Unfortunately no. The reason the secondary switch suspends it's vPC member links is because of vPC loop avoidance mechanisms. This is to be expected when communication is disrupted on the peer-link but the primary vPC switch is still alive. When you remove the peer-link command on the primary, the vPCs member links on the primary will also go down because they no-longer have the necessary configuration to function as a working vPC. They will remain down at that point until the vPC peer-link is restored. To minimize the outage you could build the port-channel on the 40G links and insure its working properly. Then simply remove the peer-link command from the 10G port-channel and apply it to the 40G port-channel at the same time. There are some other things you could do as well to work around this, but either way you are looking at taking a momentary traffic hit during the migration. ... View more

Here are some ideas to think about, if you run the firewall in transparent mode, you can do vPC to the firewall, do port-channel subinterfaces on the FW and break VLANs out into different contexts. You could do this between VDCs or put multiple customers into a single VDC, and use VRFs (Inside and Outside) for the firewall connections. In this architecture the F5 would sit on the inside VRF where the host subnets sit, along with any other services you provide. If you did this same setup with multiple VDCs, the LB would sit in the inside VDC and the FW would move between the Inside and Outside VDC instead of the Inside and Outside VRF. I like the single VDC, VRF sandwich approach because it leaves more VDCs for OTV or Storage functions , or even more customer PODs if ever needed. This approach also allows for ACTIVE/ACTIVE HSRP which is nice. These are just a few use cases. There are a million ways to skin a cat, so it will depend greatly on user and application requirements. Ant ## I forgot to add in my original post, that for the VLANs between the FW running a routing protocol (SVIs on Inside and Outside going through the FW) you will want to make sure that those VLANs are excluded from peer-gateway. ... View more

Are you trying to install the 6.2 EPLD while still running 6.1 NXOS? If so you need to upgrade to 6.2, then install the EPLD code. The error message is not a good one, but I am betting that is your issue. HTH, Ant ... View more

Hi Manfred, Please try and change the boot variables, "copy run start" and reload the device. They are located toward the bottom of the configuration. Let me know if that resolves the situation. Thanks Ant ... View more

Hi Luke, Unfortunately its not possible to directly upgrade. From looking into a bit here is an upgrade path option (there are others if you want to investigate): 4.1(3)N2(1) to 4.2(1)N1(1) - Disruptive Upgrade 4.2(1)N1(1) to 5.0(3)N1(1c) - ISSU 5.0(3)N1(1c) to 5.2(1)N1(4) - ISSU Here is some documentation on upgrading: http://www.cisco.com/en/US/partner/docs/switches/datacenter/nexus5000/sw/upgrade/521_N1_1/n5k_upgrade_downgrade_521.html Some Caveats on ISSU: - Cannot be STP root - No L3 card, which the N5020 doesnt support anyway. - No fast timers for LACP HTH Ant ... View more

Hi Hubert, FIP will use whatever is configured on the C-Series for the native VLAN. My guess is someone configured either the vHBA or vNIC with this VLAN in the CIMC. Otherwise you are correct it will use the native VLAN for discovery. If they are not configured, I would try to update your drivers to the latest. Ant ... View more

Hi Luke, AFAIK double-sided vPC has always been supported. I would look into upgrading to a more recent version of NX-OS, as that version is really old. I have a few customers right now running this same scenerio and I have moved them to 5.1 and 5.2 trains. If you want to send me your configurations I can take a look and see if I notice anything off, but I would imagine this will be resolved with an upgrade if you have the exact same setup working on a later version of NX-OS. Thanks Ant ... View more

Hi Atle, The idea is that your management vmks for the ESXi hosts will use the first network to manage those hosts through the vSphere client. The VM data VLAN would be used for the virtual guests within ESXi. For example when you create a windows server you could put the vNIC in the VM data VLAN and it would use that VLAN as it's default gateway to reach anything off network. Hth Anthony Sent from Cisco Technical Support iPad App ... View more

Proxy-arp is a technique in which one network device answers the arp request intended for another host. When you configure a static route with a next-hop of the outgoing SVI interface, you rely on a device within that VLAN to proxy or fake its identity and accept responsibility for routing the packets to the real destination. Without a device that supports proxy-arp, this breaks which is probably what is happening here. This is also not a great design because it forces the device to arp for everything as opposed to just the ip address of it's next-hop like it would when you configure the VLAN IP address. It results in a large ARP cache which can be resource intensive. HTH Anthony ... View more

I took a look at the tracebacks, it appears to be memory corruption. That is most likely a software defect. You will need to open a TAC case and supply them with the full crashinfo to determine the exact cause as it requires tools to poke through the memory within the crashinfo to determine the cause of corruption. What you supplied here is simply the registers and stack at the time of the reload. Once they determine the defect they will give you a version of IOS with the fix. If you don't want to or can't open a case, I would suggest upgrading to the latest version of IOS to see if that resolves the issue as each release of IOS contains many bug fixes and that is an older version of IOS. Thanks Anthony ... View more

Sure if you look at table 7 or page 6, it states the platforms and the amount of IPSec (Mbps) it is capable of switching. HTH Anthony ... View more

Hi David, Most of those design recommendations still hold true today. While there is no hard and fast rule as to the number of devices within a VLAN, some things to consider are: All devices in a broadcast domain have to process broadcasts received from other devices. This means an increase in CPU ultilization as the number of broadcasts increase. The more broadcasts in a VLAN the more wasted bandwidth, and consider what happens if one of those devices gets a bug or becomes defective and starts chatting up a broadcast storm on your LAN, which brings me to my next point. Large sprawling VLANs equals large sprawling fault domains. It can become increasing difficult to locate and troubleshoot faults in larger broadcast domains because you have to spend time hoping from switch to switch looking at the CAM table which is time consuming. If there is a chatty device or broadcast storm, all devices in the same broadcast domain will be affected and come to a screaching halt. I would personally use /24 and nothing larger in my designs. HTH Anthony ... View more