Views
1 year ago

nx.os.and.cisco.nexus.switching.2nd.edition.1587143046

Nexus Switching 2nd Edition

Note You can add more

Note You can add more show commands only to full text and XML destination profiles. Short text profiles enable only 128 bytes of text. Smart Call Home provides the ability to filter messages based on urgency. This allows the network administrator to have flexibility in defining which messages are critical by defining the urgency level in the destination profile. Note Smart Call Home does not change the syslog message level. Table 7-5 shows the default Smart Call Home Severity and Syslog Level. Smart Call Home configuration can be distributed among NX-OS switches that participate in a Cisco Fabric Services (CFS) domain. When CFS is leveraged for this function, all Smart Call Home parameters except SNMP sysContact and the device priority are distributed. Chapter 8, “Unified Fabric,” provides additional information on CFS. Table 7-5. Nexus 7000 and 5x00 Smart Call Home Severity and Syslog Level Mapping

  • Page 2 and 3:

    NX-OS and Cisco Nexus Switching Nex

  • Page 4 and 5:

    For sales outside of the U.S. pleas

  • Page 6 and 7:

    About the Authors Ron Fuller, CCIE

  • Page 8 and 9:

    Dedications Ron Fuller: This book i

  • Page 10 and 11:

    We need to find another heavy conce

  • Page 12 and 13:

    Contents at a Glance Foreword Intro

  • Page 14 and 15:

    Interface Allocation: N7K-M108X2-12

  • Page 16 and 17:

    OSPF OSPFv2 Configuration OSPF Summ

  • Page 18 and 19:

    Cisco TrustSec Configuring AAA for

  • Page 20 and 21:

    Chapter 8 Unified Fabric Unified Fa

  • Page 22 and 23:

    OTV Control Plane Multicast-Enabled

  • Page 24 and 25:

    Icons Used in This Book

  • Page 26 and 27:

    Foreword With more than 30,000 cust

  • Page 28 and 29:

    Chapters 1 through 14 cover the fol

  • Page 30 and 31:

    • Security: Cisco NX-OS provides

  • Page 32 and 33:

    Fibre Channel, Ethernet, and FCoE i

  • Page 34 and 35:

    • Nexus 2224: FEX, 24 100/1000Bas

  • Page 36 and 37:

    Nexus 3000 Learned Routes), EIGRP-S

  • Page 38 and 39:

    • NX-OS supports VDCs, which enab

  • Page 40 and 41:

    Click here to view code image Congo

  • Page 42 and 43:

    NX-OS has many different types of m

  • Page 44 and 45:

    module to which it is attached, ena

  • Page 46 and 47:

    Example 1-6. Enabling a Telnet Serv

  • Page 48 and 49:

    user:admin this user account has no

  • Page 50 and 51:

    SNMP Figure 1-4. Results of the Sel

  • Page 52 and 53:

    ___________________________________

  • Page 54 and 55:

    User Auth Priv ____ ____ ____ NMS s

  • Page 56 and 57:

    Managing System Files Directories c

  • Page 58 and 59:

    309 Mar 21 15:43:51 2011 dc1-fp.lic

  • Page 60 and 61:

    active/ bootflash://sup-remote/ boo

  • Page 62 and 63:

    will be applied to your current run

  • Page 64 and 65:

    N7010-1(config)# snmp-server enable

  • Page 66 and 67:

    vrf 2 1000 3 0 portchannel 0 768 1

  • Page 68 and 69:

    • Independent processes started f

  • Page 70 and 71:

    Figure 1-6. Shared Interface Concep

  • Page 72 and 73:

    Example 1-14. Creating a VDC Core o

  • Page 74 and 75:

    Figure 1-13. Nexus 7000 F2e 48-Port

  • Page 76 and 77:

    • After a port has been assigned

  • Page 78 and 79:

    Figure 1-20. N7K-M148GS-11 and L Mo

  • Page 80 and 81:

    Figure 1-22. N7K-M224XP-23L I/O Mod

  • Page 82 and 83:

    Interface Allocation on M2 Modules

  • Page 84 and 85:

    egypt(config)# vdc core egypt(confi

  • Page 86 and 87:

    Further Reading Figure 1-25. Physic

  • Page 88 and 89:

    Chapter 2. Layer 2 Support and Conf

  • Page 90 and 91:

    connectivity. One of the most appar

  • Page 92 and 93:

    1GE JAF1318AALS NX5000# show fex 10

  • Page 94 and 95:

    - down 1 full 1000 -- Eth100/1/9 -

  • Page 96 and 97:

    Eth100/1/11 Eth100/1/3 Eth100/1/2 E

  • Page 98 and 99:

    Eth100/1/2 Up Po100 Po100 Eth100/1/

  • Page 100 and 101:

    N7K-1(config)# mac address-table ag

  • Page 102 and 103:

    Congo# show vlan internal usage VLA

  • Page 104 and 105:

    the requirements of the devices con

  • Page 106 and 107:

    14 VLAN0014 active Eth2/11, Eth2/12

  • Page 108 and 109:

    • Host6(192.168.100.26): Sends tr

  • Page 110 and 111:

    Kenya(config-if)# switchport mode p

  • Page 112 and 113:

    used to provide a much simpler conf

  • Page 114 and 115:

    Congo# conf t Enter configuration c

  • Page 116 and 117:

    Eth2/11 Root FWD 4 128.267 Network

  • Page 118 and 119:

    Example 2-29 demonstrates how the d

  • Page 120 and 121:

    Example 2-31. MST Verification Clic

  • Page 122 and 123:

    Click here to view code image Egypt

  • Page 124 and 125:

    Example 2-38 shows the root ports o

  • Page 126 and 127:

    - ---------------- VLAN0001 4097 00

  • Page 128 and 129:

    001b.54c2.bbc2 4 2 12 9 Ethernet2/1

  • Page 130 and 131:

    intervention to enable ports that h

  • Page 132 and 133:

    Congo# Example 2-51 shows how to re

  • Page 134 and 135:

    After the VLAN is defined on Egypt,

  • Page 136 and 137:

    Configuring Layer 2 Interfaces Now

  • Page 138 and 139:

    !Time: Fri Oct 30 08:52:29 2009 ver

  • Page 140 and 141:

    aggregation protocol information is

  • Page 142 and 143:

    Members must have same Ethernet Lay

  • Page 144 and 145:

    ---------------------- Po100 on on

  • Page 146 and 147:

    oth devices are online, and also to

  • Page 148 and 149:

    Congo(config-if)# no shutdown Congo

  • Page 150 and 151:

    link. This will enable spanning tre

  • Page 152 and 153:

    00- 103 00-103 Allowed VLANs - 40-4

  • Page 154 and 155:

    spanning tree domain to the entire

  • Page 156 and 157:

    Current operational state: advertis

  • Page 158 and 159:

    FabricPath IS-IS adjacencies are th

  • Page 160 and 161:

    Figure 2-9. FabricPath Topology As

  • Page 162 and 163:

    Figure 2-10. FabricPath Interface C

  • Page 164 and 165:

    D - Static Adjacencies attached to

  • Page 166 and 167:

    • Enable the vPC feature. • Def

  • Page 168 and 169:

    Performed vPC role : none establish

  • Page 170 and 171:

    Figure 2-12. vPC+ Interface Configu

  • Page 172 and 173:

    VLAN MAC Address Type age Secure NT

  • Page 174 and 175:

    called the Diffusing Update Algorit

  • Page 176 and 177:

    Example 3-4 shows an alphanumeric s

  • Page 178 and 179:

    Interface Peers Un/Reliable SRTT Un

  • Page 180 and 181:

    Note Mixing standard and wide metri

  • Page 182 and 183:

    Example 3-14. Summarizing Networks

  • Page 184 and 185:

    GigabitEthernet1/48 10.0.0.0/24 is

  • Page 186 and 187:

    Congo# show ip eigrp neighbor detai

  • Page 188 and 189:

    complex routing scenarios with a fi

  • Page 190 and 191:

    edistributed. Example 3-24. Definin

  • Page 192 and 193:

    D 10.10.10.0 [90/3072] via 192.168.

  • Page 194 and 195:

    total) With the output in Example 3

  • Page 196 and 197:

    Figure 3-5. Network Topology for OS

  • Page 198 and 199:

    Congo# config t Enter configuration

  • Page 200 and 201:

    Libya# show ip ospf neighbor detail

  • Page 202 and 203:

    CNTL/Z. Congo(config)# router ospf

  • Page 204 and 205:

    *via 192.168.1.1, Lo0, [0/0], 01:02

  • Page 206 and 207:

    as Type 7 LSAs. Although not common

  • Page 208 and 209:

    Number of LSAs: 6, checksum sum 0x3

  • Page 210 and 211:

    Securing OSPF Area ranges are 192.1

  • Page 212 and 213:

    Example 3-55. Verification of OSPF

  • Page 214 and 215:

    Congo(config-route-map)# match ip a

  • Page 216 and 217:

    default-metric 100 The process begi

  • Page 218 and 219:

    D - EIGRP, EX - EIGRP external, O -

  • Page 220 and 221:

    Example 3-67. This information is e

  • Page 222 and 223:

    extremely valuable when troubleshoo

  • Page 224 and 225:

    1. Enable IS-IS. 2. Configure the I

  • Page 226 and 227:

    Level-1 Designated IS: Congo Level-

  • Page 228 and 229:

    Congo(config-if)# sh isis adj IS-IS

  • Page 230 and 231:

    Figure 3-10. Network Topology for B

  • Page 232 and 233:

    feature bgp router bgp 65000.65088

  • Page 234 and 235:

    BGP version 4, remote router ID 192

  • Page 236 and 237:

    Received 4 messages, 0 notification

  • Page 238 and 239:

    Neighbor capabilities: Dynamic capa

  • Page 240 and 241:

    queue Sent 6689 messages, 1 notific

  • Page 242 and 243:

    S 172.26.2.0/23 [1/0] via 172.26.32

  • Page 244 and 245:

    o - ODR, P - periodic downloaded st

  • Page 246 and 247:

    *>r192.168.1.40/30 0.0.0.0 44 2500

  • Page 248 and 249:

    version 4.2(2a) feature hsrp Simila

  • Page 250 and 251:

    Virtual IP address is 10.10.100.1 (

  • Page 252 and 253:

    Vlan100 - Group 100 (HSRP-V1) (IPv4

  • Page 254 and 255:

    VRRP 2 state changes, last state ch

  • Page 256 and 257:

    implementation in IOS, a device wit

  • Page 258 and 259:

    You can see the addition of authent

  • Page 260 and 261:

    Figure 3-13. HSRP/VRRP Interaction

  • Page 262 and 263:

    Figure 3-15 illustrates the topolog

  • Page 264 and 265:

    Verifying GLBP Configuration A quic

  • Page 266 and 267:

    Active is local Standby is 10.10.10

  • Page 268 and 269:

    emaining) Active is local, weightin

  • Page 270 and 271:

    Chapter 4. IP Multicast Configurati

  • Page 272 and 273:

    eferred to as the RP tree or RPT. F

  • Page 274 and 275:

    In general, PIM can operate in two

  • Page 276 and 277:

    Due to this behavior, it is not nec

  • Page 278 and 279:

    N7K-1-Core1# config Enter configura

  • Page 280 and 281:

    priority: 0, RP-source: (local), gr

  • Page 282 and 283:

    Auto-RP Announce policy: None Auto-

  • Page 284 and 285:

    N7K-2-Core# config Enter configurat

  • Page 286 and 287:

    Auto-RP RPA: 10.1.0.1, uptime: 00:0

  • Page 288 and 289:

    BSR RP Candidate policy: None BSR R

  • Page 290 and 291:

    PIM Group-Range Configuration for V

  • Page 292 and 293:

    The Nexus 7000 is a Layer 3 switch

  • Page 294 and 295:

    Vlan100, Interface status: protocol

  • Page 296 and 297:

    Switch-querier disabled IGMPv3 Expl

  • Page 298 and 299:

    CMHLAB-DC2-VSM1# show ip igmp snoop

  • Page 300 and 301:

    Figure 4-9. Network Topology for MS

  • Page 302 and 303:

    238.102.1.1/32 238.101.1.1/32 238.1

  • Page 304 and 305:

    PIM configured DR priority: 1 PIM b

  • Page 306 and 307:

    Chapter 5. Security This chapter co

  • Page 308 and 309:

    share. This model provides security

  • Page 310 and 311:

    distribution, use the following com

  • Page 312 and 313:

    deadtime value:0 source interface:l

  • Page 314 and 315:

    or Offline Click here to view code

  • Page 316 and 317:

    Figure 5-3. Adding a User to the Ci

  • Page 318 and 319:

    Click here to view code image Egypt

  • Page 320 and 321:

    pending pending-diff Egypt(config)#

  • Page 322 and 323:

    Example 5-16. Verifying TACACS+ CFS

  • Page 324 and 325:

    configuration required in NX-OS. Ex

  • Page 326 and 327:

    Figure 5-7. Adding Redundant NX-OS

  • Page 328 and 329:

    Note • Be sure to have an SSH Ser

  • Page 330 and 331:

    Tx 7653 output packets 6642 unicast

  • Page 332 and 333:

    Figure 5-9. Cisco TrustSec Example

  • Page 334 and 335:

    NX7k-SGA # conf t NX7k-SGA (config)

  • Page 336 and 337:

    Figure 5-12. The Required Fields to

  • Page 338 and 339:

    Click here to view code image NX7K-

  • Page 340 and 341:

    Example 5-32 shows the successful d

  • Page 342 and 343:

    • PCI 3 (decimal) / 0003 (hex)

  • Page 344 and 345:

    Figure 5-20. The ISE Compares Its S

  • Page 346 and 347:

    NX7K-SGA(config)# cts refresh role-

  • Page 348 and 349:

    Egypt# show run cts feature dot1x f

  • Page 350 and 351:

    Egypt# show runn cts !Command: show

  • Page 352 and 353:

    Example 5-42 confirms the VLAN used

  • Page 354 and 355:

    Total Length: 84 Identification: 0x

  • Page 356 and 357:

    To improve the scalability of ACL m

  • Page 358 and 359:

    0001 ip access-list TCP1 0002 permi

  • Page 360 and 361:

    Example 5-53 shows how to change th

  • Page 362 and 363:

    Port security enables you to config

  • Page 364 and 365:

    Click here to view code image Egypt

  • Page 366 and 367:

    A maximum number of MAC addresses c

  • Page 368 and 369:

    Note Enable DHCP snooping globally

  • Page 370 and 371:

    Egypt# Example 5-67 shows how to ve

  • Page 372 and 373:

    Note By default, all interfaces are

  • Page 374 and 375:

    Vlan : 1 ----------- Configuration

  • Page 376 and 377:

    !Command: show running-config dhcp

  • Page 378 and 379:

    network performance. The traffic st

  • Page 380 and 381:

    Egypt(config-if)# Example 5-84 veri

  • Page 382 and 383:

    Unicast packets : 0/0/0/0/0 Unicast

  • Page 384 and 385:

    permit eigrp any any ipv6 access-li

  • Page 386 and 387:

    permit pim any ff02::d/128 permit u

  • Page 388 and 389:

    match access-group name copp-system

  • Page 390 and 391:

    class copp-system-p-class-critical

  • Page 392 and 393:

    | glean | mtu | multicast {directly

  • Page 394 and 395:

    Example 5-90. Configuring Rate Limi

  • Page 396 and 397:

    copy Config : 30000 Allowed : 26346

  • Page 398 and 399:

    User ____ Auth Priv ____ ____ Examp

  • Page 400 and 401:

    Role: vdc-operator Description: Pre

  • Page 402 and 403:

    -----------------------------------

  • Page 404 and 405:

    entity : entity_power_status_change

  • Page 406 and 407:

    entity : entity_power_status_change

  • Page 408 and 409:

    Chapter 6. High Availability This c

  • Page 410 and 411:

    edundant Configure power supply red

  • Page 412 and 413:

    • Cisco Nexus 7010 Series system

  • Page 414 and 415:

    2 QEng1Sn3(s20) 115 105 46 2 QEng1S

  • Page 416 and 417:

    not be prolonged because of the ina

  • Page 418 and 419:

    --- -------------- ------ 1 NA 1.0

  • Page 420 and 421:

    Example 6-7. Supervisor Runtime Dia

  • Page 422 and 423:

    Congo# show diagnostic description

  • Page 424 and 425:

    L/* - Exclusively run this test / N

  • Page 426 and 427:

    ***N******A 00:30:00 9) SecondaryBo

  • Page 428 and 429:

    These software features combine to

  • Page 430 and 431:

    N7k-1(config)# install feature-set

  • Page 432 and 433:

    Other supervisor (sup-5) ----------

  • Page 434 and 435:

    ! The impact of the software upgrad

  • Page 436 and 437:

    5 bios v3.22.0(02/20/10): v3.22.0(0

  • Page 438 and 439:

    Kernel uptime is 128 day(s), 7 hour

  • Page 440 and 441:

    1 yes non-disruptive rolling 2 yes

  • Page 442 and 443:

    ios/loader/bootrom. Warning: please

  • Page 444 and 445: http://www.opensource.org/licenses/
  • Page 446 and 447: In addition to the NX-OS operating
  • Page 448 and 449: features such as stateful process r
  • Page 450 and 451: it to the destination. SPANning tra
  • Page 452 and 453: Jealousy(config-if)# switchport mon
  • Page 454 and 455: Example 7-5. Displaying a Monitor S
  • Page 456 and 457: Example 7-7. Displaying a Virtual S
  • Page 458 and 459: Figure 7-3. Nexus 5x00 SPAN Topolog
  • Page 460 and 461: Click here to view code image CMHLA
  • Page 462 and 463: state : up source intf : rx : vfc10
  • Page 464 and 465: Note The Nexus 1000V does not suppo
  • Page 466 and 467: CMHLAB-DC2-VSM1# config t CMHLAB-DC
  • Page 468 and 469: Figure 7-6. Create a vmk Port Using
  • Page 470 and 471: Figure 7-8. Create a vmk Port Using
  • Page 472 and 473: CMHLAB-DC2-VSM1(config-erspan-src)#
  • Page 474 and 475: N7K-2(config-erspan-src)# no shut N
  • Page 476 and 477: Legend: l = learning enabled f = fo
  • Page 478 and 479: Legend: l = learning enabled f = fo
  • Page 480 and 481: Note The Nexus 5500 series switches
  • Page 482 and 483: cmhlab-dc2-tor2(config-erspan-src)#
  • Page 484 and 485: 802.1Q Virtual LAN 000. .... .... .
  • Page 486 and 487: .... 10.. = Port Role: Root (2) ...
  • Page 488 and 489: Frame Length: 57 bytes Capture Leng
  • Page 490 and 491: ...0 .... .... .... = CFI: 0 .... 0
  • Page 492 and 493: ..1. .... = Forwarding: Yes ...1 ..
  • Page 498 and 499: Smart Call Home Configuration Smart
  • Page 500 and 501: transport-method e-mail Jealousy(co
  • Page 502 and 503: Jealousy# show cfs application ----
  • Page 504 and 505: Example 7-37. Checkpoint Context-Se
  • Page 506 and 507: Note Rollback does not operate if F
  • Page 508 and 509: ollback checkpoints system-fm-fabri
  • Page 510 and 511: NetFlow on NX-OS can operate in one
  • Page 512 and 513: Number of No Buffer Events 0 Number
  • Page 514 and 515: Click here to view code image Jealo
  • Page 516 and 517: Number of Export Bytes Sent 0 Numbe
  • Page 518 and 519: PTP is based on IEEE 1588 and is be
  • Page 520 and 521: F248XT-25E) today. The F2e module i
  • Page 522 and 523: defines variables for network servi
  • Page 524 and 525: elif i == 5: raise pexpect.Exceptio
  • Page 526 and 527: ogDestFileName print tOutStatus i =
  • Page 528 and 529: Chapter 8. Unified Fabric This chap
  • Page 530 and 531: other hand, are typically smaller i
  • Page 532 and 533: Figure 8-3. FcoE Frame Format FCoE
  • Page 534 and 535: Adapter (HBA). Figure 8-5 shows how
  • Page 536 and 537: Storage VDC on Nexus 7000 Figure 8-
  • Page 538 and 539: module. In addition to requiring F1
  • Page 540 and 541: Figure 8-10. FCoE NPV Topology Nexu
  • Page 542 and 543: N5K-1(config)# Enabling NPV mode re
  • Page 544 and 545:

    fc3/4 vsan:10 allowed list:1-4078,4

  • Page 546 and 547:

    CMHLAB-DC1-TOR1# config Enter confi

  • Page 548 and 549:

    Admin port mode is F, trunk mode is

  • Page 550 and 551:

    Click here to view code image N5K-1

  • Page 552 and 553:

    11 fcoe out packets 1324 fcoe out o

  • Page 554 and 555:

    N7K-1(config)# vdc FCoE type storag

  • Page 556 and 557:

    Press Enter at anytime to skip a di

  • Page 558 and 559:

    N7K-1-FCoE(config-if)# no shut N7K-

  • Page 560 and 561:

    interface vfc101 bind interface eth

  • Page 562 and 563:

    --------------------- Interface Sta

  • Page 564 and 565:

    Example 8-19. Device alias, zone, a

  • Page 566 and 567:

    Chapter 9. Nexus 1000V This chapter

  • Page 568 and 569:

    Figure 9-1. Cisco Nexus 1000V Serie

  • Page 570 and 571:

    • Maintaining a 2-second heartbea

  • Page 572 and 573:

    VEM physical ports are classified i

  • Page 574 and 575:

    • CPU speed 1500 MHZ • Configur

  • Page 576 and 577:

    4. Create the virtual blade name, v

  • Page 578 and 579:

    Nexus1010# show virtual-service-bla

  • Page 580 and 581:

    vsm# show svs domain SVS domain con

  • Page 582 and 583:

    4. Under the section “Cisco Nexus

  • Page 584 and 585:

    Figure 9-8. Browsing for the cisco_

  • Page 586 and 587:

    Figure 9-10. Certificate Security W

  • Page 588 and 589:

    Cisco Nexus Operating System (NX-OS

  • Page 590 and 591:

    Figure 9-13. VSM Installation Optio

  • Page 592 and 593:

    Figure 9-15. Selecting the ESX Host

  • Page 594 and 595:

    Figure 9-17. System Redundancy Mode

  • Page 596 and 597:

    Figure 9-19. Entering the VSM Confi

  • Page 598 and 599:

    Figure 9-21. Reviewing the VSM Conf

  • Page 600 and 601:

    Figure 9-23. Configuration Host Mig

  • Page 602 and 603:

    Redundancy mode --------------- adm

  • Page 604 and 605:

    Figure 9-27. Entering the vCenter I

  • Page 606 and 607:

    Figure 9-29. Selecting the ESX Host

  • Page 608 and 609:

    Figure 9-31. Entering the vCenter I

  • Page 610 and 611:

    Figure 9-33. Nexus 1000v VSM Main P

  • Page 612 and 613:

    vsm vsm# show vlan VLAN Name Status

  • Page 614 and 615:

    capability vxlan: no capability l3-

  • Page 616 and 617:

    Figure 9-35. Starting the Process o

  • Page 618 and 619:

    Figure 9-37. Selecting the ESX Host

  • Page 620 and 621:

    Figure 9-39. Verifying the Settings

  • Page 622 and 623:

    2012 Aug 23 02:05:33 vsm %ETHPORT-5

  • Page 624 and 625:

    Example 9-5. Installing the Nexus 1

  • Page 626 and 627:

    vsm# Changing the VSM Hostname Exam

  • Page 628 and 629:

    vsm config-port-prof)# system vlan

  • Page 630 and 631:

    Status: Config push to VC successfu

  • Page 632 and 633:

    Figure 9-44. Selecting the Correct

  • Page 634 and 635:

    • Supporting both VEthernet and v

  • Page 636 and 637:

    • System VLANs cannot be deleted

  • Page 638 and 639:

    vsm# show running-config interface

  • Page 640 and 641:

    -----------------------------------

  • Page 642 and 643:

    vsm# show int vethernet 3 Vethernet

  • Page 644 and 645:

    class-map type qos match-any af33 m

  • Page 646 and 647:

    Figure 9-48. Selecting the .OVA Fil

  • Page 648 and 649:

    Figure 9-50. Accepting the License

  • Page 650 and 651:

    Figure 9-52. Specifying the VNMC In

  • Page 652 and 653:

    Figure 9-54. Specifying the Datasto

  • Page 654 and 655:

    Figure 9-56. Specifying the Correct

  • Page 656 and 657:

    Figure 9-58. Specifying the Hostnam

  • Page 658 and 659:

    Selected Figure 9-61 shows the OVF

  • Page 660 and 661:

    Figure 9-64. Confirming that the VN

  • Page 662 and 663:

    Management Application 3. Save the

  • Page 664 and 665:

    Figure 9-69. Select the Extension K

  • Page 666 and 667:

    10. Display the Status of UP for th

  • Page 668 and 669:

    vsm# Example 9-22 shows how to conf

  • Page 670 and 671:

    • Name of the guest operating sys

  • Page 672 and 673:

    Install Virtual Security Gateway on

  • Page 674 and 675:

    Enter HostName: vsg Enter the passw

  • Page 676 and 677:

    The following steps show how to ver

  • Page 678 and 679:

    Figure 9-81. Creating a Tenant in V

  • Page 680 and 681:

    Figure 9-85. Creating an Applicatio

  • Page 682 and 683:

    Figure 9-88. Creating a Security Pr

  • Page 684 and 685:

    Figure 9-90. Adding the Compute Fir

  • Page 686 and 687:

    Note Only one VSG can be assigned t

  • Page 688 and 689:

    Figure 9-97. Verifying the Policy a

  • Page 690 and 691:

    Example 9-31 shows the security pol

  • Page 692 and 693:

    vsm# conf t Enter configuration com

  • Page 694 and 695:

    vsm(config-port-prof)# no shutdown

  • Page 696 and 697:

    Figure 9-101. Assigning the Virtual

  • Page 698 and 699:

    Decap Err 0 L2-Frag Sent 0 L2-Frag

  • Page 700 and 701:

    Err 0 0 0 VSN Config Err 0 0 0 VSN

  • Page 702 and 703:

    vsm# show vsn statistics vpath #VSN

  • Page 704 and 705:

    SeqPstWnd 0 TCP chkfail WndVari 0 F

  • Page 706 and 707:

    L4 Oth Flow Create 0 L4 Oth Flow De

  • Page 708 and 709:

    Figure 9-102 shows the VXLAN packet

  • Page 710 and 711:

    Enter configuration commands, one p

  • Page 712 and 713:

    7. Enable jumbo frames on the upstr

  • Page 714 and 715:

    Figure 9-107. Creating vmknic on ea

  • Page 716 and 717:

    Figure 9-109. Assigning the VxLAN-V

  • Page 718 and 719:

    Figure 9-111. Verifying the VM IP A

  • Page 720 and 721:

    52 Veth4 UP UP FWD 0 WindowZ XP1.et

  • Page 722 and 723:

    xp3.eth0 51 Veth9 UP UP FWD 0 * F/B

  • Page 724 and 725:

    vsm# show port-profile name VxLAN-V

  • Page 726 and 727:

    inherit: config attributes: switchp

  • Page 728 and 729:

    1 0002.3d63.dd00 static 0 N1KV Inte

  • Page 730 and 731:

    Address Type Age Port IP Address Mo

  • Page 732 and 733:

    18 Eth4/1 4 182 0050.569e.0032 dyna

  • Page 734 and 735:

    shutdown description Port-group cre

  • Page 736 and 737:

    state enabled port-profile type vet

  • Page 738 and 739:

    interface Vethernet7 inherit port-p

  • Page 740 and 741:

    • Support for QoS, Netflow, SPAN,

  • Page 742 and 743:

    properly. c. What you should actual

  • Page 744 and 745:

    Figure 9-117. Shutting Down the VM

  • Page 746 and 747:

    Figure 9-119. Activate the HTTP Ser

  • Page 748 and 749:

    ERSPAN Header Type: 2 vsm# vsm# sho

  • Page 750 and 751:

    Note “Auto-create” is enabled b

  • Page 752 and 753:

    Figure 9-125. Properly Configured S

  • Page 754 and 755:

    Figure 9-128. Another Sample View f

  • Page 756 and 757:

    connectivity, mobile VM security, n

  • Page 758 and 759:

    N7K-2(config)# ip access-list acl-m

  • Page 760 and 761:

    precedence protocol Precedence in I

  • Page 762 and 763:

    Network-QoS Policies The network-qo

  • Page 764 and 765:

    Example 10-7. MTU Differences in a

  • Page 766 and 767:

    delayed in the switch. The primary

  • Page 768 and 769:

    N7K-2-F2(config)# exit N7K-2-F2# sh

  • Page 770 and 771:

    queue-limit percent 1 queue dropped

  • Page 772 and 773:

    4q-8e-in-testing Policy map name (t

  • Page 774 and 775:

    N7K-2(config-pmap-c-que)# bandwidth

  • Page 776 and 777:

    Class-map (qos): class-default (mat

  • Page 778 and 779:

    performance could suffer and packet

  • Page 780 and 781:

    Click here to view code image cmhla

  • Page 782 and 783:

    class type network-qos class-defaul

  • Page 784 and 785:

    Enter configuration commands, one p

  • Page 786 and 787:

    qos-group Qos-group demolab-vsm1(co

  • Page 788 and 789:

    packet traffic and various VMware v

  • Page 790 and 791:

    Chapter 11. Overlay Transport Virtu

  • Page 792 and 793:

    • OTV internal interfaces: The in

  • Page 794 and 795:

    Note The OTV feature is disabled by

  • Page 796 and 797:

    Example 11-6. OTV AED Output Click

  • Page 798 and 799:

    is as efficient as the core IP netw

  • Page 800 and 801:

    Overlay interface Overlay1 VPN name

  • Page 802 and 803:

    59 0050.5657.100a 1 1w4d site portc

  • Page 804 and 805:

    59 0050.56bd.4bc3 1 1w4d site portc

  • Page 806 and 807:

    6. The hellos are passed to the con

  • Page 808 and 809:

    For the Multicast-enabled transport

  • Page 810 and 811:

    Figure 11-2. OTV Adjacency Server T

  • Page 812 and 813:

    56-69, 75-79, 86-87, 99, 102-103, 1

  • Page 814 and 815:

    Figure 11-3. OTV Data Plane Encapsu

  • Page 816 and 817:

    DSCP is preserved as it is across t

  • Page 818 and 819:

    with the same site-id. The site-id

  • Page 820 and 821:

    (GLBP). In a spanned Layer 2 enviro

  • Page 822 and 823:

    10 permit 0000.0c07.ac00 0000.0000.

  • Page 824 and 825:

    interface Vlan64 no shutdown descri

  • Page 826 and 827:

    Chapter 12. Layer 3 Virtualization

  • Page 828 and 829:

    Vlan1 default 1 - - Vlan50 default

  • Page 830 and 831:

    N7k-1(config)# int mgmt0 N7k-1(conf

  • Page 832 and 833:

    Click here to view code image N7k-1

  • Page 834 and 835:

    N7k-1(config)# vrf context vrf-cust

  • Page 836 and 837:

    network receive these labeled packe

  • Page 838 and 839:

    LDP and Layer 3 VPNs Figure 12-2. M

  • Page 840 and 841:

    N7k-1(config)# router ospf 1 N7k-1(

  • Page 842 and 843:

    of placing constraints on a particu

  • Page 844 and 845:

    High Availability NX-OS brings supp

  • Page 846 and 847:

    Chapter 13. LISP This chapter cover

  • Page 848 and 849:

    LISP Prerequisites Figure 13-1. LIS

  • Page 850 and 851:

    Figure 13-2. LISP Control Plane Seq

  • Page 852 and 853:

    3. The LISP device performs a looku

  • Page 854 and 855:

    scale. The decoupling of the server

  • Page 856 and 857:

    EID prefixes with both map-servers.

  • Page 858 and 859:

    Click here to view code image featu

  • Page 860 and 861:

    ipv4 itr map-resolver 10.1.1.7 ipv4

  • Page 862 and 863:

    172.20.40.101/32, ubest/mbest: 1/0,

  • Page 864 and 865:

    0 More-specific EID-prefix: 172.20.

  • Page 866 and 867:

    Chapter 14. Nexus Migration Case St

  • Page 868 and 869:

    egular monthly basis as it could in

  • Page 870 and 871:

    feature pim feature vpc vrf context

  • Page 872 and 873:

    luejay(config-if)# interface Port-c

  • Page 874 and 875:

    egypt(config-if)# interface port-ch

  • Page 876 and 877:

    Device-ID Local Intrfce Hldtme Capa

  • Page 878 and 879:

    2 10.198.2.17 Po4 11 02:14:04 8 Mai

  • Page 880 and 881:

    denmark(config-if)# switchport denm

  • Page 882 and 883:

    Example 14-13. VLAN Spanning Tree C

  • Page 884 and 885:

    egypt(config-if)# interface port-ch

  • Page 886 and 887:

    Verification will be performed on E

  • Page 888 and 889:

    Figure 14-3. Updated Topology Confi

  • Page 890 and 891:

    enabled using the configuration sho

  • Page 892 and 893:

    no ip redirects ip router eigrp 134

  • Page 894 and 895:

    italy(config-if)# no ip redirects i

  • Page 896 and 897:

    up/admin-up Example 14-32. Verify T

  • Page 898 and 899:

    D 10.198.26.0/24 [90/3328] via 10.1

  • Page 900 and 901:

    Click here to view code image italy

  • Page 902 and 903:

    Port-channel4 D 10.198.57.0/24 [90/

  • Page 904 and 905:

    SVIs. Because all traffic has been

  • Page 906 and 907:

    egypt(config-if)# egypt(config-if)#

  • Page 908 and 909:

    egypt(config-if-range)# channel-gro

  • Page 910 and 911:

    elgium# show running-config fex !Co

  • Page 912 and 913:

    Index NUMBERS 6PE and MPLS (Multipr

  • Page 914 and 915:

    B modularity, 366-368 restarts, 368

  • Page 916 and 917:

    SVI configuration, 769-774 SVI shut

  • Page 918 and 919:

    Fixed Limit option, 152 prefix limi

  • Page 920 and 921:

    F Fabric Extenders (Nexus 2000), 60

  • Page 922 and 923:

    GLBP (Global Load Balancing Protoco

  • Page 924 and 925:

    enabling, 243 Nexus 1000V configura

  • Page 926 and 927:

    flow control, 107-108 LACP physical

  • Page 928 and 929:

    overview of, 135-136 redistribution

  • Page 930 and 931:

    authentication, 208-209 configuring

  • Page 932 and 933:

    andwidth configuration, 779 ECMP ve

  • Page 934 and 935:

    multicast distribution trees, 222-2

  • Page 936 and 937:

    QoS policies, 550-552 states of, 54

  • Page 938 and 939:

    PIM configuration, 227-241 Nexus 50

  • Page 940 and 941:

    maintenance window #1, 754 port cha

  • Page 942 and 943:

    O PSS, 2 security, 2 SNMP managemen

  • Page 944 and 945:

    Nexus 1000V VSM configuration, 570-

  • Page 946 and 947:

    PTP (Precision Time Protocol), 445-

  • Page 948 and 949:

    creating, 34-35 limitations of, 34

  • Page 950 and 951:

    checkpoints Nexus 5x00, 431-434 Nex

  • Page 952 and 953:

    BPDUGuard, 94-95 Bridge Assurance,

  • Page 954 and 955:

    Traffic Engineering and MPLS (Multi

  • Page 956 and 957:

    overview of, 37 resources, monitori

  • Page 958 and 959:

    MPLS, VRF-based CE-PE BGP configura

400-151 Exam Questions
400-151 Exam Questions
200-150 Exam Questions
BRKSPG-2684
Special Offer–Save 70%
200-125 Exam Questions