Cisco Switching/Routing :: Nexus 5010 Support For Inter VLan Routing
Jan 10, 2012Can nexus 5010 supports inter v lan routing , as there is no core switch and router available in current network.
View 2 RepliesCan nexus 5010 supports inter v lan routing , as there is no core switch and router available in current network.
View 2 RepliesI am not able to create more than 256 VLAN in Cisco Nexus 5010 switch. While creating I am getting "No VLAN resources available for VLAN creation" Details below -
Switch model - 5010
Software : NX OS 4.0 (1a)
Error Message:
Nexus_5010(config)# vlan 417
ERROR: No VLAN resource available for VLAN creation.
you find attached my network architecture with 2 Nexus 7010 on core layer and 2 Nexus 5020 on distribution layer, each one with 1 N2148T fabric extender switch. PC-A1 and PC-A2 are connected to one N2148T, PC-B1 is connected to the other N2148T. Nexus-7000-1 is HSRP Active for all VLANs, Nexus-7000-2 is HSRP standby. PC-A1 and PC-A2 are connected to VLAN A, PC-B1 is connected to VLAN B. PC-A1 and PC-A2 have the same default gateway correspondent to IP HSRP on VLAN A. It happens that PC-A1 is able to ping PC-B1 while PC-A2 is unable to ping PC-B1. If I issue a traceroute from PC-A2 I see Nexus-7000-2’s physical IP address as the first hop even if Nexus-7000-2 is HSRP standby. After the first hop the traceroute is lost. If I shutdown Port-channel 20 on Nexus-5000-2, PC-A2 starts to ping PC-B1.I can’t understand what’s wrong in this architecture.
View 6 Replies View RelatedDoes Catalyst 3550 switch support inter vlan routing ?
View 12 Replies View RelatedI'm not sure if I'm missing something basic here however i though that I'd ask the question. I recieved a request from a client who is trying to seperate traffic out of a IBM P780 - one set of VIO servers/clients (Prod) is tagged with vlan x going out LAG 1 and another set of VIO server/clients (Test) is tagged with vlan y and z going out LAG 2. The problem is that the management subnet for these devices is on one subnet.
The infrastructure is the host device is trunked via LACP etherchannel to Nexus 2148TP(5010) which than connects to the distribution layer being a Catalyst 6504 VSS. I have tried many things today, however I feel that the correct solution to get this working is to use an Isolated trunk (as the host device does not have private vlan functionality) even though there is no requirement for hosts to be segregated. I have configured:
1. Private vlan mapping on the SVI;
2. Primary vlan and association, and isolated vlan on Distribution (6504 VSS) and Access Layer (5010/2148)
3. All Vlans are trunked between switches
4. Private vlan isolated trunk and host mappings on the port-channel interface to the host (P780).
I haven't had any luck. What I am seeing is as soon as I configure the Primary vlan on the Nexus 5010 (v5.2) (vlan y | private-vlan primary), this vlan (y) does not forward on any trunk on the Nexus 5010 switch, even without any other private vlan configuration. I believe this may be the cause to most of the issues I am having. Has any one else experienced this behaviour. Also, I haven't had a lot of experience with Private Vlans so I might be missing some fundamentals with this configuration.
I currenty have a Nexus 5010 connected to a core 3750X switch stack in a VPC trunk using 2 1Gbps links. I want to move this link to 2 10Gbps links without losing connectivity. So I want remove a 1G link and move it to 10G and then once that's up move the other 1G link to 10G hopefully without losing connectivity. So the question is, can I have a 1G and 10G link between the Nexus and 3750s in the same virtual port channel without causing problems?
View 3 Replies View RelatedOur Data Center Switch (5010) rebooted itself today, underneath the captured screen
NX5010-1(config-vlan)#
Broadcast message from root (console) (Sun Feb 10 14:22:41 2013):
The system is going down for reboot NOW!
NX5010-1# sh system reset-reason
----- reset reason for Supervisor-module 1 (from Supervisor in slot 1) ---
1) At 740938 usecs after Sun Feb 10 14:22:41 2013
Reason: Reset triggered due to HA policy of Reset
Service: nohms hap reset
Version: 5.0(2)N1(1)
[code]....
we have a old Nexus 5010 running version 5.0(3)N1(1)it is in a franckenblock(like frankenstein) ie . we bought the parts and create our own system design before VCE was created. He have since bought VCE V block for our production sites. we use the franc ken block to test before we migrate to the production v block 300 FIX the issue we have is the 5010 will only see two 1 Gb/s SFP fiber modules in the first 12 slots. All these slots are dual 1g/10G. If we add more than two, it claims not to see them. We tried swapping the sfp and using both sfg-GE-MM and GLC-SX-MM moduels, no difference at all 1g sfp are in the first 5 slots. only the first two slots are up.the others say "Link not connected" or "SFP not inserted"all five links are the same SFP and are plugged in other switches.the green link lights are on plugged in SFP, even when the CLI states they are not plugged uni tried both two types of 1 Gb/s SFP. sfg-GE-MM and GLC-SX-MM ,i move the sfp between slot 1,2 and 3,4,5. nothing changed,From "sh int brief" you can see that it can see the sfp ie they are all 1Gfrom "sh int status " it sees 1g but why does it say type 10G?why when i go to the "int e 1/5" and try switch port mode now, it can't mode and trunk at now there (;also how to i stop or clear EU51 %SYSMGR-2-TMP_DIR_FULL: System temporary directory usage is unexpectedly high at 87%.i put as much info in the attached file as i could.
View 1 Replies View RelatedWe are looking for some latency in our net and I am trying to check if our STP implementations is running correctly - we have a simple flat network here and no blocked ports here - just two nx 5010 which are interconnected with two uplinks.A remote site - mirrored setup - with 2 10G dark fiber connections - one for each nx5010 - is connection a DR site. I have split the two sites in two stp domains by enabling bpdu-filter on the vpc between the two sites.
I have been running wireshark on the local segment for some time and see the STP RST ROOT announcement every 2. seconds - this is probably normal ? I was looking for some alternate root negotiation packets which would cause the mac tables to be flushed.
I'm trying to create a vpc between a Nexus 5010 and Nexus 5020 switch. I recently upgraded the software so they are running the same version. I connect get a vpc link. Is there something wrong with my setup? Is a vpc between a 5010 and 5020 even possible? They are connected using a pair of Intel X520's in 802.3AD teaming mode. [code]
View 2 Replies View RelatedMy monitoring tool is reporting alerts for high cpu utilization on Nexus 5010.Image is 4.1(3)N1(1) Only command supported on this code is sh proc cpu.The output of which does not really tell what is the current cpu utilization.How do i troubleshoot the cause of high cpu on nexus switches.
View 12 Replies View RelatedI have a DC topology based on 2 layers, access and aggregation, based on 2 pairs of N5548Ps, both without L3 Daugher Cards. My intent is to use the aggregation N5K pair as L3 inter VLAN layer, so I configured all the VLAN default GWs there. The 2 layers are interconnected via vPC, in a double-sided vPC topology for some N2Ks and some vSwitches. The point is that, despite connecitivity is working fairly ok, for some applications, like file transfer via either FTP or HTTP, between hosts in different VLANs, the performance is too poor. The file transfer starts ok, but after a while it becomes lower and lower. ICMP is working, but I can see some strange random behaviour, like having some packets taking more that 20 ms (sometimes 40 or more), whilst average is 2 ms.
I read through some articles saying that until you don´t have the L3 license (the one coming with L3 Daughter Cards) you can expect some weird behaviour on L3 level. Is that true?. What can I do apart of purchasing L3 Daughter Cards?. Can I enable L3 Basic license at the moment (I don´t need dynamic routing for now).
Here some excerpts of what I´m saying:
PING results:
10000 packets transmitted, 10000 packets received, 0.00% packet loss
round-trip min/avg/max = 0.809/2.496/57.559 ms
System version: 5.0(3)N2(1)
License and features on the N5Ks:
switch# sho license usage
Feature Ins Lic Status Expiry Date Comments
Count
--------------------------------------------------------------------------------
FCOE_NPV_PKG No - Unused -
FM_SERVER_PKG No - Unused -
ENTERPRISE_PKG No - Unused -
[code]....
I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net.
My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20
I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2)my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to go out to the internet. I think it has to do with the routes. [code]
We have two Cisco 5505 firewalls connecting to two ISP's . The two internal LAN's on the firewalls are 192.168.184.0/24 & 192.168.186.0/24. We also have a Cisco C3560x layer3 switch with vlan interfaces 184.3 & 186.3. We have two DGS-3100 Dlink layer 2 switches connecting our users to the Layer 3. Ip routing is enabled for intervlan communication & I can reach the Switch interfaces & firewall gateways from machines on both on the vlans.We have pbr enabled on the 3560 & users only on the .186 network can get to the internet. The switch is running the ipservices license & the sdm template is "desktop routing" .
Users on the .184 cannot access the internet but we can ping the layer3 interface & the firewall gateway. [code]
In 3750 switch,I have configured intervlan routing.I have three vlans Vlan 10,vlan 20,Vlan 30 and I have assigned IP address for that Vlan.In vlan 10,I have connected one systen gigabitethernet 0/1 interface.From my system I am able to ping vlan 10 ip address but I can't able to ping other vlan ip address (vlan 20,vlan 30).Is it possible to up the protocol for all that time.
View 2 Replies View RelatedI recently set up a small photography business and am trying to get a Cisco 877 and Cisco SG300-10 switch to talk to each other.
What I want is for the Cisco 877 to handle the internet and the SG300-10 to handle the local network,
I have set up 2 vlans in trunk mode on the switch and want vlan2 to manage local traffic and vlan3 to handle the internet.
I have got the 877 connecting to the internet what I dont have, traffic going to vlan2 on the switch from the 877
Look at the running configs for the switch and the router and tell me how to get the vlan on the router to pass traffic to the switch. In a nutshell I am inserting the internet into the switch but am not sure how to progress. I have the c870-advipservicesk9 image file on the router.
Switch Config
interface gi2
description connection-to-data-vlan
exit
interface gi3
description connection-to-internet-vlan
exit
vlan database (code )
I am working for a large campus network. The network has more than 70 VLANS in a Layer 3 Switch(Catalyst 4503). Customer wants to stop intervlan routing between all vlans except 2 vlans. How will i do that? I have also a Firewall (ASA 5520) & a Router (2811) in up of the switch. Besides this, I have run HSRP in Layer 3 Switches for redundancy.how will i stop intervlan routing between VLANS except 2, with ACL or any other process has?
View 10 Replies View RelatedI'm looking to restrict Inter-VLAN routing through L3 switch (cisco 6500) and wanted to know best possible way to do it. I used VACL and achieved success to some extent, but my config is making clients take up to 5-6 mins to authenticate IP address from the DNS (bootps).My VACL config was as follows:
Subnet to restrict is 10.100.15.0 (VLAN 15)
STEP 1: Created extended ACL to allow bootpc/bootps through DNS
ip access-list extended EACL_DNS
permit udp any eq bootps any
permit udp any eq bootpc any
STEP 2: Created standard ACLs to allow only relevant subnet, server VLANs & some IPs from other subnets for printers/scanners etc.
ip access-list standard SACL_VLAN_15
permit 10.100.15.0 0.0.0.255 (the subnet I'm restricting)
permit 10.100.50.0 0.0.0.255 (server VLANs)
permit 10.100.25.45 0.0.0.0 (printer in another VLAN which has to have access in VLAN 15)
STEP 3: Created VLAN access list
vlan access-map VACL_15 10
match ip address EACL_DNS
action forward
vlan access-map VACL_15 20
match ip address SACL_15
action forward
STEP 4: Applying VLAN Access list on VLAN 15 vlan filter VACL_15 vlan-list 15 Though the above works, below is noted:
1. I'm still able to PING 10.100.15.2 (the switch virtual interface) from outside the subnet, which I don't intend to do so. Howeve all cients in the subnet have no connectivity from outside the VLAN 15.
2. As mentioned its taking quiet some time to negotiate with the DNS server at system boot time.
I am trying to configure get the QLogic 8240 card to work properly in ESXi 5.0. I want to be able to send the iSCSI traffic down the iSCSI portion of the card and use the ethernet portion of the card to do NFS.
Here are my vlans I am working with..
vlan 420 = fcoe
vlan 500 = NFS
vlan 1000 = iSCSI
I have my interface currenly set as the following on the Nexus 5000.
interface Ethernet1/17
[Code]...
I have just bought myself a Cisco 2821 ISR.At present in my home I have a Cisco 2621XM. Fast Ethernet 0/0 is connected to a 3524XL as a trunk to provide my LAN with inter-vlan routing. it works great. Fast Ethernet 0/1 is connected to my ISP's cable modem and uses the command "Ip address dhcp" to get an IP and all other info from my ISP.FA 0/1 is Ip nat outside and the FA 0/0 and all sub interface like 0/0.1 .24 .168 etc all ip nat inside.I get intervlan routing and access to the internet via this router.I have this 2821 to replace the 2621XM as I plan to run CME on it and want gigabit routing on my vlans as at the moment on the 2621 routing between vlans it at half duplex or seems to be.I have configured the 2821 to ip nat outside on gig 0/0 and ip nat inside on gig 0/1 and all of the sub interfaces (same setup as my 2621 but with gig ethernet)I have no access to the internet at all but I can ping www.google.co.uk and other domain names from the terminal session when I am connected to the 2821 via the console or telnet/SSH. the gig 0/0 has an IP assigned from my ISP too but no other nodes on the network can ping outside.Am I missing something here? the version of IOS is V 15.
My access list goes someting like
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 10.0.0.0 0.255.255.255 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
and so on
I still cannot access the internet.....
I have a SG 300-28 switch with the latest firmware installed running in Layer 3 mode.
I configured this router with 4 VLAN's where VLAN 1 is connected to the network router. All VLAN's call all communitcate with one another. How do I go about configuring VLAN's so that they can only communicate with the router and the internet and not each other?
I have one cisco 3750G-48 switch, one cisco 3560G-PS switch, Cisco UC520, cisco 2851 and cisco wireless access point.i have setup up intervlan routing between the two cisco switches and the uc520 with a total of four VLANS, the problem i'm having is with the 2851 router, I have created a trunk between the 3750 switch and the 2851 router. should I create subinterfaces on the 2851 router for the four vlans by doing gigabieethernet 0/0.1, 0/0.100 and so on or should I create BVI subinterfaces.
reason I ask is I created four vlans on the vtp server switch which is the 3750 and I connected the uc520 to the 3750 switch via a trunk interface and set up vtp client on the uc520, after I setup p the vtp on the uc520 the vlans were automatically created on the uc520 with each vlan having its own BVI interface.
So I am not sure how to configure the 2851 router to interact with the four vlans. also the 2851 router have two hwic 1adsl wics installed which will have two adsl connections coming in.how to set up the 2851.
I am looking for a reasonable switch but it has do do inter-VLAN Routing. I know I could go with a 3560/3750 with IP Services but I am also thinking the 2960S with IP Base IOS might do?
I have looked up the IP Base IOS and it does list IP Routing but how to actually configure inter-VLAN Routing on a 2960S with IP Base?
I found intermittent link down(20~40 seconds average) occurred about 1~10 times every month. SAP reported a lot of active connections are disconnected and I used a batch to ping and found "requested time out" about 30 seconds.And Windows, SQL server, Nexus 5010 do not show any errors. We run cluster and cluster does not fail over.And I don't know which cables or nics cause this issue. When it happened, almost all servers are unreachable. For example, SQL server 1 -> SQL server 2, IBM HS22-1 -> SQL server 1. However, some connections are not dropped sometimes. It varies each time.PS: I run this topology last year without any problems but it started intermittent link down from 2011/1/7. Because there is no errors in Nexus 5010, it is difficult to troubleshoot. Cisco TAC recommended us to implement virtual port channel yesterday. Could I use "errdisable detect cause" to detect what caused the intermittent link down? Is there any error logs or switch parameters/status can use to troubleshoot?
View 18 Replies View RelatedBasically I am trying to use Wireshark to do a packet capture on a Nexus 5010. I want to do a monitor session on on the switch so I can capture from a source port to a destination port on the same switch. I can configure the source port but when I go to configure the destination port I get "ERROR: Eth102/1/4: Configuration not allowed on fex interface". I have tried to reconfigure this port as a switchport but "switchport mode access" command does not take. I don't want to make any changes to any other ports but this one.
View 1 Replies View RelatedHere is an example of what each switch logs when a server drops offline. Sample logs taken between 5:32am and 5:35am on Feb 20. This particular one was having problems all weekend. Switch #1 encountered over 2000 interface resets. The corresponding VPC port on Switch #2 only had 13 resets.
NEXUS SWITCH #1
2012 Feb 20 05:32:09 q91-sw01-5010 %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel10: first operational port changed
from Ethernet1/10 to none
2012 Feb 20 05:32:09 q91-sw01-5010 %ETH_PORT_CHANNEL-5-PORT_DOWN: port-channel10: Ethernet1/10 is down
2012 Feb 20 05:32:09 q91-sw01-5010 %ETH_PORT_CHANNEL-5-PORT_DOWN: port-channel10: port-channel10 is down
2012 Feb 20 05:32:09 q91-sw01-5010 %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: Interface port-channel10 is down (
No operational members)
[code].....
I have a 5010 that simply won't load any system image. Loads the kickstart image just fine, but once at the Switch(boot)# prompt just give me garbage when I enter "load bootflash:n5000-uk9.5.1.3.N2.1b.bin Restarting system.
Loader Version pr-1.3
loader> dirbootflash: lost+found n5000-uk9-kickstart.5.2.1.N1.1b.bin n5000-uk9.5.2.1.N1.1b.bin n5000-uk9-kickstart.5.1.3.N2.1b.bin n5000-uk9.5.1.3.N2.1b.bin
[Code]....
I attempted to enable jumbo frames on a Nexus 5010 (NX-OS version 4.2(1)N1(1)). I created the policy map below and lost access to the switch.
policy-map type network-qos jumbo
class type network-qos class-default
mtu 9216
After recovery I see from the logs that all vlans and interface were suspended. I've attempted to look for reasons for a compatibility issue but I am unable to find what is checked and what could have been incompatible. The other troubling thing is the adjacent switch suspended its interfaces too but no change was done there. What I need to look out for so that this does not happen again?
2011 Nov 22 23:43:09 phx-ipcg1dwfcma %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 1,10,601 on Interface port-channel1 are being suspen
ded. (Reason: QoSMgr Network QoS configuration incompatible)
2011 Nov 22 23:43:09 phx-ipcg1dwfcma %ETHPORT-5-IF_TRUNK_DOWN: Interface port-channel1, vlan 1,10,601 down
2011 Nov 22 23:43:09 phx-ipcg1dwfcma %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 10 on Interface port-channel508 are being suspended.
[code]....
I'm trying to get a node in SVI1 on VRF1 to speak to another node in SVI2 on VRF2 to reach each other. After hours of failure, I went to outside resources. Everything I read on the internet says it's not possible on this platform and at least one TAC engineer seems to agree.
I just can't believe such a high-end data center switch is not capable of handling such a basic feature.
I just received a Nexus 5548 to configure as the core of the Datacenter LAN. Is it true that the VRFs created cannot talk to each other??? I can't seem to find any documentation on how to do this and at least one TAC engineer half-heartedly believes it's not possible, either.
Basically, I'm trying to get an SVI in VRF1 to be able to talk to an device on another SVI in VRF2.
I can't believe this high-end switch, that is so capable in every regard, cannot handle this feature.
Probably an easy fix but something's weird in my config. I am setting up a new network, so this is not production, Routed environment, down to the access layer using 3560-x l3 switches.
vlan 10: data
vlan 20: wifi
vlan 30: wifi guests
vlan 40: voip
My objective is to allow all traffic OUTBOUND to certain subnets (10.10.0.0/24, 10.10.100.0/24, 10.10.110.0/24 10.10.120.0/24) and block any other 10.0.0.0/8 networks. By doing it this way, after blocking all other internal traffic, I allow everything else to ensure internet traffic can go out.
Extended IP access list VLAN10_TRAFFIC_FLOW 10 permit ip any 10.10.0.0 0.0.0.255 20 permit ip any 10.10.100.0 0.0.0.255 30 permit ip any 10.10.110.0 0.0.0.255 40 permit ip any 10.10.120.0 0.0.0.255 50 deny ip any 10.0.0.0 0.255.255.255 (5 matches) 60 deny ip any 172.16.0.0 0.0.255.255 70 permit ip any any!interface Vlan10description DATAip address 10.104.10.1 255.255.255.0ip access-group VLAN10_TRAFFIC_FLOW outendThe problem is, from the above info, when I ping 10.10.0.5 from a workstation in VLAN 10, it should match rule 10, but instead if matches rule 50 (as shown by the 5 matches)
I just got my Cisco SG300 28, but I have some problems getting the routing to work. I get the vlans to get to the router, with the default route. But not getting them to talk with each other. I can ping the IPs from the cisco, but I am not getting traffic to go from vlan 1 to vlan 2. When I try to google, it say that it should do it automatically, and I found no setting for it. It looks like it not creating any route for the interfaces.
View 2 Replies View RelatedI'm having an issue routing between vlans. I have vlan 1, and 2. I want to ping something on vlan 2, from vlan 1. I cannot ping from a computer on vlan 1 to a computer on vlan 2. I can ping each computer from the ASA 5505. I get an error on the ASA when I try to ping from the computers. The error is Failed to locate egress interface for UDP from voice:192.168.0.199/137 to 192.168.1.200/137. I can't understand why it even mentions IP 192.168. 1.200/ 137... I reset the unit configuring it from scratch and still no go. I have no given a static route to the out yet.. I need to get inter-vlan routing working first. [code]
View 13 Replies View Related