How to you setup ip routing on a Nexus 5500 I want to do vlan routing between an Nexus 5500 and Catalyst 3750. Nothing clever just have the 2 switches talk and vlans route between the two.
View 3 RepliesIs there an official Cisco-Page with the always-up-to-date recommended NX-OS-Releases for the Nexus 5000, just as there is URL
If there is no such page: What Release can be recommended?
We got new N596 & N2232 this week, and are using L2-LAN only, no L3,no FCoE- or FC-Ports. The command 'vPC orphan-ports suspend' is the newest feature used, so 5.0(3)N2(1) would be the oldest possible release.
Before I install 5.1(3)N1(1a) and then have to do a distruptive downgrade to 5.0(3)N2(2b), I'd like to be assured that the new one is already recommended as mature enough.
IOS we used for limiting access for a group we used configuration of snmp-server views like following
snmp-server group backupgroup v3 priv read backupview write backupview access 20 snmp-server view backupview ccCopyTable included could not find out how to achive this config in NX-OS on Nexus5500
Are there any dependencies on VTP on the Nexus platforms like the 5500 or 7000? In IOS P V LAN required VTP Transparent mode however I cannot find any reference to this for the Nexus platform. Are there any other features that would require the use of VTP? By default VTP is turned off on nexus and has to be enabled with the feature command so is there any benefit to running VTP in transparent mode vs off?
View 1 Replies View RelatedThere is very little and quite diverse Information regarding the if, where and how of a Nexus 5000 or 5500 series Switch and support for IEEE 802.1AE Link Layer Encryption (also called MACsec).
For example: the official FAQ denies that the Nexus 5500-series supports 802.1AE at all, while the data sheet says that only "downlink ports" are supported (host access).
On the Nexus 7000 platform the 802.1AE link layer encryption is part of TrustSec (feature cts) and much better documented.
The Question is: If and under which circumstances (configuration, L3 modules, license, NX/OS version) does a Nexus 5k or 5500 series Switch support 802.1AE on 1G or 10G interfaces that are directly connected to a Nexus 7000 (with the necessary cts feature licensed/configured)?
Does the Nexus 5548/5596 switch support OSPF ECMP?
Also on OSPF and ECMP, the load-balancing method at the multiple links for Catalyst 3750 is per IP packet or per destination IP?
I am experiencing inconsistent echo-replay from devices connected via VPC to Nexus 5500s while pinging from the Nexus exec prompt.
In some cases I receive normal response when pinging from one Nexus, but no response when pinging from the other switch. In other instance I receive normal response to one Nexus, and duplicate replays to the other. It looks like a VPC related bug. NXOS is 5.1.3.N2.1
5501# ping 10.12.12.232
PING 10.12.12.232 (10.12.12.232): 56 data bytes
64 bytes from 10.12.12.232: icmp_seq=0 ttl=253 time=8.585 ms
64 bytes from 10.12.12.232: icmp_seq=0 ttl=254 time=9.227 ms (DUP!)
64 bytes from 10.12.12.232: icmp_seq=1 ttl=253 time=1.011 ms
64 bytes from 10.12.12.232: icmp_seq=2 ttl=253 time=8.097 ms
64 bytes from 10.12.12.232: icmp_seq=2 ttl=254 time=9.429 ms (DUP!)
64 bytes from 10.12.12.232: icmp_seq=3 ttl=253 time=18.195 ms
64 bytes from 10.12.12.232: icmp_seq=4 ttl=253 time=8.807 ms(code)
Nexus 5500 support auto negotiation on 1gig sfp port? There is an end device that only support auto negotiation and cannot be manually set speed/duplex.
View 0 Replies View RelatedI have a Nexus 5500 which is the core of our network and we have access layer switches uplinked to it. I know by default the qos markings will be trusted.
1. On a trunk uplink from an access layer switch to the Nexus, I have "mls qos trust dscp". Will the DSCP marking be preserved when it reaches the Nexus?
2. How do I do prioritization of voice traffic on an uplink on Nexus based on DSCP EF?
I'm trying to setup SNMPv3 on a Nexus 5548. We are using SNMPv3 on 3750's without any issue, but haveing issues getting it setup on the Nexus.I have been using the following link for the setup following it line by line. [URL]The part that I'm having issues with is when I try to enforce SNMP message encryption on a per user basis. When I issue snmp-server user (username) enforcePriv, I get warning: unable to update CLI users database. reason: role does not exist grounp not found.
View 1 Replies View RelatedCurrent our environment is the following:
Core1 ---- Core2
| |
Nexus5k
| |
N2k, N2k, N2k (FEX)
||
Servers, hosts, etc..
We would like to add another Nexus5k to this topology. However, it has to be a zero downtime infrastructure add-on. When setting up the keep-alive, peer-link, vPC and vdc domain, will there be any upset in network traffic on the current N5k?Also, are the Nexus5k configurations synchronized or are they independent from one another? Before setting up the new 5k, should i configure it to teh 6509's, and vPC's to the Nexus2k's before setting up peer-link?
We have a setup of 2 Nexus 7000 chassis and several fexes (N2K-C2248TP-1GE). The fexes are connected through a port-channel to a single nexus 7000 (no vpc). (Fex 1 to Nexus 1, fex 2 to Nexus 2, fex 3 to nexus 1 etc).Are there guidelines on how to connect a server to those fexes.
I can see several possible scenario's at our site. I have drawn some scenario's on a design. I can't find detailed information on which setup is possible and which is not. The goal is to have as much redundancy as we can.When using scenario 1, do I configure an orphan port on the uplink to this server?
We are facing issue of continous packet discards On nexus4001L link (int po2) to Nexus5020 switch. Nexus4001L is installed in IBM blade center server and we have FCOE enabled in this setup. [code]
View 2 Replies View RelatedI have been tasked to replace the existing Cat 6500 and 3750 switches by Nexus 7000 and Nexus 2000.I was told initially my boss plans to get 2 x Nexus 7000 and then eventually blow up to 4 x Nexus 7000s.For Nexus, is there a list of tasks / points that i need to consider for building the initial design?
Can i just link the Nexus 7000 like the following?
N7k-A ========= N7k-B
| |
lots of N2ks lots of N2ks
Struggle to find the SNMP MIBS of the Nexus 5000 FEX tranceivers.
View 3 Replies View Relatedwe are planning a Nexus datacenter project with this layout:Our experiences with Nexus switches are not so large until now and the manuals are very extensive.Both N5K´s should be connected directly with all 4 N2K switches. I did not find a layout like this in the manuals. Only a design,where only 2 N2K are connected to one N5K, with this fex config:Now I´m not sure if it is right to make a config like this with the same slots and fex´s or with different slots and fex´s.
View 1 Replies View RelatedI have two cisco asa firewalls connected through a VPN, one is 5505 and the other is a 5510. From the 5505 I can ping the internal interface of the 5510, but not vice versa. Would that be a NAT issue? I used the ASDM to configure the VPN tunnels with the wizard for IPsec site to site.
View 3 Replies View RelatedI used the following commands to limit users on my wireless network (WLC 5500) and a Nexus 7000. The previous cisco doc only covers the 6500 and some commands have changed. Tested and working except the PIR gives an error, post up if you know why, otherwise enjoy!
Note Wireless Network assumed to be 172.21.0.0/16.Note This will limit each wireless user to 1 MbpsNote The PIR (Peak Infomation rate, also know as burst) is ignored in following commands, unknown at this time why.Create ACLs:
ip access-list acl-wireless-downstream 10 permit ip any 172.21.0.0/16 ip access-list acl-wireless-upstream 10 permit ip 172.21.0.0/16 any class-map type qos match-all class-wireless-upstream match access-group name acl-wireless-upstreamclass-map type qos match-all class-wireless-downstream match access-group name acl-wireless-downstreampolicy-map type qos police-wireless-upstream class class-wireless-upstream police cir 1 mbps bc 200 ms pir 1536 kbps be 200 ms conform transmit exceed drop violate droppolicy-map type qos police-wireless-downstream class class-wireless-downstream police cir 1 mbps bc 200 ms pir 1536 kbps be 200 ms conform transmit exceed drop violate drop
1.Apply police-wireless-upstream on the incoming port from the controller.
interface port-channel130 description *** LAG for WLC1 *** switchport mode trunk switchport trunk allowed vlan 80,130,255,600 service-policy type qos input police-wireless-upstream
2.Apply policy-wireless-downstream on the uplink LAN/WAN ports.
interface port-channel101 description *** L3 Port Channel to Core VDC *** no switchport service-policy type qos input police-wireless-downstream ip address 10.70.10.18/30 ip router eigrp 10
How many VMs can a pair of 5548s support? Remember, for each VM, I will have an ARP entry in the 5500 ARP Table (assume 5500 is the L3 default gateway).
View 3 Replies View Related: %DATACORRUPTION-1-DATAINCONSISTENCY: unterminated string in buffer of length 129, counted: 129 -Traceback= 4027CB2C 402B1E88 4052884C 40528A48 40528D08 40529188 40529358 403247E8 403247D4
Cisco Internetwork Operating System Software
IOS (tm) C5RSM Software (C5RSM-ISV-M), Version 12.2(46), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by cisco Systems, Inc.
Compiled Thu 26-Apr-07 19:41 by pwade
Image text-base: 0x40010948, data-base: 0x410F41D0
[code]....
Having an issue with my WLC 5500 and client connectivity. This just started today. Clients will connect for a short period of time and then drop off. WLC appears fine with the exception of a bunch of trap errors. I've rebooted the WLC but this did not clear the issue.
View 3 Replies View Relatedhow to configure the ASA 5500 with "Directed Broadcast" for Wake of lan from other networksegment. we want pass traffic from 192.168.10.0 network to 192.168.100.0 DMZ Network to turn on the server with Wake on Lan.
I read something about "Static NAT" but how do i make this one?
We have successfully peered two 5548UP switches together and separately we have successfully peered two 5596UP switches together. Works great and is our standard going forward for data center switching. I've been casting about Google and Cisco looking for an answer to this question:
Is it possible to have more than two 5500 class Nexus switches participate in a peered vPC configuration? For instance, can I connect a single FEX to four 5500 class switches in a vPC configuration? The question is more academic than actionable. Even if the answer is yes we probably wouldn't be in a position to implement something like this for a while.
We are working with a contractor to upgrade our network, and I heard from them that the 5596/5548 might not need the Layer 3 module for our inter-VLAN routhing. They have yet to give me an answer.
We do have a few static routes on our current layer-3, core switch too.
We have been deploying ASA 5500 series devices for longer than I've been around. We have always used a script from a tftp server that would use the "wr net" command to send the running-config to the tftp server for daily backups. The script was setup to automatically name these "hostname-mm/dd/yyyy" for each device. We cannot seem to get this working on devices running ASA 8.43. In fact I can't even get the "wr net" command to work from the ASA at all even though I have the tftp server defined correctly (note this is going over the "outside" interface so I always get the warning regarding using the interface with the lowest security level). I'm sure there is something out there that I have overlooked, however I have not been able to come across this. Have there been any changes in the setup, or functionality of the wr net command or the tftp configuration with ASA 8.43?
View 1 Replies View Relatedis it possible to setup a Cisco ISR 881W so it connects to a Cisco ASA 5500 series head via network extension mode? We did this in the past with our PIX connecting to 3000 series concentrator.
View 1 Replies View RelatedSince the 5500X series firewalls use a software IPS SSM that is set up differently from the old ones, I am a little confused on the initial setup.
[URL]
we see a proposed setup for L3 management of the IPS
interface GigabitEthernet0/0
nameif outside security-level 0
ip address 203.0.113.1 255.255.0.0
[Code].....
Does the nexus 7010 support virtual switching yet? All of the posts I have found from about a year ago say that it is going to be supported, but there were no dates listed. I heard the same thing from Cisco a while back, but haven't followed up with it.If it is supported finally are there any configuration guides available for it?
View 7 Replies View RelatedLucien is a customer support engineer at the Cisco Technical Assistance Center. He currently works in the data center switching team supporting customers on the Cisco Nexus 5000 and 2000. He was previously a technical leader within the network management team. Lucien holds a bachelor's degree in general engineering and a master's degree in computer science from Ecole des Mines d'Ales. He also holds the following certifications: CCIE #19945 in Routing and Switching, CCDP, DCNIS, and VCP #66183
View 1 Replies View RelatedCan nexus 5010 supports inter v lan routing , as there is no core switch and router available in current network.
View 2 Replies View RelatedWe have our Nexus as our default gateway (101.1) and the default VLAN1 is setup with two subnets 101.X and 102.X. The DHCP server is using a superscope setup to accomodate the overflow of devices requesting IPs on 101, so when 101 is consumed persons are able to obtain a 102.X IP address. The setup is basic on superscope. The issue is some times the routing to the firewall with a 102.X is not always 100%. Somedays all goes well and the 102 subnet is routed out to the firewall and its a good day. However, such as today a 102.X address is not routing as it did 24 hours ago. I am perplexed as to why this is behaving unpredicatable. Here is running-config for VLAN1 to show the 102 as secondary address to VLAN1.
View 2 Replies View Relatedyou find attached my network architecture with 2 Nexus 7010 on core layer and 2 Nexus 5020 on distribution layer, each one with 1 N2148T fabric extender switch. PC-A1 and PC-A2 are connected to one N2148T, PC-B1 is connected to the other N2148T. Nexus-7000-1 is HSRP Active for all VLANs, Nexus-7000-2 is HSRP standby. PC-A1 and PC-A2 are connected to VLAN A, PC-B1 is connected to VLAN B. PC-A1 and PC-A2 have the same default gateway correspondent to IP HSRP on VLAN A. It happens that PC-A1 is able to ping PC-B1 while PC-A2 is unable to ping PC-B1. If I issue a traceroute from PC-A2 I see Nexus-7000-2’s physical IP address as the first hop even if Nexus-7000-2 is HSRP standby. After the first hop the traceroute is lost. If I shutdown Port-channel 20 on Nexus-5000-2, PC-A2 starts to ping PC-B1.I can’t understand what’s wrong in this architecture.
View 6 Replies View RelatedI have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.