Re: Nexus 1010 - No MGMT0 Access?

Ashley Georgeson · ‎02-23-2012

Hi all, I hope someone here can help!

I am setting up a Cisco Nexus 1010 appliance, but cannot access it through the MGMT0 interface!

What I am trying to do is copy over the 1000V .iso file to install a vsm, but I can not even ping the mgmt0 interface.

I have booted from the 4.2(1)SP1(3) iso, ran through the initial setup where I set the uplink type, domain id, vlan id and mgmt0 ip details.

Current config and sh tech attached

Let me know what other information I should post!

Kind regards, Ash.

Ashley Georgeson · ‎02-23-2012

More information re: my connection to mgmt0 interface:

1. Using the oob mgmt interface, not an interface from the 4 port PCI card or two ports underneath

2. I have connected the mgmt int to a switch in access port, with my laptop in same vlan in switch. MAC table on switch learns from 1010, but no ARP.

3. I have connected direct to mgmt0 with both straight and cross cables to my laptop.

4. I have tried connecting to each of the 'uplink' ports.

5. I have tried all of the above after the Nexus has loaded operating system, and in switch(boot) prompt.

mwronkow · ‎02-24-2012

Hello Ashley,

On the rear of the Nexus 1010 are 7 ethernet interfaces. 1 for CIMC and 6 for N1010 communication. Ports 1 & 2 are always used for management(mgmt0) traffic regardless of network-uplink type. All six ports only support trunked interfaces; not access. (In SP1.4 we do support native vlans).

Matthew

Ashley Georgeson · ‎02-24-2012

Thanks Matthew, yes I was confused thinking the CIMC interface was for mgmt0. Trunking the uplinks I was able to access ok.

As an aside, which Vlans need to be allowed to the control/data and management interfaces? I am assuming only the management vlan needs to be allowed to the management interface, and the control, packet and any vmware virtual machine data vlans should be allowed to the control/data interface?

Cheers, Ash.

mwronkow · ‎02-26-2012

Hello Ashley,

Since you are using network-uplink type 3, only the management vlan needs to be on interfaces 1 & 2. On 3-6 all vlans used for control, packet, data (NAM) traffic need to be allowed. These may be the same for the N1010 and VSMs, or different depending upon your configuration. You do NOT need to allow virtual machine vlans. Only mgmt, control, packet and data where data is the vlan NAM uses.

Matthew

emresumengen · ‎06-01-2012

Hi everyone,

I have a problem, similar to Ashley's in regards to reachability of N1010 in my lab...

I'm using network-uplink type 1 as it would be more than enough for my lab deployment. I have configured the CIMC and can reach/configure the device from there pretty easily. But, no matter how I try, I can't seem to get management access.

The N1010 is connected via it's Lom0 port to a Catalyst (at Fa0/10), which is configured as a trunk port. I'm using Vlan10 for all purposes...

The uplink switch has a configuration like this:

interface VLAN10

ip address 10.2.1.66 255.255.255.128

no ip directed-broadcast

no ip route-cache

!

interface FastEthernet0/10

description NEXUS_1010_TEST-LOM0

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

And the show running-config output from the Nexus1010 shows this:

!Command: show running-config

!Time: Tue Jun 5 21:21:59 2012

version 4.2(1)SP1(4)

no feature telnet

username admin password 5 $1$GW2TtGHE$oHUMu5em2..2XvSqJDlMb. role network-admin

banner motd #Nexus 1010#

ip domain-lookup

switchname N1010-ANK

snmp-server user admin network-admin auth md5 0xbc6feda9b778b02e324d11adda844e5c

priv 0xbc6feda9b778b02e324d11adda844e5c localizedkey

vrf context management

ip route 0.0.0.0/0 10.2.1.126

vlan 1,10

port-channel load-balance ethernet source-mac

port-profile default max-ports 32

vdc N1010-ANK id 1

limit-resource vlan minimum 16 maximum 2049

limit-resource monitor-session minimum 0 maximum 2

limit-resource vrf minimum 16 maximum 8192

limit-resource port-channel minimum 0 maximum 768

limit-resource u4route-mem minimum 32 maximum 32

limit-resource u6route-mem minimum 16 maximum 16

limit-resource m4route-mem minimum 58 maximum 58

limit-resource m6route-mem minimum 8 maximum 8

network-uplink type 1

interface GigabitEthernet1

interface GigabitEthernet2

interface GigabitEthernet3

interface GigabitEthernet4

interface GigabitEthernet5

interface GigabitEthernet6

interface PortChannel1

interface mgmt0

ip address 10.2.1.40/25

interface control0

line console

boot kickstart bootflash:/nexus-1010-kickstart-mz.4.2.1.SP1.4.bin

boot system bootflash:/nexus-1010-mz.4.2.1.SP1.4.bin

boot kickstart bootflash:/nexus-1010-kickstart-mz.4.2.1.SP1.4.bin

boot system bootflash:/nexus-1010-mz.4.2.1.SP1.4.bin

svs-domain

domain id 200

control vlan 10

management vlan 10

svs mode L2

vnm-policy-agent

registration-ip 0.0.0.0

shared-secret **********

log-level info

In no way I can access the mgmt0 interface IP from the network, or vice-versa.

The weird part is, I can see the Nexus in CDP neighbours, and I also can see the mac address of the mgmt0 interface on the switch (along with a correct IP assignment in arp table).

DemoSW#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID

N1010-ANK(1157310Fas 0/10 126 S I Nexus1010 control0

N1010-ANK(1157310Fas 0/10 126 S I Nexus1010 mgmt0

N1010-ANK(QCI1614Fas 0/10 126 H Nexus1010 eth0

DemoSW#

DemoSW#sh mac-address-table interface fa0/10

Non-static Address Table:

Destination Address Address Type VLAN Destination Port

------------------- ------------ ---- --------------------

0002.3d70.c800 Dynamic 10 FastEthernet0/10

0002.3d70.c801 Dynamic 10 FastEthernet0/10

0010.18cf.7886 Dynamic 10 FastEthernet0/10

36ce.bc88.c2d9 Dynamic 10 FastEthernet0/10

DemoSW#sh arp | incl 0002.3d70.c801

Internet 10.2.1.40 0 0002.3d70.c801 ARPA VLAN10

DemoSW#ping 10.2.1.40

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.2.1.40, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

DemoSW#

Any ideas???

lwatta · ‎06-01-2012

One thing that pops to mind is that the ports on the 1010 are Gig and you have the 1010 plugged into FastEthernet. The 1010 should auto-negotiate but you never know.

Do "show network" on the 1010 and make sure the ports are negotiating correctly.You may need to tweak the gig ports on the 1010 to connect at 100Mb.

louis

emresumengen · ‎06-01-2012

Actually, that was one of the things that came to my mind... But, the hardware installation document states all ports (both internal and pci) are 10/100/1000...

I can't confirm on the N1010 side (as it doesn't validate the command show interface GigabitEthernet1 or anything like that) but I can see on the switch side that the port is up.

And, as I said, I can get the correct mac address of the mgmt0 interface on the upstream switch. I can even get an entry in the arp table, with the correct IP address.

No connectivity though

PS: "speed" keyword is enabled under mgmt0 interface, but any command gives error ("ERROR: This command is not supported on this interface(s).").

lwatta · ‎06-01-2012

On the 1010 what does "show network" say?

for example

cae-1010# show network

GigabitEthernet1 is up

Hardware: Ethernet, address: 0026.cbc0.7922 (bia 0026.cbc0.7922)

MTU 9000 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA

full-duplex, 1000 Mb/s

Auto-Negotiation is turned on

12540526 packets input, 1002730574 bytes

3448863 multicast frames, 0 compressed

0 input errors, 0 frame, 0 overrun, 0 fifo

1775065 packets output, 360714346 bytes

0 underrun, 0 output errors, 0 collisions

0 fifo, 0 carrier errors

louis

emresumengen · ‎06-01-2012

Hmm, I guess you may be right... The 1010 seems to think it's connected to a GigE interface.

N1010-ANK# show network

GigabitEthernet1 is up

Hardware: Ethernet, address: 5057.a8af.7a78 (bia 5057.a8af.7a78)

MTU 9000 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA

full-duplex, 1000 Mb/s

Auto-Negotiation is turned on

18159 packets input, 1167191 bytes

18027 multicast frames, 0 compressed

0 input errors, 0 frame, 0 overrun, 0 fifo

1720 packets output, 231195 bytes

0 underrun, 0 output errors, 0 collisions

0 fifo, 0 carrier errors

Is there a way to set auto-negotiation (or speed manually) for the uplink ports?

mwronkow · ‎06-02-2012

No, the Nexus 1010 ports 1-6 are hardcoded at 1000. Only the CIMC interface is 10/100 capable. I will get the hardware guide cleaned up.

Matthew

emresumengen · ‎06-03-2012

Hmm, that's bad, but thanks for the reply...

Sent from Cisco Technical Support iPad App

emresumengen · ‎06-05-2012

Hi Matthew/Louis,

I've switched the uplinks over to a 4948, and both sides are now running at 1000Mbps, but there's still no access from/to the mgmt0 interface...

Any more ideas?

UPDATE: After waiting a bit more, I can finally get access... Thanks everybody!