Does one can use a Vacl to monitor network traffic on a nexus 3064 much like you can on the 6500s? If so, any performance tradeoffs or caveats to be aware of ?
View 2 RepliesI want to bring up 40G interface between two nexus 3064 over the fiber but it's not coming up. Have configured the switch for 48*10G and 4*40G. I'm using QSFP on both the switches, OM3 straight fiber cable with MPO connector. The interfaces are not coming up. Notably, it comes up with Coax 3M cable. So it's fine with coax but not with fiber.
View 2 Replies View Relatedi would like to monitor traffic between multiple source ports to multiple destination ports on a nexus 7k. i lknow when you set up monitor session is between source and destination (laptop or traffic analyser) but is there a way i can set up between source and multiple destination ports and capture that traffic ?
View 3 Replies View RelatedI have a Nexus 3064 which is not recording source MAC addresses after a successful ARP. The switch is then flooding the entire vlan with unicast traffic.
The config is a boring single VLAN. One port (48) is going to a 6509. Not as a trunk, just extending the VLAN. There are SVI's on both switches. the default route for the Nexus users is the 6509's IP.The switch was basically, pulled out of the box, setup a single vlan(with jumbo frames) andan SVI, then plugged in the users. Nothing special.
I have a Cisco Nexus 3064 that I am using as part of a flat network for the Lab. I have 30 Virtualization Servers(MS HyperV and VMware vSphere) connected to this switch and I want to enable jumbo frames. The Virtualization Servers are able to ping the local VM's using 8K bytes. However I am unable to ping from server to server using 8K bytes. I have configuration (in abbreviation). All the servers are in the same network which I configured as L2 ports with the "switchport" command. However, the interface "MTU" command is unavailable in L2 mode. I am only able to get the interface "MTU" command only in L3 mode with the "no switchport" command on the interface.
# int eth1/2-45
# no switchport
# mtu 9216
# no shut
I can ping the servers with less than 1500 bytes, but anything larger fails.
I have a lot microbursts in my network and i looking 10G switches with big buffers. Which models have biggest buffers ? I think about 1-2U (nax 4U) switch with up to 60-100 10G ports. Something like nexus 3064 (he has only 9MB shared buffers AFAIK). Besides deep buffers i need also:
- trill or another ethernet ring topology like erps,eapsv2,
- Multi chassis LAG,
- virtual routers, policy routing
- dcb
- 40G interfaces will be plus
We have a Nexus 7018 with NX OS 5.2(1), and we were trying to understand somehow the steps to do a VACL, we know that in IOS it would be:
interface GigabitEthernet9/33
description Puerto. Captura
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 19,20
[Code]...
rsbd7k01-p-vdca(config)# monitor session 2
rsbd7k01-p-vdca(config-monitor)# source vlan ?
<1-3967>
rsbd7k01-p-vdca(config-monitor)# source vlan 1 - 3967
ERROR: vlan 33-3967: Number of source vlans exceeds maximum
rsbd7k01-p-vdca(config-monitor)#
Both regular IP traffic and ICMP traffic are passing through the source port. C6509 provides the option of filtering vlan traffic during monitoring. But I don't have vlan traffic.
qa-c6509-c(config)#monitor session 1 filter ? vlan SPAN filter VLAN
So I applied an access-list which only allows icmp traffic to be sent out of the monitoring port. But it does not work.
I was previously using SDM for our Cisco 2811, and this past week installed CISCO Configuration Professional so I could have access to a bandwidth/traffic monitor.
I have successfully started the monitoring service and monitored traffic from within CCP, but it appears that if I turn off the computer I am using to monitor the traffic, it stops collecting data until I start CCP and the monitor up again.
Is there a way (maybe with IOS console commands) that I can have the monitor always running, so I can pull up, say, a week's worth of info at any time? Leaving the computer on all the time is not an option, and currently I have only a few days of data, then a big empty chunk, and then what I have collected since I started it back up today.
I have a switch 4948, with version 12.2.31.sga4 ( I dont found bug about monitor session) and we try to made port mirroring with a monitor session from a VLAN and port belong at this VLAN have traffic input and output, but in the destination port, I always see it output traffic..
Global command
Red-127#sh run | in moni
monitor session 1 source vlan 1127
[Code].....
I have switch Cisco 3560 and I would like to filter multicast traffic. Short explanation. This are multicast addresses from provider on VLAN 888 :
I expect that streams from acl Streamfrom888 will be dropped and the rest of streams will be forwarded. Unfortunately traffic from all streams passs through.how to configure VACL or where in my configuration is mistake?
regarding QOS on Nexus 7000. Our Nexus 7000's form a collapsed distribution/core layer, our access layer switches are are a mixture of Cisco 3750 & Cisco 4507. 3750 switches will connect to Nexus switches via 1Gb uplink, 4507 switches will connect via 10Gb uplinks. Each Nexus will be connected via 20Gb port channel, all servers connect to the Nexus switches via 1Gb links. We're implementing a new telephone system soon which will be using VOIP so I need to configure the switches to perform QOS. The IP phones will mark the RTP traffic with DSCP value EF and call signaling traffic CS3. I'm fine configuring qos on the access layer switches, its just the Nexus switches which I'm not sure about.
Do I actually need to configure any QOS parameters on the Nexus switches so they will prioritise the VOIP traffic. If my understanding the Nexus switches will trust the DSCP values and assign the traffic to the relevent queues?
Just for information VOIP is the only traffic I will be marking QOS values
Is there a way to configure a VACL capture on 3560-x, we need more than 2 SPAN sessions. Feature navigator indicates that this feature is supported but it seems like it's not implemented in the IOS yet.
View 1 Replies View RelatedI´m facing to one issue with VACL. i have a network lan with 10.40.X.X/16 . in this network i have a Production v LAN 10 with 10.40.10.X/24 and i have created one vlan103 for Guest´ user as 10.40.103.X/24
My goals is to restrict the v LAN 103 to reach or access the v LAN 10, better to restrict Guest user access to the production v LAN. So i try to put this script with VACL method, but does n´t work.
Extended IP access list Restriction-Guest
10 permit ip 10.40.103.0 0.0.0.255 any
vlan access-map Guest 10
action drop match ip address Restriction-Guest
vlan filter Guest vlan-list 10
After that i still able to ping or access to the v LAN 10 form v LAN 103.
i have a catalyst 3750, in this switch i have 3 vlan, i need to secure trafic between vlans but im confused ,should i use ACL or VACL to secure ?which is the best ?if i use ACL to secure and limit ports between vlan, which is the best practice to apply the acl ( on th inside or outside of interface)
View 2 Replies View RelatedI have used stack wise 3750 for a long time. Now,I have a new stack of 3750. Both of them are trunking together. If I have a VACL running in the old stack, do I need also implement in the new one.
View 1 Replies View RelatedSo I took a laptop with wireshark and plugged it into a nexus 5000 port that is configured as a trunk with 3 vlans allowed on it. The laptop was seeing all kinds of traffic on the wire, most of it was not involving my laptop.
For example: Server A VLAN 10= 10.10.10.1 Server B VLAN 20= 10.20.20.1 and wireshark laptop is plugged into a trunk port which is allowing those vlan's. The vlan's are routable.
10.10.10.3 is seeing the entire conversation when 10.10.10.1 backs up 10.20.20.1 even though it has no reason to see it. It is as if the trunk is spanning traffic to the laptop port. No span is setup however. It's really weird. This is not just broadcast traffic, but actual tcp taffic between Server A and B. Why would a trunk port see traffic between 2 other servers talking to each other on the vlan.
Trunk port configuration below:
Interface Ethernet 141/1/3
switchport mode trunk
switchport trunk allowed vlan 10, 20
Can 10Gbase SFP+ module support 1GB traffic on a Nexus 5596T.
The module for 10Gb is Cisco SFP-10G-SR. My scenario is connecting the 10GB SFP+ module to an access switch 1GB fiber uplink, will this work?
We recently extended our access layer using a pair of 5ks with extenders. We have a pair of 6509s at our core and they handle the intra-VLAN routing with SVIs. I recently noticed that access hosts connected to the extenders cannot pass traffic between each other if they are in different VLANs. The strange thing is these same hosts can ping devices in other VLANs as long as the other devices are not connected to the 5k environment.
For example, consider the following hosts. Each host has their gateway set to the appropriate SVI on our core.
HostA - VLAN100 - connected to 5k extender
HostB - VLAN200 - connected to 5k extender
HostC - VLAN100 - connected to 2960 off our core
HostD - VLAN200 - connected to 2960 off our core
Each host can ping each other with the exception of HostA and HostB. As for specifics, we use HSRP (no VSS) between our cores.
When I ping between hostA and hostB, I see the egress packets on either 5k1 or 5k2. I then see ingress AND egress on Core1. There are no ingress packets on 5k1 or 5k2.The egress packets from Core1 show the correct destination MAC address of the target host. The mac address table shows the mac address on po31.
I have run into a very strange problem while doing pre-deployment vPC/STP testing in the lab with a pair of Nexus 7000s.
The basic configuration is as follows:
2x Nexus 7000 VDCs (ver 6.0(4)) are configured as vPC peers and connected with a vPC peer-link (redundant on different 10G blades) and a vPC peer-keepalive link. The switches also act as HSRP and EIGRP routers. The N7K-A switch is nominally configured as STP root and HSRP prime for all VLANs, N7K-B switch is STP backup root and HSRP secondary. STP version is PV-RSTP+. As it stands now STP root and vPC prime are on different switches, STP root is on N7K-A and vPC prime is on N7K-B.
3x Layer-2 access switches (3750-1, 3750-2, 3560-1) are configured as access switches and connected to the Nexus 7Ks with a 1G uplinks in V-pattern.
3750-1 and 3560-1 are configured for vPC as Port-Channel10 and Port-Channel12 respectively. 3750-2 is configured for STP. Vlan 35 is shared between all three switches and is enabled on the vPC peer-link (overlapping vPC and STP domains). The downlink port to the STP-only 3750-2 on N7Ks is configured as "vpc orphan suspend".
Everything seems to work fine and pings on VLAN 35 between access switches (that have mgmt interfaces in VLAN35) recover rapidly after failures. However, if I break the vpc peer-link the ping between the two vPC switches 3750-1 and 3560-1 stops. Moreover, this appears to be sporadic in nature with some vpc peer-link failure attempts recreating the problem and some not. Sometimes the problem manifests itself when the peer-link is brought back up rather than taken down.
After doing a bit of troubleshooting, I have isolated the problem to MAC address blackholing. Basically when the peer link is taken down, MAC Address table on the vPC primary switch, N7K-B, (I believe during vPC convergence) forces the traffic destined from 3750-1 to 3560-1 through the STP only switch 3750-2, which apparently goes through the RSTP convergence and enables its alternate link to N7K-B before vPC has finished its convergence. After vPC convergence is finished the path through the STP-only access layer switch 3750-2 no longer exists, as vPC will take down all vPC ports and suspend orphan ports on the vPC secondary switch (N7K-A). However the MAC Address table on N7K-B still points through the 3750-2 access layer switch instead of directly through Port-Channel 12 on N7K-B and thus creates a traffic blackhole. Issuing a ping or bouncing SVI interfaces on N7K-B fixes the problem.
I am trying to limit the incoming and outgoing traffic on a l2 port to 8mbps for a ip subnet within the nexus 7000. The port is connected to my ISP router which has a bandwidth of 20mbps.Policing won't work on a l2 Port and shaping cannot be applied on a port level. url...I have been reading thru the qos guide for nexus release v6 and have problems understanding the different queues.
View 3 Replies View RelatedI want to prioritize egress voice traffic across a trunk terminated on an F1 module, N7K-F132XP-15. I am unsure about the setup; according to the "show interface capabilities" F1 interfaces support 8 egress queues, while the Nexus QoS documentation provides configuration referencing 4 queues. In addition, I am not clear about the relevance of network-qos on F1 queueing setup.
View 1 Replies View RelatedI have a Nexus 5500 which is the core of our network and we have access layer switches uplinked to it. I know by default the qos markings will be trusted.
1. On a trunk uplink from an access layer switch to the Nexus, I have "mls qos trust dscp". Will the DSCP marking be preserved when it reaches the Nexus?
2. How do I do prioritization of voice traffic on an uplink on Nexus based on DSCP EF?
I am supporting a small call center of all Win7 machines. There is no server in house as everything is web based. Anyway, we want to find the bandwidth hogs and programs that I am used to using require servers for monitoring web traffic.
Are there any devices or software that is not a fortune that can give details on bandwidth usage?
i need to monitor the traffic on a multi users wireless route
View 8 Replies View RelatedI keep getting warning on bandwidth usage , I'm using a dir-615 routers xp on all machines . The one pc that i use to d/l with I have the torrent monitor on and shows little traffic. Ive heard of a few pieces of s/w but these require software to be installed on all boxes Id like to be able to monitor from one box if possible ??
View 2 Replies View RelatedI have 5 linux and 3 Microsoft 2008 Servers, each connected to 2 Cisco 3560 Switches. The 2 Cisco 3560 switches are connected to 2 different Cisco 515e Pix. Is it possible that if i enable Port SPAN in any of the switchport and send a copy of traffic to any of the windows 2008 server, will i be able to monitor the bandwidth of the servers (Here I am only looking for traffic going from servers to PIX and then to internet, also vice versa).
Also will wireshark be able to differentiate specify the bandwidth of each servers seperately ?
Have a PC set up with a LINKSYS N2500 router. this is password protected for access to network I would like to monitor what one of my children is doing on the net - but they surf the net using an iPad
View 4 Replies View RelatedI am just wondering on how mismatched MTU sizes are handled in Layer-2 networks and also inside a particular switches internal architecture.Layer 2 devices do not do fragmentation in the even of MTU mismatch. is this because Layer 2 devices do not re-write header information (like inserting destination IP and next hop MAC into the newly created frame.) i believe this is what they call per-hop behaviour? if this not the reason, then...? assuming this is the reason, let me proceed to my next question. When we set MTU on an interface , there is no mention of direction (ingress or egress), so i take this as means in both directions. so if a jumbo frame comes in on an interface which is set to recieve jumbo frames and forwarding decision is made and the frame is scheduled to egress via an interface whose MTU is not set for Jumbo frames, will the switch drope the frame at the egress buffer? if not, this implies MTU is an ingress property(only for incoming packets). But, again if it drops the packet, then MTU shoud have been system wide or global configuration as opposed to interface level configuration (just like nexus 5000).
View 2 Replies View RelatedWe are facing issue of continous packet discards On nexus4001L link (int po2) to Nexus5020 switch. Nexus4001L is installed in IBM blade center server and we have FCOE enabled in this setup. [code]
View 2 Replies View RelatedI have been tasked to replace the existing Cat 6500 and 3750 switches by Nexus 7000 and Nexus 2000.I was told initially my boss plans to get 2 x Nexus 7000 and then eventually blow up to 4 x Nexus 7000s.For Nexus, is there a list of tasks / points that i need to consider for building the initial design?
Can i just link the Nexus 7000 like the following?
N7k-A ========= N7k-B
| |
lots of N2ks lots of N2ks
Struggle to find the SNMP MIBS of the Nexus 5000 FEX tranceivers.
View 3 Replies View Related