Cisco Switching/Routing :: Nexus7k / CE Vlans Over FP Vpc+ Peer Link?
Jan 3, 2013
i am in process of building a new datacenter with 2 nexus7k in core/aggregation and 2 n5k in access layer. I am running fabric path on F2 cards between 7k and 5k, also enabled vpc+ on 7k and 5 both. There are few vrfs on 7k which are communicating with each other through firewall contexts. Now there are few vlans which are used to connect differnt vrfs and firewall contexts on n7k and running hsrp as well. now since these vlans are not traversing FP network i should not logically configure these vlans as FP vlans. But since the vpc+ peer link is a FP link it will not allow non-FP vlans to communicate through itself. I have configured a vpc trunk link between 7k and fws. Diag is attched. Now my question is can i configure vlans used for connecting vrf and fw contexts as FP vlans so that hsrp running between those vlans can communicate with each other over vpc+ peer link on n7k.
View 1 Replies
ADVERTISEMENT
Feb 25, 2013
I am working on wi-fi networks (ISP), So I need to block the peer to peer on my network.My network involves cisco switch 2950/2960, cisco 2800 routers and Access Points, config for peer to peer blocking, for this where I need to config either switches or router.My network basic setup is, The internet will pass from router to switch and then Access Points.
View 1 Replies
View Related
Feb 13, 2013
I am facing issues in blocking Peer to Peer applications in LAN. I am using 881 Cisco router and below is the config done. [code]
View 1 Replies
View Related
Mar 6, 2013
We bought a pair of ASR 1004 to be installed at Primar & Secondary data center and one thing is to run OTV over it, but to do that, I have to extend multiple VLANs from my Core (Pair of Nexus 7010s) connected directly to the ASR is Primary Data center, I looked at some documents but didn't get a good idea about it, extend multiple VLANs from Nexus switch to an ASR.
View 2 Replies
View Related
Jun 25, 2012
What is the function of the VPC peer-link? Should be the composite of all VPC links that are dual homed between switches? is it necessary to have 8 x 10G links as shown above. The links connecting the 7Ks to the 5Ks are VPC links.
View 3 Replies
View Related
May 5, 2013
Can you use twinax cables to connect two Nexus 7010 switches for VPC peer link? They would connect on F2 modules and have Sup2 on the chassis.
View 2 Replies
View Related
Aug 7, 2012
I'm trying to create a vpc between a Nexus 5010 and Nexus 5020 switch. I recently upgraded the software so they are running the same version. I connect get a vpc link. Is there something wrong with my setup? Is a vpc between a 5010 and 5020 even possible? They are connected using a pair of Intel X520's in 802.3AD teaming mode. [code]
View 2 Replies
View Related
Apr 19, 2013
I have a pair of Nexus 5548UPs that have some high priority servers running on them. Servers are ESX hosts running Nexus 1000v's. Each host has multple connections in a VPC to both 5548s. We have been having intermittant ping loss and slowness of traffic to the VM's on these hosts. I was poking around trying to figure out what the issue could be and found that the peer-keepalive command was not set to send the heart beat across the mgmt0 interface. I would like to change this to point it accross the mgmt0 interface. Any tips or advice for me on making this change with production servers running on the switches? I do not want to cause any loss to any systems when I make this change. [Code] ..........
View 3 Replies
View Related
Mar 13, 2013
how the Nexus 5500s work ?currently we have two 6513 Core switches 6513-1 and 6513-2 running HSRP and RSTP. 6513-1 is currently the Root Bridge, 6513-2 is setup as our secondary root. We also have two 5548UPs setup with a peerlink between them. Picture attached. "Current Setup.jpg"
There is a 20gig port channel between the 6513s and also a 20gig port channel(peer link) between the 5548s. 5548-1 has a 10g fiber running back to 6513-1 and 5548-2 has a 10g fiber running back to 6513-2. Currently now Spanning tree is blocking the link from 6513-2 going to 5548-2 which is what we expect. We were working on moving some things to different racks the other day and moved switch 5548-2 to another rack and brought it back online without the peerlink fiber connected. We started to have issues and tried to plug the peer link back up, but still continued to have issues. We started to troubleshoot and noticed that both 5548s were acting like the master of the VPC domain and was not letting traffic pass accross the Peer Link. We then rebooted the 5548-2 with the thought that it would come back up as the secondary in the VPC domain. When it finally finished booting back up it then caused a huge loop in our network accross both uplinks to the 6513s and the 5548s peer link which in turn took our network down. Spanning tree did not work like it was suppose to and block the port going from 6513-2 to 5548-2 in time.
My thought was this didn't seem like a good setup. I went to the drawing board and decided we needed to have an uplink from both 5548-1 and 5548-2 going to 6513-1 setup as a port channel/VPC and also a uplink from 5548-1 and 5548-2 going to 6513-2 setup as a port channel/VPC. Picture Attached. "NewSetup.jpg" We are also planning on buying a "2K-C2224TP-1GE" to hang off the 5548s to use for ethernet.
how the Nexus 5ks work and haven't done a lot of research on them. Would this not be a better setup since both switches will have an active link to the root bridge? The links from the 5548s going to 6513-2 should always be in a block state until we loose both uplinks to 6513-1 or the entire switch itself correct? Also how will the 5548s reactive if I was to loose the Peer link fiber? Will they continue to work as normal? When it looses this Peer Link does it suspend all the VPCs for the servers on the secondary switch in the Domain so the network doesn't get confused on which link to send traffic up since there isn't a peer link active or is this not the case? Also with the peer link down will the 6513-1 know which 5548 to send the traffic to if there is only 1 device (not setup in a VPC) on one of the 5548s? What are your recommendations/best practice on the setup for the 2k?
View 6 Replies
View Related
Apr 22, 2013
I have pair of 5596 switches in vPC. One host say "HOST A" is connected to the primary vPC peer and other "HOST B" on secondary vPC peer.Both are in same VLAN 10. Both hosts are vpc orphan ports as their NIC is configured in active/standby mode.I have configured span session on both vPC peers with span source as VLAN 10 in rx mode.Span destination is connected to secondary vPC peer. The issue here is that I am not able to capture the traffic originating from HOST A destined to HOST B which is traversing vPC peer-link.Same issue occurs for the traffic in reverse way and span destination on primary vPC peer. In a nutshell, any traffic which crosses vPC peer-link is not getting captured.
What could be the issue and is there any solution for it. Below mentioned is the span config and relevant interfaces. [code]
View 4 Replies
View Related
Apr 29, 2012
I have a Cisco 3560X 48 port Ip base switch with v lan configured and ip routing. Ports 1 and 2 are in ether channel and routed ports to ASA and have their own network of 192.168.22.49/30. The ASA is configured with the same config for ports 1 and 2. The channel group ip address on the 3560X is 192.168.22.49/30 while the other end of the up link is the ASA and its configured with .50/30.
I have 6 v lans plus the one native v lan. They are all configured with ip addresses. Each V lan should be able to talk to one another other than DMZ v lan which is trunk and routed directly in the ASA. On the switch I can ping the IP address on the ASAs up link .50/30 but I cannot ping the ASA from any host on any of the V lans. My switch config file is posted below. The ASA seems to be able to ping any host in the VL ANS due to static routes that are in place. Why I'm not able to communicate to other v lans or even ping the ASA?
Config for 3560X
L3Switch#sh run
Building configuration...
Current configuration : 8056 bytes
! Last configuration change at 00:45:43 UTC Mon Mar 8 1993
version 15.0
no service pad
[code]....
View 2 Replies
View Related
Mar 25, 2012
I have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
View 2 Replies
View Related
May 28, 2013
The setup I currently have is a server attached via an etherchannel to a 3560x switch, which is connected to a pair of 5548UP's that are connected via vpc. The 5548's both have a single connection to 6500 series switch that does the layer 3 routing, the ports that connect the 5548 to the 6504 are trunk ports. The problem that I am having is that one of the 5548's can ping the server that is connected down stream while the other 5548 can't. While the local switch can ping the server, and other servers on the same switch in the same vlan can ping it as well. The vlan interface I am pinging from on each switch is on the same subnet as the server I am trying to ping. One other thing, Nexus #1 which can ping the sever has the mac address in its mac address table, while Nexus #2 doesn't. However I added the static mac entry to Nexus #2 and that did not allow me ping either.
View 2 Replies
View Related
Jul 10, 2012
On a csico 3750 switch I have ntp server < IP of stratum 1 Time Server> I want the swit to sync to the to time server and provide time to peers on my network. Do I have to be configured for ntp peer < IP of stratum 1 Time Server> for that to work?
View 7 Replies
View Related
Jan 2, 2013
We recently had a pair of Nexus 5k switches setup in our network. We had professional services handle the initial configuration but they weren't able to setup config sync for us. Each Fex is connected to each 5k, so we need a switch-profile to maintain a consistent setup on our interfaces. I went through the process in Configuring Switch-Profiles, but when I check the status of the peer, it says not reachable. [code]
View 1 Replies
View Related
Apr 3, 2012
I need to enable vPC "peer-switch" command on a pair of Nexus 7018s which are currently vPC peers (primary and secondary). The STP root and Secondary root are currently configured across these switches.Can I enable the peer-switch command in this configuration without impacting services, and then modify both switches to have the same bridge priority without impacting services ? We have a few downstream 5ks which are not dual homed to both vPC peers (work in progress) so need to understand if the peer-switch command will in any way break this connectivity for now.
View 1 Replies
View Related
Apr 18, 2012
we are planing to run HSRP on our Nexus 5ks (with L3 card) and we use VPC to connect the downstream UCS - Fabric Interconnects to the 5ks. I was wondering if the peer-gateway command is required under the vpc domain config? When you use HSRP with VPC, both the active and standby HSRP peers can forward layer3 traffic, isn`t that the same that peer-gateway would achieve?
View 1 Replies
View Related
Mar 17, 2013
I currently have Nexus 5596 pair with VPC peer link Po1 between them. My goal is to connect our new Nexus 7Ks to the 5K's using Fabric Path. My question is during this inital setup with the 7K's. Can I use the same port channel number on the 7K's as I did the 5K's? Is the port channel locally significat?
View 2 Replies
View Related
Apr 26, 2012
Trying to get the peer links to work and have them in interfaces E1/1-4 . When i do a show int status it looks like this and says sfp invalid. I see this on both sides. These same model gbics work fine attached to a FEX on these boxes.
Eth1/1 vpc peer link to T sfpInvali trunk full 10G Fabric Exte
Eth1/2 vpc peer link to T sfpInvali trunk full 10G Fabric Exte
Eth1/3 vpc peer link to T sfpInvali trunk full 10G Fabric Exte
Eth1/4 vpc peer link to T sfpInvali trunk full 10G Fabric Exte
Gbic in ports are this.
Ethernet1/1-4
transceiver is present
type is Fabric Extender Transceiver
name is CISCO-FINISAR
part number is FTLX8570D3BCL-C1
[code]....
View 5 Replies
View Related
Apr 19, 2012
I got ASA 5510 with base license, can I block all Peer-2-Peer traffic from inside to outside.
ASA Giga 0/0 connected to ISP Router 2811
ASA Giga 0/1 connected to LAN switch 3560
View 3 Replies
View Related
Jul 25, 2011
I see that Application protection - blocking peer-to-peer file sharing traffic is a capability of Cisco IOS Firewall. How do i configure my Cisco 2911 ISR to block peer-to-peer file sharing traffic?
View 1 Replies
View Related
Jul 31, 2011
I recently bought the WAG320N can I block Peer to Peer file sharing on my Network?
View 3 Replies
View Related
Jul 31, 2011
I bought my WAG320N, I too have the internet drop out and from reading in here is a very common problem. Cisco really should bring out a new firmware version and address this issue. Any way you can block peer to peer file sharing with the WAG320N? If so how do you go about it?
View 1 Replies
View Related
Jan 28, 2011
One of the schools whose networks I administer has a peer to peer network running about 30 xp machines. DHCP is achieved and DNS settings distributed via a basic Linksys router; is there any way of distributing proxy server address and port short of entering manually in LAN settings of IE on every terminal - there is no budget to install a server.
View 4 Replies
View Related
Jan 18, 2011
i just set up my 2Xp pc's and one windows7 laptop peer to peer for file and printer sharing but i can not configure internet connection for those pc's
View 2 Replies
View Related
Jul 4, 2012
upgrading our small office network. We currently have about 75 employees with probably 125 devices on the network. I'd like to create about 10 vlans for the different departments and then configure intervlan routing as needed. Currently we have all unmanaged switches and it's just a huge broadcast storm on the network. We are upgrading our Cisco 800 router to an ASA5505 sec. Plus license. I need some recommendations on switches. Of course, this needs to be done as cheap as possible.... Is there a way to use the ASA to configure all the vlans and intervlan routing and access lists and use a cheaper switch to provide the access layer to hosts?
View 4 Replies
View Related
Jan 23, 2013
I have the following config using a Cisco 1921. I am trying to get devices on the the native VLAN to get internet access via the gateway x.x.x.73.Any thing being routed from the other Vlans 15/20/30 can get access, but nothing from an internal IP address. Is there something I am missing.
The Xs replace the same 3 octets for each interface.I am trying to route from VLANs 15/20/30 to see VLAN 5. I have tried a few things, in terms of adding extra ip routes, but can't get anything to work. Each of those Vlans have another router on the other side of them, which I have also tried adding ip routes too, but nothing. One of the routers (Vlan15 is a Draytek 2830). [code]
View 5 Replies
View Related
Mar 27, 2012
I have purchased these two switches from ebay as a test lab, I plan to connect them up via a gigastack modulecable and enable ip routing on the c3550 and vlans to talk to each other.
I'm very much a procurve person and really need to get into the cisco switching.I will want to trunklacp between the switches - whats the process is setting that up on cisco switches?
View 1 Replies
View Related
Feb 19, 2012
I have a 3560E with 2 vlans that I want to route between. one device with 2 vlans and route between.Interfaces are configured as such:
int g0/11
switchport mode access
switchport access vlan 10
int g0/12
switchport mode access
switchport access vlan 11
[code]...
Laptops on each port with 10.10.10.2 and 10.10.11.2 configured on them. I can ping from 10.10.10.2 to 10.10.11.1, but not to 10.10.11.2.What do I have to configure to be able to get the 2 laptops to talk to each other?
View 9 Replies
View Related
Jan 24, 2013
I am setting up a vm environment for a customer in my lab off site. I have two stacked 3750-x switches, a san, and threes UCS c220 M3S servers for hosts. I am trying to separate the lan traffic, san iscsi traffic, and san management traffic using vlans. The problem is i'm unable to communicate cross vlan with my current config, which I have attached to this post. The only noteworthy things in my conifg is that the ip route 0.0.0.0 0.0.0.0 192.168.83.6 is referring to a switch stack they have on site, that I will connect this stack to using the first two trunk ports on each switch, that I do not have here in the lab. I don't want to cause any confusion in why I have things set a certain way.
View 1 Replies
View Related
Jul 24, 2012
The situation include 2 cisco routers an 2 switch 3550
so we have Router A in Vlan x access ----->Sw1----Trunk----Sw2<------Vlan y Access Router B I 've to enable rip1 on guys A and B ONLY !!! Avoiding any kind of tunnel I though it was all around fallBAck bridging ... but after days of tries ...
View 3 Replies
View Related
Jul 24, 2012
I have tried to test copy tftp: numerous time with no success. I believe the reason it is failing is my laptop to Ethernet port is in vlan 62 and the tftp process operates in a different IP space.I am using gig 7/1 and configuring my laptop nic for x.x.x.254 mask 255.255.255.0. I can ping from laptop to gateway) and I can ping from the switch to my laptop using ping vrf production x.x.x.254. Can you tell me what vlan I need to set my laptop connection in or if there is something else I need to change to make tftp work on vlan62?Does TFTP only work in vlan1 or can it be changed?
View 2 Replies
View Related
Oct 23, 2012
I recently set up a Cisco 881 to cover a small business network. The router is currently set up and working as expected. We recently decided to move to VoIP phones and here is where I'm running into some issues.
First an overview: We run a network with a cable internet WAN connection, this connection is DHCP, however we have a static IP through our ISP. We also have a block of 30 additional IP addresses for one to one mapping as we need them. The new VoIP system is being run over T1 lines throughout the township (we are a municipal organization) and the VoIP system is being run to about 5 buildings in the township.
This brings me to the topic of VLANs. As the phone engineer explained it to me, there is a network set up over the T1 that allows the VoIP equipment to talk to one another and operates all of the VoIP phones on one network. The equipment that is being installed at our building connects to the network over the T1 and "talks" to the other equipment on the network. The engineer wants to create a VLAN and run it on ports fa1 and fa2, with the fa2 port being connected to the actual "MPLS" (their term) that connects to the T1 and into the cloud, and the fa1 port connected to the internal phone switch.
TLDR; The problem is this: When we attempt to set up the VLAN on ports fa1 and fa2, we have no connectivity with the other units in the external VoIP cloud. Pinging while directly connected to the "MPLS" yields successful pings, while pinging from the router with the "MPLS" connected to fa2 yields failures. I'm going to post the running config below, I feel like what we're doing should be working. I asked around about subinterfacing, but others seemed to think this was not necessary.
ROUTER CONFIG
Building configuration...
Current configuration : 4909 bytes
!
! No configuration change since last restart
version 15.1
[Code].....
View 10 Replies
View Related
