Solved: Ask the Expert: Nexus 5000 Architecture, Configuration and Troubleshooting

Monica Lluis · ‎04-18-2016

This session will provide an opportunity to learn and ask questions about Cisco Nexus 5000 Architecture, configuration and how to do basic troubleshooting for issues related specifically to this platform. To participate in this event, ask your questions below by clicking on the "reply" button.

Ask questions from Monday April 18 to Friday April 29, 2016

Featured Experts

Ivan Shirshin is a customer support engineer in High-Touch Technical Services (HTTS). He is an expert on Routing, LAN Switching and Data Center products. His areas of expertise include Cisco Catalyst 2x00, 3x00, 4x00, 6500, Cisco Nexus 7000, ISRs, as well as Cisco routers ASR1000, 7600, 10000 and XR platforms. He has over 8 years of industry experience working with large Enterprise and Service Provider networks. Ivan is double CCIE (# 43481) in R&S and DC specializations and also holds CCDP and XR specialist certifications.

Naveen Venkateshaiah is a customer support engineer in High-Touch Technical Services (HTTS). He is an expert on Routing, LAN Switching and Data Center products. His areas of expertise include Cisco Catalyst 3000, 4000, 6500, and Cisco Nexus 7000,Nexus 5000, Nexus 3000, Nexus 2000, UCS, and MDS SAN Switches. He has over 8 years of industry experience working with large enterprise and Service Provider networks. Venkateshaiah holds a CCNA, CCNP, and CCDP-ARCH, AWLANFE, LCSAWLAN Certification. He is currently working to obtain a CCIE in Data Center.

Find other https://supportforums.cisco.com/expert-corner/events.

** Ratings Encourage Participation! **
Please be sure to rate the Answers to Questions

I hope you and your love ones are safe and healthy
Monica Lluis
Community Manager Lead

Ivan Shirshin · ‎04-25-2016

Hi,

You can find CUBE (SP edition) configuration examples in the following guides:

http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-border-element/116415-configure-product-00.html

http://www.cisco.com/c/en/us/td/docs/routers/asr1000/profiles/SBC_Config_Examplebook.html

Kind Regards,

Ivan

Kind Regards,
Ivan

View solution in original post

bluesea2010 · ‎04-18-2016

Hi,

Nexus does not support sflow ?

feature s?

shows below
scheduler scp-server sftp-server ssh

Thanks

Ivan Shirshin · ‎04-19-2016

Hi,

N5K does not support sFlow, only sampled Netflow. You can check the following guide for more details:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5600/sw/system_management/7x/b_5600_System_Mgmt_Config_7x/b_6k_System_Mgmt_Config_7x_chapter_010011.html

Kind Regards,

Ivan

Kind Regards,
Ivan

bluesea2010 · ‎04-19-2016

Hi,

I can't even find netflow

Ivan Shirshin · ‎04-20-2016

Hi,

Do you mean you do not have netflow feature? Which switch model do you have?

Please send "show ver" from your switch.

Kind Regards,

Ivan

Kind Regards,
Ivan

bluesea2010 · ‎04-24-2016

Hi ,

Sorry it was not 5000 , it is cisco Nexus9000 C9396

and NXOS: version 6.1(2)I3(2)

Ivan Shirshin · ‎04-25-2016

Hi,

Nexus 9000 (exluding 9200) has support of sFlow starting 7.0(3)I2(1) NX-OS release. Therefore, you need SW upgrade for this feature.

Make sure to check prerequisites and guidelines for sFlow in the following document:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/system_management/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_Guide_7x_chapter_011000.html#concept_8B2D96201AD24907BC28726B03B83CFD

Kind Regards,

Ivan

Kind Regards,
Ivan

Kshitij Purwar · ‎04-19-2016

Hi Experts,

i want to know how N5K works in VPC is it active/active or active/passive.

Regards

kshitij

Naveen Venkateshaiah · ‎04-19-2016

Hi,

When you say active-active and active-passive which can be refer to more than one feature on the Nexus so if you can provide more details on the information you are looking for, it would help.

Can you please provide the following outputs from both Nexus 5k’s, it will help to eliminate some of the possibilities-
Show hsrp brief
Show vpc
Show fex

Regards,
Naveen

Kshitij Purwar · ‎04-20-2016

ucbu-aricent-nexus1# sh vpc br
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 1
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : peer is alive
Configuration consistency status : success
Per-vlan consistency status       : success
Type-2 consistency status         : success
vPC role                          : secondary
Number of vPCs configured         : 5
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans
--   ----   ------ --------------------------------------------------
1    Po2    up     1,10-11,20,65,76-78,97-98,101-102,464-468

vPC status
----------------------------------------------------------------------------
id     Port        Status Consistency Reason                     Active vlans
------ ----------- ------ ----------- -------------------------- -----------
102    Po102       down* success     success                    -
110    Po10        up     success     success                    1,10-11,20,
                                                                 65,76-78,97
                                                                 -98,101-102
                                                                 ,464-468
120    Po120       up     success     success                    78
202    Po202       up     success     success                    1,10-11,20,
                                                                 65,76-78,97
                                                                 -98,101-102
                                                                 ,464-468
203    Po203       up     success     success                    1,10-11,20,
                                                                 65,76-78,97
                                                                 -98,101-102
                                                                 ,464-468
ucbu-aricent-nexus1#

Kshitij Purwar · ‎04-20-2016

i want to know if 2 nexus are connected to EMC or FI or another switch through vPC,then traffic will flow only from one N5k or both N5k can transfer data.

Naveen Venkateshaiah · ‎04-20-2016

Hi,

Considering a switch connected to the upstream VPC two nexus 5k.Below will be the actual traffic forwarding..

++ vPC maintains layer 2 topology synchronization via CFS
++ Copies of flooded frames are sent across the vPC-Link in case any single homed devices are attached .
++ Frames received on the vPC-Link are not forwarded out vPC ports

       Mac C
        Host
         |
       Switch
         |
N5k1 vpc peer with N5k2
         |
         |
      Switch
         |
         |
        Host
       Mac A


    1. Suppose Host MAC_A send packet to MAC_C through nexus 5k which are in VPC .
    2. Switch runs hash algorithm to select one uplink.
    3. N5K-1 learns MAC_A and flood packets to all ports (in that VLAN). A copy of the packet is sent across the peer link
    4. N5K-2 floods the packet to any port in the VLAN except the vPC member ports to prevent duplicated packets
    5. N5K-1 updates the the MAC address learned on the vPC port on N5K-2 via CFS

For more examples for Nexus5k/7k connected to FI please go through the below link.

http://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-switches/white_paper_c11-623265.html

Regards,

Naveen

adamwhelan4 · ‎04-20-2016

Hi,

In a Nexus 5548up VPC pair which is also doing Layer 3 routing of vlans how would you properly connect a Active/Standby setup of ASA firewalls? Do you configure a routed port on the Nexus or do you create another SVI/Vlan and assign those uplink ports the new VLAN? Also the SVI would be setup in hsrp mode between the two Nexus switches.

Thank You

Naveen Venkateshaiah · ‎04-21-2016

Hi ,

ASA can be configured in transparent or routed mode. Both modes are supported when integrating ASA with Cisco Nexus 7k/5k Series vPC.

Here both options are possible while we have different guidelines and limitations and you should check best practices and examples for what better matches your needs.

On L3 we need to create a static route which can be the default route, pointing to HSRP/VRRP VIP (Virtual IP) defined on vPC domain.

Refer to the Below link you have multiple scenarios where you can deploy ASA in Transparent mode with VPC and ASA in Routed mode with VPC.

http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

Regards,

Naveen Venkateshaiah.

adamwhelan4 · ‎04-21-2016

I will only be using a single link from the ASA. So basically active ASA will connect to "primary nexus" and standby ASA will connect to "secondary" Nexus. Also in transparent mode I am a bit confused by the VLAN subnet setup. I am planning on doing it this way, does this make sense?

For Example

- Nexus will have a VLAN of say 100 with a hsrp of 10.10.100.1. This will simply be a point to point Vlan for communicating with the ASA. The uplink port to the ASA will be assigned to VLAN 100.

- The ASA inside interface will also be on VLAN 100 with an IP of 10.10.100.2

- The default route from the Nexus will forward all traffic to the ASA IP address 10.10.100.2

- The ASA will route traffic back to the Nexus via the IP 10.10.100.1

Thank You