.115.1.3UnknownN/AN/A211.10.115.1.2UnknownN/AN/A212.10.115.1.1UnknownN/AN/A
going through the article below looks like its not supported
[URL]
What are the options I have next ? Can I upgrade to LMS 3.3 or only do an upgrade for DFM ?
Want to avoid LMS 4 as that's an installation from scratch.
Net flow on the Nexus 5596upI can't seem to find any information on the Nexus 5596 support of net flow. On Nexus 5596UP support of net flow ?
View 4 Replies View RelatedWe have setup a pair of Nexus 5596 L3 switches with 2 x 10Gbps LACP links between them to act as the vpc peer link. We also have another 2 x 10Gbps LACP links between the 5596 switches to carry non VPC VLANs, this is required to provide EIGRP routing between the switches and an upstream router.I have read that it is possible to setup the vpc keep-alive link over an SVI instead of the management interfaces. Is it ok to run the keep-alive SVI over the second LACP non VPC VLAN trunk or is it recommened to keep this seperate?
View 0 Replies View RelatedCan Nexus 5596 support more than 1 N55-M160L3-V2 layer 3 module?
View 4 Replies View RelatedI am looking to see if Nexus 5596UP & Nexus 2248TP GE compatible with SFP-10G-SR? The reason is because a consultant was hired on to "design" the network layout and has decided to purchase Cisco SFP+ Copper Twinax Cables which have a 10M limit. A small handful of the Data Center racks are 10-15M away... just out of reach of the Twinax. I would prefer NOT to move the LAN row so that it is more centered in the room. Can I use the SFP-10G-SR to connect the 2 switches (5596 & 2248) together? This SFP has a 26M reach on standard 10gig fiber, the small cost increase per connection is of no concern.
View 2 Replies View RelatedI want to know how to retrieve the complete configuration for a Nexus via the snmpwalk or snmpget commands...
View 6 Replies View Relatedi have: two nexus 5596 connected each other the mgmt0 is NOT in use SVI for keepalives with IP address and /30 netmask vpc-keepalives running over fiber in e1/1. this works well uplinks to datacenter distribution switch (Cat 6500 VSS) over fiber on port-channel 1 (e1/2 and e1/10), also carrying the management VLAN (vlan 14). SVI with an IP address for management purposes
I can't get this to work. i can ping my whole network from the nexus, but not the nexus from my network. also pinging inside the mgmt vlan is not possible.
we have configured VpC between two Nexus 5596, for Vpc-Keep-alive-link we configured L3 interface with 1G (GLC-T) ,it shows the below status message "L3 not Ready" with interface LED glows in Yellow in color. is this a physical layer problem
Ethernet VLAN Type Mode Status Reason Speed Po Ch
Eth1/17 -- eth routed down L3 not ready 1000(D) --
Eth1/18 1 eth access down SFP not inserted 10G(D) --
Eth1/19 1 eth access down SFP not inserted 10G(D) --
Eth1/20 1 eth access down SFP not inserted 10G(D) --
Eth1/21 1 eth access down SFP not inserted 10G(D) --
[code].....
We have HSRP between NexusA and NexusB with access layer switches connecting to the core using VPC, We are trying to setup a VAM server Voice recording for Siemens phones. We need to span all voice vlan and point it to the VAM server the VAM server connects to a 3750 Stack considering the amount of traffic multiple span session can generate I plan to move the server to the Nexus directly and run a Local Span Session.
1- As we have two Nexus running HSRP and VAM server only connects physically to one NexusA (I can run local span on that nexusA) the Second NexusB is not directly connected to the VAM server I plan to run ERSPAN so if this is the best design and which path will the span traffic take from Nexus B to NexusA will it go through the access layer switches depending on the vlans allowed on the uplinks or will it go through the 20 Gig uplink between the two Nexus allowing all vlans (VPN peer links) ? WE have approximately 10 voice vlans, Do we an example config for ERSPAN session where the source are vlans (As I am for fimilliar with RSPAN) ?
I was trying to setup a Nexus (5596 running NX-OS 5.1(3)N2(1)) to use the "ip ospf name-lookup"command that I am using on IOS-based routers. Unfortunately this command does not appear to be supported on NX-OS and I cannot find a replacement.Is this another feature that's left out of NX-OS?
View 4 Replies View Relatedthis is a Nexus 5596 L3 with the latest code:
It looks like the deny statement is not working as I can see all routes I am redistributing. I even did a deny on a specific route and I still see it in the routing table on another router in the autonomous system.The same below works fine on IOS platform. [code]
I have a pair of 5596 running in a vPC with Nexus 2248 connected to each N5596. When I do the command "show fex" I get the following output on the 2nd 5596
Number Description State Model Serial
------------------------------------------------------------------------
101 FEX101 AA Version Mismatch N2K-C2248TP-E-1GE SSI16390705
102 FEX102 AA Version Mismatch N2K-C2248TP-E-1GE SSI163704AD
122 FEX122 Online N2K-C2232PP-10GE SSI16370195
I'm running version 5.1(3)N1(1) on both of the 5K's. I have looked through all the configuration and I am not understanding why I am getting this error. I have tried to look it up on [URL], but not having a ton of luck.
I have 2 datacenters running same equipement (two Nexu 5596 with FEX).I just took a look at the log just to see if everything is ok and I saw that I have the same error message (a lot of times) at both location :
%SYSMGR-FEX100-5-HEARTBEAT_LOSS: Service "satctrl" heartbeat loss 2 ,max 7,I though it was a problem with my peerklink-keepalive connection but I see the word FEX ....so i'm not sure...
Note that at both locations, my Nexus are connected back to back through the management port using transceivers. So it's a copper cable from the first nexus, going into a transceiver, going to another transceiver in fiber and then back to copper to the other nexus.
what is the equivalent command to configure on the Nexus 5596? OS version 5.1(3)N2(1) Catalyst 45k ip igmp snooping vlan 1036 mrouter interface Po20
View 1 Replies View RelatedI am deploying a pair of Nexus 5596's with 3750 POE switches in the closets. I'm looking for a best practice as how to configure the Nexus 5596 to support proper QoS for EF at the core.
View 6 Replies View RelatedI currently have Nexus 5596 pair with VPC peer link Po1 between them. My goal is to connect our new Nexus 7Ks to the 5K's using Fabric Path. My question is during this inital setup with the 7K's. Can I use the same port channel number on the 7K's as I did the 5K's? Is the port channel locally significat?
View 2 Replies View RelatedAny experience interoperating Nexus 5548 or 5596 with Catalyst 3750 or 4507R?
We're looking into Nexus to replace these switches in the long run.
i want to remove the sync-profile on each of two synchronized Nexus 5596UP without loosing the config stored in Switch-Profile. That means without connectivity interruption and re-configuration of interfaces in "conf t mode", for example. Since NX-OS Release 5.2(1)N1(1) there is a new command
switch(config-sync)# no switch-profile abc profile-onlyprofile-only—Deletes the switch profile without the local configuration.
[URL]
the phone connects to the 3750-A access layer switch (VTP mode client) which connects to the nexus 5596 (The nexus is the layer 3 device and set to vtp mode server) and finally we have a Voice recorder that connects to another access layer 3750-B switch.(VTP mode client)
For voice recording I need to setup RSPAN and the nexus5596 does not support RSPAN will the following have any impact on the nexus
IF I move the 3750-B to VTP server mode and run the command remote span on the VLan I need to Rspan its going to update the VTP data base in short it will update the vlan.dat file for all the switch in that VTP domain.
AS the vtp update reaches the nexus saying there is a change (keeping in mind the nexus does not support rspan not sure hows its going to handle that request and how its going to update its vlan.dat file)
Is it going to incremment the VTP revision number? can it crash the vlan.dat file on the nexus ? or do nothing and ignore the update and stop the update from proceeding to the 3750 A switch?
Trying to find some documentation as to whether there are any other steps for inserting this new module in our N7K. We have 2 blades in already and 2 Sups in 5 & 6. I'm assuming its like the 6500s, where we just slide it in and the OS configures the global parms for it and the default VLAN.
View 2 Replies View RelatedI am a bit confused by the output of 'show run' and 'show run switch-profile' that pertains to a port-channel interface configured in a switch-profile. My main gaol is to find out how can I add/remove the allowed vlans the port-channel (configured as trunk) carries. The setup is like this. I have 2 N5k in vPC domain and Etherner1/11 on both switches is configured as trunk vPC that connects to a core switch. When I issue ‘show run’ for the port-channel and physical interface I get the following output. [code] From above it seems the switch-profile configuration is missing the 'switchport trunk allowed vlan' in the port-channel interface. If want I to remove vlan 30 from the allowed vlan, should I go under the switch-profile mode and remove vlan 30 from the allowed list even though the switch-profile configuration seems to be missing this.
View 2 Replies View RelatedWe have two catalyst 6506 switches with 10 gb u plinks and around 120 edge switches cat 3750-x switches. Still the module on the core wheere servers are connected is 1000mbps port.Now if we induct a nexus switch to the datacenter what kinds of benefits we can reap In a virtulised environment as well as real environment?following are the some of the queries.Can we reduce the number of edge switches? ( by virtual environment), Inter operabaility between cat ios and nexus ios, how this will affect the environement,What will be the over all benefits ?, What are the cons of this induction ?
View 22 Replies View RelatedI'm using ACS 4.2 and was just wondering if it's possible to add user accounts to it by using snmpset? If so, any documentation on what needs to be done? I have the SNMP running on it and get information from the ACS using snmpget.
View 2 Replies View RelatedI have a pair of managers in HA mode and a pair of servers in HA mode. The solution is working in OOB Virtual Gateway. When i add the server in the manager, which IP address must i use, the service IP address or the physical Ip address.I'm running 4.8.2
View 2 Replies View RelatedI have a Cisco ACS 5.2 and have set it up as a RADIUS server. I was wondering if there is a way to add and update users automatically? We have a large number of users > 1000 that need to be added into the system and I don't want to do this manually. These users also update their passwords on a regular basis so I would need a script that would update the users automatically without any user intervention.
View 4 Replies View RelatedI am trying add custom attributes for Juniper Netscreen TACACS+ authentication to a v5.2 ACS. The advice is to add it to the group as follows:
ervice = netscreen {
vsys = root
privilege = read-write
} I know how to add this to a version v4.x ACS
However, I do not know how to apply this to the custom attribiutes to a v5.x ACS?do I add the vsys and privilege attribute seperately or together? What should be the attribute name? netscreen? Should it be mandatory?
I am using ACS 5.2 and attempting to authorize users through TACACS to Nexus 5.1 code. I seem to have ACS setup correctly based on documentation I received through here. The problem is that the NX/OS doesnt seem to be operating as expected.
View 2 Replies View RelatedI have a problem with the switches Nexus, is impossible authenticate from tac_plus. In other company, I configured ACS for authenticate the Nexus Switches and OK The configuration of my tac_plus is:
user = gian {
login = cleartext prueba
member = nexus
group = nexus {
default service = permit
service = shell {
#double-quote-values = yes
#shell:roles=""network-admin""
cisco-av-pair*shell:roles="network-admin"
The configuration of switch is:
tacacs-server host xx.xx.xx.xx key 7 "xxxxx"aaa group server tacacs+ AAA_TACACS_SERVER server xx.xx.xx.xx source-interface mgmt0
aaa authentication login default group AAA_TACACS_SERVERaaa authorization commands default group AAA_TACACS_SERVER localaaa accounting default group AAA_TACACS_SERVER
We have Nexus7009 at client network but due to limitation of Nexus switches that they can not be directly integrate Nexus with RSA so client has purchased cisco ACS for the AAA. We are able to do the authentication and authorization via ACS.However clients wants to further integrate the ACS with RSA so that authentication should happen via RSA and authorization should happen ACS. Is that possible ? if yes, how can i configure the ACS ?
View 5 Replies View Relatedi am trying to assign a right role for a user who authenticates to nexus 7k switch via radius. i am using cisco ISE version 1.1.1.268 and the nexus version is 5.0.2,I have created a role on nexus.
View 1 Replies View RelatedI have setup my radius server access on the Nexus but am unable to authenticate through putty. If I do a radius-server test on the Nexus it says I authenticate. Here is the log I am getting.
2012 Mar 14 16:03:21 switch-a %AUTHPRIV-4-SYSTEM_MSG: pam_unix(aaa:auth): check
pass; user unknown - aaad
[Code].....