Cisco Switching/Routing :: ERSPAN On Nexus 5596 HSRP Pair
Jul 6, 2012
We have HSRP between NexusA and NexusB with access layer switches connecting to the core using VPC, We are trying to setup a VAM server Voice recording for Siemens phones. We need to span all voice vlan and point it to the VAM server the VAM server connects to a 3750 Stack considering the amount of traffic multiple span session can generate I plan to move the server to the Nexus directly and run a Local Span Session.
1- As we have two Nexus running HSRP and VAM server only connects physically to one NexusA (I can run local span on that nexusA) the Second NexusB is not directly connected to the VAM server I plan to run ERSPAN so if this is the best design and which path will the span traffic take from Nexus B to NexusA will it go through the access layer switches depending on the vlans allowed on the uplinks or will it go through the 20 Gig uplink between the two Nexus allowing all vlans (VPN peer links) ? WE have approximately 10 voice vlans, Do we an example config for ERSPAN session where the source are vlans (As I am for fimilliar with RSPAN) ?
View 3 Replies
ADVERTISEMENT
Aug 9, 2012
I'm trying to get ERSPAN working with an ERSPAN source on a Nexus 5548 and the ERSPAN destination on a Catalyst 6500.
The configuration on the Nexus is as follows:
[...]
interface loopback0
ip address 192.168.2.133/32
[Code].....
If I do a netdr capture I can see ERSPAN traffic sourced from the Nexus reaching the C6500, but there doesn't appear to be anything sent out the ERSPAN destination inerface (Gi4/6) and there's nothing being received by the probe connected to that interface. I know the traffic seen with netdr is definitely the ERSPAN traffic sourced from the Nexus as I've changed the TTL and DSCP values within the monitor session on the Nexus and can see those changes reflected on the C6500 netdr capture. The attached is a screen grab of the show netdr capture started with debug netdr capture soure-ip-address 192.168.2.133.
When I look at the interface I see it shown as up/down (monitoring), but no output or counters clocking up. If I run a local SPAN session on the C6500 it works fine.
I've tried changing the destination IP address from that assigned to the C6500 Loopback interface to an IP address assigned to a physical interface, but that still doens't work.
The hardware in the C6500 is WS-SUP720-BASE Hw version 3.2 with WS-F6K-PFC3B Hw version 2.4. The IOS version is 12.2(33)SXI6.
View 2 Replies
View Related
Jan 3, 2013
I have 2 Nexus 5596UPs with a layer 3 cards that are exhibiting some very peculiar behavior. The systems are running 5.1(3)N1(1).I have configured 2 VRF contexts each running their own OSPF process. There is a static gateway of last resort configured on each VRF, which is to an upstream pair of 5585X's in Active/Active. Each OSPF process has the "default-information originate always" command configured, however, backbone neighbors are not recieving a gateway of last resort from the 5596UPs. The applicable configurations are show below. All other routing information is passing correctly between devices in the network. This network is not production, it is a proof of concept for a larger implementation.
View 26 Replies
View Related
Oct 23, 2011
Net flow on the Nexus 5596upI can't seem to find any information on the Nexus 5596 support of net flow. On Nexus 5596UP support of net flow ?
View 4 Replies
View Related
Mar 19, 2012
We have setup a pair of Nexus 5596 L3 switches with 2 x 10Gbps LACP links between them to act as the vpc peer link. We also have another 2 x 10Gbps LACP links between the 5596 switches to carry non VPC VLANs, this is required to provide EIGRP routing between the switches and an upstream router.I have read that it is possible to setup the vpc keep-alive link over an SVI instead of the management interfaces. Is it ok to run the keep-alive SVI over the second LACP non VPC VLAN trunk or is it recommened to keep this seperate?
View 0 Replies
View Related
Oct 31, 2012
Can Nexus 5596 support more than 1 N55-M160L3-V2 layer 3 module?
View 4 Replies
View Related
Jan 31, 2012
I am looking to see if Nexus 5596UP & Nexus 2248TP GE compatible with SFP-10G-SR? The reason is because a consultant was hired on to "design" the network layout and has decided to purchase Cisco SFP+ Copper Twinax Cables which have a 10M limit. A small handful of the Data Center racks are 10-15M away... just out of reach of the Twinax. I would prefer NOT to move the LAN row so that it is more centered in the room. Can I use the SFP-10G-SR to connect the 2 switches (5596 & 2248) together? This SFP has a 26M reach on standard 10gig fiber, the small cost increase per connection is of no concern.
View 2 Replies
View Related
Apr 16, 2013
i have: two nexus 5596 connected each other the mgmt0 is NOT in use SVI for keepalives with IP address and /30 netmask vpc-keepalives running over fiber in e1/1. this works well uplinks to datacenter distribution switch (Cat 6500 VSS) over fiber on port-channel 1 (e1/2 and e1/10), also carrying the management VLAN (vlan 14). SVI with an IP address for management purposes
I can't get this to work. i can ping my whole network from the nexus, but not the nexus from my network. also pinging inside the mgmt vlan is not possible.
View 7 Replies
View Related
Dec 19, 2012
we have configured VpC between two Nexus 5596, for Vpc-Keep-alive-link we configured L3 interface with 1G (GLC-T) ,it shows the below status message "L3 not Ready" with interface LED glows in Yellow in color. is this a physical layer problem
Ethernet VLAN Type Mode Status Reason Speed Po Ch
Eth1/17 -- eth routed down L3 not ready 1000(D) --
Eth1/18 1 eth access down SFP not inserted 10G(D) --
Eth1/19 1 eth access down SFP not inserted 10G(D) --
Eth1/20 1 eth access down SFP not inserted 10G(D) --
Eth1/21 1 eth access down SFP not inserted 10G(D) --
[code].....
View 10 Replies
View Related
Dec 18, 2011
this is a Nexus 5596 L3 with the latest code:
It looks like the deny statement is not working as I can see all routes I am redistributing. I even did a deny on a specific route and I still see it in the routing table on another router in the autonomous system.The same below works fine on IOS platform. [code]
View 5 Replies
View Related
Jan 27, 2013
I have a pair of 5596 running in a vPC with Nexus 2248 connected to each N5596. When I do the command "show fex" I get the following output on the 2nd 5596
Number Description State Model Serial
------------------------------------------------------------------------
101 FEX101 AA Version Mismatch N2K-C2248TP-E-1GE SSI16390705
102 FEX102 AA Version Mismatch N2K-C2248TP-E-1GE SSI163704AD
122 FEX122 Online N2K-C2232PP-10GE SSI16370195
I'm running version 5.1(3)N1(1) on both of the 5K's. I have looked through all the configuration and I am not understanding why I am getting this error. I have tried to look it up on [URL], but not having a ton of luck.
View 3 Replies
View Related
Aug 28, 2012
I have 2 datacenters running same equipement (two Nexu 5596 with FEX).I just took a look at the log just to see if everything is ok and I saw that I have the same error message (a lot of times) at both location :
%SYSMGR-FEX100-5-HEARTBEAT_LOSS: Service "satctrl" heartbeat loss 2 ,max 7,I though it was a problem with my peerklink-keepalive connection but I see the word FEX ....so i'm not sure...
Note that at both locations, my Nexus are connected back to back through the management port using transceivers. So it's a copper cable from the first nexus, going into a transceiver, going to another transceiver in fiber and then back to copper to the other nexus.
View 2 Replies
View Related
Jun 21, 2012
what is the equivalent command to configure on the Nexus 5596? OS version 5.1(3)N2(1) Catalyst 45k ip igmp snooping vlan 1036 mrouter interface Po20
View 1 Replies
View Related
Feb 23, 2012
I am deploying a pair of Nexus 5596's with 3750 POE switches in the closets. I'm looking for a best practice as how to configure the Nexus 5596 to support proper QoS for EF at the core.
View 6 Replies
View Related
Mar 17, 2013
I currently have Nexus 5596 pair with VPC peer link Po1 between them. My goal is to connect our new Nexus 7Ks to the 5K's using Fabric Path. My question is during this inital setup with the 7K's. Can I use the same port channel number on the 7K's as I did the 5K's? Is the port channel locally significat?
View 2 Replies
View Related
Feb 17, 2012
Any experience interoperating Nexus 5548 or 5596 with Catalyst 3750 or 4507R?
We're looking into Nexus to replace these switches in the long run.
View 1 Replies
View Related
Jun 11, 2013
i want to remove the sync-profile on each of two synchronized Nexus 5596UP without loosing the config stored in Switch-Profile. That means without connectivity interruption and re-configuration of interfaces in "conf t mode", for example. Since NX-OS Release 5.2(1)N1(1) there is a new command
switch(config-sync)# no switch-profile abc profile-onlyprofile-only—Deletes the switch profile without the local configuration.
[URL]
View 2 Replies
View Related
Feb 20, 2013
the phone connects to the 3750-A access layer switch (VTP mode client) which connects to the nexus 5596 (The nexus is the layer 3 device and set to vtp mode server) and finally we have a Voice recorder that connects to another access layer 3750-B switch.(VTP mode client)
For voice recording I need to setup RSPAN and the nexus5596 does not support RSPAN will the following have any impact on the nexus
IF I move the 3750-B to VTP server mode and run the command remote span on the VLan I need to Rspan its going to update the VTP data base in short it will update the vlan.dat file for all the switch in that VTP domain.
AS the vtp update reaches the nexus saying there is a change (keeping in mind the nexus does not support rspan not sure hows its going to handle that request and how its going to update its vlan.dat file)
Is it going to incremment the VTP revision number? can it crash the vlan.dat file on the nexus ? or do nothing and ignore the update and stop the update from proceeding to the 3750 A switch?
View 1 Replies
View Related
Aug 31, 2009
We are running 4x n5k and started with the vPC feature. So my question is, if i can connect a vpc-pair to another vpc-pair?In the cisco docs i can find examples for connecting a vpc-pair to a single switch, or server (with and without fex)But there is nothing about how to connect 4 n5k via vPC feature.
View 10 Replies
View Related
Jan 9, 2012
My Data Center has one single core switch where is connected several servers, one port is the link to the router wan and other port is the link to the FW, my boss wants to install 2 nexus in order to replace the single switch. All my network has only one address, for example 192.168.10.0/24 if I connect two nexus 7010 in VPC and Domain, each nexus is going to has 2 modules with 48 port 10/100/1000 rj45 and i wan to connect servers directly to each nexus, with this figure i'm going to have a group of servers connected in two different nexus, Do they can have the same network 192.168.10.0/24 considering that the nexus are in the same vdc and vlan and have only one gateway for both groups? If the answer is positive, which nexus would be the gate way for that address, the primary or secondary? Or i must have a different address for both group of servers, i mean for example 192.168.10.0/24 and 192.168.12.0/24?thus each nexus would be the gateway for that new address?
To have two nexus connected by VPC in a Domain mean that one computer connected to one nexus can share the same address or vlan with other computer connected to the other nexus????
View 2 Replies
View Related
Mar 18, 2012
I currently have two Nexus 5548UP switches in my environment running the latest code (n5000-uk9.5.1.3.N1.1a.bin). Both of these switches are connected via a VPC Peer Link (two ports on each switch in an Ether Channel) and a VPC-Keep Alive Link (a dedicated port). Hosts connect to each switch via a VPC for both IPV4 and FCOE.
As of right now, everything works. I currently have a stack of two 3750 switches that each Nexus is connected to. This stack is doing all the Intra-VLAN Layer 3 Routing for the Nexus Switches. However, I plan to get rid of the 3750s, and move the Layer 3 Routing the Nexus 5548's, so the backplane is 10 Gig instead of 1 Gig.. I have the Layer 3 Daughter Card installed in both switches, as well as the LAN_BASE license.
So, at the moment, I am trying to find the best way to accomplish Layer 3 Routing on these two switches. Since the Nexus switches are not stacked, and the FCOE portion of HA is taking care of by the Multipathing agent on each host, I believe am just concerned with providing Intra-VLAN routing in an HA build where if one switch goes down, VLANs still route through the other switch.
Again, since the Nexus switches are not stacked, I am guessing the best way to handle this is with HSRP, but my experience with that has always been with routers that have a switch in the middle. Can I make HSRP work without having a switch between the Nexus switches? Can I track the VPC peer link, or how do I do it? I guess I am looking for a sample config.
Let's pretend I had two VLANs:
VLAN 20:
10.20.20.254 - GW and 10.20.20.0/24
VLAN 40
10.40.40.254 - GW and 10.40.40.0/24
And I wanted the Nexus switches to route these VLANs regardless of which switch was up / down..
View 3 Replies
View Related
Mar 6, 2013
Had a Sev 1 issue today. We have a bunch of Nexus 5ks connecting to some HP C7000 Chassis for the use of Virual environments. Engineers build and tear down servers during the day, however today, an engineer configured a virtual machine accidently with its IP address as the default gateway. Each pair of nexus switches has one physical SVI per vlan and a HSRP address for the vlan. Of course this engineer configuring the server IP address as the HSRP address killed the vlan... which lead me onto think... are they are tried and tested techniques to protect this from happening on the switch. Enforcing the ARP/MAC of the HSRP address and not allowing it to change or any other device to change it?
View 2 Replies
View Related
May 17, 2012
I have a paif of nexus 5548 configured VPC using the mgmt interface as heartbeat and 2x10G as peerlink. Peer-gateway is also configure on the vpc domain. I have 2 FEX straight thru connection to each Nexus'es. Created 2 VPC and both are up and no suspended vlans. Allowed VLANs in peerlink is 10,20,30,40 and 50. I configure SVI for VLAN 10 on both nexus 10.10.10.100/24 and 10.10.10.101/24 respectively. The problem is when I create HSRP on this VLAN 10 (vip 10.10.10.88), the hello packets are not heard by both nexus, thus both Nexus are acting as active with unknown standby. I can ping both vlan 10 from each Nexus. I tried deleting and putting back the config but no luck.I tried creating another SVI vlan 20 on both nexus and form hsrp, result is same as in vlan 10. I am running version 5.1 release on both nexus.
View 3 Replies
View Related
Nov 24, 2012
i have a big problem because i configure a vlans with vrf and HSRP but, when i do "show hsrp brief", dont show this interfaces and, i can ping virtual IP. it seems hsrp dont work.
SWSERVSCAMILO_N7010_A#
interface Vlan405
description smsc-fwatlas1
no shutdown
[Code] ....
View 1 Replies
View Related
Apr 18, 2012
we are planing to run HSRP on our Nexus 5ks (with L3 card) and we use VPC to connect the downstream UCS - Fabric Interconnects to the 5ks. I was wondering if the peer-gateway command is required under the vpc domain config? When you use HSRP with VPC, both the active and standby HSRP peers can forward layer3 traffic, isn`t that the same that peer-gateway would achieve?
View 1 Replies
View Related
Dec 16, 2011
I am working on two Nexus 7010 with 5.1.5 NX-OS version. I configure HSRP traditionnaly, Nexus 1 with a priority of 200 and Nexus 2 with a priority of 100 for all vlan.
When I change the priority of a vlan to 200 to 50 for example, Nexus 2 become active and Nexus 1 standby. The problem is that when I do a traceroute from a PC the packet take the Nexus 1 as defaut gateway all the time.....
For information I have a peer link between the 2 Nexus for vPC.
View 9 Replies
View Related
Feb 26, 2012
I am at a client that I upgrade from running a single 4507 to two Nexus 5548UP switches with two Nexus 2224 fex's connected. The other access layer switches are 2960S switches. I implemented hsrp on the nexus 5k's for redudancy. The issue they are having is that some networks cannot communicate with each other. All user vlans can communicate with the server vlan, but it is not running hsrp on the vlan interface (there is a reason for that, but it not relavent for this issue). The phone vlan, which is running hsrp, can communicate with all networks.
When I am connected to either 5k, they can communicate with all devices on all networks. However, I am on vlan 10, which is a user vlan. I can communicate fine with the server vlan (vlan 101 - not running hsrp) and the phone vlan (vlan 60 - running hsrp). I cannot communicate with vlan 30 or 40, which are both running hsrp. This makes absolutely no sense at all to me. I checked out trunk ports to be sure that vlans are allowed across the networks as well. There are no firewalls between the vlans or ACL's.
View 1 Replies
View Related
Nov 17, 2011
I have 2 pairs of Nexus 5000 units (pair 1 and pair 2). A pair consists of 2 Nexus 5000 (A and B) connected to each other via a VPC containing 2 ports ie P1-5KA -- P1-5KB (vpc domain 6) and P2-5KA -- P2-5KB (vpc domain 10) [code] Hsrp exists between all four with a virtual address of 10.18.136.1. P1-5KA is the Active with P1-5KB as Standby.
I can ping between the four using their SVI addresses. I am unable to ping the HSRP virtual address .1 from P2-5KA or P2-5KB.I can ping ok only if I shut the VPC between P2-5KA or P2-5KB or define another mac address under the HSRP config other than the system default. IP Packet debugs show that ping sourced from P2-5KB to P1-5KA loop between P2-5KA -- P2-5KB. Pings sourced from P2-5KA to P1-5KA are transmitted but none of the 4 device debugs show a receive. both peer-gateway and delay restore 120 have been configured under all vpc domains and all units rebooted.
View 8 Replies
View Related
Nov 20, 2012
Normally when we do HSRP with vPC on N7K the device will be Active/Standby in control plane but it will be Active/Active in data plane. In this case any traffic reach to standby device it can forward traffic directly to uplink which is not my desire. My goal is all traffic should pass through active (control plane) device in every case unless active device totally dead. So Is it possible for Nexus 7000 to be HSRP Active/Standby in Data Plane ?
View 4 Replies
View Related
Aug 2, 2012
I'm attempting to create an erspan session between a Nexus 5000 and 6500 to get traffic from a FEX interface on the 5000 over to a sniffer off of the 6500. The Nexus and 6500 are directly connected with a 10G link, but I added a separate 1G link between the two for the erpsan traffic. I created a routed interface on the 6500, and and SVI on the Nexus. The Erspan session came up, and looked ok from both sides, but as soon as we got a burst of traffic this morning the CPU on the 6500 spiked to 99%. I used 'debug netdr capture rx' to determine the traffic was coming in from the erspan port and subsequently shut down the new interface on the 6500. why this caused a CPU spike? Here are the relevant configs from each device:
Nexus:
vrf context NetOps!
interface Vlan123
no shutdown
[code].....
View 1 Replies
View Related
Mar 11, 2012
We have a pair of N7K distribution switches connected to a pair of N7K Aggregation switches.We run vPC on both pairs of n7k's.
-n7k-d1 has two interfaces in a Port-Channel connecting to n7k-a1 & n7k-a2. (PC1)
-n7k-d2 also has two interfaces in a Port-Channel connecting to n7k-a1 & n7k-a2. (PC2)
My problem is that Spanning-Tree is blocking PC2 and all traffic from n7k-d2 is traversing the Peer-Link before reaching the Aggregation layer. Is this the best design for connecting two pairs of n7k's with vPC or if a better design would be to connect all 4 links into the same Port-Channel and vPC?
View 7 Replies
View Related
Jan 28, 2013
Does ACS v4.2 support the addition of the Nexus switches? We have a few new Nexus devices that have been added to ACS, but cannot be accessed successfully. A msg re: role based authentication is received. Do I have to do something special in ACS to support this?
Nexus 5596 v5.1(3)N2(1)
View 4 Replies
View Related
Nov 19, 2012
I am running LMS 3.2 and can not see the Nexus 5596 / ME-3600X-24FS-M Cisco switches on Cisco works LMS 3.2. Where I need them most is DFM the devices come up as unknown. An example below 10.125.202.1 is NExus 5596 and the rest are ME3600.
208.10.125.202.1UnknownN/AN/A209.10.115.1.4UnknownN/AN/A210.10.115.1.3UnknownN/AN/A211.10.115.1.2UnknownN/AN/A212.10.115.1.1UnknownN/AN/A
going through the article below looks like its not supported
[URL]
What are the options I have next ? Can I upgrade to LMS 3.3 or only do an upgrade for DFM ?
Want to avoid LMS 4 as that's an installation from scratch.
View 2 Replies
View Related
