I was reading a QoS walkthrough earlier to try to solve my problem and I noticed that in IOS, you can specify "match vlan" in a class map. This is not available in NX-OS. I'm not doing any routing on the 5K so I cannot match on ACL, and port where traffic is received is a trunk sharing other types of traffic I'd like to classify elsewise.
How can I match traffic on a per-VLAN basis?
I have a couple of Nexus 5ks that I want to put QOS on for the servers running behind it but also have voice running across it. Voice doesn't play well with jumbo frames so I'd like to put QOS only on the voice vlan.
View 1 Replies View RelatedI am working in my lab and I was adding a new L2/3 vlan
vlan 555
name test
int vlan 555
ip address 1.1.1.1/24
no shut
I have also ensured that this vlan is added to the port channel going to my Nexus5K's. I added the vlan to the 5K's and also ensured that vlan 555 is traversing the peer link. all is good there. I have also placed a device on a interface on the 2k as a access switchport on vlan 555
Here is my problem, the L3 interface will NOT come up on the 7K
LAB-DSW01# sh ip int brie
IP Interface Status for VRF "default"(1)
Interface IP Address Interface Status
Vlan555 1.1.1.1 protocol-down/link-down/admin-up
I have gone throug just about everything I can think of and I am still unable to get this L3 interface to come up. I have other L3 interfaces on this device that are configured exactly the sameway without any issue at all. All the existing interfaces are working properly, it's jut this new interface that I am trying to add.
I am running version 6.0.1 on the 7K and 5.2.1.N1.4 on the 5K.
Can nexus 5010 supports inter v lan routing , as there is no core switch and router available in current network.
View 2 Replies View Relatedyou find attached my network architecture with 2 Nexus 7010 on core layer and 2 Nexus 5020 on distribution layer, each one with 1 N2148T fabric extender switch. PC-A1 and PC-A2 are connected to one N2148T, PC-B1 is connected to the other N2148T. Nexus-7000-1 is HSRP Active for all VLANs, Nexus-7000-2 is HSRP standby. PC-A1 and PC-A2 are connected to VLAN A, PC-B1 is connected to VLAN B. PC-A1 and PC-A2 have the same default gateway correspondent to IP HSRP on VLAN A. It happens that PC-A1 is able to ping PC-B1 while PC-A2 is unable to ping PC-B1. If I issue a traceroute from PC-A2 I see Nexus-7000-2’s physical IP address as the first hop even if Nexus-7000-2 is HSRP standby. After the first hop the traceroute is lost. If I shutdown Port-channel 20 on Nexus-5000-2, PC-A2 starts to ping PC-B1.I can’t understand what’s wrong in this architecture.
View 6 Replies View RelatedI am seeing an issue that after deleting/recreating one of the VDC in Nexus 7K, VLAN is not been able to be configured within the VDC although it is not actually a reserved VLAN. Could it be anything missing in the license installation? the version of the image is NX-OS 6.1.2
StorageVDC(config)# vlan 100
^
invalid vlans (reserved values) at '^' marker.
I have the need for private vlans in isolated mode to backup some hosts on a secured network. We are using Cisco Nexus 5020 with the fex 2148 for copper-ports - and I tried to implement this setup: [code]
The Cisco Nexus 2000 Fabric Extender does not support PVLANs over VLAN trunks used to connect to another switch. The PVLAN trunks are only used on inter-switch links but the FEX ports are only meant to connect to servers. Since it is not a valid configuration to have an isolated secondary VLAN as part of a Fabric Extender port configured as a VLAN trunk, all frames on isolated secondary VLANs are pruned from going out to a FEX.
the "only" limitation should be the trunk option - but as far as I can see from the output from my nexus this is not correct .We are running NXOS: [code]
I am not able to create more than 256 VLAN in Cisco Nexus 5010 switch. While creating I am getting "No VLAN resources available for VLAN creation" Details below -
Switch model - 5010
Software : NX OS 4.0 (1a)
Error Message:
Nexus_5010(config)# vlan 417
ERROR: No VLAN resource available for VLAN creation.
I have 2 NEXUS switches in VPC. When I create/delete a VLAN gets updated in the same switch, but the VLAN information does not get propagated to the neighboring switch. Revision number remains the same even if I modify the VLAN. Had also tried changing the VTP status to transparent mode & reverting it to client mode but no luck.Have double confirmed on the VTP domain names & password. However the same setup in different location which works perfectly fine.
View 1 Replies View RelatedI currently have two Nexus 5548UP switches in my environment running the latest code (n5000-uk9.5.1.3.N1.1a.bin). Both of these switches are connected via a VPC Peer Link (two ports on each switch in an Ether Channel) and a VPC-Keep Alive Link (a dedicated port). Hosts connect to each switch via a VPC for both IPV4 and FCOE.
As of right now, everything works. I currently have a stack of two 3750 switches that each Nexus is connected to. This stack is doing all the Intra-VLAN Layer 3 Routing for the Nexus Switches. However, I plan to get rid of the 3750s, and move the Layer 3 Routing the Nexus 5548's, so the backplane is 10 Gig instead of 1 Gig.. I have the Layer 3 Daughter Card installed in both switches, as well as the LAN_BASE license.
So, at the moment, I am trying to find the best way to accomplish Layer 3 Routing on these two switches. Since the Nexus switches are not stacked, and the FCOE portion of HA is taking care of by the Multipathing agent on each host, I believe am just concerned with providing Intra-VLAN routing in an HA build where if one switch goes down, VLANs still route through the other switch.
Again, since the Nexus switches are not stacked, I am guessing the best way to handle this is with HSRP, but my experience with that has always been with routers that have a switch in the middle. Can I make HSRP work without having a switch between the Nexus switches? Can I track the VPC peer link, or how do I do it? I guess I am looking for a sample config.
Let's pretend I had two VLANs:
VLAN 20:
10.20.20.254 - GW and 10.20.20.0/24
VLAN 40
10.40.40.254 - GW and 10.40.40.0/24
And I wanted the Nexus switches to route these VLANs regardless of which switch was up / down..
Yesterday I configured the 7010 Nexus switch. I created a VDC and allocated few ports and configured VLAN for testing. After enabling feature interface-vlan i was allowed to configured L3 interface for the vlan. I assigned ip address and connected few server to check the reachability but it says Destination Host Unreachable.
NX OS Ver : n7000-s1-dk9.5.2.4.bin
Configuration of the VDC below.
feature telnet
feature udld
feature interface-vlan
feature lacp
[Code]....
Having problem pinging from Host A on ESX1 to Host B on ESX2. Each host are assigned the same port-profile. If I put 2 host's on the same ESX machine using the same port-profile, they are able to ping each other.
n1kv-vsm# sh port-profile name xxx-prod-40port-profile xxx-prod-40 description: type: vethernet status: enabled capability l3control: no pinning control-vlan: - pinning packet-vlan: - system vlans: 1 port-group: xxxl-prod-40 max ports: 32 inherit: config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown evaluated config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown assigned interfaces: Vethernet3 Vethernet4
System-uplink profile is trunking all vlans.
I'm trying to change a vlan on a port-channel but I am getting this error when I apply the change:" error: command is not mutually exclusive",I have done this in the past but I cannot remember exactly what I should type to apply the change.
View 2 Replies View RelatedWe recently extended our access layer using a pair of 5ks with extenders. We have a pair of 6509s at our core and they handle the intra-VLAN routing with SVIs. I recently noticed that access hosts connected to the extenders cannot pass traffic between each other if they are in different VLANs. The strange thing is these same hosts can ping devices in other VLANs as long as the other devices are not connected to the 5k environment.
For example, consider the following hosts. Each host has their gateway set to the appropriate SVI on our core.
HostA - VLAN100 - connected to 5k extender
HostB - VLAN200 - connected to 5k extender
HostC - VLAN100 - connected to 2960 off our core
HostD - VLAN200 - connected to 2960 off our core
Each host can ping each other with the exception of HostA and HostB. As for specifics, we use HSRP (no VSS) between our cores.
When I ping between hostA and hostB, I see the egress packets on either 5k1 or 5k2. I then see ingress AND egress on Core1. There are no ingress packets on 5k1 or 5k2.The egress packets from Core1 show the correct destination MAC address of the target host. The mac address table shows the mac address on po31.
I have defined a trunk between a nexus 5k and cat 3750 as a pvlan trunk - now I would like to add redundance and performance and tried to establish a vpc between my par of nexus's and the 3750 stack - but the nexus tell me that the port-channel doesn't support pvlan's - and then - ehh - do I get any benefits of running the trunk as a pvlan trunk at all?
interface Ethernet1/4
switchport mode trunk
speed 1000
switchport private-vlan trunk allowed vlan 550-552
switchport private-vlan mapping trunk 550 551-552
[code]...
I am trying to configerate static switchports on our nexus 5548 (nx-os 5.1(3)N1(1)) over snmp.The support-list url... states that the CISCO- VLAN- MEMBERSHIP- MIB is supported.I can read the information, but if i try to set vmVlan or vmVlanType i get the message: "SET failed. ("ip-address"). Information: Not Writable."I can use set_request in general (e.g. CISCO-CONFIG-COPY-MIB). how to set the vlan and vlan-type over snmp?
View 3 Replies View RelatedWe are currently using two Nexus 5548UP's as our Datacenter Network Core. I have a pretty simple objective: I would like to enable Jumbo Frames on a single VLAN only(VLAN 65). This VLAN is used strictly for backups. I do not want to enable Jumbo Frames on the other VLANs(VLANs 1-10). Im not sure what the best way to do this is.....or if it is even possible but I am hoping to get some configuration examples.
View 7 Replies View RelatedI'm not sure if I'm missing something basic here however i though that I'd ask the question. I recieved a request from a client who is trying to seperate traffic out of a IBM P780 - one set of VIO servers/clients (Prod) is tagged with vlan x going out LAG 1 and another set of VIO server/clients (Test) is tagged with vlan y and z going out LAG 2. The problem is that the management subnet for these devices is on one subnet.
The infrastructure is the host device is trunked via LACP etherchannel to Nexus 2148TP(5010) which than connects to the distribution layer being a Catalyst 6504 VSS. I have tried many things today, however I feel that the correct solution to get this working is to use an Isolated trunk (as the host device does not have private vlan functionality) even though there is no requirement for hosts to be segregated. I have configured:
1. Private vlan mapping on the SVI;
2. Primary vlan and association, and isolated vlan on Distribution (6504 VSS) and Access Layer (5010/2148)
3. All Vlans are trunked between switches
4. Private vlan isolated trunk and host mappings on the port-channel interface to the host (P780).
I haven't had any luck. What I am seeing is as soon as I configure the Primary vlan on the Nexus 5010 (v5.2) (vlan y | private-vlan primary), this vlan (y) does not forward on any trunk on the Nexus 5010 switch, even without any other private vlan configuration. I believe this may be the cause to most of the issues I am having. Has any one else experienced this behaviour. Also, I haven't had a lot of experience with Private Vlans so I might be missing some fundamentals with this configuration.
I understand the vlans on the catalyst side of the house on 2900 to 6500 Catalyst switches.
This 7010 running nx-os 5.1(3) I did not setup, but have to manage it. Hasn't really been a proble till now.
My nexus 7010 has a Layer 2 only vlan 11. It is "Active" but the interface is "shutdown". Yet, it is passing traffic across the directly connected ports on the nexus 7010 and to other switches in my network. Vlan 11 is being set out via VTP to all my switches and things are running fine.
I need to create another L2 only Vlan. I can't seem to find any docs that indicate that a Layer2 vlan Interface on nx-os should be in "shutdown" mode as part of the setup. I do see in the docs where it has to be set "Active" as part of the process.
Is this the correct way to seutp a L2 only vlan on nex-os? Leave the interface in "shutdown" but make it "Active"?
Mystery Vlan 4 and 6
The mystery deepens. I have other L2 vlans ,Vlan4&6 that are NOT defined as "Interface Vlan4" in the nexus config, yet it is applied to GigE ports on the nexus and these Vlans 4/6is also being sent out VTP to all switches. Even weirder is that these vlans have names associated with the numbers. These are valid Vlans that were configured on the old 6509 before the Nexus was installed.
I have checked all switches, NONE are running in Server mode for VTP, all are in CLIENT. The nexus 7010 is the only device running in VTP Server mode.
We are facing issue of continous packet discards On nexus4001L link (int po2) to Nexus5020 switch. Nexus4001L is installed in IBM blade center server and we have FCOE enabled in this setup. [code]
View 2 Replies View RelatedI have been tasked to replace the existing Cat 6500 and 3750 switches by Nexus 7000 and Nexus 2000.I was told initially my boss plans to get 2 x Nexus 7000 and then eventually blow up to 4 x Nexus 7000s.For Nexus, is there a list of tasks / points that i need to consider for building the initial design?
Can i just link the Nexus 7000 like the following?
N7k-A ========= N7k-B
| |
lots of N2ks lots of N2ks
Struggle to find the SNMP MIBS of the Nexus 5000 FEX tranceivers.
View 3 Replies View Relatedwe are planning a Nexus datacenter project with this layout:Our experiences with Nexus switches are not so large until now and the manuals are very extensive.Both N5K´s should be connected directly with all 4 N2K switches. I did not find a layout like this in the manuals. Only a design,where only 2 N2K are connected to one N5K, with this fex config:Now I´m not sure if it is right to make a config like this with the same slots and fex´s or with different slots and fex´s.
View 1 Replies View RelatedBetween our hosting and a customer we have an extended vlan, traveling on a fiber, between two cisco 3560 switches.The thing is, that we want to create one or more vlans inside that extended vlan, in some way if possible?
View 3 Replies View RelatedI have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
i need to solves this little problem on 2960S lan BASE but i dont know if it is possible.
Uplink port config for gi 1/0/28 is:
switchport mode trunk
switchport trunk alloved vlan 10,11
but on interface gi 1/0/1 i want to have data from vlan 10 tagged as VLAN 20.
At this time i have solved this issue very primitively
I have set up gi 1/0/2 as int mode acces, acces vlan 20 and i have connected gi 1/0/2 with gi 1/0/3 with eth cable. int gi 1/0/3 is switchpor mode acces, switchport acces vlan 10
I have a 3750G switch in my production network that only has VLAN 1 on it. All ports are in a default state and VLAN 1 is disabled. The switch is passing traffic but shouldn't having the default VLAN shut down cause the ports not to pass traffic? If I start to create VLANs will that cause the switch to stop passing traffic?
View 4 Replies View RelatedI am trying to setup a L2tpv3 VLAN-to-VLAN tunnel.My setup has two Cisco 890 router with Cisco IOS Software version 15.0(1) M4. These routers are connected directly on FastEthernet port 8.
One linux machine is connected on FastEthernet port 0 on each router. The two linux machines are on same vlan. I am trying to establish a vlan-to-vlan tunnel between the routers and send traffic between the linux machines.
I followed the case study 11.4 from [URL] and configured the l2tp-class and pseudowire-class. However, the vlan interface configuration is different on 890 router.
I configured a vlan interface as follows.
(config)#vlan 200
(config)# interface FastEthernet 0
#shutdown
#switchport access vlan 200
(config)# interface vlan 200
I don't see the 'xconnect' command in this context. What's wrong with my configuration?
We have a low bandwith (15-20 Mbit/s) to the ASA from our Client vlan. If i connect the Client to the same vlan as the ASA is, the bandwith (90 Mbit/s) is good.
Here are the Layer 3 Design:
Client -> vlan 2 - Switch - vlan 7 -> vlan 1 - ASA 5505 -> ISP
The Layer 2 Design:
Client -> Gig2/0/13 - Switch - Gig4/0/43 -> Eth0/1 ASA5505 -> ISP
IP Address:
Client: 172.16.2.10Vlan2: 172.16.2.1Vlan7: 172.16.7.1ASA: 172.16.7.2
I assuming the switch has a problem with routing ?It is a stacked Switch with following members:
switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-24tsswitch 3 provision ws-c3750g-24tsswitch 4 provision ws-c3750x-48
And we have following error message in the log from the switch:
%PLATFORM_UCAST-4-PREFIX:
One or more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded I first get the idea that the switch is overloaded with router traffic. Thats why i assuming i have to check the sdm templates, but i'm not sure if this resolves the issue.
Here are the relevant config:
ASA Interface on the Switch:
interface GigabitEthernet4/0/43description ASA-inside LANswitchport access vlan 7switchport mode accessspanning-tree portfast
Client Interface on the Switch:
interface GigabitEthernet3/0/1switchport access vlan 2switchport mode accessswitchport port-securityswitchport port-security aging time 2switchport port-security violation restrictswitchport port-security aging type inactivitymacro description cisco-desktopspanning-tree portfastspanning-tree bpduguard enable
[code]...
Does the nexus 7010 support virtual switching yet? All of the posts I have found from about a year ago say that it is going to be supported, but there were no dates listed. I heard the same thing from Cisco a while back, but haven't followed up with it.If it is supported finally are there any configuration guides available for it?
View 7 Replies View RelatedLucien is a customer support engineer at the Cisco Technical Assistance Center. He currently works in the data center switching team supporting customers on the Cisco Nexus 5000 and 2000. He was previously a technical leader within the network management team. Lucien holds a bachelor's degree in general engineering and a master's degree in computer science from Ecole des Mines d'Ales. He also holds the following certifications: CCIE #19945 in Routing and Switching, CCDP, DCNIS, and VCP #66183
View 1 Replies View RelatedWe have our Nexus as our default gateway (101.1) and the default VLAN1 is setup with two subnets 101.X and 102.X. The DHCP server is using a superscope setup to accomodate the overflow of devices requesting IPs on 101, so when 101 is consumed persons are able to obtain a 102.X IP address. The setup is basic on superscope. The issue is some times the routing to the firewall with a 102.X is not always 100%. Somedays all goes well and the 102 subnet is routed out to the firewall and its a good day. However, such as today a 102.X address is not routing as it did 24 hours ago. I am perplexed as to why this is behaving unpredicatable. Here is running-config for VLAN1 to show the 102 as secondary address to VLAN1.
View 2 Replies View RelatedI have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.