Cisco Switching/Routing :: Nexus 7000 - HSRP Active / Standby?
Dec 16, 2011
I am working on two Nexus 7010 with 5.1.5 NX-OS version. I configure HSRP traditionnaly, Nexus 1 with a priority of 200 and Nexus 2 with a priority of 100 for all vlan.
When I change the priority of a vlan to 200 to 50 for example, Nexus 2 become active and Nexus 1 standby. The problem is that when I do a traceroute from a PC the packet take the Nexus 1 as defaut gateway all the time.....
For information I have a peer link between the 2 Nexus for vPC.
View 9 Replies
ADVERTISEMENT
Nov 20, 2012
Normally when we do HSRP with vPC on N7K the device will be Active/Standby in control plane but it will be Active/Active in data plane. In this case any traffic reach to standby device it can forward traffic directly to uplink which is not my desire. My goal is all traffic should pass through active (control plane) device in every case unless active device totally dead. So Is it possible for Nexus 7000 to be HSRP Active/Standby in Data Plane ?
View 4 Replies
View Related
Mar 4, 2013
I am running HSRP on three 4506 switches..S1(active) S2( standby) and S3(listen)..S1 is active for all the vlansRight now, I wanted to make S3 active for two vlans: vlan 10 and 19What would be the impact to the end hosts?Also, can you tell me why the arp is not syncing for all the three devices? [code]
View 4 Replies
View Related
Jan 19, 2012
I have been reading several posts in this forum to try to understand ACL behaviour on a standby HSRP 6500, I would be glad to get this cleared.I have two 6509 running HSRP for all Vlans...I created VLAN 100 with standby ip address 192.168.1.129 255.255.255.128
Active 6509 (SW01) ip is 192.168.1.130/25, priority 120
Standby 6509 (SW02) ip is 192.168.1.131/25
I have created a DHCP server on the standby 6509 only on the same VLAN 100 with a defaul router of 192.168.1.129 (i.e. the hsrp vip). I connected a pc directly to the ethernet port on the standby 6509 and put it under VLAN 100 and it obtained its ip 192.168.1.200 from the ios dhcp.Now I want to restrict this PC (and any other on its subnet) to access only a remote server 172.168.10.10 and nothing else. I have created the following access list, allowing traffic to the remote server, ospf and hsrp updates,ios dhcp...
Extended IP access list SWRES
10 permit ospf any any log (172 matches)
20 permit ip any host 172.168.10.10
30 permit ip any host 224.0.0.2
40 permit udp any host 255.255.255.255 eq bootpc
50 deny ip any any log (52 matches)
I have applied this ACL on both the 6509s under interface VLAN 100 ip access-group SWRES in
1. When I ping different subnets on the 6509s from the PC, I still receive icmp replies although I expected the acl to pass traffic destined for the remote server only. I do get deny log messages on the Active 6509, but not on the standby 6509 where the PC is connected.
2. Is permitting bootpc in the acl enough for IOS DHCP server and client operation? Do i need to explicitly permit access to the defaul-router configured in the DHCP, which happens to be the VLAN 100 gateway ip and hsrp vip as well (192.168.1.129)
3. I do get deny logs on both the 6509s from the PC trying to access the local VLAN 100 broadcast address on ports 137, 138.
%SEC-6-IPACCESSLOGP: list SWRES denied udp 192.168.1.200(137) -> 192.168.1.255(137)
View 7 Replies
View Related
Mar 15, 2013
I have been tasked to replace the existing Cat 6500 and 3750 switches by Nexus 7000 and Nexus 2000.I was told initially my boss plans to get 2 x Nexus 7000 and then eventually blow up to 4 x Nexus 7000s.For Nexus, is there a list of tasks / points that i need to consider for building the initial design?
Can i just link the Nexus 7000 like the following?
N7k-A ========= N7k-B
| |
lots of N2ks lots of N2ks
View 12 Replies
View Related
Jun 11, 2013
I have my hsp setup where switch A and switch B share active/standby roles among several vlans. In the last few weeks, i have seen trouble tickets where connectivity is lost and upon investigation i discover that i can ping physical interface IP addresses for both standby and active devices but not the standby IP. I have also validated configurations and layer 2 paths and they haven't been broken.
What I end up doing is failover to the standby device and back and the problem clears, reachability is restored. My question is whether I am solving this the right way. If so, what is it that would cause the standby IP to not be reachable and how does my solution fix that? N/B the switches are catalyst 6509's.
View 2 Replies
View Related
Dec 27, 2012
We have our WAN setup as explained in the attachment herewith. As of now, We have a IP 1 configured as HSRP IP in the LAN switch end at Site A and Site B. As per the HSRP priority, Site A's WAN router will preempt to be the Active WAN router. 1*1Gig link at both DCs connect to the respectve WAN router.
But with this setup, we experience a WAN outage whenever there is a link disconect at Site A - as HSRP fails over from Active to Standby(Site B) and again when the link at Site gets restored. To avoid this :
Is it possible to have the HSRP configured over a port channel at Site A and B (or atleast at Site A) ? In that case, will there be a need for the ISP to change their configuration except to configure a port channel ? The ISP has Cisco 7000 series router which connects to 3750 stack at DC lan.
View 2 Replies
View Related
Nov 16, 2011
I have router connected to 2 3550 switches directly. 3550A and B switches are running HSRP. OSPF is running between Router and 2 switches.
From Switch B i can ping the Router Wan interface but not the internet sites. from Switch A i can ping any sites?
Switch B
3550SMIB# sh ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1
[Code]......
View 7 Replies
View Related
Jul 29, 2012
If I setup 4948E's in HSRP configuration. And I connect devices to the Standby Unit that do not require redundancy. Will there be any issues passing traffic? I don't believe that standby unit blocks the traffic but wanted to confirm.
View 5 Replies
View Related
Sep 30, 2012
I have 2 6509 chasis with one SUP720-3B in each and current IOS is s72033-ipservicesk9_wan-mz.122-18.SXF4 and 2 FWSM with version is 3.3.1 I need to upgrade FWSM system software to 4.1, after checking FWSM 4.1 release notes, I thought of upgrading IOS to latest version to 12.2(33)SXJ.I got new 2 CF of 512MB and downloaded the new IOS on them and need to upgrade 6509 IOS first to meet the requirement for FWSM upgrade.
View 1 Replies
View Related
Apr 22, 2012
I went through the configuration guide for 4500 series switches for NSF/SSO for failover between Sup's. I just wanted to know that that are we supposed to run the SSO command on both of the supervisors? Secondly, are we only supposed to run the nsf process under EIGRP on the secondary supervisor and routing peers and not on the primary supervisor?
View 2 Replies
View Related
Oct 19, 2012
We are expanding out LAN network with more 2960 access switches. All the access switches are suppose to be connected to core switch (4507R) but i have less port on the core switch.
On the core switch we have two supervisor engines (WS-X4515 ---description : "Supervisor IV with 2 1000BaseX GBIC ports"). I can see that on each supervisor engine i have two 1 GB SFP ports available and if i calculate for two supervioser engine i will have 4 1GB ports.
But at particular time only one supervisor engine is active and other is in standby mode (redundancy mode used is SSO between two SUP engines).
Can i used all 4 SFP ports for connecting 4 uplinks to the 4 access switch?Will all the 4 SFP ports active at one time or only 2 SFP ports will be active that is for only active supervisor engine.
View 10 Replies
View Related
Jun 4, 2012
I was upgrading IOS on 4507 R with dual supervisor.I download the IOS on Active supervisior and did reboot.After reboot i login to switch then i got switch standby prompt.I found that after reboot active supervisior became standby supervisior.
Now new IOS is on standby supervisior.Need to confirm below..So this means that IOS does not syn within the supervisiors as compared to config right ?
-Which command i can use that will copy IOS from standby supe to Active supe??
-Which command i can use that will show both active and standby supe with new IOS?
-Is there any command that i can use to switchover from active to standby supe??
View 3 Replies
View Related
Oct 30, 2012
After rebooting a pair of 6504's configured for vss, both switches show active on the sup modules. A show switch virtual redundancy however shows the pair working in an active/standby mode. We have 6509's in vss pairs and they show active on switch1 and standby on switch2 led's. For the 6504's switch 1 was booted first and then the second switch about 30 seconds later. Is there something different with the 6504's? [code]
View 4 Replies
View Related
Jan 14, 2012
i have a strange issue with an HSRP Setup. I have two (S1+S2) 3560 as Core/Distribution Layer. Inter-vlan routing are enabled on both Switches. S1 and S2 are connected with an ether channel over four fibre ports. S3 -S5 are the (L2) access layer.
Gi0/1 on S1 and S2 are L3 ports, connect to a Linux Firewall.
HSRP is enabled, S1 is the active router and the STP root bridge.
But, my monitoring via cacti show me, that the Gi0/1 on S2 is active, too! But it should not be active? Only if S1 fails, should S2 the active switch.A client from the access ports on S3 - 5 gets traffic from the Internet via Gi0/1 from S2. Gi0/1 on S1 is active too, but will send mostly traffic to the Internet. Why is S2 active and why route it traffic from the Internet to the client?
View 15 Replies
View Related
Dec 9, 2012
Should I install any special license to enable vrf within Nexus 7000 VDC? I observed that vrf routing instance is not enabled in the VDC.
View 2 Replies
View Related
Mar 3, 2013
I am configuring NTP on a new Cisco Nexus 7000 running version 6.1(2). NTP is working properly between the access switches and Nexus, however when configuring Authentication, NTP is not working anymore.
confguration:
Nexus 7K server
=============
ntp server x.x.x.x
ntp peer q.q.q.q
ntp server e.e.e.e
ntp server r.r.r.r
ntp source-interface Vlanx
[code]...
why NTP authentication is not working !!!!! on Nexus 7000
View 3 Replies
View Related
Aug 3, 2011
On a 7K (5.0(2)), I have a situation where the FIB and RIB are out of sync. I'm not sure it's causing a problem, but it's been implicated in some weird packet loss issues. It seems like it could cause network issues if you had two routes in the RIB, only one in the FIB, and then you lost the single path in the FIB. How the RIB/FIB gets out of sequence, how to proactively know about it (nothing in the logs here), and whether or not this is a big deal or a red herring?
Here's sample output that illustrates the RIB and FIB being out of sequence.
ROUTER1# show ip route 172.16.100.1
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
[Code].....
View 2 Replies
View Related
Mar 25, 2013
I have cisco 4510R L3 switch with installed 2 Sup on slot 5 and 6. the current active Sup is in Slot5 i want to make active Sup6 in slot 6 which is currently standby sup in chassis. Is there any way to make standby Sup to ACTIVE without reloading any of the Supervisor. however there is two way as per my understanding -
1. we can reload the active Sup so that standby Sup will take charge. - (redundancy reload shelf)
2. we can focefully switchover the state of Sup's by (redundancy forcefully swithover) but in above both cases reload will be performed by one of the supervisor. which i don't want.
View 2 Replies
View Related
Mar 6, 2013
Had a Sev 1 issue today. We have a bunch of Nexus 5ks connecting to some HP C7000 Chassis for the use of Virual environments. Engineers build and tear down servers during the day, however today, an engineer configured a virtual machine accidently with its IP address as the default gateway. Each pair of nexus switches has one physical SVI per vlan and a HSRP address for the vlan. Of course this engineer configuring the server IP address as the HSRP address killed the vlan... which lead me onto think... are they are tried and tested techniques to protect this from happening on the switch. Enforcing the ARP/MAC of the HSRP address and not allowing it to change or any other device to change it?
View 2 Replies
View Related
May 17, 2012
I have a paif of nexus 5548 configured VPC using the mgmt interface as heartbeat and 2x10G as peerlink. Peer-gateway is also configure on the vpc domain. I have 2 FEX straight thru connection to each Nexus'es. Created 2 VPC and both are up and no suspended vlans. Allowed VLANs in peerlink is 10,20,30,40 and 50. I configure SVI for VLAN 10 on both nexus 10.10.10.100/24 and 10.10.10.101/24 respectively. The problem is when I create HSRP on this VLAN 10 (vip 10.10.10.88), the hello packets are not heard by both nexus, thus both Nexus are acting as active with unknown standby. I can ping both vlan 10 from each Nexus. I tried deleting and putting back the config but no luck.I tried creating another SVI vlan 20 on both nexus and form hsrp, result is same as in vlan 10. I am running version 5.1 release on both nexus.
View 3 Replies
View Related
Nov 24, 2012
i have a big problem because i configure a vlans with vrf and HSRP but, when i do "show hsrp brief", dont show this interfaces and, i can ping virtual IP. it seems hsrp dont work.
SWSERVSCAMILO_N7010_A#
interface Vlan405
description smsc-fwatlas1
no shutdown
[Code] ....
View 1 Replies
View Related
Feb 2, 2012
We recently purchased a pair of 2232TM Fabric eXtenders just to find out that our Nexus 7000 does not support it. Will there be support for the 2232TM FeX in Nexus 7000 any time soon?
View 4 Replies
View Related
Jul 17, 2012
I have two data centres connected via a L2 DWDM, my manager wants to look into using OTV to get rid of the layer 2 broadcasting issues.
Problem is the DWDM is 1000BaseSX, which is only supported on the N7K-F132XP-15. (and the N7K-M148GS-11 but that doesn't support FCOE, so many bloody caveats). From what I can gather OTV is not supported on the N7K-F132XP-15.
Is it possible to terminate the DWDM on the F1 card & loop another port from the F1 to a port on the N7K-M148GT-11 & run OTV on the M1????
Either using VDCs or just an isolated VLAN on the F1. Is there any better way to do this? Hardware has not yet been purchased.
View 0 Replies
View Related
Dec 9, 2012
I am seeing an issue that after deleting/recreating one of the VDC in Nexus 7K, VLAN is not been able to be configured within the VDC although it is not actually a reserved VLAN. Could it be anything missing in the license installation? the version of the image is NX-OS 6.1.2
StorageVDC(config)# vlan 100
^
invalid vlans (reserved values) at '^' marker.
View 2 Replies
View Related
May 5, 2013
We setup two n7K as core switches in our network. We configure VPc peer link as well successfully. We are using mgmt interface of supervisors as a peer keep alive interface, so what happen when this keep alive gets down? Are we loss Vpc peer link between both nexus 7 K?
View 4 Replies
View Related
Jan 29, 2012
I have a pair of Nexus 7K's running 5.1(3). I have a handful of edge devices that I need to mark ingress traffic, and need to mark both DSCP and CoS. Right now, I have a working config that marks DSCP appropriately.While that works dor DSCP, the MQC will not allow me to mark both DSCP and COS in the same class, and unlike IOS, it appears that Nexus does not have a default DSCP-to-COS mapping. My understanding is this can be solved using table maps, but I don't see how that can solve my problem in this specific scenario (it appears I can do marking or table-map mutation, but not both?). How I can accomplish both?
View 5 Replies
View Related
Dec 5, 2011
I cannot get the AAA tacacs+ authentication to work on my Nexus 7000.
View 4 Replies
View Related
Nov 2, 2012
I need to know how is the ambient temperature for the Nexus 7000 switches to plan a new datacenter. In the datasheet I found the following information regarding this topic:"GR-63-CORE Network Equipment Building Standards (NEBS) specification published by Telcordia Technologies in Section 4.1.2". How are the specification for temperature in this standard?
View 1 Replies
View Related
Mar 4, 2012
regarding QOS on Nexus 7000. Our Nexus 7000's form a collapsed distribution/core layer, our access layer switches are are a mixture of Cisco 3750 & Cisco 4507. 3750 switches will connect to Nexus switches via 1Gb uplink, 4507 switches will connect via 10Gb uplinks. Each Nexus will be connected via 20Gb port channel, all servers connect to the Nexus switches via 1Gb links. We're implementing a new telephone system soon which will be using VOIP so I need to configure the switches to perform QOS. The IP phones will mark the RTP traffic with DSCP value EF and call signaling traffic CS3. I'm fine configuring qos on the access layer switches, its just the Nexus switches which I'm not sure about.
Do I actually need to configure any QOS parameters on the Nexus switches so they will prioritise the VOIP traffic. If my understanding the Nexus switches will trust the DSCP values and assign the traffic to the relevent queues?
Just for information VOIP is the only traffic I will be marking QOS values
View 3 Replies
View Related
Oct 14, 2012
On Nexus 7000s I want to limit bandwidth of particular IP. I can do this using proper configuratio of IP ACL, policy map and class map. But what if I dont have information on interface? Can I apply bandwidth control for particular IP without knowing the interface?
View 3 Replies
View Related
Apr 20, 2012
if vPC is supported between a single 2232PP FEX and two 7000 switches running 6.0(1)? I have been researching this for an implementation I am doing for a client and was able to determine it was not supported with earlier versions of 5.0 when the FEX is connected via vPC as I described above, but I can't find anything related to version 6.0(1). I have done this for other clients with 5000 and 2000 switches, but I don't have too much experience with 7000 switches.
View 5 Replies
View Related
Dec 4, 2011
I have some error messages in the Nexus 7000 log, after searching i cannot find an adequate explanation, pretty much the only thing i can find is below and i don’t think it is very relevant to my situation. The device is in production and so reloading and pulling card willy nilly is the last resort.
Device = Nexus 7018
IOS version = 5.1(2)
Log messages=
2011 Dec 2 14:52:35 IAS01LVSWIPC01 %OC_USD-SLOT8-2-RF_CRC: OC2 received packets with CRC error from MOD 6 through XBAR slot 1/inst 1 and slot 2/inst 1 and slot 3/inst 1
[code]....
View 3 Replies
View Related
