This document addresses the most frequently asked questions (FAQ) associated with Cisco Nexus 7000 Series Switches.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
A. The command is show hsrp active or show hsrp brief .
Nexux_7K# show hsrp br P indicates configured to preempt. | Interface Grp Prio P State Active addr Standby addr Group addr Vlan132 32 90 P Standby 10.101.32.253 local 10.101.32.254 (conf) Vlan194 94 90 P Standby 10.101.94.253 local 10.101.94.254 (conf) Vlan2061 61 110 P Active local 10.100.101.253 10.100.101.254 (conf) Nexus_7K# show hsrp standb br P indicates configured to preempt. | Interface Grp Prio P State Active addr Standby addr Group addr Vlan132 32 90 P Standby 10.101.32.253 local 10.101.32.254 (conf) Vlan194 94 90 P Standby 10.101.94.253 local 10.101.94.254 (conf) Vlan196 96 90 P Standby 10.101.96.253 local 10.101.96.254 (conf)
A. The device thinks that the first port in the port-grp is in dedicated mode instead of shared mode. When the first port of a port-grp is in dedicated mode, the other ports of the port-grp cannot be used.
A. Virtual PortChannel (vPC) is a port-channeling concept that extends link aggregation to two separate physical switches.
Benefits of vPC include:
Utilizes all available uplink bandwidth
Allows the creation of resilient Layer 2 topologies based on link aggregation
Eliminates the dependence of Spanning Tree Protocol in Layer 2 access distribution layer(s)
Enables transparent server mobility and server high availability (HA) clusters
Scales available Layer 2 bandwidth
Simplifies network design
Dual-homed servers can operate in active-active mode
Faster convergence upon link failure
Improves convergence time when a single device fails
Reduces capex and opex
A. Nexus 7000 has a loop prevention method that drops traffic traversing the peer link (destined for a vPC peer link) when there are no failed vPC ports or links. The rule is simple: if the packet crosses the vPC peer link, it may not go out any port in a vPC even if that vPC does not have the original VLAN.
A. Configure the vPC Keepalive Link and Messages
This example demonstrates how to configure the destination, source IP address, and VRF for the vPC-peer-keepalive link:
switch# configure terminal switch(config)# feature vpc switch(config)# vpc domain 100 switch(config-vpc-domain)# peer-keepalive destination 172.168.1.2 source 172.168.1.1 vrf vpc-keepaliveCreate the vPC Peer Link
This example demonstrates how to configure a vPC peer link:
switch# configure terminal switch(config)# interface port-channel 20 switch(config-if)# vpc peer-link switch(config-vpc-domain)#
A. Cisco NX-OS supports Intrusion Detection System (IDS) checks that validate IP packets to ensure proper formatting. This is an enhancement beginning in 5.x. The EEM message is being logged because a packet is received by the switch where the Ethernet frame size is shorter than the expected length to include the IP packet length plus the Ethernet header. The packet is dropped by the hardware due to this condition.
In order to verify that the IDS drops occurred since the last switch reboot, issue the show hardware forwarding ip verify module [#] ".
A. Issue the show feature command in order to verify.
switch-N7K# show feature Feature Name Instance State -------------------- -------- -------- tacacs 1 enabled scheduler 1 enabled isis 2 disabled isis 3 disabled isis 4 disabled ospf 1 enabled ospf 2 disabled ospf 3 disabled switch-N7K# show run | I feature feature vrrp feature tacacs+ feature scheduler feature ospf feature bgp feature pim feature pim6 feature eigrp feature pbr feature private-vlan feature udld feature interface-vlan feature netflow feature hsrp feature lacp feature dhcp feature tunnel
A. Cisco has developed the IOS-NXOS Migration Tool for quick configuration conversion on Cisco 6500 series to the Nexus series OS.
A. The maximum number of syslog servers configured is 3.
A. With respect to vPC, any device that runs the LACP (which is a standard), is compatible with the Nexus 7000, including ASA/ACE.
A. Orphan ports are single attached devices that are not connected via a vPC, but still carry vPC VLANs. In the instance of a peer-link shut or restoration, an orphan port's connectivity may be bound to the vPC failure or restoration process. Issue the show vpc orphan-ports command in order to identify the impacted VLANs.
A. There can be up to four (4) instances of OSPFv2 in a VDC.
A. The Cisco Nexus 7000 Series 32-Port 1 and 10 Gigabit Ethernet Module support FCoE. The part number of the product is N7K-F132XP-15.
A. FCoE is supported on Cisco Nexus 7000 Series systems running Cisco NX-OS Release 5.2 or later.
A. On a Nexus, use a route-map command with a set clause of metric-type type-[½] in order to have the same functionality as in IOS using the default-information originate always metric-type [½] command.
For example:
switch(config)#route-map STAT-OSPF, permit, sequence 10 switch(config-route-map)#match interface ethernet 1/2 switch(config-route-map)#set metric-type {external | internal | type-1 | type-2}
A. In NX-OS, a route-map is always required when redistributing routes into an OSPF instance, and you will also use this route-map to set the metric. Further, subnet redistribution is by default, so you do not have to add the subnets keyword.
For example:
switch(config)#access-list 101 permit ip <connected network> <wildcard> any switch(config)#access-list 101 permit ip <connected network> <wildcard> any switch(config)#access-list 101 permit ip <connected network> <wildcard> any switch(config)#access-list 101 deny any ! Router(config)# route-map direct2ospf permit 10 Router(config-route-map)# match ip address 101 Router(config-route-map)# set metric <100> Router(config-route-map)# set metric-type type-1 ! switch(config)#router ospf 1 switch(config-router)#redistribute direct route-map direct2ospf
A. The command is feature pim. In NX-OS, multicast is enabled only after enabling the PIM or PIM6 feature on each router and then enabling PIM or PIM6 sparse mode on each interface that you want to participate in multicast.
For example:
switch(config)#feature pim switch(config)#interface Vlan[536] switch(config-if)#ip pim sparse-modeSee Cisco Nexus 7000 Series NX-OS Multicast Routing Configuration Guide, Release 5.x for a complete configuration guide.
A. Here is what is received:
Nexus_7010#show ip route bgp IP Route Table for VRF "default" '*' denotes best ucast next-hop '**' denotes best mcast next-hop '[x/y]' denotes [preference/metric] 172.20.62.0/23, ubest/mbest: 1/0 *via 10.194.160.2, [20/0], 18:53:35, bgp-[AS-Number], internal, tag [Number] via 10.194.16.5, Vlan116, [110/1043], 18:43:51, ospf-1, intra 172.20.122.0/23, ubest/mbest: 1/0 *via 10.194.160.2, [20/0], 18:53:35, bgp-[AS-Number], internal, tag [Number] via 10.194.16.5, Vlan116, [110/1041], 18:43:51, ospf-1, intraBy default, BGP selects only a single best path and does not perform load balancing. As a result, the route marked with the * will always be used, unless it goes down, at which point any remaining routes will become the preferred path.
A. One potential reason for receiving this error message is if the file name specified is not correct.
For example:
switch#install all kickstart bootflash:n7000-sl-kickstart.5.1.1a.bin system bootflash:n7000-sl-dk9.5.1.1a.binIn this example, the file name contains "sl" (lowercase letter l) instead of "s1" (number 1).
A. This error message is generated because the port is not FEX capable:
N7K-2(config)#interface ethernet 9/5 N7K-2(config-if)#switchport mode fex-fabric ERROR: Ethernet9/5: Configuration does not match the port capabilityIn order to resolve this problem, check the port capabilities by using the show interface ethernet command.
For example:
N7K-2#show interface ethernet 9/5 capabilities Ethernet9/5 Model: N7K-M132XP-12 Type (SFP capable): 10Gbase-(unknown) Speed: 10000 Duplex: full Trunk encap. type: 802.1Q Channel: yes Broadcast suppression: percentage(0-100) Flowcontrol: rx-(off/on),tx-(off/on) Rate mode: shared QOS scheduling: rx-(8q2t),tx-(1p7q4t) CoS rewrite: yes ToS rewrite: yes SPAN: yes UDLD: yes Link Debounce: yes Link Debounce Time: yes MDIX: no Pvlan Trunk capable: no Port Group Members: 1,3,5,7 TDR capable: no FabricPath capable: no Port mode: Routed,Switched FEX Fabric: no dot1Q-tunnel mode: yesFrom this output of the show interface ethernet 9/5 capabilities command, you can see FEX Fabric: no. This verifies that the port is not FEX capable. In order to resolve this problem, upgrade the EPLD images to Cisco NX-OS Release 5.1(1) or later.
A. Here is what is received:
Nexus-7000#show interface counters errors ---------------------------------------------------------------------------- Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize OutDiscards ---------------------------------------------------------------------------- Eth1/1 0 26 0 26 0 0With FCS-Err and Rcv-Err, it is usually an indication that you are receiving corrupt packets.
A. All interface link status (up/down) messages are logged by default. Link status events can be configured globally or per interface. The interface command enables link status logging messages for a specific interface.
For example:
N7k(config)#interface ethernet x/x N7k(config-if)#logging event port link-status
A. All of the Nexus platforms support passing DecNet frames through the device from a layer-2 perspective. However, there is no support for routing DecNet on the Nexus.
A. In order to display the status of the NTP peers, issue the show ntp peer-status command:
switch#show ntp peer-status Total peers : 1 * - selected for sync, + - peer mode(active), - - peer mode(passive), = - polled in client mode remote local st poll reach delay vrf ------------------------------------------------------------------------------- *10.1.10.5 0.0.0.0 1 64 377 0.00134 default
A. Issue the tac-pac bootflash://<filename> command in order to redirect the output of the show tech command to a file, and then gzip the file.
For example:
switch#tac-pac bootflash://showtech.switch1Issue the copy bootflash://showtech.switch1 tftp://<server IP/<path> command in order to copy the file from bootflash to the TFTP server.
For example:
switch#copy bootflash://showtech.switch1 tftp://<server IP/<path>
A. The Nexus 7000 does not support a DHCP server, but it does support DHCP relay. For relay, use the ip dhcp relay address x.x.x.x interface command.
See Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 5.x for more information on Dynamic Host Configuration Protocol (DHCP) on a Cisco NX-OS device.
A. The Scalable Feature License is the new Nexus 7000 system license that enables the incremental table sizes supported on the M-Series L Modules. Without the license, the system will run in standard mode, meaning none of the larger table sizes will be accessible. Having non-XL and XL modules in a system is supported, but for the system to run in XL mode all modules need to be XL capable, and the Scalable Feature license needs to be installed. Mixing modules is supported, with the system running in the non-XL mode. If the modules are in the same system, the entire system falls back to the common smallest value. If the XL and non-XL are isolated using VDCs, then each VDC is considered a separate system and can be run in different modes.
In order to confirm whether the Nexus 7000 has the XL option enabled, you first need to check if the Scalable Feature License is installed. Also, having non-XL and XL modules in a system is supported, but in order for the system to run in XL mode, all modules need to be XL capable.
A. Cisco does not recommend running VTP in data centers. If someone attaches a switch to the network with a higher revision number without changing the VTP mode from the server, it will override the VLAN configuration on the switch.
A. There is no recommended best practice for load-balancing between the Nexus 1000V Series and Nexus 7000 Series Switches. You can choose either a flow-based or a source-based model depending on the network's requirement.
A. This error message corresponds to diagnostic failures on module 2. It could be a bad connection to the X-bar from the linecard, which is results in the linecard being unable to sync. Typically with these errors, the first step is to reseat the module. If that does not resolve the problem, reseat the fabric as well as the module individually.
A. These errors indicate that the octopus engine received frames that failed the CRC error checks. This can be caused by multiple reasons. For example:
Hardware problems:
Bad links
Backplane issues
Sync losses
Seating problems
Software problems:
Old fpga
Frames forwarded to LC that it is unable to understand
A. Verify the Rx Pause and TailDrops fields from the output of the show interface {/} and show hardware internal errors module module # commands for the module with these ports.
For example:
Nexus7K#show interface e7/25 Ethernet7/25 is up !--- Output suppressed input rate 1.54 Kbps, 2 pps; output rate 6.29 Mbps, 3.66 Kpps RX 156464190 unicast packets 0 multicast packets 585 broadcast packets 156464775 input packets 11172338513 bytes 0 jumbo packets 0 storm suppression packets 0 runts 0 giants 0 CRC 0 no buffer 0 input error 0 short frame 0 overrun 0 underrun 0 ignored 0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop 0 input with dribble 0 input discard 7798999 Rx pause TX 6365127464 unicast packets 6240536 multicast packets 2290164 broadcast packets 6373658164 output packets 8294188005962 bytes 0 jumbo packets 0 output error 0 collision 0 deferred 0 late collision 0 lost carrier 0 no carrier 0 babble 0 Tx pauseThe pauses on e7/25 indicate that the server is having difficulty keeping up with the amount of traffic sent to it.
Nexus7k#show hardware internal erroe module 2 | include r2d2_tx_taildrop_drop_ctr_q3 37936 r2d2_tx_taildrop_drop_ctr_q3 0000000199022704 2 - 37938 r2d2_tx_taildrop_drop_ctr_q3 0000000199942292 4 - 37941 r2d2_tx_taildrop_drop_ctr_q3 0000000199002223 5 - 37941 r2d2_tx_taildrop_drop_ctr_q3 0000000174798985 17 -This indicates that the amount of traffic sent to these device was too much for the interface itself to transmit. Since each interface was configured as a trunk allowing all VLANs and multicast/broadcast traffic counters were low, it appears there is a lot of unicast flooding that may be causing drops for these interfaces.
Revision | Publish Date | Comments |
---|---|---|
2.0 |
28-Jun-2011 |
No Content updates. Fixed metadata. |
1.0 |
26-Nov-2009 |
Initial Release |