Cisco WAN :: Nexus 7k Configuration Commands For PBR?
Sep 25, 2012
I am looking to configure PBR in Nexus. The current setup in IOS is :
interface Vlan10
ip address 172.27.206.1 255.255.255.0
ip address 172.27.208.1 255.255.254.0 secondary
ip policy route-map Vlan_10_to_Corp
route-map Vlan_10_to_Corp permit 10match ip address Vlan_10_to_Corp
set ip next-hop 172.27.209.250!route-map Vlan_305_to_EFH permit 30
[code]....
But, Nexus PBR will not work with deny statements init. Now, what options do I have ?
View 2 Replies
ADVERTISEMENT
Apr 14, 2013
In studying and testing SSL VPN on an ASA I have the network as shown in the attached diagram. The configuration is based on an ASA with 8.3 but our ASA is 8.2 and at this time I'm not familiar with the new NAT configuration and commands in 8.3 or later and how to translate the 'nat (inside,outside) source static' for me to an 8.2 version.
View 3 Replies
View Related
Jul 19, 2012
I have configured below SNMP v3 commands in Cisco Router 7206VXR (NPE-G1) . I have tested with all option but it is not working . SNMP server is a SNMPc tool and I have configured user name and piv and authentication credential correctly in both side . Same configurations is working for all Cisco switches but not working for Cisco Router.
SNMP V3 configurations:
access-list 20 permit 43.194.10.0 0.0.0.255
snmp-server view readview iso included
snmp-server group readonly-group v3 priv read readview access 20
[ code]....
Router :
Host Name# sh versionCisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.2(33)SRD7, RELEASE SOFTWARE (fc1)[ code]...
View 3 Replies
View Related
Dec 14, 2011
How to, for the most part, setup 802.1x via wireless. I'm using two 5508 WLCs, and Cisco ACS. I will setup the user account/password information via Cisco ACS and User Identity and Hosts. I know from the WLC 5508 web admin tool that I can choose 802.1x in the security parameters. I only have a few question. We have two wireless networks, one is wide open and provides internet access, the other will provide internal access for select users. I am setting up 802.1x on the internal wireless lan. Do I need to configure any 802.1 configuration commands on the switch in order for this to work, if so where would be the locations to do this at? Also, if there is a MAC isolation configuration option I can configure to not allow other hosts on this specific wireless network to communicate with each other?
View 3 Replies
View Related
Apr 7, 2013
We have an ASA with 8.4(5) version. we had detected that few ip's were getting shunned ,to overcome the problem no shun was used and the traffic normalised.But, the same problem re-occured a few days after that with logs showing traffic being shunned.
is there any fixed way to get rid of this. what commands can i use to verify related configuration on the firewall.
View 3 Replies
View Related
Jun 5, 2012
Configuring radius authentication on Nexus 7k?I have heard once you have configured the radius you are only able to run show commands on it.
View 1 Replies
View Related
Dec 4, 2012
I'm busy on configuring the backup of the configuration from Nexus switches 5K and 7K.I have installed COPSSH on my windows server and try to confiugre the sftp credentials. [code] I have tested from the CLI from the switch and i have the issue but if i use the default vrf 'default' it works fine.How can i change the command sent by DCNM to the Nexus in order to specify vrf default and not vrf management ?
View 1 Replies
View Related
Mar 23, 2011
i have a use-case in which we need to firewall some of the security-sensitive-vlans to the ASA. In other words, there are few vlans that have their SVIs on the N5k (Layer-3 enabled) which talk to each other and there are some which have the layer-3 on the ASA. The ASA has sub-interfaces for those vlans. The N5k-sw and the ASA are interconnected on the same 1 physical link with a sub-interface on both ( /30) and the ASA is injecting default route to it in OSPF. They are advertising all of their networks in OSPF. I see all the routes in them. (Attached pic),My issue is: I am unable to ping the other sub-interface on the ASA from the N5k. (If you check the attached diagram, i cannot ping 20.1.1.1 from the N5k, although i can reach my next-hop 10.1.1.2) I have made the security-level to 100 for the subinterfaces and the physical interface on the ASA, also have allowed ip,icmps in the ACLs on the sub-interfaces of vlan 10 and 20 in both directions.
View 5 Replies
View Related
Jan 26, 2012
I have followed every piece of cisco documentation I could find on this and I still can't get vPC configured to actually work. The VLANs stay in a suspended state so no traffic flows across. Below is my configuration:vrf context management ip route 0.0.0.0/0 10.86.0.1vlan 1,vlan 86 name I.S_Infrastructure,vpc domain 1 role priority 1000 peer-keepalive destination 10.86.0.4,interface Vlan1,interface Vlan86 no shutdown description I.S._Infrastructure ip address 10.86.0.1/24,interface port-channel1 switchport mode trunk vpc peer-link spanning-tree port type normal,interface Ethernet1/1 switchport mode trunk channel-group 1 mode active,interface Ethernet1/2 switchport mode trunk channel-group 1 mode active ,interface Ethernet1/3,escription Connection to Mgmt0 switchport access vlan 86 speed 1000.
View 8 Replies
View Related
Dec 9, 2012
I am seeing an issue that after deleting/recreating one of the VDC in Nexus 7K, VLAN is not been able to be configured within the VDC although it is not actually a reserved VLAN. Could it be anything missing in the license installation? the version of the image is NX-OS 6.1.2
StorageVDC(config)# vlan 100
^
invalid vlans (reserved values) at '^' marker.
View 2 Replies
View Related
Sep 10, 2012
I would like to know if the power the Nexus 7K allocates per module is configurable?For example, we are only using the 8 didicated ports on our N7K-M132XP-12 card. The Nexus budgets 750W for the module, but given that we will only ever use 8 of the 32 ports we would like to allocate the remaining power elsewhere.
View 2 Replies
View Related
Mar 23, 2012
I want to know how to retrieve the complete configuration for a Nexus via the snmpwalk or snmpget commands...
View 6 Replies
View Related
May 6, 2013
We have two Nexus switches in our network, one of them is Nexus5020 other Nexus5596UP. System image is identical on both switches 5.2(1)N1(4). When we try to setup VPC between these switches we see that all configured vlans on VPC peer link between Nexus switches are blocked by spanning tree protocol with message "Bridge Assurance Inconsistent, VPC Peer-link Inconsistent". We still can't solve this problem.
Topology:
NEXUS_5020---Peer_link(Po2)---NEXUS_5596UP
/
/
Member_link (Po100) Member_link (Po100)
/
/
SERVER
Configuration:
NEXUS_5020:
speed 1000
interface Vlan2000
no shutdown
description VPC_keepalive_link
vrf member VPC_kepalive
ip address 10.55.55.2/30
View 2 Replies
View Related
Dec 6, 2012
I am looking to implement a QoS policy on a pair of Nexus 5548 UPs. FCoE is a factor here. I have created the following configuration and would like to get a few pairs of eyes to take a look at this for a quick sanity check.
How to make sure this config is valid. Also, I realize I'm applying an MTU of 9216 to all classes right now, this will be phased out incrementally.
class-map type qos match-all class-platinum
match cos 5
class-map type qos match-all class-gold
match cos 4
class-map type qos class-fcoe
match cos 3
[code]....
View 1 Replies
View Related
Jan 19, 2013
We have Nexus 7009 switch and want to configure the span session
We are using F2 and M2 card both are in seperate differeent VDC.And out server is connected to M2 card on eth 4/6 and want to monitor the traffic from vlan 161Which is made on F2 card.
Connectivity is like this.
Nexus 1 Nexus2
Slot 3: F2 card Slot 3 : F2 card
Slot 3: M2 card Slot 3 : M2 card
[Code]......
View 1 Replies
View Related
May 23, 2012
I have a Cisco Nexus 3064 that I am using as part of a flat network for the Lab. I have 30 Virtualization Servers(MS HyperV and VMware vSphere) connected to this switch and I want to enable jumbo frames. The Virtualization Servers are able to ping the local VM's using 8K bytes. However I am unable to ping from server to server using 8K bytes. I have configuration (in abbreviation). All the servers are in the same network which I configured as L2 ports with the "switchport" command. However, the interface "MTU" command is unavailable in L2 mode. I am only able to get the interface "MTU" command only in L3 mode with the "no switchport" command on the interface.
# int eth1/2-45
# no switchport
# mtu 9216
# no shut
I can ping the servers with less than 1500 bytes, but anything larger fails.
View 3 Replies
View Related
Feb 17, 2012
What is the purpose of these default configuration lines? What do they mean? I can't find an explanation of them anywhere. I believe some are written to the config when FCoE is enabled..
I would like to know exactly what they are doing.
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
[Code].....
View 5 Replies
View Related
Feb 16, 2013
I have two 5548s as core. 8 FEXs are multihomed (advanced vPC topology?) to both the cores.Suppose, I have to configure a bunch of ports on the FEXs, say Eth101/1/10 - 20. I would login to the first core and apply the configs.
My question is - do I have to do the same on the second core also? Or would the first core replicate the stuff to the second core? I know about port-profiles/CFS and such. But, without that would it automatically sync to second core?
For testing purpose, I went to Core 1 Eth101/1/10 and put a description "TEST". Wrote the config. After 5 minutes logged into second core and did show run Eth101/1/10. But, the description "TEST" didn't show up there.
Also, doing sh run on any FEX port is faster on one of the cores and very slow on second core... all the FEXs have 20 GB uplink to core 1 & 2 (so total 40GB in vPC, max pinning 1)
View 2 Replies
View Related
Sep 26, 2011
I found this reference DCNM-L-NXACCK9 in the configuration generated by a dynamic Tools for a nexus bundle N5K-C5548UP-B-S32. This reference is not reflected in the price list. Has it been replaced? no datasheet on Cisco portal.
View 2 Replies
View Related
Apr 7, 2013
This is regarding CISCO logging configuration.We palnned to implement enable logging on all the cisco nexus switchs.we are running HP arc sight in our DC this device monitor all the CISCO devices.We want to enable logging with this Arc sight device.Just I would like to know about config commands for Nexus device, what is the command to enable logs which is include "who is login & logout?, interface down information?,who was did conf t ? & every logs"
View 8 Replies
View Related
Sep 10, 2012
we've been using IOS for a long time, but are relatively new to NX-OS. We've got a central syslog server that all our devices log to. No matter what we do, we can't get our Nexus switches to log there. Here's my current attempt:
Nexus 7009, NX-OS 6.0(1)
# sh logging server
Logging server: enabled
{redacted}
server severity: debugging
server facility: local7
server VRF: default
[code].....
The default VRF is working. I see log entries in the logfile, but nothing arrives at the syslog server. It's not a config issue on the server, because tcpdump shows that no packets arrive from the IP for loopback 0.
View 3 Replies
View Related
Apr 29, 2012
What is the exact command in restoring the running-config on a Nexus 7010. Is it the same command / procedure as the Cisco IOS?
View 3 Replies
View Related
Feb 23, 2011
We are facing issue of continous packet discards On nexus4001L link (int po2) to Nexus5020 switch. Nexus4001L is installed in IBM blade center server and we have FCOE enabled in this setup. [code]
View 2 Replies
View Related
Mar 15, 2013
I have been tasked to replace the existing Cat 6500 and 3750 switches by Nexus 7000 and Nexus 2000.I was told initially my boss plans to get 2 x Nexus 7000 and then eventually blow up to 4 x Nexus 7000s.For Nexus, is there a list of tasks / points that i need to consider for building the initial design?
Can i just link the Nexus 7000 like the following?
N7k-A ========= N7k-B
| |
lots of N2ks lots of N2ks
View 12 Replies
View Related
Dec 22, 2011
Struggle to find the SNMP MIBS of the Nexus 5000 FEX tranceivers.
View 3 Replies
View Related
Nov 13, 2012
we are planning a Nexus datacenter project with this layout:Our experiences with Nexus switches are not so large until now and the manuals are very extensive.Both N5K´s should be connected directly with all 4 N2K switches. I did not find a layout like this in the manuals. Only a design,where only 2 N2K are connected to one N5K, with this fex config:Now I´m not sure if it is right to make a config like this with the same slots and fex´s or with different slots and fex´s.
View 1 Replies
View Related
Jul 13, 2011
I try to get a ASA with the new software 8.4.2 running. On an old pix we had the nat command: static (inside,outside) tcp interface www 192.168.15.252 www netmask 255.255.255.255 0 0,In all the new documents about 8.4.2 I can find that it should work with something like:
object network web_host nat (inside,outside) static interface service tcp www www
I want to forward http traffic from the outside interface to this host. In the log I just get entries about blocking ACL - but both is allowed on the outside access-list - traffic to the inside IP and also to the outside interface IP.
I also tried it with "Public Server" - but when I try to use the Interface address I just get the message: Address x.x.x.x overlaps with outside interface address.
Is it still possible to do port forwarding on the outside interface?
View 5 Replies
View Related
Feb 4, 2011
I have two nic one connected with DSL modem with gateway 192.168.1.1 for Internet. another nic connected with office Intranet with gateway 10.226.122.x . I can connect only one network at a time disabling other.. I know route add command can be used for linking the both network so I can simultaneously use Internet and Intranet..can you elaborate with example (five years ago I set up the same with route add command.. now my memory failing..)
View 1 Replies
View Related
Nov 12, 2012
Any link to the commands in the Roman asa 55xx ? Did not find on Cisco's documents.
My small ASA 5505 crashed and comes up in Roman. Like to try get SW and Config back if possible.
View 4 Replies
View Related
Nov 6, 2012
I have a Cisco 3925 router running IOS 15.2 I am trying to configure IP SLA on it. The configuration is supposed to be what is pasted below. but the CLI is rejecting the commands.Its taking oly the "ip sla responder" command after that if I enter "ip sla 1083180034" command it says invalid input. [code]
View 5 Replies
View Related
Mar 14, 2012
I have configured the TACACS in my network and I have configured the aaa authorization commands 15 default if-authenticated group tacacs+ in Cisco 6504 Switch. Its allowing me to Login by Unable to run the Sh run commands ,i am getting Aithorization error emssage. If i am checking sh Privillage its showing level 15. Same configuration fine in other device with out issue.
View 2 Replies
View Related
Jun 6, 2012
Are the IOS commands the same on a router and a ASA for these two topics....CBT Nuggets where I train has 553 videos for some of the new topics. I am preparing for 554 as it has more ASA focus and thats more interesting to me.
View 1 Replies
View Related
May 9, 2011
Have a conceptual question bout CLI command authorization. We have ASC 5.2 up and running, providing AAA services for network devices. Now I need to make profiles for users in certain group to restrict dem CLI "rights" to show, clear counters and show running-config commands. I need to accomplish dis task.I should clrete separate privillege levele profile (let it be 2), specify commands at this level, assign Group this Authorization Prifile and make some additional changes in my devices.
View 26 Replies
View Related
