Cisco Switching/Routing :: How To Properly Power Down Nexus 5000 And Fabric Interconnect Switches
May 7, 2013
How to properly power down the Nexus 5000 and the fabric interconnect switches? I have looked up and down cisco's and google web for steps, but they are all coming back with the answer to just disconnect the power cables after you have power down all the windows os and exs servers. Before i do that, I just wanted to make sure that that's the correct way to do it or if there are actual commands that I will need to run on the devices to properly power down. I know that the FI do have a command to reboot, but i need them to completely be power down.
I have been tasked to replace the existing Cat 6500 and 3750 switches by Nexus 7000 and Nexus 2000.I was told initially my boss plans to get 2 x Nexus 7000 and then eventually blow up to 4 x Nexus 7000s.For Nexus, is there a list of tasks / points that i need to consider for building the initial design?
Can i just link the Nexus 7000 like the following?
N7k-A ========= N7k-B | | lots of N2ks lots of N2ks
we installed copper and fiber sfp modules in the 2232PP and none would link up. we pulled the sfp modules out and entered the speed 1000 command and re-inserted the module with no success. the same sfp modules works fine in every other cisco device. we must be missing something. running latest nx-os software.
COH-Nexus-02# sh int Eth101/1/1 status -------------------------------------------------------------------------------- Port Name Status Vlan Duplex Speed Type --------------------------------------------------------------------------------
Need clarification on the VPC with 5k and 2248 Fabric Extenders. My question is can each fabric extender uplink to two different 5ks, and at the same time, have servers connected to two both fabric extenders with a VPC.So basically, the server NIC will team with two different fabric extenders, and each fabric extender will connect to two different 5k's.
As per my understanding, Cisco Nexus 2232 can only connect to HP c7000 Chassis if we are using a Pass Through Switch in the HP c7000. Cisco Nexus 2232 can only connect to End Hosts and not to a switch. Is there a New Feature added in Nexus 2232, which enables it to connect to a Switch like HP Flex Fabric ?
I have a little problem. My customer is using TACP-PLUS ALPHA (F4.0.3.alpha.v9). Well, the same user than have access to another Cisco equipment, with user test1 by sample, can configure anything in the equipment. But in the nexus 5000, el command "show user-account" indicate just the "network-operator" role. Well, I patch this situation with the next commands:
aaa authorization config-commands default group TACSERVER local aaa authorization commands default group TACSERVER local
Well, when I do a telnet into the nexus, I can shut the interfaces, config and anything. But, when I ingress by console, I can not to configure the interfaces.I understand that the Nexus 5000 the Tacacs configuration is global for VTY and Console (different in the Cisco equipment Routers by sample).
I have the following configured on my Nexus switches and works with success.
The problem I have is Once I switch of the ACS server I can log on to the Nexus as I have a admin user configured locally on the Nexus and the ACS server unfortunately can not run commands as it tries to point to the ACS server for auhtorization and the ACS server is turned off is it possible for the Nexus to ignore the authorization command if it can not see the ACS server ?
Feature tacacs+ ip tacacs source-interface vlan 705 tacacs-server host x.x.x.x key 7 "xxxxxx" aaa group server tacacs+ Test-switch (Test-switch is a group configured on ACS 5.2) [Code]...
I'm planning to upgrade N5K from 5.1(3)N2(1b) to 5.2(1)N1(4)."sh install all impact kickstart bootflash:n5000-uk9-kickstart.5.2.1.N1.4.bin system bootflash:n5000-uk9.5.2.1.N1.4.bin"reports:
The diagram below is the configuration we are looking to deploy, that way because we do not have VSS on the 6500 switches so we can not create only one Etherchannel to the 6500s.Our blades inserted on the UCS chassis have INTEL dual port cards, so they do not support full failover.
Questions I have are.
- Is this my best deployment choice? - vPC highly depend on the management interface on the Nexus 5000 for the keep alive peer monitoring, so what is going to happen if the vPC brakes due to: - one of the 6500 goes down - STP? - What is going to happend with the Etherchannels on the remaining 6500? - the Management interface goes down for any other reason - which one is going to be the primary NEXUS?
Below is the list of devices involved and the configuration for the Nexus 5000 and 65000.
Devices
· 2 Cisco Catalyst with two WS-SUP720-3B each (no VSS) · 2 Cisco Nexus 5010 · 2 Cisco UCS 6120xp · 2 UCS Chassis - 4 Cisco B200-M1 blades (2 each chassis) - Dual 10Gb Intel card (1 per blade)
Iam having some issue trying to configure snmp-server context vrf XXX.From some reason even if i put my VRF name i cant see anything about this vrfthis is the command i add:
on some of our ports on Nexu 5000 and on the connected FEX we can see a lot of Jumbo Packets though there is not enableed any JumboFrame on the Switch, all Interface and system MTU is set to 1500.
DBE-LINZ-XX41# sh int Eth113/1/27 Ethernet113/1/27 is up Hardware: 100/1000 Ethernet, address: d0d0.fd1b.b69c (bia d0d0.fd1b.b69c)
We have a requirement to send span traffic to a destination port for monitoring purposes on two 5000s with some 2000 fex boxes attached. Some of the servers are making use of frames larger than 1500. we have not changed any mtu configuration on the 5000 since installation, and I can see the policy maps is still on 1500.
My first assumption would be that frames larger than 1500 will not be dropped, but it seemingly not (see below). is there a reason why the switch would forward jumbo frames? Also, is there a limitation on MTU for span traffic? There is a MTU command under the span session, but the maximum is 1518. From what I can read the frame will be truncated if it exceeds this. Does that mean the fragments will be dropped?
Lucien is a customer support engineer at the Cisco Technical Assistance Center. He currently works in the data center switching team supporting customers on the Cisco Nexus 5000 and 2000. He was previously a technical leader within the network management team. Lucien holds a bachelor's degree in general engineering and a master's degree in computer science from Ecole des Mines d'Ales. He also holds the following certifications: CCIE #19945 in Routing and Switching, CCDP, DCNIS, and VCP #66183
We have our Nexus as our default gateway (101.1) and the default VLAN1 is setup with two subnets 101.X and 102.X. The DHCP server is using a superscope setup to accomodate the overflow of devices requesting IPs on 101, so when 101 is consumed persons are able to obtain a 102.X IP address. The setup is basic on superscope. The issue is some times the routing to the firewall with a 102.X is not always 100%. Somedays all goes well and the 102 subnet is routed out to the firewall and its a good day. However, such as today a 102.X address is not routing as it did 24 hours ago. I am perplexed as to why this is behaving unpredicatable. Here is running-config for VLAN1 to show the 102 as secondary address to VLAN1.
is it possible to connect one Cisco Nexus 2000 fabric extender to two Cisco Nexus 5000 and use one link on the first side and two links on the other side?
we do not have an out-of-band management network and setting one up at this point is not being planned. We are mainly a swtiched environment and the only devices that are using L3 are the core switch for WAN purposes and the lab because it is mimicking the production environment. I have two Nexus switches that are sitting on the other side of a 3750 switch which is currently acting as a L3 device because this is a pre-production environment for a new project. We had an issue with management of the devices before but our workaround was to put them on the management vlan direcltly off of the core, allowing only management traffic to pass by means of mgmt0 on each device. The problem I'm having now is that I've now setup the mgmt0 interfaces on both for the keepalive link for vpc only (vpc traffic is going accross 2x10gb connections and the link to the 3750 is 1gb each trunked) and have lost my ability to use the mgmt0 connections for management. How to connect my management connection through either the 3750 or directly off the core switch (as that's what will happen once it's put into production)
when will be the command "default interface x/x" on the Nexus 5000 platform available? Even with latest software version (5.1.3.N2.1a) it is not possible. For Nexus7000 it's working fine with 5.2 train.Is there a feature request for it? If not here it is!!It's horrible to deconfigure many interfaces especially in N5k environments with many FEXes.
My network consist of that network device. cisco catalyst 3750 with stackwise, 2xnexsus 5000 series and servers.servers connected to nexsus switch. nexsus connect to 3750.
Each server have two link, one of them connect nexsus1 and other connect to nexsus2 switch.(same traffic) each nexsus have one link to 3750. At 3750 the nexsus link configurate etherchannel. but the flapping occur at 3750.
i understand that at 2 nexsus link have the same server source mac address so the flapping occur at 3750. how i solve this problem?
What is the purpose of these default configuration lines? What do they mean? I can't find an explanation of them anywhere. I believe some are written to the config when FCoE is enabled..
I would like to know exactly what they are doing.
class-map type qos class-fcoe class-map type queuing class-fcoe match qos-group 1
I am just wondering on how mismatched MTU sizes are handled in Layer-2 networks and also inside a particular switches internal architecture.Layer 2 devices do not do fragmentation in the even of MTU mismatch. is this because Layer 2 devices do not re-write header information (like inserting destination IP and next hop MAC into the newly created frame.) i believe this is what they call per-hop behaviour? if this not the reason, then...? assuming this is the reason, let me proceed to my next question. When we set MTU on an interface , there is no mention of direction (ingress or egress), so i take this as means in both directions. so if a jumbo frame comes in on an interface which is set to recieve jumbo frames and forwarding decision is made and the frame is scheduled to egress via an interface whose MTU is not set for Jumbo frames, will the switch drope the frame at the egress buffer? if not, this implies MTU is an ingress property(only for incoming packets). But, again if it drops the packet, then MTU shoud have been system wide or global configuration as opposed to interface level configuration (just like nexus 5000).
Customer production environment is nexus 5000 use 1 G interface * 4 and config Port-channel ( LACP ) uplink to C3560 , The port channel link is 802.1q trunk , but Data transfer is low , the sh int display as follow :
Why transfer performance pool and how to fix
N-5548UP# sh int ethernet 1/30Ethernet1/30 is up Hardware: 1000/10000 Ethernet, address: 547f.ee14.ed25 (bia 547f.ee14.ed25) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA Port mode is trunk full-duplex, 1000 Mb/s, media type is 10G Beacon is turned off Input flow-control is off, output flow-control is off Rate mode is dedicated Switchport monitor is off EtherType is 0x8100 Last link flapped 9week(s) 6day(s) Last clearing of "show interface" counters 20w2d 30 seconds input rate 152 bits/sec, 19 bytes/sec, 0 packets/sec 30 [Code]...
Login to N5k is managed centrally from a cisco ACS server ver 5.2
Goal: Role base access for (1) Network Admin and (2) Storage admin in such a way that network guy and storage guy has controll on their seperate domain.
So I took a laptop with wireshark and plugged it into a nexus 5000 port that is configured as a trunk with 3 vlans allowed on it. The laptop was seeing all kinds of traffic on the wire, most of it was not involving my laptop.
For example: Server A VLAN 10= 10.10.10.1 Server B VLAN 20= 10.20.20.1 and wireshark laptop is plugged into a trunk port which is allowing those vlan's. The vlan's are routable.
10.10.10.3 is seeing the entire conversation when 10.10.10.1 backs up 10.20.20.1 even though it has no reason to see it. It is as if the trunk is spanning traffic to the laptop port. No span is setup however. It's really weird. This is not just broadcast traffic, but actual tcp taffic between Server A and B. Why would a trunk port see traffic between 2 other servers talking to each other on the vlan.
This is regarding CISCO logging configuration.We palnned to implement enable logging on all the cisco nexus switchs.we are running HP arc sight in our DC this device monitor all the CISCO devices.We want to enable logging with this Arc sight device.Just I would like to know about config commands for Nexus device, what is the command to enable logs which is include "who is login & logout?, interface down information?,who was did conf t ? & every logs"
I have 2 pairs of Nexus 5000 units (pair 1 and pair 2). A pair consists of 2 Nexus 5000 (A and B) connected to each other via a VPC containing 2 ports ie P1-5KA -- P1-5KB (vpc domain 6) and P2-5KA -- P2-5KB (vpc domain 10) [code] Hsrp exists between all four with a virtual address of 10.18.136.1. P1-5KA is the Active with P1-5KB as Standby.
I can ping between the four using their SVI addresses. I am unable to ping the HSRP virtual address .1 from P2-5KA or P2-5KB.I can ping ok only if I shut the VPC between P2-5KA or P2-5KB or define another mac address under the HSRP config other than the system default. IP Packet debugs show that ping sourced from P2-5KB to P1-5KA loop between P2-5KA -- P2-5KB. Pings sourced from P2-5KA to P1-5KA are transmitted but none of the 4 device debugs show a receive. both peer-gateway and delay restore 120 have been configured under all vpc domains and all units rebooted.
I'm trying to change a vlan on a port-channel but I am getting this error when I apply the change:" error: command is not mutually exclusive",I have done this in the past but I cannot remember exactly what I should type to apply the change.
we have e requirement for a Nexus 5000 switch to be accessed and managed inband, ie the Management interface can't be connected to the rest of our networks management VLAN because the switch is remote and only connected via fibre. We have enabled the interface VLAN feature and configured an interface VLAN but can't seem to PING the IP address configured on it ?
Trying to get the peer links to work and have them in interfaces E1/1-4 . When i do a show int status it looks like this and says sfp invalid. I see this on both sides. These same model gbics work fine attached to a FEX on these boxes.
Eth1/1 vpc peer link to T sfpInvali trunk full 10G Fabric Exte Eth1/2 vpc peer link to T sfpInvali trunk full 10G Fabric Exte Eth1/3 vpc peer link to T sfpInvali trunk full 10G Fabric Exte Eth1/4 vpc peer link to T sfpInvali trunk full 10G Fabric Exte
Gbic in ports are this.
Ethernet1/1-4 transceiver is present type is Fabric Extender Transceiver name is CISCO-FINISAR part number is FTLX8570D3BCL-C1