Cisco Switching/Routing :: RSPAN Configuration In Nexus 7009 Switches
Jan 19, 2013
We have Nexus 7009 switch and want to configure the span session
We are using F2 and M2 card both are in seperate differeent VDC.And out server is connected to M2 card on eth 4/6 and want to monitor the traffic from vlan 161Which is made on F2 card.
we've been using IOS for a long time, but are relatively new to NX-OS. We've got a central syslog server that all our devices log to. No matter what we do, we can't get our Nexus switches to log there. Here's my current attempt:
Nexus 7009, NX-OS 6.0(1)
# sh logging server Logging server: enabled {redacted} server severity: debugging server facility: local7 server VRF: default
[code].....
The default VRF is working. I see log entries in the logfile, but nothing arrives at the syslog server. It's not a config issue on the server, because tcpdump shows that no packets arrive from the IP for loopback 0.
3750 Stack (Voice gateway for phones configured on the 3750 and has a VPC nexus) + + + + + + (Nexus5596) ++++++++++ (Nexus5596) (Gateway for all other vlan like PC / servers / etc) + + + + + + 3750x access layer (VPC to Nexus) [CODE].....
I need to upgrade my core switches at one of our locations (two 7009s with dual sups) from 6.0.1 to 6.1.2. After looking through the release notes it appears that this will be a disruptive upgrade?how long should I expect for the disruption? Are we talking a 7009 boot cycle (10 - 15 minutes) or something longer?How many disruptions can I expect? I suspect 1 per chassis during the failover to the standby but I'd like to validate.Is there any compelling reason to upgrade the EPDL? From what I can see, again from the release notes, this is only necessary with F2 cards if I were to upgrade to Sup2s . I'm in a healthcare environment and this upgrade will be affecting one of our major campuses so the more info I can get to the managers the more accepting they will be for the disruptions.
I need to figure out the max power consumption of 7009. The issue is, at this point i am not sure what modules will be used, so just to give an estimate, how we calculate the max power consumption of nexus 7009 ?
the phone connects to the 3750-A access layer switch (VTP mode client) which connects to the nexus 5596 (The nexus is the layer 3 device and set to vtp mode server) and finally we have a Voice recorder that connects to another access layer 3750-B switch.(VTP mode client)
For voice recording I need to setup RSPAN and the nexus5596 does not support RSPAN will the following have any impact on the nexus
IF I move the 3750-B to VTP server mode and run the command remote span on the VLan I need to Rspan its going to update the VTP data base in short it will update the vlan.dat file for all the switch in that VTP domain.
AS the vtp update reaches the nexus saying there is a change (keeping in mind the nexus does not support rspan not sure hows its going to handle that request and how its going to update its vlan.dat file)
Is it going to incremment the VTP revision number? can it crash the vlan.dat file on the nexus ? or do nothing and ignore the update and stop the update from proceeding to the 3750 A switch?
We are migrating from Catalyst 6509 IOS platforms to Nexus 7009. There's the normal differences in commands which is well doucumented. We do have some quite large files containing ACLs varying from 10's of lines to several 1000's of lines. Our normal upload would be done using tftp and then issuing the command 'conf net' on the the 6509. This is no longer the way to do this on NX-OS. I've tried copy ftp: running-config which works fine for small files but for big ones it takes a long time, in some cases I've see it takes 20-30 minutes. The initilal tftp uplaod to the 7009 seems OK but the copy into the running-config is the bit that takes time and initially I thought I'd killed the 7009!! It did finally come back to the prompt. Are the 7009's simply not designed for large ACLs? I did try the configure session (Session Manager) but I couldn't see a way of uploading a file. I tried creating a new session and then exiting it, copying in a file of the same format and then commiting it but it didn't seem to acknowledge the file (checksum?).
I wanted to know that in nexus 7009, can i use mix of F2/M1/M2 series line cards ? will they work with each other ? Lets say i have F2 line card and M2 line card, will servers attached to them will communicate with each other ?
We are looking to deploy two Nexus 7009 cores at our two datacenters. They are approximately 2 miles apart. We are hoping to have 10G Dark Fiber between the buildings and therefore dedicate a pair for FCOE between the cores using 10G Long Range SFP's. I read that the Nexus 5000 series had a limit of ~3 km for FCOE. Does the same hold true for the 7000 series? I thought I read somehwere that the buffers were larger on the 7000 series and therefore would be able to do ~30 km.
I wanted to know if any has the Nexus 7009 chassis installed into a 600 wide rack with the sides fitted and if they are experiencing heat issues?
My client will be replacing their aging 6509 chassis with 7009 devices, but the physicals dont tally with the install guidelines for the 7009 series chassis. The current install of the 6509s does not tally with the recommended install guidelines for those either, but they have not expereienced any heat issues...
The 7009 will be fitted with 2xSUP2E, 3x48portSFP-F2E cards and 2x10GSFP-M2 cards with 2x6K PSUs. I am genuinely concerned they may cook these devices, but space restrictions look like vetoing the upgrade to 800 wide racks. Likewise moving to 7010 chassis may prove tricky due to existing other installs within the racks limiting vertical space.
We've gotten two Nexus 7009's in and I'm starting to configure them when I found I couldn't add VDCs. I found there was no license installed but the only licenses I found that came with them are "Cisco DCNM for LAN Enterprise Lic for one Nexus 7000 Chassis". So my question is this - do I need to configure a DCNM server to get the license pushed to these two 7009s or should there be another PAK for each chassis that I can register and get my enterprise services?
I have a question about RSPAN, is this feature only supported on 6500 and 4500 switchs?
we have 2 3560 switches and want to use RSPAN to monitor different source ports.I checked thorugh the cisco feature navigator and the IOS we have on 3560 has the RSPAN fature listed in them.
Is there any challenge to upgrade core switch 6500 series from Nexus 7009 which runs NxOS, because i have 3750X series switches connected at distribution and access layer in my network topology??
Is there any challenge if we place NxOS in core and IOS in distribution and Access layer??? how we are able to match sh run config in existing 6500 switch to Nexus 7009 NXOS?
I have a nexus 7009 that used to work connecting via SSH. However now I cannot connect to it via ssh. It appears the SSH is connects but doing a show users from the console shows nothing connected other than the console connection.
We have Nexus7009 at client network but due to limitation of Nexus switches that they can not be directly integrate Nexus with RSA so client has purchased cisco ACS for the AAA. We are able to do the authentication and authorization via ACS.However clients wants to further integrate the ACS with RSA so that authentication should happen via RSA and authorization should happen ACS. Is that possible ? if yes, how can i configure the ACS ?
We are trying to configure RSPAN at one of our sites in order to record voice calls using CallRex. We have it working successfully at another site using RSPAN (smaller site with 4x 3560 PoE switches), but when trying to set it up at this site, it causes "instability" for the voice network to say the least (some phones display one-way audio, UCM down message on the phone...not good). The calls are actually recording successfully on the CallRex server, but we cannot leave the RSPAN config in place due to the issues it causes. As soon as the RSPAN commands are removed, everything behaves normally. Here is the relevent config:
The config is pretty stright-forward, but as mentioned above, is causing major problems when turned up.CPU / memory levels are normal. Nothing shows up in the sh log on either the Edge or Core switches.
I have setup my radius server access on the Nexus but am unable to authenticate through putty. If I do a radius-server test on the Nexus it says I authenticate. Here is the log I am getting.
2012 Mar 14 16:03:21 switch-a %AUTHPRIV-4-SYSTEM_MSG: pam_unix(aaa:auth): check pass; user unknown - aaad
I have followed every piece of cisco documentation I could find on this and I still can't get vPC configured to actually work. The VLANs stay in a suspended state so no traffic flows across. Below is my configuration:vrf context management ip route 0.0.0.0/0 10.86.0.1vlan 1,vlan 86 name I.S_Infrastructure,vpc domain 1 role priority 1000 peer-keepalive destination 10.86.0.4,interface Vlan1,interface Vlan86 no shutdown description I.S._Infrastructure ip address 10.86.0.1/24,interface port-channel1 switchport mode trunk vpc peer-link spanning-tree port type normal,interface Ethernet1/1 switchport mode trunk channel-group 1 mode active,interface Ethernet1/2 switchport mode trunk channel-group 1 mode active ,interface Ethernet1/3,escription Connection to Mgmt0 switchport access vlan 86 speed 1000.
I am seeing an issue that after deleting/recreating one of the VDC in Nexus 7K, VLAN is not been able to be configured within the VDC although it is not actually a reserved VLAN. Could it be anything missing in the license installation? the version of the image is NX-OS 6.1.2
I would like to know if the power the Nexus 7K allocates per module is configurable?For example, we are only using the 8 didicated ports on our N7K-M132XP-12 card. The Nexus budgets 750W for the module, but given that we will only ever use 8 of the 32 ports we would like to allocate the remaining power elsewhere.
We have two Nexus switches in our network, one of them is Nexus5020 other Nexus5596UP. System image is identical on both switches 5.2(1)N1(4). When we try to setup VPC between these switches we see that all configured vlans on VPC peer link between Nexus switches are blocked by spanning tree protocol with message "Bridge Assurance Inconsistent, VPC Peer-link Inconsistent". We still can't solve this problem.
Topology:
NEXUS_5020---Peer_link(Po2)---NEXUS_5596UP
/
/
Member_link (Po100) Member_link (Po100)
/
/
SERVER
Configuration:
NEXUS_5020: speed 1000 interface Vlan2000 no shutdown description VPC_keepalive_link vrf member VPC_kepalive ip address 10.55.55.2/30
I am looking to implement a QoS policy on a pair of Nexus 5548 UPs. FCoE is a factor here. I have created the following configuration and would like to get a few pairs of eyes to take a look at this for a quick sanity check.
How to make sure this config is valid. Also, I realize I'm applying an MTU of 9216 to all classes right now, this will be phased out incrementally.
class-map type qos match-all class-platinum match cos 5 class-map type qos match-all class-gold match cos 4 class-map type qos class-fcoe match cos 3 [code]....
I have a RSPAN session configured between a Cisco 3750 and Cisco 2950 switches and I dont see the traffic I am expecting to see on the destination port. I only see broadcast traffic .. HRSP hellos etc. Below is what I have configured on both switches.
we want to record voip telephone?Presently im using wireshark on a laptop to test the rspan session
Here is how it's configured
CORE_SWITCH is Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 28 WS-C3750G-24TS 12.2(52)SE C3750-IPBASEK9-M 2 52 WS-C3750G-48TS 12.2(52)SE C3750-IPBASEK9-M
[code]....
Ive created the vlan 33 on my core switch and remote SPAN VLANs 133 Core switch is vtp server so i double checked on all switch and vlan 33 and 133 are present When i listen to conversation with wireshark we are only recoding voice of the one who is answering and we don't hear the other person talking?
I have a Cisco Nexus 3064 that I am using as part of a flat network for the Lab. I have 30 Virtualization Servers(MS HyperV and VMware vSphere) connected to this switch and I want to enable jumbo frames. The Virtualization Servers are able to ping the local VM's using 8K bytes. However I am unable to ping from server to server using 8K bytes. I have configuration (in abbreviation). All the servers are in the same network which I configured as L2 ports with the "switchport" command. However, the interface "MTU" command is unavailable in L2 mode. I am only able to get the interface "MTU" command only in L3 mode with the "no switchport" command on the interface.
# int eth1/2-45 # no switchport # mtu 9216 # no shut
I can ping the servers with less than 1500 bytes, but anything larger fails.
What is the purpose of these default configuration lines? What do they mean? I can't find an explanation of them anywhere. I believe some are written to the config when FCoE is enabled..
I would like to know exactly what they are doing.
class-map type qos class-fcoe class-map type queuing class-fcoe match qos-group 1
I have two 5548s as core. 8 FEXs are multihomed (advanced vPC topology?) to both the cores.Suppose, I have to configure a bunch of ports on the FEXs, say Eth101/1/10 - 20. I would login to the first core and apply the configs.
My question is - do I have to do the same on the second core also? Or would the first core replicate the stuff to the second core? I know about port-profiles/CFS and such. But, without that would it automatically sync to second core?
For testing purpose, I went to Core 1 Eth101/1/10 and put a description "TEST". Wrote the config. After 5 minutes logged into second core and did show run Eth101/1/10. But, the description "TEST" didn't show up there.
Also, doing sh run on any FEX port is faster on one of the cores and very slow on second core... all the FEXs have 20 GB uplink to core 1 & 2 (so total 40GB in vPC, max pinning 1)
I've been asked whether we can use HP-branded 10G SFP+s (P/N 455885-001) in Nexus 2Ks to provide 10G connections to HP C-Class enclosures. We've used HP-branded twinax, and Cisco-branded SFP+s and twinax, but we have a raft of HP 10G SFP+s sat in a store room gathering dust and now we want to save some money by not having to buy the Cisco parts to match.
We have a vPC cluster of two Nexus 7009 that needs to be connected with a VSS cluster of two Catalyst 6509s. The VSS has been working fine for a while and the vPC cluster is new equipment.
Attached there is a detailed diagram of the connections; the VSS cluster connects the interfaces Ten1/2/8 and Ten 2/2/8 using the PortChannel 28 going to the the vPC cluster to the interfaces Eth 4/18 of each switch.
Both the vPC and the VSS are well configured; last night we tried to brought up the connection between the two clusters but only the first interface comes up within the etherchannel; the secondary one did not come up and shows (not receiving LACP packets).
We know Layer 1 is fine because if we remove the interface from the EtherChannel it does come up; but causes some STP loop and bring the network down; thus the solution is to form a EtherChannel.
At the VSS Clúster we see LACP packets being sent with sh lacp counters but we DO NOT see LACP packets being received in the interface of the secondary Nexus.
Right now, this is not possible to troubleshoot since it is a production enviroment; so I'm looking for problems with the configuration or recommendations to follow in order to apply them tomorrow night during a new maintenance window.
This is regarding CISCO logging configuration.We palnned to implement enable logging on all the cisco nexus switchs.we are running HP arc sight in our DC this device monitor all the CISCO devices.We want to enable logging with this Arc sight device.Just I would like to know about config commands for Nexus device, what is the command to enable logs which is include "who is login & logout?, interface down information?,who was did conf t ? & every logs"
