Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2861
Views
0
Helpful
11
Replies

HP Blade servers in Cisco Environment

Go to solution
balla-zoltan
Level 1
Level 1

‎07-22-2011 08:25 AM - edited ‎03-04-2019 01:04 PM

We had an interesting scenario; The server guys are testing HP Blade technology. The HP blade chassis is connected to a pair of Nexus 5548s, which are connected to our 6509s. The ports that the HP blade chassis is connected are 10G and configured for trunking. The two Nexus 5548s are connected together and each connected to one 6509, which are then connected together. When the server guys accidentally  clicked on bridging instead of teaming they almost took the network down. The 6509s' CPUs were at 99%. They realized the issue and quickly shut the blade chassis down, however we had a brief outage. Did any one of you ever ran into this kind of situation? There is an attached file to see how the connection is among all of the parts.

Thanks

Labels:
Preview file
4 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee
In response to balla-zoltan

‎07-22-2011 10:24 AM

FEX? Are you talking about Nexus 2000 connected to Nexus 5596?

Nexus 2000 are all edge port, which means it has BPDU guard enabled.

Root guard is used to protect spanning-tree root. It is not really necessary for the FEX.

Can you post a topology of the network?

Regards,

jerry

View solution in original post

0 Helpful
11 Replies 11

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee

‎07-22-2011 08:43 AM

Typical server admin.

You need to put some spanning-tree protection mechanism like bpduguard on the edge port (connect to the HP blade servers) to protect your L2 domain. This way, if the server admin do that again and passing BPDU between its two ports, the switch will err-disable both ports.

HTH,

jerry

0 Helpful

Go to solution
balla-zoltan
Level 1
Level 1
In response to Jerry Ye

‎07-22-2011 09:32 AM

When I tried to put the bpduguard command on the port I got the message that the command is not supported on the FEX interfaces. I was able to put the spanning-tree guard loop on. The other option is that spanning-tree guard root.

0 Helpful

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee
In response to balla-zoltan

‎07-22-2011 10:24 AM

FEX? Are you talking about Nexus 2000 connected to Nexus 5596?

Nexus 2000 are all edge port, which means it has BPDU guard enabled.

Root guard is used to protect spanning-tree root. It is not really necessary for the FEX.

Can you post a topology of the network?

Regards,

jerry

0 Helpful

Go to solution
balla-zoltan
Level 1
Level 1
In response to Jerry Ye

‎07-22-2011 11:05 AM

You are right, we have Nexus 5548s and 2232 Fiber Extenders. I was on vacation when it happened. I did a bit more digging and found out that when this happened they actually plugged the blade into the 5548 directly. Thank you for oyur help.

0 Helpful

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee
In response to balla-zoltan

‎07-22-2011 11:27 AM

No problem. Configuring bpduguard and loopguard on N5548 client facing ports should be able to protect it.

Regards,

jerry

0 Helpful

Go to solution
Lsimancek_2
Level 1
Level 1
In response to balla-zoltan

‎08-10-2011 12:12 PM

Hi - could you indentify where your guys found this check box or what type of network setup the Blade Center has? I'm about to plug the blade center in the ARs as a work around to Nexus issues but I'm concerned about this since if I plug anything bridging wise into my ARs my entire layer 2 data center network will go down and take out the business....

0 Helpful

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee
In response to Lsimancek_2

‎08-10-2011 12:29 PM

What check box are you talking about? And AR is access router? Please explain more, I am confused with your topology?

The loop in original post is not a Nexus problem, it is a classic spanning-tree issue. You have to use the spanning-tree protection machinasm like loop guard, root guard, etc. to protect your L2 spanning-tree domain.

Regards,

jerry

0 Helpful

Go to solution
Lsimancek_2
Level 1
Level 1
In response to Jerry Ye

‎08-10-2011 12:42 PM

Jerry -

I'm using my ARs to get around my access switches. The access switch is a Nexus 5548 with 2232 FEXs. But right now I'm running into the known VTP bug where the new 2 vlans I added are not being heard by the Nexus. To get around the issue and keep the project moving forward I'm going to plug the blade center into the 10 gig mod I have in the 6509 and use the ports as switch ports. The original post-er referred to within the blade center a "check box" for using bridging or teaming. My server guys can't find this and since we have little to no experience with them I'm concerned that they just aren't looking at the right spot. This is my current plan for the configuration:

interface port-channel2

description Blade Center Bay 1 -ports 1 and 2

switchport mode trunk

switchport trunk allowed vlan 1,105,107

spanning-tree port type edge trunk

spanning-tree guard root

interface Ethernet109/1/17

description Bay 1 port 1

switchport mode trunk

switchport trunk allowed vlan 1,105,107

channel-group 2 mode active

spanning-tree port type edge trunk

spanning-tree guard root

interface Ethernet109/1/18

description Bay 1 port 2

switchport mode trunk

switchport trunk allowed vlan 1,105,107

channel-group 2 mode active

spanning-tree port type edge trunk

spanning-tree guard root

0 Helpful

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee
In response to Lsimancek_2

‎08-10-2011 12:58 PM

I see. I am not a server guy and I can't answer the first question.

In the Nexus's point of view, I think you are okay since the configuration will protected against BPDU. In terms of root, I don't think it is necessary.

Regards,

jerry

0 Helpful

Go to solution
Lsimancek_2
Level 1
Level 1
In response to Jerry Ye

‎08-10-2011 01:01 PM

Normally we stick to just the edge port, the guard root is due to a certain level or paranoia - do you think the bolded part is unnecessary?

interface port-channel2

description Blade Center Bay 1 -ports 1 and 2

switchport mode trunk

switchport trunk allowed vlan 1,105,107

spanning-tree port type edge trunk

spanning-tree guard root

interface Ethernet109/1/17

description Bay 1 port 1

switchport mode trunk

switchport trunk allowed vlan 1,105,107

channel-group 2 mode active

spanning-tree port type edge trunk

spanning-tree guard root

interface Ethernet109/1/18

description Bay 1 port 2

switchport mode trunk

switchport trunk allowed vlan 1,105,107

channel-group 2 mode active

spanning-tree port type edge trunk

spanning-tree guard root

0 Helpful

Go to solution
Jerry Ye
Cisco Employee
Cisco Employee
In response to Lsimancek_2

‎08-10-2011 01:22 PM

I don't see any bolded text.

I don't think root guard is necessary. If the blade server is configured with bridge, the port should see BPDU and the port will be errdisabled with the default behavior, edge port will enabled BPDU guard.

HTH,

jerry

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card