This is not an official guide, just something I've been testing to help during those "difficult" situations. All works here are my own!
There are some situations where we need to load an image onto a Nexus switch (or other network devices for that matter) using a TFTP Server or a USB drive. There are some conditions/circumstances where we might not have access to either of these options (Possibly due to firewalls, Lack of physical access in a "lights-out" DC or when certain parts of the network have no reach-ability).
This document attempts to present a solution using Docker Containers to show how we can run a TFTP Server on a Nexus 9000 running 9.3(1) code utilizing Docker.
This could be used to recover a Nexus device (or any other vendor's device that loads an initial image using TFTP). This would be used in an emergency situations where we have run out of options.
A circumstance which may need this solution could be during an upgrade where the switch fails to boot. In order to recover the switch we must wipe the file-system from the switch, losing the NX-OS binary image. In that case we must either use USB or TFTP to bootstrap the switch. There are circumstances where in a remote work situation we don't have physical access to plug in a USB (or remote hands will take some period of time to get to the site) and we don't have a TFTP available in the current network.
The broken switch [In this example IP address: 192.0.2.2]
This will be the victim needing access to a TFTP-server
We will call this switch "Switch bad" or sw-bad for short.
A healthy Nexus device running NX-OS 9.2(x)/9.3(x) code [In this example IP address: 192.0.2.1]
This will be the TFTP-server
We will call this switch "Switch good" or sw-good for short.
A copy of the NX-OS image (e.g. "nxos.bin" for short) you wish to boot (sw-bad) with. This image needs to be copied to the bootflash of (sw-good)
Access to the Internet via the management VRF of (sw-good)
Later I'll re-write this guide to include using the default VRF, but for now this guide will only focus on using mgmt0/management VRF on the TFTP-server
Connectivity (L2/L3) between sw-good & sw-bad.
Configuration of the switch in Loader> :: sw-bad
# Configure the mgmt0 interface on (sw-bad) set ip 192.0.2.2 255.255.255.0
set gw 192.0.2.254
Configuration of Docker/TFTPd on :: sw-good
# Enable the BASH shell feature bash
# Enter BASH shell run bash sudo su
# Check if Docker is running service docker status
# Start the Docker Service service docker start
# Invoke a container which exposes port 69 UDP docker run -d -p 69:69/udp -it pghalliday/tftp
# Show the running containers docker ps
# Copy the image from bootflash into the container, replace "container_id" with the "container_id" found # running the previous "docker ps" command. sudo docker cp /bootflash/nxos.bin container_id:/var/tftpboot
# Exit back to NX-OS and find the mgmt0 interface exit
show ip int bri vrf man (in my example I see 192.0.2.1)
# From sw-bad loader> boot tftp://192.0.2.1/nxos.9.3.3.bin
# If you want to get into the container (name is taken also from `docker ps` output) docker exec -it <NAME> /bin/sh
# To clean up once complete docker kill <container_id>
I hope this helps someone get out of a sticky situation!
We are using existing Brocade SAN switch and purchased new cisco SAN switch (MDS 9396T). Now we would like to create one fabric across both switch or configure ISL between these.Anyone please guide me, how could we configure ISL between cisco and brocade?
Hello Community,I have been looking for information about the routing decision on ACI.There are 3 lookup points:1- Endpoint Table2- RIB Table3- ARP Table.Basically a leaf switch will look for an endpoint on its database, if it is not found, then it tries ...
Hi, I'm getting an error when applying macsec policy to an interface, I understand what the error message is saying (can't use 1G or less on a port or port group), what I don't get is that none of the other ports in that MAC id group have SFPs, none ...
Hi, I was performing the direct transfer (agent extension) on an inbound call for UCCE 12.0, when I observed that on transferring (direct) call we receive some events for call type Consult. I wanted to know if that is the normal flow to ...