nx.os.and.cisco.nexus.switching.2nd.edition.1587143046

Recommendations

Info

Congo# Example 2-51 shows how to remove RootGuard. Example 2-51. Disabling RootGuard Click here to view code image Congo(config)# int ethernet 2/1 Congo(config-if)# no spanning-tree guard root Congo(config-if)# LoopGuard LoopGuard prevents any alternative or root ports from becoming designated ports. This situation is typically caused by a unidirectional link. To enable LoopGuard globally, enter the following command: Egypt(config)# spanning-tree loopguard default Example 2-52 shows how to enable LoopGuard on a specific interface. Example 2-52. Enabling LoopGuard on a Specific Interface Click here to view code image Egypt# conf t Enter configuration commands, one per line. End with CNTL/Z. Egypt(config)# int port-channel 100 Egypt(config-if)# spanning-tree guard loop To disable LoopGuard on a specific interface, the no form of this command should be used, as shown in Example 2-53. Example 2-53. Disabling LoopGuard on a Specific Interface Click here to view code image Egypt# conf t Enter configuration commands, one per line. End with CNTL/Z. Egypt(config)# int port-channel 100 Egypt(config-if)# no spanning-tree guard loop
Dispute Mechanism The 802.1D-2004 standard specifies a dispute mechanism that can prevent loops created for a variety of reasons. Two common cases in which the dispute mechanism helps are unidirectional links or port-channel misconfiguration. Dispute mechanism is enabled by default and cannot be disabled. Bridge Assurance Bridge Assurance is a new feature that can eliminate issues caused by a malfunctioning bridge. With Bridge Assurance, all ports send and receive BPDUs on all VLANs regardless of their states. This creates a bidirectional keepalive using BPDUs, and if a bridge stops receiving BPDUs, these ports are placed into an inconsistent state. This functionality can prevent loops that can be introduced as a result of a malfunctioning bridge. Bridge Assurance is enabled by default on any port configured with a spanning tree port type network but can be disabled globally with the following command: Congo(config)# no spanning-tree bridge assurance To enable Bridge Assurance by setting the spanning tree port type, enter the following commands: Click here to view code image Congo(config)# int port-channel 1 Congo(config-if)# spanning-tree port type network An interesting side effect of Bridge Assurance is an automatic pruning function. In the topology from Figure 2-5, if a VLAN is defined on Congo but not on Egypt, Bridge Assurance puts that VLAN into a blocking state because it is not receiving BPDUs for that VLAN from Egypt. Example 2-54 demonstrates this functionality. Example 2-54. Bridge Assurance as a Pruning Mechanism Click here to view code image Congo# conf t Enter configuration commands, one per line. End with CNTL/Z. Congo(config)# vlan 500 Congo(config-vlan)# exit Congo(config)# 2009 Oct 28 14:06:53 Congo %STP-2- BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port Ethernet2/1 VLAN0500. 2009 Oct 28 14:06:53 Congo %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel100 VLAN0500.
Page 2 and 3:
NX-OS and Cisco Nexus Switching Nex
Page 4 and 5:
For sales outside of the U.S. pleas
Page 6 and 7:
About the Authors Ron Fuller, CCIE
Page 8 and 9:
Dedications Ron Fuller: This book i
Page 10 and 11:
We need to find another heavy conce
Page 12 and 13:
Contents at a Glance Foreword Intro
Page 14 and 15:
Interface Allocation: N7K-M108X2-12
Page 16 and 17:
OSPF OSPFv2 Configuration OSPF Summ
Page 18 and 19:
Cisco TrustSec Configuring AAA for
Page 20 and 21:
Chapter 8 Unified Fabric Unified Fa
Page 22 and 23:
OTV Control Plane Multicast-Enabled
Page 24 and 25:
Icons Used in This Book
Page 26 and 27:
Foreword With more than 30,000 cust
Page 28 and 29:
Chapters 1 through 14 cover the fol
Page 30 and 31:
• Security: Cisco NX-OS provides
Page 32 and 33:
Fibre Channel, Ethernet, and FCoE i
Page 34 and 35:
• Nexus 2224: FEX, 24 100/1000Bas
Page 36 and 37:
Nexus 3000 Learned Routes), EIGRP-S
Page 38 and 39:
• NX-OS supports VDCs, which enab
Page 40 and 41:
Click here to view code image Congo
Page 42 and 43:
NX-OS has many different types of m
Page 44 and 45:
module to which it is attached, ena
Page 46 and 47:
Example 1-6. Enabling a Telnet Serv
Page 48 and 49:
user:admin this user account has no
Page 50 and 51:
SNMP Figure 1-4. Results of the Sel
Page 52 and 53:
___________________________________
Page 54 and 55:
User Auth Priv ____ ____ ____ NMS s
Page 56 and 57:
Managing System Files Directories c
Page 58 and 59:
309 Mar 21 15:43:51 2011 dc1-fp.lic
Page 60 and 61:
active/ bootflash://sup-remote/ boo
Page 62 and 63:
will be applied to your current run
Page 64 and 65:
N7010-1(config)# snmp-server enable
Page 66 and 67:
vrf 2 1000 3 0 portchannel 0 768 1
Page 68 and 69:
• Independent processes started f
Page 70 and 71:
Figure 1-6. Shared Interface Concep
Page 72 and 73:
Example 1-14. Creating a VDC Core o
Page 74 and 75:
Figure 1-13. Nexus 7000 F2e 48-Port
Page 76 and 77:
• After a port has been assigned
Page 78 and 79:
Figure 1-20. N7K-M148GS-11 and L Mo
Page 80 and 81:
Figure 1-22. N7K-M224XP-23L I/O Mod
Page 82 and 83: Interface Allocation on M2 Modules
Page 84 and 85: egypt(config)# vdc core egypt(confi
Page 86 and 87: Further Reading Figure 1-25. Physic
Page 88 and 89: Chapter 2. Layer 2 Support and Conf
Page 90 and 91: connectivity. One of the most appar
Page 92 and 93: 1GE JAF1318AALS NX5000# show fex 10
Page 94 and 95: - down 1 full 1000 -- Eth100/1/9 -
Page 96 and 97: Eth100/1/11 Eth100/1/3 Eth100/1/2 E
Page 98 and 99: Eth100/1/2 Up Po100 Po100 Eth100/1/
Page 100 and 101: N7K-1(config)# mac address-table ag
Page 102 and 103: Congo# show vlan internal usage VLA
Page 104 and 105: the requirements of the devices con
Page 106 and 107: 14 VLAN0014 active Eth2/11, Eth2/12
Page 108 and 109: • Host6(192.168.100.26): Sends tr
Page 110 and 111: Kenya(config-if)# switchport mode p
Page 112 and 113: used to provide a much simpler conf
Page 114 and 115: Congo# conf t Enter configuration c
Page 116 and 117: Eth2/11 Root FWD 4 128.267 Network
Page 118 and 119: Example 2-29 demonstrates how the d
Page 120 and 121: Example 2-31. MST Verification Clic
Page 122 and 123: Click here to view code image Egypt
Page 124 and 125: Example 2-38 shows the root ports o
Page 126 and 127: - ---------------- VLAN0001 4097 00
Page 128 and 129: 001b.54c2.bbc2 4 2 12 9 Ethernet2/1
Page 130 and 131: intervention to enable ports that h
Page 134 and 135: After the VLAN is defined on Egypt,
Page 136 and 137: Configuring Layer 2 Interfaces Now
Page 138 and 139: !Time: Fri Oct 30 08:52:29 2009 ver
Page 140 and 141: aggregation protocol information is
Page 142 and 143: Members must have same Ethernet Lay
Page 144 and 145: ---------------------- Po100 on on
Page 146 and 147: oth devices are online, and also to
Page 148 and 149: Congo(config-if)# no shutdown Congo
Page 150 and 151: link. This will enable spanning tre
Page 152 and 153: 00- 103 00-103 Allowed VLANs - 40-4
Page 154 and 155: spanning tree domain to the entire
Page 156 and 157: Current operational state: advertis
Page 158 and 159: FabricPath IS-IS adjacencies are th
Page 160 and 161: Figure 2-9. FabricPath Topology As
Page 162 and 163: Figure 2-10. FabricPath Interface C
Page 164 and 165: D - Static Adjacencies attached to
Page 166 and 167: • Enable the vPC feature. • Def
Page 168 and 169: Performed vPC role : none establish
Page 170 and 171: Figure 2-12. vPC+ Interface Configu
Page 172 and 173: VLAN MAC Address Type age Secure NT
Page 174 and 175: called the Diffusing Update Algorit
Page 176 and 177: Example 3-4 shows an alphanumeric s
Page 178 and 179: Interface Peers Un/Reliable SRTT Un
Page 180 and 181: Note Mixing standard and wide metri
Page 182 and 183:
Example 3-14. Summarizing Networks
Page 184 and 185:
GigabitEthernet1/48 10.0.0.0/24 is
Page 186 and 187:
Congo# show ip eigrp neighbor detai
Page 188 and 189:
complex routing scenarios with a fi
Page 190 and 191:
edistributed. Example 3-24. Definin
Page 192 and 193:
D 10.10.10.0 [90/3072] via 192.168.
Page 194 and 195:
total) With the output in Example 3
Page 196 and 197:
Figure 3-5. Network Topology for OS
Page 198 and 199:
Congo# config t Enter configuration
Page 200 and 201:
Libya# show ip ospf neighbor detail
Page 202 and 203:
CNTL/Z. Congo(config)# router ospf
Page 204 and 205:
*via 192.168.1.1, Lo0, [0/0], 01:02
Page 206 and 207:
as Type 7 LSAs. Although not common
Page 208 and 209:
Number of LSAs: 6, checksum sum 0x3
Page 210 and 211:
Securing OSPF Area ranges are 192.1
Page 212 and 213:
Example 3-55. Verification of OSPF
Page 214 and 215:
Congo(config-route-map)# match ip a
Page 216 and 217:
default-metric 100 The process begi
Page 218 and 219:
D - EIGRP, EX - EIGRP external, O -
Page 220 and 221:
Example 3-67. This information is e
Page 222 and 223:
extremely valuable when troubleshoo
Page 224 and 225:
1. Enable IS-IS. 2. Configure the I
Page 226 and 227:
Level-1 Designated IS: Congo Level-
Page 228 and 229:
Congo(config-if)# sh isis adj IS-IS
Page 230 and 231:
Figure 3-10. Network Topology for B
Page 232 and 233:
feature bgp router bgp 65000.65088
Page 234 and 235:
BGP version 4, remote router ID 192
Page 236 and 237:
Received 4 messages, 0 notification
Page 238 and 239:
Neighbor capabilities: Dynamic capa
Page 240 and 241:
queue Sent 6689 messages, 1 notific
Page 242 and 243:
S 172.26.2.0/23 [1/0] via 172.26.32
Page 244 and 245:
o - ODR, P - periodic downloaded st
Page 246 and 247:
*>r192.168.1.40/30 0.0.0.0 44 2500
Page 248 and 249:
version 4.2(2a) feature hsrp Simila
Page 250 and 251:
Virtual IP address is 10.10.100.1 (
Page 252 and 253:
Vlan100 - Group 100 (HSRP-V1) (IPv4
Page 254 and 255:
VRRP 2 state changes, last state ch
Page 256 and 257:
implementation in IOS, a device wit
Page 258 and 259:
You can see the addition of authent
Page 260 and 261:
Figure 3-13. HSRP/VRRP Interaction
Page 262 and 263:
Figure 3-15 illustrates the topolog
Page 264 and 265:
Verifying GLBP Configuration A quic
Page 266 and 267:
Active is local Standby is 10.10.10
Page 268 and 269:
emaining) Active is local, weightin
Page 270 and 271:
Chapter 4. IP Multicast Configurati
Page 272 and 273:
eferred to as the RP tree or RPT. F
Page 274 and 275:
In general, PIM can operate in two
Page 276 and 277:
Due to this behavior, it is not nec
Page 278 and 279:
N7K-1-Core1# config Enter configura
Page 280 and 281:
priority: 0, RP-source: (local), gr
Page 282 and 283:
Auto-RP Announce policy: None Auto-
Page 284 and 285:
N7K-2-Core# config Enter configurat
Page 286 and 287:
Auto-RP RPA: 10.1.0.1, uptime: 00:0
Page 288 and 289:
BSR RP Candidate policy: None BSR R
Page 290 and 291:
PIM Group-Range Configuration for V
Page 292 and 293:
The Nexus 7000 is a Layer 3 switch
Page 294 and 295:
Vlan100, Interface status: protocol
Page 296 and 297:
Switch-querier disabled IGMPv3 Expl
Page 298 and 299:
CMHLAB-DC2-VSM1# show ip igmp snoop
Page 300 and 301:
Figure 4-9. Network Topology for MS
Page 302 and 303:
238.102.1.1/32 238.101.1.1/32 238.1
Page 304 and 305:
PIM configured DR priority: 1 PIM b
Page 306 and 307:
Chapter 5. Security This chapter co
Page 308 and 309:
share. This model provides security
Page 310 and 311:
distribution, use the following com
Page 312 and 313:
deadtime value:0 source interface:l
Page 314 and 315:
or Offline Click here to view code
Page 316 and 317:
Figure 5-3. Adding a User to the Ci
Page 318 and 319:
Click here to view code image Egypt
Page 320 and 321:
pending pending-diff Egypt(config)#
Page 322 and 323:
Example 5-16. Verifying TACACS+ CFS
Page 324 and 325:
configuration required in NX-OS. Ex
Page 326 and 327:
Figure 5-7. Adding Redundant NX-OS
Page 328 and 329:
Note • Be sure to have an SSH Ser
Page 330 and 331:
Tx 7653 output packets 6642 unicast
Page 332 and 333:
Figure 5-9. Cisco TrustSec Example
Page 334 and 335:
NX7k-SGA # conf t NX7k-SGA (config)
Page 336 and 337:
Figure 5-12. The Required Fields to
Page 338 and 339:
Click here to view code image NX7K-
Page 340 and 341:
Example 5-32 shows the successful d
Page 342 and 343:
• PCI 3 (decimal) / 0003 (hex)
Page 344 and 345:
Figure 5-20. The ISE Compares Its S
Page 346 and 347:
NX7K-SGA(config)# cts refresh role-
Page 348 and 349:
Egypt# show run cts feature dot1x f
Page 350 and 351:
Egypt# show runn cts !Command: show
Page 352 and 353:
Example 5-42 confirms the VLAN used
Page 354 and 355:
Total Length: 84 Identification: 0x
Page 356 and 357:
To improve the scalability of ACL m
Page 358 and 359:
0001 ip access-list TCP1 0002 permi
Page 360 and 361:
Example 5-53 shows how to change th
Page 362 and 363:
Port security enables you to config
Page 364 and 365:
Click here to view code image Egypt
Page 366 and 367:
A maximum number of MAC addresses c
Page 368 and 369:
Note Enable DHCP snooping globally
Page 370 and 371:
Egypt# Example 5-67 shows how to ve
Page 372 and 373:
Note By default, all interfaces are
Page 374 and 375:
Vlan : 1 ----------- Configuration
Page 376 and 377:
!Command: show running-config dhcp
Page 378 and 379:
network performance. The traffic st
Page 380 and 381:
Egypt(config-if)# Example 5-84 veri
Page 382 and 383:
Unicast packets : 0/0/0/0/0 Unicast
Page 384 and 385:
permit eigrp any any ipv6 access-li
Page 386 and 387:
permit pim any ff02::d/128 permit u
Page 388 and 389:
match access-group name copp-system
Page 390 and 391:
class copp-system-p-class-critical
Page 392 and 393:
| glean | mtu | multicast {directly
Page 394 and 395:
Example 5-90. Configuring Rate Limi
Page 396 and 397:
copy Config : 30000 Allowed : 26346
Page 398 and 399:
User ____ Auth Priv ____ ____ Examp
Page 400 and 401:
Role: vdc-operator Description: Pre
Page 402 and 403:
-----------------------------------
Page 404 and 405:
entity : entity_power_status_change
Page 406 and 407:
entity : entity_power_status_change
Page 408 and 409:
Chapter 6. High Availability This c
Page 410 and 411:
edundant Configure power supply red
Page 412 and 413:
• Cisco Nexus 7010 Series system
Page 414 and 415:
2 QEng1Sn3(s20) 115 105 46 2 QEng1S
Page 416 and 417:
not be prolonged because of the ina
Page 418 and 419:
--- -------------- ------ 1 NA 1.0
Page 420 and 421:
Example 6-7. Supervisor Runtime Dia
Page 422 and 423:
Congo# show diagnostic description
Page 424 and 425:
L/* - Exclusively run this test / N
Page 426 and 427:
***N******A 00:30:00 9) SecondaryBo
Page 428 and 429:
These software features combine to
Page 430 and 431:
N7k-1(config)# install feature-set
Page 432 and 433:
Other supervisor (sup-5) ----------
Page 434 and 435:
! The impact of the software upgrad
Page 436 and 437:
5 bios v3.22.0(02/20/10): v3.22.0(0
Page 438 and 439:
Kernel uptime is 128 day(s), 7 hour
Page 440 and 441:
1 yes non-disruptive rolling 2 yes
Page 442 and 443:
ios/loader/bootrom. Warning: please
Page 444 and 445:
http://www.opensource.org/licenses/
Page 446 and 447:
In addition to the NX-OS operating
Page 448 and 449:
features such as stateful process r
Page 450 and 451:
it to the destination. SPANning tra
Page 452 and 453:
Jealousy(config-if)# switchport mon
Page 454 and 455:
Example 7-5. Displaying a Monitor S
Page 456 and 457:
Example 7-7. Displaying a Virtual S
Page 458 and 459:
Figure 7-3. Nexus 5x00 SPAN Topolog
Page 460 and 461:
Click here to view code image CMHLA
Page 462 and 463:
state : up source intf : rx : vfc10
Page 464 and 465:
Note The Nexus 1000V does not suppo
Page 466 and 467:
CMHLAB-DC2-VSM1# config t CMHLAB-DC
Page 468 and 469:
Figure 7-6. Create a vmk Port Using
Page 470 and 471:
Figure 7-8. Create a vmk Port Using
Page 472 and 473:
CMHLAB-DC2-VSM1(config-erspan-src)#
Page 474 and 475:
N7K-2(config-erspan-src)# no shut N
Page 476 and 477:
Legend: l = learning enabled f = fo
Page 478 and 479:
Legend: l = learning enabled f = fo
Page 480 and 481:
Note The Nexus 5500 series switches
Page 482 and 483:
cmhlab-dc2-tor2(config-erspan-src)#
Page 484 and 485:
802.1Q Virtual LAN 000. .... .... .
Page 486 and 487:
.... 10.. = Port Role: Root (2) ...
Page 488 and 489:
Frame Length: 57 bytes Capture Leng
Page 490 and 491:
...0 .... .... .... = CFI: 0 .... 0
Page 492 and 493:
..1. .... = Forwarding: Yes ...1 ..
Page 497 and 498:
Note You can add more show commands
Page 499 and 500:
Data Center Jealousy(config-callhom
Page 501 and 502:
neighbor If the email transport opt
Page 503 and 504:
Example 7-35. System-Generated Chec
Page 505 and 506:
After a review of the differences,
Page 507 and 508:
Checkpoints can be given a name and
Page 509 and 510:
Rollback Patch is Empty Note: Apply
Page 511 and 512:
Jealousy(config-flow-record)# end J
Page 513 and 514:
Layer 2 NetFlow cannot be applied i
Page 515 and 516:
packets CMHLAB-DC2-VSM1(config-flow
Page 517 and 518:
where NTP runs in multiple VDCs, th
Page 519 and 520:
Local clock time:Sun May 6 03:21:16
Page 521 and 522:
2. A DHCP request is sent and repli
Page 523 and 524:
if protocol == "telnet": c = "/isan
Page 525 and 526:
scLogFileName + ".*100%", \ pexpect
Page 527 and 528:
print "Failed connecting to " + hos
Page 529 and 530:
• Higher availability: Quite simp
Page 531 and 532:
eaping the benefits of a Unified I/
Page 533 and 534:
Figure 8-4. FIP Process FIP can be
Page 535 and 536:
Multhop Fibre Channel over Ethernet
Page 537 and 538:
to Cisco NX-OS,” and the focus in
Page 539 and 540:
switch as a Fabric Port (F-port) an
Page 541 and 542:
-----------------------------------
Page 543 and 544:
Restarting system. Single-Hop FCoE
Page 545 and 546:
1 minute output rate 0 bits/sec, 0
Page 547 and 548:
Port Native Status Port Vlan Channe
Page 549 and 550:
Click here to view code image N5K-1
Page 551 and 552:
N5K-1# A similar configuration must
Page 553 and 554:
N7K-1# config Enter configuration c
Page 555 and 556:
Click here to view code image N7K-1
Page 557 and 558:
2000 2000 Operational N7K-1-FCoE# N
Page 559 and 560:
version 5.2(2a) interface Ethernet3
Page 561 and 562:
Note If all the shared ASIC ports a
Page 563 and 564:
Figure 8-14. FCoE Topology Example
Page 565 and 566:
could fail. By taking advantage of
Page 567 and 568:
VSM in an active-standby pair; and
Page 569 and 570:
Figure 9-2. Nexus 1000V Topology Th
Page 571 and 572:
The VEM differentiates between the
Page 573 and 574:
Figure 9-3. VEM Loop Prevention Not
Page 575 and 576:
login as: admin Nexus 1010 Using ke
Page 577 and 578:
VsbEthernet1/1 control 0 up up VsbE
Page 579 and 580:
vsm login: admin Password: Cisco Ne
Page 581 and 582:
Click here to view code image vsm#
Page 583 and 584:
Figure 9-6. Selecting the Plug-Ins
Page 585 and 586:
Figure 9-9. Registering the Plug-In
Page 587 and 588:
such license is available at http:/
Page 589 and 590:
sync status: Complete version: VMwa
Page 591 and 592:
Figure 9-14. Entering the VMWare vC
Page 593 and 594:
Figure 9-16. The OVA File and VSM R
Page 595 and 596:
Figure 9-18. Configuring the Networ
Page 597 and 598:
Figure 9-20. VSM Configuration Attr
Page 599 and 600:
Figure 9-22. VSM Installation Proce
Page 601 and 602:
Figure 9-24. VSM Installation Summa
Page 603 and 604:
1000v Management Center. Note For t
Page 605 and 606:
Figure 9-28. Entering the Nexus 100
Page 607 and 608:
Figure 9-30. VEM Configuration Summ
Page 609 and 610:
Figure 9-32. Configuring the Nexus
Page 611 and 612:
Reboot Required: false VIBs Install
Page 613 and 614:
vsm(config-port-prof)# no shutdown
Page 615 and 616:
Figure 9-34. Adding the VEM Through
Page 617 and 618:
Figure 9-36. Selecting the ESX Host
Page 619 and 620:
Figure 9-38. Selecting the VM to Mi
Page 621 and 622:
Figure 9-40. Verifying That the ESX
Page 623 and 624:
--- -------------------------------
Page 625 and 626:
vsm# Note There is a 60-day evaluat
Page 627 and 628:
Figure 9-41. 1000V-Topology Example
Page 629 and 630:
vsm(config)# Example 9-11 shows how
Page 631 and 632:
Figure 9-43. Selecting the vmkernel
Page 633 and 634:
2012 Aug 23 22:29:33 vsm %VIM-5-IF_
Page 635 and 636:
• VLAN configuration • VMware m
Page 637 and 638:
vsm(config-port-prof)# no shutdown
Page 639 and 640:
HR-APPS Veth3 Net Adapter 1 Demo-Te
Page 641 and 642:
Figure 9-46. Verifying the Port-Pro
Page 643 and 644:
Click here to view code image Sampl
Page 645 and 646:
(vASA) to deploy virtualized servic
Page 647 and 648:
Figure 9-49. Verifying the OVF Depl
Page 649 and 650:
Figure 9-51. Specifying the Data Ce
Page 651 and 652:
Figure 9-53. Specifying the Specifi
Page 653 and 654:
Figure 9-55. Specifying the Datasto
Page 655 and 656:
Figure 9-57. Specifying the IP Addr
Page 657 and 658:
Figure 9-59. Verifying the Informat
Page 659 and 660:
Figure 9-63. Displaying the VNMC Vi
Page 661 and 662:
Figure 9-65. Browse to the VNMC Man
Page 663 and 664:
Figure 9-68. Install the Extension
Page 665 and 666:
8. Add vCenter VM Manager in VNMC (
Page 667 and 668:
Figure 9-75. Display vCenter ESX Ho
Page 669 and 670:
workloads. Deployment of virtualize
Page 671 and 672:
Figure 9-77. VSG System Component C
Page 673 and 674:
ootflash:/repository Directory Clic
Page 675 and 676:
Configuring the Cisco VNMC Policy-A
Page 677 and 678:
Creating a Tenant in VMMC Figure 9-
Page 679 and 680:
Figure 9-83. Creating a Virtual Dat
Page 681 and 682:
Figure 9-87. Create a Security Prof
Page 683 and 684:
Figure 9-89. Creating a Security Pr
Page 685 and 686:
Figure 9-92 shows how to assign the
Page 687 and 688:
Figure 9-95. Adding a Policy in VNM
Page 689 and 690:
demonstrated in Example 9-30. Examp
Page 691 and 692:
profile Employee state enabled vsm(
Page 693 and 694:
Click here to view code image vsm#
Page 695 and 696:
Figure 9-100. Create a vmk Interfac
Page 697 and 698:
Example 9-39. Verify the vPath Info
Page 699 and 700:
Flow Lookup Hit 229 Flow Lookup Mis
Page 701 and 702:
Destroy 8 L4 TCP Flow Create 0 L4 T
Page 703 and 704:
Rcvd 0 L2-Frag Coalesced 0 Encap ex
Page 705 and 706:
Encap Err 0 0 0 All- Drops 38 1 Flo
Page 707 and 708:
DV Port : 161 DVS uuid : ed 5d 0b 5
Page 709 and 710:
Figure 9-103 shows the VXLAN topolo
Page 711 and 712:
Enter configuration commands, one p
Page 713 and 714:
Figure 9-105. Assigning vmknic 10.1
Page 715 and 716:
Figure 9-108. Assigning the VxLAN-V
Page 717 and 718:
Figure 9-110. The VMs and ESX Host
Page 719 and 720:
Figure 9-112. Verifying the VM IP A
Page 721 and 722:
Segment BD Error: 0 Dest Mcast IP n
Page 723 and 724:
Pinning Failed on Decap: 0 Can't ge
Page 725 and 726:
75 Multicast Packets 1801 Broadcast
Page 727 and 728:
0 Input Packet Drops 0 Output Packe
Page 729 and 730:
2 Eth3/3 3 182 0013.21cb.eb94 dynam
Page 731 and 732:
105 0050.568b.1c32 dynamic 47 Eth4/
Page 733 and 734:
username admin password 5 $1$Sx5LsG
Page 735 and 736:
switchport access vlan 182 no shutd
Page 737 and 738:
capability l3-vn-service vmware dvp
Page 739 and 740:
ip ttl 64 ip prec 0 ip dscp 0 mtu 1
Page 741 and 742:
VM version 7. VM type Other Linux 6
Page 743 and 744:
Figure 9-116. Option to Install the
Page 745 and 746:
Figure 9-118. Login Prompt After Bo
Page 747 and 748:
session 1 --------------- type : er
Page 749 and 750:
Figure 9-121. Selecting or Changing
Page 751 and 752:
Figure 9-124. Defining the Subnet I
Page 753 and 754:
Figure 9-126. Monitoring and Traffi
Page 755 and 756:
1000v.VSG1.3.1a.iso 246831104 Aug 0
Page 757 and 758:
Chapter 10. Quality of Service (QoS
Page 759 and 760:
Nexus devices enable class maps to
Page 761 and 762:
switch to offer lossless services o
Page 763 and 764:
============================ policy
Page 765 and 766:
The queues are hardware components
Page 767 and 768:
queue-limit percent 16 queue droppe
Page 769 and 770:
the remaining queues to schedule tr
Page 771 and 772:
default-4q-8e-out- Service-policy (
Page 773 and 774:
N7K-2(config-pmap-que)# class type
Page 775 and 776:
Class-map (queuing): 1p7q4t-out-q3
Page 777 and 778:
fex port interface: Ethernet101/1/1
Page 779 and 780:
FCoE is defined by default, it is g
Page 781 and 782:
Service-policy (queuing) output: de
Page 783 and 784:
Service-policy (queuing) input: voi
Page 785 and 786:
QoS on Nexus 1000V The Nexus 1000V
Page 787 and 788:
Click here to view code image demol
Page 789 and 790:
demolab-vsm1(config-cmap-que)# exit
Page 791 and 792:
the overlay; this enables data cent
Page 793 and 794:
• OTV join-interface: The OTV joi
Page 795 and 796:
identifier is mandatory to configur
Page 797 and 798:
AED)Overlay1 59* otv- 1 active Over
Page 799 and 800:
Stale routes during non-graceful co
Page 801 and 802:
57 0050.5692.48d1 42 1w4d overlay o
Page 803 and 804:
59 0050.569c.2902 1 4d00h site port
Page 805 and 806:
channel1002 61 00e0.81c2.4a74 42 1w
Page 807 and 808:
and preventing unicast-flooding in
Page 809 and 810:
ip pim rp-address 40.10.10.50 group
Page 811 and 812:
Example 11-14. Sample Configuration
Page 813 and 814:
102-103, 106, 116, 120, 122 (Total:
Page 815 and 816:
For the Layer 2 multicast communica
Page 817 and 818:
MAC_ vlan vlan-name interface OTV-i
Page 819 and 820:
Example 11-19 shows the OTV ARP Cac
Page 821 and 822:
! mac access-list ALL_MACs 10 permi
Page 823 and 824:
methods are discussed from a high-l
Page 825 and 826:
ip route 10.1.64.128/25 Null0 250 r
Page 827 and 828:
• VRF-Aware Telnet • VRF-Aware
Page 829 and 830:
Ethernet10/22 default 1 - - Etherne
Page 831 and 832:
for any subsequent show or EXEC com
Page 833 and 834:
N7k-1(config)# feature isis N7k-1(c
Page 835 and 836:
Paths: (1 available, best #1) Flags
Page 837 and 838:
• Label Switching Router (LSR): A
Page 839 and 840:
N7k-1(config)# install feature-set
Page 841 and 842:
192.168.0.2 2.2.2.2 From a CE to PE
Page 843 and 844:
Click here to view code image N7k-1
Page 845 and 846:
license be installed first. The Nex
Page 847 and 848:
• EID addresses: The IP addresses
Page 849 and 850:
Note Consult the following link to
Page 851 and 852:
destination of 172.20.40.0 /24. LIS
Page 853 and 854:
infrastructure, destined to one of
Page 855 and 856:
13-3. Example 13-3. Define the Glob
Page 857 and 858:
Layer 3 SVI interface. Note The mul
Page 859 and 860:
authentication-key 3 9125d59c18a9b0
Page 861 and 862:
Click here to view code image N7K1#
Page 863 and 864:
Who last registered: 1.1.1.13 Routi
Page 865 and 866:
connects the xTR to the L3 domain o
Page 867 and 868:
Design Goals Figure 14-1. Existing
Page 869 and 870:
must go smoothly. With this in mind
Page 871 and 872:
10.255.255.2 vrf VPCKA peer-gateway
Page 873 and 874:
dove(config-if)# shutdown dove(conf
Page 875 and 876:
Click here to view code image bluej
Page 877 and 878:
outed full 10G 10g Po2 to CS1 (BLUE
Page 879 and 880:
with previous steps, these port-cha
Page 881 and 882:
scotland(config-if)# switchport sco
Page 883 and 884:
Design Note Care has been given to
Page 885 and 886:
w - waiting to be aggregated Number
Page 887 and 888:
0023.04ee.be01 0 2 20 15 This bridg
Page 889 and 890:
denmark# show run interface Vlan26
Page 891 and 892:
! We want this to be an undesirable
Page 893 and 894:
egypt(config-if)# shutdown egypt(co
Page 895 and 896:
egypt# conf t Enter configuration c
Page 897 and 898:
TenGigabitEthernet4/3 D 10.198.57.0
Page 899 and 900:
egypt(config-if-hsrp)# interface vl
Page 901 and 902:
Standby 10.198.208.4 local 10.198.2
Page 903 and 904:
0023.04ee.be01 3 2 20 15 Po100 VLAN
Page 905 and 906:
Figure 14-4. Migrated Topology One
Page 907 and 908:
Figure 14-5. Topology with 5K/2K De
Page 909 and 910:
Example 14-52. vPC Configuration on
Page 911 and 912:
channel-group 101 interface Etherne
Page 913 and 914:
stub routing, 146 summarization, 14
Page 915 and 916:
oadcast storms, traffic storm contr
Page 917 and 918:
multicasts, 253 CP (Control Process
Page 919 and 920:
Nexus 7000, 386-392 overview of, 38
Page 921 and 922:
authentication, 174-203 configuring
Page 923 and 924:
stateful switchovers, 368-369 Unifi
Page 925 and 926:
isolated VLAN (Virtual Local Area N
Page 927 and 928:
Rapid-PVST, 80-87 RootGuard, 96-97
Page 929 and 930:
LSP, 719 LSR, 719 managing, 725 Nex
Page 931 and 932:
LoopGuard, 97-98 Loose Unicast RPF
Page 933 and 934:
defining, 719 enabling, 721-722 ope
Page 935 and 936:
Atomic mode, 434 Best-Effort mode,
Page 937 and 938:
Nexus 1000v NX-OS licensing, 9 NX-O
Page 939 and 940:
FCoE installation, 478-479 MDS FCoE
Page 941 and 942:
network advertisements, 157 passive
Page 943 and 944:
topology of, 155, 170 VRF configura
Page 945 and 946:
ARP synchronization, 117 flow contr
Page 947 and 948:
FEX, 661-662 forwarding architectur
Page 949 and 950:
HSRP, 174-203 IP Source Guard, 321-
Page 951 and 952:
snooping DHCP snooping, 313-316 IGM
Page 953 and 954:
configuration files, 33-35 file sys
Page 955 and 956:
enabling FCoE, 468 enabling NPV mod
Page 957 and 958:
Single-Hop FCoE configuration, 471-
Page 959:
port profile creation, 545-546 port
show all

nx.os.and.cisco.nexus.switching.2nd.edition.1587143046

Create successful ePaper yourself

Delete template?

Save as template?