IOS we used for limiting access for a group we used configuration of snmp-server views like following
snmp-server group backupgroup v3 priv read backupview write backupview access 20 snmp-server view backupview ccCopyTable included could not find out how to achive this config in NX-OS on Nexus5500
I'm trying to setup SNMPv3 on a Nexus 5548. We are using SNMPv3 on 3750's without any issue, but haveing issues getting it setup on the Nexus.I have been using the following link for the setup following it line by line. [URL]The part that I'm having issues with is when I try to enforce SNMP message encryption on a per user basis. When I issue snmp-server user (username) enforcePriv, I get warning: unable to update CLI users database. reason: role does not exist grounp not found.
View 1 Replies View RelatedHow to you setup ip routing on a Nexus 5500 I want to do vlan routing between an Nexus 5500 and Catalyst 3750. Nothing clever just have the 2 switches talk and vlans route between the two.
View 3 Replies View RelatedIs there an official Cisco-Page with the always-up-to-date recommended NX-OS-Releases for the Nexus 5000, just as there is URL
If there is no such page: What Release can be recommended?
We got new N596 & N2232 this week, and are using L2-LAN only, no L3,no FCoE- or FC-Ports. The command 'vPC orphan-ports suspend' is the newest feature used, so 5.0(3)N2(1) would be the oldest possible release.
Before I install 5.1(3)N1(1a) and then have to do a distruptive downgrade to 5.0(3)N2(2b), I'd like to be assured that the new one is already recommended as mature enough.
Are there any dependencies on VTP on the Nexus platforms like the 5500 or 7000? In IOS P V LAN required VTP Transparent mode however I cannot find any reference to this for the Nexus platform. Are there any other features that would require the use of VTP? By default VTP is turned off on nexus and has to be enabled with the feature command so is there any benefit to running VTP in transparent mode vs off?
View 1 Replies View RelatedThere is very little and quite diverse Information regarding the if, where and how of a Nexus 5000 or 5500 series Switch and support for IEEE 802.1AE Link Layer Encryption (also called MACsec).
For example: the official FAQ denies that the Nexus 5500-series supports 802.1AE at all, while the data sheet says that only "downlink ports" are supported (host access).
On the Nexus 7000 platform the 802.1AE link layer encryption is part of TrustSec (feature cts) and much better documented.
The Question is: If and under which circumstances (configuration, L3 modules, license, NX/OS version) does a Nexus 5k or 5500 series Switch support 802.1AE on 1G or 10G interfaces that are directly connected to a Nexus 7000 (with the necessary cts feature licensed/configured)?
Does the Nexus 5548/5596 switch support OSPF ECMP?
Also on OSPF and ECMP, the load-balancing method at the multiple links for Catalyst 3750 is per IP packet or per destination IP?
I am experiencing inconsistent echo-replay from devices connected via VPC to Nexus 5500s while pinging from the Nexus exec prompt.
In some cases I receive normal response when pinging from one Nexus, but no response when pinging from the other switch. In other instance I receive normal response to one Nexus, and duplicate replays to the other. It looks like a VPC related bug. NXOS is 5.1.3.N2.1
5501# ping 10.12.12.232
PING 10.12.12.232 (10.12.12.232): 56 data bytes
64 bytes from 10.12.12.232: icmp_seq=0 ttl=253 time=8.585 ms
64 bytes from 10.12.12.232: icmp_seq=0 ttl=254 time=9.227 ms (DUP!)
64 bytes from 10.12.12.232: icmp_seq=1 ttl=253 time=1.011 ms
64 bytes from 10.12.12.232: icmp_seq=2 ttl=253 time=8.097 ms
64 bytes from 10.12.12.232: icmp_seq=2 ttl=254 time=9.429 ms (DUP!)
64 bytes from 10.12.12.232: icmp_seq=3 ttl=253 time=18.195 ms
64 bytes from 10.12.12.232: icmp_seq=4 ttl=253 time=8.807 ms(code)
Nexus 5500 support auto negotiation on 1gig sfp port? There is an end device that only support auto negotiation and cannot be manually set speed/duplex.
View 0 Replies View RelatedI'm looking for some input on configuring vPC on the Nexus 3048.I know that it's supported to use 1G interfaces for the vPC Peer-Link, but using 2x1G for the Peer-Link would make the Peer-Link a bottle-neck if the 10G ports are used in a vPC. What about using 2x10G ports for the Peer-Link and using the remaining 10G ports in one, or potentially two vPCs. Should that work or is it in any way not recommended? The reason I'm asking is that the 10G ports are called "Uplink" ports in the data sheets for the 3048.
We are planning to connect some servers to the 3048s using vPC with each server connected by 4x1G interface (2x1G for each switch), and then we want to connect a Netapp storage system with two controllers using 2x10G each (the controllers are active/passive, so you can think of it as two separate systems). We would connect controller A with vPC 1x10G to each switch, and controller B in the same way with vPC 1x10G to each switch.
I have a Nexus 5500 which is the core of our network and we have access layer switches uplinked to it. I know by default the qos markings will be trusted.
1. On a trunk uplink from an access layer switch to the Nexus, I have "mls qos trust dscp". Will the DSCP marking be preserved when it reaches the Nexus?
2. How do I do prioritization of voice traffic on an uplink on Nexus based on DSCP EF?
Configuring OSPFv2 on a Nexus 5K switches, after configuring area 0 or area 10 it shows as 0.0.0.0 or 0.0.0.10 instead, I'm planning to uplink a couple of ASAs with OSPF enabled, just wondering if the area format showing will be a problem, is this how is supposed to look in the Nexus 5K? and will the 5K be able to form adjacensies with other non-Nexus devices that have area 0 and 10?
View 5 Replies View RelatedI want to configure management for some Nexus 5548's?I wanted to manage the switches via an SVI. I have read the following document which gives details about the Management SVI but doesn't answer all questions.[URL]I am not running any layer 3 functionality on the switch, no layer3 license (which it mentions in the above link) Will I still be able to create a management SVI. I know I will need to enable the feature 'interface-vlan' to setup a Management SVI, does that require a license?
View 6 Replies View RelatedI have a Nexus 7000 plus 6 boxes NX2000 on backbone.I have configured on 7000 :
conf t
system jumbomtu 9000
exitERROR: Ethernet111/1/1: requested config change not allowed
...
ERROR: Ethernet122/1/48: requested config change not allowed
1/111/14 is a NX2000 port conf tinterface ethernet 1/111/14 switchport mtu 9000 exit
I have gotten this message : Error: MTU cannot be configured on satellite port(s) - Eth122/1/11 ?I have tried on a NX7000 TP port:ERROR: Ethernet10/45: MTU on L2 interfaces can only be set to default or system-jumboMTU ?Does JUMBOMTU configuration can be done only when there are no NX2000 configured ?
I currently have two Nexus 5548UP switches in my environment running the latest code (n5000-uk9.5.1.3.N1.1a.bin). Both of these switches are connected via a VPC Peer Link (two ports on each switch in an Ether Channel) and a VPC-Keep Alive Link (a dedicated port). Hosts connect to each switch via a VPC for both IPV4 and FCOE.
As of right now, everything works. I currently have a stack of two 3750 switches that each Nexus is connected to. This stack is doing all the Intra-VLAN Layer 3 Routing for the Nexus Switches. However, I plan to get rid of the 3750s, and move the Layer 3 Routing the Nexus 5548's, so the backplane is 10 Gig instead of 1 Gig.. I have the Layer 3 Daughter Card installed in both switches, as well as the LAN_BASE license.
So, at the moment, I am trying to find the best way to accomplish Layer 3 Routing on these two switches. Since the Nexus switches are not stacked, and the FCOE portion of HA is taking care of by the Multipathing agent on each host, I believe am just concerned with providing Intra-VLAN routing in an HA build where if one switch goes down, VLANs still route through the other switch.
Again, since the Nexus switches are not stacked, I am guessing the best way to handle this is with HSRP, but my experience with that has always been with routers that have a switch in the middle. Can I make HSRP work without having a switch between the Nexus switches? Can I track the VPC peer link, or how do I do it? I guess I am looking for a sample config.
Let's pretend I had two VLANs:
VLAN 20:
10.20.20.254 - GW and 10.20.20.0/24
VLAN 40
10.40.40.254 - GW and 10.40.40.0/24
And I wanted the Nexus switches to route these VLANs regardless of which switch was up / down..
We are facing issue of continous packet discards On nexus4001L link (int po2) to Nexus5020 switch. Nexus4001L is installed in IBM blade center server and we have FCOE enabled in this setup. [code]
View 2 Replies View RelatedI have been tasked to replace the existing Cat 6500 and 3750 switches by Nexus 7000 and Nexus 2000.I was told initially my boss plans to get 2 x Nexus 7000 and then eventually blow up to 4 x Nexus 7000s.For Nexus, is there a list of tasks / points that i need to consider for building the initial design?
Can i just link the Nexus 7000 like the following?
N7k-A ========= N7k-B
| |
lots of N2ks lots of N2ks
Struggle to find the SNMP MIBS of the Nexus 5000 FEX tranceivers.
View 3 Replies View Relatedwe are planning a Nexus datacenter project with this layout:Our experiences with Nexus switches are not so large until now and the manuals are very extensive.Both N5K´s should be connected directly with all 4 N2K switches. I did not find a layout like this in the manuals. Only a design,where only 2 N2K are connected to one N5K, with this fex config:Now I´m not sure if it is right to make a config like this with the same slots and fex´s or with different slots and fex´s.
View 1 Replies View RelatedWe have to set up voip for our network(for 50 phones not he cisco phones).
I need to just the route the voip traffic to gateway address of telephonic company(1.1.5.7) where they provide us the connectivity for the setination call.
What sort of protocols should i have to enable in pix i saw the concepts like sip, h323, ras, skinny.
We are using only voip for asa and no data or other traffic should be allowed.
inside adrees: 10.10.10.0/24 for all voip phones
outside:121.21.22.1
telephoneic gateway: 1.1.5.7
I'm building the use case to test / detect for rogue devices on the network. I have in my enviroment Lan controller 5500 controller with AP (aironet 3500). I want to detect for rogue devices/ap connected to my network. I know before i can see this activity on the network i have to configure the controller / ap to detect this behavior. I'm doing this step.
Authorize AP's against AAA function to make sure that all the AP's registering to your WLC are authorized AP's of the network.By enabling this feature, only those AP's whose mac-addresses are present in the authorization list, will be able to register to the URL
Using Rogue detection. feature, the WLC will be able to detect any AP that is not a part of its RF group and contain it.URL
NOTE: from the forum I have seen other talks about the same issue and saying that if I have any APs in "Rogue Detection" mode sitting on the trunk port on the switch then only, this AP will detect the Rogue on Wired
I don't think i completely understand this statement, by sitting does it mean that it is passively sniffing coming in/out on trunk link?
Considering the above steps are accurate, after this will i be able to see rogue detection behavior in syslogs? What exactly would be the messages that would produce this behavior.
I'm building the use case to test / detect for rogue devices on the network. I have in my enviroment Lan controller 5500 controller with AP (aironet 3500). I want to detect for rogue devices/ap connected to my network. I know before i can see this activity on the network i have to configure the controller / ap to detect this behavior.
Authorize AP's against AAA function to make sure that all the AP's registering to your WLC are authorized AP's of the network.By enabling this feature, only those AP's whose mac-addresses are present in the authorization list, will be able to register to the WLC. url...
Using Rogue detection. feature, the WLC will be able to detect any AP that is not a part of its RF group and contain it. url...the forum I have seen other talks about the same issue and saying that if I have any APs in "Rogue Detection" mode sitting on the trunk port on the switch then only, this AP will detect the Rogue on Wired.
I have two cisco asa firewalls connected through a VPN, one is 5505 and the other is a 5510. From the 5505 I can ping the internal interface of the 5510, but not vice versa. Would that be a NAT issue? I used the ASDM to configure the VPN tunnels with the wizard for IPsec site to site.
View 3 Replies View RelatedI used the following commands to limit users on my wireless network (WLC 5500) and a Nexus 7000. The previous cisco doc only covers the 6500 and some commands have changed. Tested and working except the PIR gives an error, post up if you know why, otherwise enjoy!
Note Wireless Network assumed to be 172.21.0.0/16.Note This will limit each wireless user to 1 MbpsNote The PIR (Peak Infomation rate, also know as burst) is ignored in following commands, unknown at this time why.Create ACLs:
ip access-list acl-wireless-downstream 10 permit ip any 172.21.0.0/16 ip access-list acl-wireless-upstream 10 permit ip 172.21.0.0/16 any class-map type qos match-all class-wireless-upstream match access-group name acl-wireless-upstreamclass-map type qos match-all class-wireless-downstream match access-group name acl-wireless-downstreampolicy-map type qos police-wireless-upstream class class-wireless-upstream police cir 1 mbps bc 200 ms pir 1536 kbps be 200 ms conform transmit exceed drop violate droppolicy-map type qos police-wireless-downstream class class-wireless-downstream police cir 1 mbps bc 200 ms pir 1536 kbps be 200 ms conform transmit exceed drop violate drop
1.Apply police-wireless-upstream on the incoming port from the controller.
interface port-channel130 description *** LAG for WLC1 *** switchport mode trunk switchport trunk allowed vlan 80,130,255,600 service-policy type qos input police-wireless-upstream
2.Apply policy-wireless-downstream on the uplink LAN/WAN ports.
interface port-channel101 description *** L3 Port Channel to Core VDC *** no switchport service-policy type qos input police-wireless-downstream ip address 10.70.10.18/30 ip router eigrp 10
How many VMs can a pair of 5548s support? Remember, for each VM, I will have an ARP entry in the 5500 ARP Table (assume 5500 is the L3 default gateway).
View 3 Replies View Related: %DATACORRUPTION-1-DATAINCONSISTENCY: unterminated string in buffer of length 129, counted: 129 -Traceback= 4027CB2C 402B1E88 4052884C 40528A48 40528D08 40529188 40529358 403247E8 403247D4
Cisco Internetwork Operating System Software
IOS (tm) C5RSM Software (C5RSM-ISV-M), Version 12.2(46), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by cisco Systems, Inc.
Compiled Thu 26-Apr-07 19:41 by pwade
Image text-base: 0x40010948, data-base: 0x410F41D0
[code]....
Having an issue with my WLC 5500 and client connectivity. This just started today. Clients will connect for a short period of time and then drop off. WLC appears fine with the exception of a bunch of trap errors. I've rebooted the WLC but this did not clear the issue.
View 3 Replies View Relatedhow to configure the ASA 5500 with "Directed Broadcast" for Wake of lan from other networksegment. we want pass traffic from 192.168.10.0 network to 192.168.100.0 DMZ Network to turn on the server with Wake on Lan.
I read something about "Static NAT" but how do i make this one?
We have successfully peered two 5548UP switches together and separately we have successfully peered two 5596UP switches together. Works great and is our standard going forward for data center switching. I've been casting about Google and Cisco looking for an answer to this question:
Is it possible to have more than two 5500 class Nexus switches participate in a peered vPC configuration? For instance, can I connect a single FEX to four 5500 class switches in a vPC configuration? The question is more academic than actionable. Even if the answer is yes we probably wouldn't be in a position to implement something like this for a while.
I'm trying to configure intervlan routing between a cisco 2801 router and HP/Amer switches. Using int fa0/1 and subinterfaces I was sure I had it configured correctly, but I cannot ping the default gateways when I place a host in a particular vlan. Below is what I have configured.
HP switch - port 9 connects to fa0/1 on 2801
ip default-gateway 10.1.100.1
trunk 9 Trk1 trunk
trunk 10 Trk2 trunk - to another switch
[code].....
We are working with a contractor to upgrade our network, and I heard from them that the 5596/5548 might not need the Layer 3 module for our inter-VLAN routhing. They have yet to give me an answer.
We do have a few static routes on our current layer-3, core switch too.
Configuring an application using routing mode on cisco ace clients ---asa--3750--cisco ace--- servers behind vip,visa card transaction servers.i am able to setup a vip on ace using routing mode on ACE,as the servers need to see the client ip ,so we are not performing SNAT,this part is working fine,when a request comes from the client ,it goes to the vip and to one of the backend servers ,and the request will be forwaded back to the ace ,as the default gateway on the servers is pointing to the server vlan on ace.but if the transaction from the servers need to go to the visa card transaction servers ,how can we achieve this ,and after fetching the data from visa servers,does the reply will be fwd to the ACE or ASAs directly.
View 1 Replies View RelatedI currently have a Cisco 891 running with a FTP running on port 21. I currently have the NAT from external IP to and internal IP 192.168.12.6 for port 21. And the firewall allowing that traffic through and client software is working fine. However I need this FTP to be running on port 990 and anytime I change the NAT and the firewall, the external FTP clients connect but then drop when recieving the directory listing.
View 10 Replies View Related
