You are on page 1of 361

DCUFI

Implementing Cisco
Data Center Unified
Fabric
Version 4.0

Fast Lane Lab Guide


Version 4.0.1
DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS AND AS SUCH MAY INCLUDE TYPOGRAPHICAL,
GRAPHICS, OR FORMATTING ERRORS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE
CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS CONTENT OR
COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING
WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM A
COURSE OF DEALING, USAGE OR TRADE PRACTICE. This learning product may contain early release content, and while Cisco believes it to
be accurate, it falls subject to the disclaimer above.

Lab Guide 2011 Cisco and/or its affiliates. All rights reserved.
Table of Contents
Lab Guide 1
Overview 1
Outline 1
Job Aids 2
Lab Topology Diagram 2
Lab Connections 3
Lab IP Address Plan 10
Lab 2-1: Configuring Layer 2 Switching 11
Activity Objective 11
Visual Objective 11
Required Resources 11
Command List 12
Job Aids 13
Task 0: Remote Lab Connection 14
Task 1: Configuring and Verifying Layer 2 Interfaces and PVRST+ 14
Task 2: Implementing and Testing Spanning-Tree Enhancements 24
Task 3: Implementing and Verifying MST 29
Lab 2-2: Configuring vPCs 35
Activity Objective 35
Visual Objective 35
Required Resources 36
Command List 37
Job Aids 38
Task 1: Creating a vPC Domain 39
Task 2: Creating the vPC Peer Keepalive Link 40
Task 3: Creating the vPC Peer Link 41
Task 4: Configuring a vPC 43
Task 5: Configuring the Cisco Nexus 2000 Fabric Extender 47
Lab 2-3: Configuring Layer 3 Switching 53
Activity Objective 53
Visual Objective 53
Required Resources 53
Command List 54
Job Aids 55
Task 1: Configuring RIP 56
Task 2: Configuring VRFs and Static Routing 59
Task 3: Configuring VRFs and OSPFv2 62
Task 4: Configuring VRFs and EIGRP 67
Lab 3-1: Configuring Security Features 71
Activity Objective 71
Visual Objective 71
Required Resources 71
Command List 72
Job Aids 73
Task 1: Configuring Access Lists 74
Task 2: Configuring Port Security 78
Task 3: Configuring Traffic Storm Control 82
Lab 3-2: Configuring OTV 84
Activity Objective 84
Visual Objective 84
Required Resources 84
Command List 85
Job Aids 85
Task 1: Configuring Basic OTV 86
Lab 3-3: Configuring QoS 91
Activity Objective 91
Visual Objective 91
Required Resources 91
Command List 92
Job Aids 93
Task 1: Generate Traffic 94
Task 2: Configure Class Maps 96
Task 3: Configure Policy Maps 98
Task 4: Configure Service Policies 101
Lab 4-1: Configuring System Management 106
Activity Objective 106
Visual Objective 106
Required Resources 106
Command List 107
Job Aids 109
Task 1: Configure Cisco Fabric Services 110
Task 2: Configure the Scheduler 115
Task 3: Configure Smart Call Home 118
Lab 4-2: Implementing Cisco DCNM 128
Activity Objective 128
Visual Objective 128
Required Resources 128
Command List 129
Job Aids 129
Task 1: Network Discovery 130
Task 2: Platform Inventory 134
Task 3: Monitoring 137
Task 4: Troubleshooting 144
Lab 5-1: Configuring Cisco FabricPath 147
Activity Objective 147
Visual Objective 147
Required Resources 147
Command List 148
Job Aids 148
Task 1: Analyze Spanning Tree Load Balancing 149
Task 2: Implement Cisco FabricPath 151
Task 3: Analyze Cisco FabricPath Load Balancing 156
Lab 7-1: Configuring FCoE 159
Activity Objective 159
Visual Objective 159
Required Resources 159
Command List 160
Job Aids 161
Task 1: Initial Configuration on the Cisco Nexus 5000 Switch 162
Task 2: Configure the Cisco Nexus 2000 Fabric Extender 165
Task 3: Configuring FCoE on the Cisco Nexus 5000 Switch 181
Task 4: Basic Configuration on the Cisco MDS Switch 186
Lab 7-2: Configuring NPV 192
Activity Objective 192

ii Implementing Cisco Data Center Unified Fabric (DCUCI) v4.0 2011 Cisco Systems, Inc.
Visual Objective 192
Required Resources 192
Command List 193
Job Aids 194
Task 1: Configure NPV Mode on the Cisco Nexus 5000 Switch 195
Task 2: Configure NPIV Mode on the Cisco MDS 9124 Switch 200
Answer Key 204
Lab 2-1 Answer Key: Configuring Layer 2 Switching 204
Lab 2-2 Answer Key: Configuring VPCs 213
Lab 2-3 Answer Key: Configuring Layer 3 Switching 230
Lab 3-1 Answer Key: Configuring Security Features 244
Lab 3-2 Answer Key: Configuring OTV 259
Lab 3-3 Answer Key: Configuring QoS 273
Lab 4-1 Answer Key: Configuring System Management 293
Lab 4-2 Answer Key: Implementing Cisco DCNM 309
Lab 5-1 Answer Key: Configuring Cisco FabricPath 311
Lab 7-1 Answer Key: Configuring FCoE 333
Lab 7-2 Answer Key: Configuring NPV 345

2011 Cisco Systems, Inc. Implementing Cisco Data Center Unified Fabric (DCUCI) v4.0 iii
iv Implementing Cisco Data Center Unified Fabric (DCUCI) v4.0 2011 Cisco Systems, Inc.
DCUFI

Lab Guide
Overview
This guide presents the instructions and other information concerning the lab activities for this
course. You can find the solutions in the lab activity Answer Key.

Outline
This guide includes these activities:
Lab 2-1: Configuring Layer 2 Switching
Lab 2-2: Configuring vPCs
Lab 2-3: Configuring Layer 3 Switching
Lab 3-1: Configuring Security Features
Lab 3-2: Configuring OTV
Lab 3-3: Configuring QoS
Lab 4-1: Configuring System Management
Lab 4-2: Implementing Cisco DCNM
Lab 5-1: Configuring Cisco FabricPath
Lab 7-1: Configuring FCoE
Lab 7-2: Configuring NPV
Answer Key
Job Aids
Use the following job aids while performing the lab tasks in this lab guide.

Lab Topology Diagram


This diagram describes the physical topology of the lab that is used in this course:

DCUFI Lab Topology

EMC2 EMC2

MDS9124-1 MDS9124-2

N7010-C1 N7010-C2

Nexus 5010 Nexus 5010

Nexus 2248TP Nexus 2248TP

Cisco UCS
C-series

2011 Cisco Systems, Inc. All rights reserved. DCUFI v4.0LG-2

2 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab Connections
This table lists the physical connections between the devices that are used in this course:

From To

Device Interface Device Interface

N5K-1 Ethernet 1/3 Server 1 CNA port 1

Ethernet 1/4 Server 2 CNA port 2

Ethernet 1/9 N2K-1 Uplink port 1

Ethernet 1/10 N2K-1 Uplink port 2

Ethernet 1/11 N2K-2 Uplink port 3

Ethernet 1/15 N7K-1-pod1 Ethernet 3/11

Ethernet 1/17 N5K-2 Ethernet 1/17

Ethernet 1/18 N5K-2 Ethernet 1/18

Ethernet 1/19 N7K-1-pod1 Ethernet 1/1

Ethernet 1/20 N7K-2-pod2 Ethernet 1/1

N7K-1-pod1 Ethernet 1/1 N5K-1 Ethernet 1/19

Ethernet 1/3 N5K-2 Ethernet 1/19

Ethernet 1/5 N2K-1 Uplink port 4

Ethernet 1/17 N7K-2-pod2 Ethernet 1/17

Ethernet 1/19 N7K-2-pod2 Ethernet 1/19

Ethernet 3/1 N7K-2-pod2 Ethernet 3/1

Ethernet 3/2 N7K-2-pod2 Ethernet 3/2

Ethernet 3/11 N5K-1 Ethernet 1/15

2011 Cisco Systems, Inc. Lab Guide 3


From To

Device Interface Device Interface

N5K-2 Ethernet 1/3 Server 2 CNA port 1

Ethernet 1/4 Server 1 CNA port 2

Ethernet 1/9 N2K-2 Uplink port 1

Ethernet 1/10 N2K-2 Uplink port 2

Ethernet 1/11 N2K-1 Uplink port 3

Ethernet 1/15 N7K-2-pod2 Ethernet 3/11

Ethernet 1/17 N5K-1 Ethernet 1/17

Ethernet 1/18 N5K-1 Ethernet 1/18

Ethernet 1/19 N7K-1-pod1 Ethernet 1/3

Ethernet 1/20 N7K-2-pod2 Ethernet 1/3

N7K-2-pod2 Ethernet 1/1 N5K-1 Ethernet 1/20

Ethernet 1/3 N5K-2 Ethernet 1/20

Ethernet 1/5 N2K-2 Uplink port 4

Ethernet 1/17 N7K-1-pod1 Ethernet 1/17

Ethernet 1/19 N7K-1-pod1 Ethernet 1/19

Ethernet 3/1 N7K-1-pod1 Ethernet 3/1

Ethernet 3/2 N7K-1-pod1 Ethernet 3/2

Ethernet 3/11 N7K-1-pod1 Ethernet 1/15

4 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
From To

Device Interface Device Interface

N5K-3 Ethernet 1/3 Server 3 CNA port 1

Ethernet 1/4 Server 4 CNA port 2

Ethernet 1/9 N2K-3 Uplink port 1

Ethernet 1/10 N2K-3 Uplink port 2

Ethernet 1/11 N2K-4 Uplink port 3

Ethernet 1/15 N7K-1-pod3 Ethernet 3/13

Ethernet 1/17 N5K-4 Ethernet 1/17

Ethernet 1/18 N5K-4 Ethernet 1/18

Ethernet 1/19 N7K-1-pod3 Ethernet 1/2

Ethernet 1/20 N7K-2-pod4 Ethernet 1/2

N7K-1-pod3 Ethernet 1/2 N5K-3 Ethernet 1/19

Ethernet 1/4 N5K-4 Ethernet 1/19

Ethernet 1/6 N2K-3 Uplink port 4

Ethernet 1/18 N7K-2-pod4 Ethernet 1/18

Ethernet 1/20 N7K-2-pod4 Ethernet 1/20

Ethernet 3/3 N7K-2-pod4 Ethernet 3/3

Ethernet 3/4 N7K-2-pod4 Ethernet 3/4

Ethernet 3/13 N5K-3 Ethernet 1/15

2011 Cisco Systems, Inc. Lab Guide 5


From To

Device Interface Device Interface

N5K-4 Ethernet 1/3 Server 4 CNA port 1

Ethernet 1/4 Server 3 CNA port 2

Ethernet 1/9 N2K-4 Uplink port 1

Ethernet 1/10 N2K-4 Uplink port 2

Ethernet 1/11 N2K-3 Uplink port 3

Ethernet 1/15 N7K-2-pod4 Ethernet 3/13

Ethernet 1/17 N5K-3 Ethernet 1/17

Ethernet 1/18 N5K-3 Ethernet 1/18

Ethernet 1/19 N7K-1-pod3 Ethernet 1/4

Ethernet 1/20 N7K-2-pod4 Ethernet 1/4

N7K-2-pod4 Ethernet 1/2 N5K-3 Ethernet 1/20

Ethernet 1/4 N5K-4 Ethernet 1/20

Ethernet 1/6 N2K-4 Uplink port 4

Ethernet 1/18 N7K-1-pod3 Ethernet 1/18

Ethernet 1/20 N7K-1-pod3 Ethernet 1/20

Ethernet 3/3 N7K-1-pod3 Ethernet 3/3

Ethernet 3/4 N7K-1-pod3 Ethernet 3/4

Ethernet 3/13 N5K-4 Ethernet 1/15

6 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
From To

Device Interface Device Interface

N5K-5 Ethernet 1/3 Server 5 CNA port 1

Ethernet 1/4 Server 6 CNA port 2

Ethernet 1/9 N2K-5 Uplink port 1

Ethernet 1/10 N2K-5 Uplink port 2

Ethernet 1/11 N2K-6 Uplink port 3

Ethernet 1/15 N7K-1-pod5 Ethernet 3/15

Ethernet 1/17 N5K-6 Ethernet 1/17

Ethernet 1/18 N5K-6 Ethernet 1/18

Ethernet 1/19 N7K-1-pod5 Ethernet 1/9

Ethernet 1/20 N7K-2-pod6 Ethernet 1/9

N7K-1-pod5 Ethernet 1/9 N5K-5 Ethernet 1/19

Ethernet 1/11 N5K-6 Ethernet 1/19

Ethernet 1/13 N2K-5 Uplink port 4

Ethernet 1/25 N7K-2-pod6 Ethernet 1/25

Ethernet 1/27 N7K-2-pod6 Ethernet 1/27

Ethernet 3/5 N7K-2-pod6 Ethernet 3/5

Ethernet 3/6 N7K-2-pod6 Ethernet 3/6

Ethernet 3/15 N5K-5 Ethernet 1/15

2011 Cisco Systems, Inc. Lab Guide 7


From To

Device Interface Device Interface

N5K-6 Ethernet 1/3 Server 6 CNA port 1

Ethernet 1/4 Server 5 CNA port 2

Ethernet 1/9 N2K-6 Uplink port 1

Ethernet 1/10 N2K-6 Uplink port 2

Ethernet 1/11 N2K-5 Uplink port 3

Ethernet 1/15 N7K-2-pod6 Ethernet 3/15

Ethernet 1/17 N5K-5 Ethernet 1/17

Ethernet 1/18 N5K-5 Ethernet 1/18

Ethernet 1/19 N7K-1-pod5 Ethernet 1/11

Ethernet 1/20 N7K-2-pod6 Ethernet 1/11

N7K-2-pod6 Ethernet 1/9 N5K-5 Ethernet 1/20

Ethernet 1/11 N5K-6 Ethernet 1/20

Ethernet 1/13 N2K-6 Uplink port 4

Ethernet 1/25 N7K-1-pod5 Ethernet 1/25

Ethernet 1/27 N7K-1-pod5 Ethernet 1/27

Ethernet 3/5 N7K-1-pod5 Ethernet 3/5

Ethernet 3/6 N7K-1-pod5 Ethernet 3/6

Ethernet 3/15 N5K-6 Ethernet 1/15

8 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Note In some of the labs, interfaces are designated as interface Ethernet 1/X or 3/Y, where X and
Y are characters rather than digits. In this case, the interface designations should be
replaced with the interfaces that are listed in the table below for your pod.

Interface Pod 1 and 2 Pod 3 and 4 Pod 5 and 6

Ethernet 1/A Ethernet 1/1 Ethernet 1/2 Ethernet 1/9

Ethernet 1/B Ethernet 1/3 Ethernet 1/4 Ethernet 1/11

Ethernet 1/C Ethernet 1/5 Ethernet 1/6 Ethernet 1/13

Ethernet 1/D Ethernet 1/7 Ethernet 1/8 Ethernet 1/15

Ethernet 1/E Ethernet 1/17 Ethernet 1/20 Ethernet 1/25

Ethernet 1/F Ethernet 1/19 Ethernet 1/22 Ethernet 1/27

Ethernet 1/G Ethernet 1/21 Ethernet 1/24 Ethernet 1/29

Ethernet 1/H Ethernet 1/23 Ethernet 1/26 Ethernet 1/31

Ethernet 3/I Ethernet 3/1 Ethernet 3/3 Ethernet 3/5

Ethernet 3/J Ethernet 3/2 Ethernet 3/4 Ethernet 3/6

Ethernet 3/K Ethernet 3/11 Ethernet 3/13 Ethernet 3/15

Ethernet 3/L Ethernet 3/11 Ethernet 3/14 Ethernet 3/16

2011 Cisco Systems, Inc. Lab Guide 9


Lab IP Address Plan
This table lists the IP addresses configured on the devices in this course:

Device Interface IP address Prefix length Default gateway

N5K-1 Mgmt0 192.168.0.18 /24 192.168.0.1

N5K-2 Mgmt0 192.168.0.28 /24 192.168.0.1

N5K-3 Mgmt0 192.168.0.38 /24 192.168.0.1

N5K-4 Mgmt0 192.168.0.48 /24 192.168.0.1

N5K-5 Mgmt0 192.168.0.58 /24 192.168.0.1

N5K-6 Mgmt0 192.168.0.68 /24 192.168.0.1

N7K-1 Mgmt0 192.168.0.210 /24 192.168.0.1

N7K-2 Mgmt0 192.168.0.220 /24 192.168.0.1

N7K-1-pod1 Mgmt0 192.168.0.201 /24 192.168.0.1

N7K-2-pod2 Mgmt0 192.168.0.202 /24 192.168.0.1

N7K-1-pod3 Mgmt0 192.168.0.203 /24 192.168.0.1

N7K-2-pod4 Mgmt0 192.168.0.204 /24 192.168.0.1

N7K-1-pod5 Mgmt0 192.168.0.205 /24 192.168.0.1

N7K-2-pod6 Mgmt0 192.168.0.206 /24 192.168.0.1

Pod 1 server Mgmt NIC 192.168.0.11 /24

Pod 2 server Mgmt NIC 192.168.0.21 /24

Pod 3 server Mgmt NIC 192.168.0.31 /24

Pod 4 server Mgmt NIC 192.168.0.41 /24

Pod 5 server Mgmt NIC 192.168.0.51 /24

Pod 6 server Mgmt NIC 192.168.0.61 /24

10 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 2-1: Configuring Layer 2 Switching
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will implement Layer 2 switching features on the Cisco Nexus 7000 and
5000 Switches. After completing this activity, you will be able to meet these objectives:
Configure Layer 2 interfaces and implement and verify PVRST+
Implement and verify spanning-tree enhancements in order to optimize and protect
spanning-tree operation
Implement and verify MST

Visual Objective
The figure illustrates what you will accomplish in this activity.

Lab 2-1: Configuring Layer 2 Switching

N7K-1- N7K-2-
PodP PodQ

N5K-P N5K-Q

2011 Cisco Systems, Inc. All rights reserved. DCUFI v4.0LG-3

Required Resources
These are the resources and equipment that are required to complete this activity:
Two Cisco Nexus 7000 VDCs
Two Cisco Nexus 5000 Switches
Two Windows 2003 servers

2011 Cisco Systems, Inc. Lab Guide 11


Command List
The table describes the commands that are used in this activity.

Command Description

show interface brief Displays a summary of the interfaces.

show interface transceiver Displays detailed information about installed SFPs.

rate-mode dedicated Sets the first port in a port group to dedicated mode.

switchport Configures an interface as a Layer 2 switch port.

switchport mode trunk Configures an interface as a trunk port.

show spanning-tree Displays information related to the Spanning Tree Protocol


(STP).

show vlan internal usage Displays the list of VLANs that are reserved for internal
use.

vlan <vlan-list> Creates one or more VLANs.

name <vlan-name> Configures the VLAN name.

show spanning-tree summary Displays a summarized view of the spanning-tree


operational status.

spanning-tree vlan <vlan- Changes the priority of the switch in order to make it the
list> root primary root of the spanning tree for the listed VLANs.

spanning-tree vlan <vlan- Lowers the spanning-tree priority of the switch below the
list> root secondary default value to make the switch the backup spanning-tree
root for the listed VLANs.

spanning-tree guard root Enables Root Guard on an interface.

spanning-tree port type Configures an interface as a spanning-tree edge port.


edge
feature udld Enables UniDirectional Link Detection (UDLD) on a switch.

udld aggressive Enables UDLD aggressive mode.

show udld neighbors Displays the list of current UDLD neighbors.

spanning-tree port type Enables Bridge Assurance on an interface.


network
show spanning-tree Displays the switch ports that are in the spanning-tree
inconsistentports inconsistent state.

spanning-tree mst Enters configuration mode for Multiple Spanning Tree


configuration (MST).

name <mst-region-name> Configures the MST region name.

revision <mst-revision-nr> Configures the MST revision number.

spanning-tree mode mst Changes the spanning-tree protocol to MST.

instance <nr> vlan <vlan- Maps a list of VLANs to an MST instance.


list>
spanning-tree mst <nr> Changes the priority of the switch in order to make it the
root primary root of the spanning tree for the MST instance.

spanning-tree mst <nr> Lowers the spanning-tree priority of the switch below the
root secondary default value, to make the switch the backup spanning-tree
root for the MST instance.

12 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Job Aids
These job aids are available to help you complete the lab activity.
Lab topology diagram
Lab connections
Lab IP address plan

2011 Cisco Systems, Inc. Lab Guide 13


Task 0: Remote Lab Connection
During this exercise you will connect to the devices used in the lab.

Activity Procedure
Complete these steps:
Step 1 Connect to the console of your assigned Cisco Nexus 5000 Switch using the
credentials supplied by your instructor.
Step 2 Log in to your assigned Cisco Nexus 5000 Switch with username admin and
password 1234QWer. The prompt of the device should be N5K-P, where P is your
assigned pod number. The device should have a basic configuration loaded that
includes the host name, management IP settings, admin user settings, and interface
descriptions. If this configuration is missing, or if the configuration contains more
advanced feature configurations, notify your instructor to verify that the lab
configuration has been properly loaded on the switch.
Step 3 Connect to the management IP address of your assigned Cisco Nexus 7000 VDC
using the credentials supplied by your instructor. You can find the management IP
address for your pod VDC in the IP Address Plan job aid at the beginning of this
lab guide.
Step 4 Log in to your assigned Cisco Nexus 7000 VDC with username admin and
password 1234QWer. The prompt of the device should be N7K-X-Pod-P, where P
is your assigned pod number and X is 1 if your pod number is odd and X is 2 if
your pod number is even. The VDC should have a basic configuration loaded that
includes the host name, management IP settings, admin user settings, and interface
descriptions. If this configuration is missing, or if the configuration contains more
advanced feature configurations, notify your instructor to verify that the lab
configuration has been properly loaded on the VDC.

Note Your pod consists of a Cisco Nexus 5000 Switch and a VDC of a Cisco Nexus 7000 Switch,
on which you have full administrative control. All configurations that you perform will be done
on these devices. For some tasks, you are interacting with another pod, which will be called
your peer pod throughout these labs. When a lab specifies that configurations should be
performed within your pod and the peer pod, it is important that you verify that the team that
manages your peer pod has arrived at the same task. The peer pod pairings are as follows:
Pod 1 and 2 are peers, pod 3 and 4 are peers, and pod 5 and 6 are peers.

Task 1: Configuring and Verifying Layer 2 Interfaces and


PVRST+
During this task, you will configure basic Layer 2 parameters, such as VLAN and trunk
settings. You will also configure PVRST+ and verify proper spanning-tree operation both
within your pod and between your pod and your peer pod.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 Check the interface state of your assigned interfaces. (These will differ between
pods.)
N7K-X-podP# show interface brief

14 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
------------------------------------------------------------------------------
Port VRF Status IP Address Speed
MTU
------------------------------------------------------------------------------
mgmt0 -- up 192.168.0.20P 100
1500

------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed
Port
Interface Ch
#
------------------------------------------------------------------------------
Eth1/A -- eth routed down Administratively down auto(S) --
Eth1/B -- eth routed down Administratively down auto(S) --
Eth1/C -- eth routed down Administratively down auto(S) --
Eth1/D -- eth routed down SFP not inserted auto(S) --
Eth1/E -- eth routed down Administratively down auto(S) --
Eth1/F -- eth routed down Administratively down auto(S) --
Eth1/G -- eth routed down SFP not inserted auto(S) --
Eth1/H -- eth routed down SFP not inserted auto(S) --

Note The interfaces that are listed in the commands and command output are dependent on your
pod number. Refer to the table below to identify the correct interface numbers that are used
in your pod. Whenever you encounter interface descriptors using the format Ethernet 1/X
you should replace them with the appropriate interface number from this table.

Interface Pod 1 and 2 Pod 3 and 4 Pod 5 and 6

Ethernet 1/A Ethernet 1/1 Ethernet 1/2 Ethernet 1/9

Ethernet 1/B Ethernet 1/3 Ethernet 1/4 Ethernet 1/11

Ethernet 1/C Ethernet 1/5 Ethernet 1/6 Ethernet 1/13

Ethernet 1/D Ethernet 1/7 Ethernet 1/8 Ethernet 1/15

Ethernet 1/E Ethernet 1/17 Ethernet 1/20 Ethernet 1/25

Ethernet 1/F Ethernet 1/19 Ethernet 1/22 Ethernet 1/27

Ethernet 1/G Ethernet 1/21 Ethernet 1/24 Ethernet 1/29

Ethernet 1/H Ethernet 1/23 Ethernet 1/26 Ethernet 1/31

Ethernet 3/I Ethernet 3/1 Ethernet 3/3 Ethernet 3/5

Ethernet 3/J Ethernet 3/2 Ethernet 3/4 Ethernet 3/6

Ethernet 3/K Ethernet 3/11 Ethernet 3/13 Ethernet 3/15

Ethernet 3/L Ethernet 3/12 Ethernet 3/14 Ethernet 3/16

Step 3 Based upon the output of the show interface brief command, how many SFP+
transceivers are installed in module 1?

Step 4 Which interfaces within module 1 have SFP+ transceivers installed?

Step 5 Are the I/O module interfaces currently set to perform as Layer 2 or Layer 3
interfaces?

2011 Cisco Systems, Inc. Lab Guide 15


Step 6 Determine the SFP+ transceiver type(s) installed in your interfaces.
N7K-X-podP# show interface transceiver
Ethernet1/A
transceiver is present
type is SFP-H10GB-CU5M
name is CISCO-TYCO
part number is 2053783-3
revision is K
serial number is TED1420C0UW
nominal bitrate is 10300 MBit/sec
Link length supported for copper is 5 m
cisco id is --
cisco extended id number is 4

Ethernet1/B
transceiver is present
type is SFP-H10GB-CU5M
name is CISCO-TYCO
part number is 2053783-3
revision is K
serial number is TED1420C1G0
nominal bitrate is 10300 MBit/sec
Link length supported for copper is 5 m
cisco id is --
cisco extended id number is 4

Ethernet1/C
transceiver is present
type is 10Gbase-SR
name is CISCO-SUMITOMO
part number is SPP5100SR-C1
revision is A
serial number is SPC14150558
nominal bitrate is 10300 MBit/sec
Link length supported for 50/125um OM2 fiber is 82 m
Link length supported for 50/125um OM3 fiber is 300 m
Link length supported for 62.5/125um fiber is 26 m
cisco id is --
cisco extended id number is 4

Ethernet1/D
transceiver is not present

Ethernet1/E
transceiver is present
type is SFP-H10GB-CU5M
name is CISCO-TYCO
part number is 2053783-3
revision is K
serial number is TED1420C11V
nominal bitrate is 10300 MBit/sec
Link length supported for copper is 5 m
cisco id is --
cisco extended id number is 4

Ethernet1/F
transceiver is present
type is SFP-H10GB-CU5M
name is CISCO-TYCO
part number is 2053783-3
revision is K
serial number is TED1420C0SF
nominal bitrate is 10300 MBit/sec
Link length supported for copper is 5 m
cisco id is --
cisco extended id number is 4

16 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Ethernet1/G
transceiver is present
type is SFP-H10GB-CU5M
name is CISCO-TYCO
part number is 2053783-3
revision is K
serial number is TED1417C4ZV
nominal bitrate is 10300 MBit/sec
Link length supported for copper is 5 m
cisco id is --
cisco extended id number is 4

Ethernet1/H
transceiver is not present

Step 7 Which types of SFP+ transceivers are installed in module 1?

Step 8 What is the maximum distance between devices that these transceivers support?

Step 9 Execute a show interface brief and note that two port groups have been assigned to
your Pod VDC. Which ports are members of the same port group?

Note You can use the show interface <interface> capabilities command for a specific interface
to find out which port group it belongs to.

Step 10 Change your second port group to dedicated mode.


N7K-X-podP# configure
N7K-X-podP(config-if)# interface e 1/E, e 1/F, e 1/G, e 1/H
N7K-X-podP(config-if-range)# shutdown
N7K-X-podP(config-if-range)# rate-mode dedicated
ERROR: Config not applied on all ports.
Config allowed only on the first port in each port group.

N7K-1-podP(config-if-range)# no shutdown
ERROR: Ethernet1/F, Ethernet1/G, Ethernet1/H: Config not allowed, as first
port in the port-grp is dedicated

Note The exact interfaces that are used are different for each pod. Refer to the table in Step 2 to
find the correct interfaces for your pod.

Step 11 Verify that the first interface in the port group is set to dedicated mode and has been
enabled and that all other interfaces in the port group are still shutdown.
N7K-X-podP# show interface brief

------------------------------------------------------------------------------
Port VRF Status IP Address Speed
MTU
------------------------------------------------------------------------------
mgmt0 -- up 192.168.0.20P 100
1500

------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed
Port
Interface Ch
#

2011 Cisco Systems, Inc. Lab Guide 17


------------------------------------------------------------------------------
--
Eth1/A -- eth routed down Administratively down auto(S) --
Eth1/B -- eth routed down Administratively down auto(S) --
Eth1/C -- eth routed down Administratively down auto(S) --
Eth1/D -- eth routed down SFP not inserted auto(S) --
Eth1/E -- eth routed up none 10G(D) --
Eth1/F -- eth routed down Administratively down auto(S) --
Eth1/G -- eth routed down SFP not inserted auto(S) --
Eth1/H -- eth routed down SFP not inserted auto(S) --
Step 12 Change all the interfaces in your VDC on module 1 that have SFPs inserted to Layer
2 switch ports instead of routed ports and enable these interfaces.
N7K-X-podP(config)# interface e 1/A, e 1/B, e 1/E
N7K-X-podP(config-if-range)# switchport
N7K-X-podP(config-if-range)# no shutdown
N7K-X-podP(config-if-range)# interface e 1/C
N7K-X-podP(config-if)# shutdown

Note Do not enable any interfaces on module 3. These interfaces will be used during a later lab
and need to remain disabled until you are specifically instructed to enable them.

Step 13 Verify that the interfaces have been enabled and changed to Layer 2 switch ports.
N7K-1-podP# show interface brief

------------------------------------------------------------------------------
--
Port VRF Status IP Address Speed
MTU
------------------------------------------------------------------------------
--
mgmt0 -- up 192.168.0.20P 100
1500

------------------------------------------------------------------------------
--
Ethernet VLAN Type Mode Status Reason Speed
Port
Interface Ch
#
------------------------------------------------------------------------------
--
Eth1/A 1 eth access up none 10G(S) --
Eth1/B 1 eth access up none 10G(S) --
Eth1/C -- eth routed down Administratively down auto(S) --
Eth1/D -- eth routed down SFP not inserted auto(S) --
Eth1/E 1 eth access up none 10G(D) --
Eth1/F -- eth routed down Administratively down auto(S) --
Eth1/G -- eth routed down SFP not inserted auto(S) --
Eth1/H -- eth routed down SFP not inserted auto(S) --
Step 14 Configure all the Layer 2 interfaces in your VDCs as trunks and verify that the
change was successful.
N7K-X-podP(config)# interface e 1/A, e 1/B, e 1/E
N7K-X-podP(config-if-range)# switchport mode trunk

N7K-X-podP(config-if-range)# show interface brief

Step 15 Connect to the console of your assigned Cisco Nexus 5000 Switch.
Step 16 Check the state of the interfaces on your Cisco Nexus 5000 Switch using the show
interface brief command.

18 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
N5K-P# show interface brief

------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed
Port
Interface Ch
#
------------------------------------------------------------------------------
Eth1/1 1 eth access down SFP not inserted 10G(D) --
Eth1/2 1 eth access down SFP not inserted 10G(D) --
Eth1/3 1 eth access up none 10G(D) --
Eth1/4 1 eth access up none 10G(D) --
Eth1/5 1 eth access down SFP not inserted 10G(D) --
Eth1/6 1 eth access down SFP not inserted 10G(D) --
Eth1/7 1 eth access down SFP not inserted 10G(D) --
Eth1/8 1 eth access down SFP not inserted 10G(D) --
Eth1/9 1 eth access up none 10G(D) --
Eth1/10 1 eth access up none 10G(D) --
Eth1/11 1 eth access up none 10G(D) --
Eth1/12 1 eth access down SFP not inserted 10G(D) --
Eth1/13 1 eth access down SFP not inserted 10G(D) --
Eth1/14 1 eth access down SFP not inserted 10G(D) --
Eth1/15 1 eth access down Link not connected 10G(D) --
Eth1/16 1 eth access down SFP not inserted 10G(D) --
Eth1/17 1 eth access up none 10G(D) --
Eth1/18 1 eth access up none 10G(D) --
Eth1/19 1 eth access up none 10G(D) --
Eth1/20 1 eth access up none 10G(D) --

------------------------------------------------------------------------------
Port VRF Status IP Address Speed
MTU
------------------------------------------------------------------------------
mgmt0 -- up 192.168.0.P8 100
1500

Step 17 Are the Ethernet interfaces configured as Layer 2 or Layer 3 ports?

Step 18 In which mode do the Ethernet interfaces operate by default?

Step 19 Configure the interfaces within your Nexus 5548 Switch to operate as Layer 3
interfaces.
N5K-P(config)# interface e 1/19-20
N5K-P(config-if-range)# no switchport
N5K-P(config-if-range)# show interface e 1/19-20 brief
------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
------------------------------------------------------------------------------
Eth1/19 -- eth routed down L3 not ready 10G(D) --
Eth1/20 -- eth routed down L3 not ready 10G(D) --
Step 20 Why does the Cisco Nexus 5000 Switch not properly execute the no switchport
command?

Step 21 Configure the ports on the switch that connect to the Cisco Nexus 7000 VDCs in
your pod and your peer pod as trunks and verify that the change was successful.
N5K-P(config)# interface ethernet 1/19-20
N5K-P(config-if-range)# switchport
N5K-P(config-if-range)# switchport mode trunk

2011 Cisco Systems, Inc. Lab Guide 19


Note Use the show cdp neighbors command or the interface descriptions in the configuration to
verify that you are configuring the correct interfaces.

Step 22 Verify that the change was successful.


N5K-P# show interface e 1/19-20 brief

------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
------------------------------------------------------------------------------
Eth1/19 1 eth trunk up none 10G(D) --
Eth1/20 1 eth trunk up none 10G(D) --

Step 23 Disable the interfaces that connect your Cisco Nexus 5000 Switch to your peer pods
Cisco Nexus 5000 Switch.
N5K-P(config)# interface ethernet 1/17-18
N5K-P(config-if-range)# shutdown
Step 24 Switch to your Cisco Nexus 7000 VDC.
Step 25 Examine spanning-tree operation for VLAN 1 using the show spanning-tree vlan 1
command.
N7K-X-podP# show spanning-tree vlan 1

VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 0005.9b1f.7c7c
Cost 2
Port 131 (Ethernet1/B)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2 128.137 P2p
Eth1/B Root FWD 2 128.139 P2p
Eth1/E Altn BLK 2 128.153 P2p

Step 26 Which PVRST+ path cost method is being used?

Step 27 Which switch or VDC is the root bridge for vlan 1 in your pod pair?

Step 28 Examine which VLANs are available for you and which are used internally.
N7K-X-podP# show vlan internal usage

VLAN DESCRIPTION
--------- -------------------------------------------------------
3968-4031 Multicast
4032 Online diagnostics vlan1
4033 Online diagnostics vlan2
4034 Online diagnostics vlan3
4035 Online diagnostics vlan4
4036-4041 Reserved

20 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
4042 Satellite
4043-4047 Reserved
4094 Reserved
Step 29 On both devices in your pod, create vlan 10 and give it the name TEST. Verify
that the Cisco Nexus 5000 Switches and the Cisco Nexus 7000 VDCs in both your
pod and your peer pod contain VLANs 1 and 10.
On your Cisco Nexus 7000 VDC:

N7K-X-podP(config)# vlan 10
N7K-X-podP(config-vlan)# name TEST

On your Cisco Nexus 5000 switch:

N5K-P(config)# vlan 10
N5K-P(config-vlan)# name TEST
Step 30 Examine spanning-tree operation for all VLANs.
N7K-X-podP# show spanning-tree

VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 0005.9b1f.7c7c
Cost 2
Port 139 (Ethernet1/B)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2 128.137 P2p
Eth1/B Root FWD 2 128.139 P2p
Eth1/E Altn BLK 2 128.153 P2p

VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 32778
Address 0005.9b1f.7c7c
Cost 2
Port 139 (Ethernet1/B)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2 128.137 P2p
Eth1/B Root FWD 2 128.139 P2p
Eth1/E Altn BLK 2 128.153 P2p

Step 31 Which switch or VDC is the root bridge for the spanning-tree instance for vlan 10?
Is that the same or different from VLAN 1?

Step 32 Create additional VLANs 1113 on both your Cisco Nexus 7000 VDC and your
Cisco Nexus 5000 Switch.

2011 Cisco Systems, Inc. Lab Guide 21


On your Cisco Nexus 7000 VDC:

N7K-X-podP(config)# vlan 11-13

On your Cisco Nexus 5000 Switch:

N5K-P(config)# vlan 11-13


Step 33 Examine the spanning-tree instances running in your pod.
N7K-X-podP# show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: none
Port Type Default is disable
Edge Port [PortFast] BPDU Guard Default is disabled
Edge Port [PortFast] BPDU Filter Default is disabled
Bridge Assurance is enabled
Loopguard Default is disabled
Pathcost method used is short

Name Blocking Listening Learning Forwarding STP Active


---------------------- -------- --------- -------- ---------- ----------
VLAN0001 2 0 0 1 3
VLAN0010 2 0 0 1 3
VLAN0011 2 0 0 1 3
VLAN0012 2 0 0 1 3
VLAN0013 2 0 0 1 3
---------------------- -------- --------- -------- ---------- ----------
5 vlans 10 0 0 5 15
Step 34 Is there a separate spanning-tree instance for each VLAN?

Step 35 Configure the VDC of switch N7K-1 as the root bridge for the odd VLANs (VLAN
11 and 13) and configure the VDC of switch N7K-2 as the root bridge for the even
VLANs (VLAN 10 and 12). The other VDC should be configured as the backup root
bridge for these groups of VLANs.
N7K-1-podP(config)# spanning-tree vlan 11, 13 root primary
N7K-1-podP(config)# spanning-tree vlan 10, 12 root secondary

N7K-2-podQ(config)# spanning-tree vlan 11, 13 root secondary


N7K-2-podQ(config)# spanning-tree vlan 10, 12 root primary
Step 36 Verify that the spanning tree for VLANs 10-13 is behaving as expected.
N7K-X-podP# show spanning-tree vlan 11,13

VLAN0011
Spanning tree enabled protocol rstp
Root ID Priority 24587
Address a8b1.d455.6fc4
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24587 (priority 24576 sys-id-ext 11)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2 128.137 P2p
Eth1/B Desg FWD 2 128.139 P2p
Eth1/E Desg FWD 2 128.153 P2p

VLAN0013

22 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Spanning tree enabled protocol rstp
Root ID Priority 24589
Address a8b1.d455.6fc4
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24589 (priority 24576 sys-id-ext 13)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2 128.137 P2p
Eth1/B Desg FWD 2 128.139 P2p
Eth1/E Desg FWD 2 128.153 P2p

N7K-X-podP# show spanning-tree vlan 10,12

VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 24586
Address 0026.9804.a944
Cost 2
Port 153 (Ethernet1/E)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 28682 (priority 28672 sys-id-ext 10)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2 128.137 P2p
Eth1/B Desg FWD 2 128.139 P2p
Eth1/E Root FWD 2 128.153 P2p

VLAN0012
Spanning tree enabled protocol rstp
Root ID Priority 24588
Address 0026.9804.a944
Cost 2
Port 153 (Ethernet1/E)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 28684 (priority 28672 sys-id-ext 12)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2 128.137 P2p
Eth1/B Desg FWD 2 128.139 P2p
Eth1/E Root FWD 2 128.153 P2p

Step 37 Save the configurations on the switches in your pod.

Activity Verification
You have completed this task when you attain these results:
You have configured the interface leading to the peer Cisco Nexus 7000 VDC as rate-mode
dedicated.
You have verified basic interface operation and settings on your Cisco Nexus 7000 VDC
and Cisco Nexus 5000 Switch.

2011 Cisco Systems, Inc. Lab Guide 23


You have configured the links between the switches in your pod and your peer pod as
802.1Q trunks.
You have created VLANs 1013.
You have configured the odd VDC as the root for the odd VLANs and the even VDC as the
backup root for the odd VLANs.
You have configured the even VDC as the root for the even VLANs and the odd VDC as
the backup root for the even VLANs.
You have verified spanning-tree operation for VLANs 10-13.

Task 2: Implementing and Testing Spanning-Tree


Enhancements
During this exercise, you will configure some of the spanning-tree optimization and protection
features and verify their operation.

Activity Procedure
Complete these steps:
Step 1 In the previous task, the Cisco Nexus 7000 VDCs were configured as the root and
backup root for VLANs 1013. Together they form the aggregation layer of the lab
network and you may want to protect them against access switches that accidentally
claim to be the root bridge. Configure root guard on the trunk links that connect your
Cisco Nexus 7000 VDC to the Cisco Nexus 5000 Switches in your pod and your
peer pod.
N7K-X-podP(config)# interface ethernet 1/A, ethernet 1/B
N7K-X-podP(config-if-range)# spanning-tree guard root
N7K-X-podP(config-if-range)# 2011 Jan 27 12:19:18 N7K-X-podP %STP-2-
ROOTGUARD_CONFIG_CHANGE: Root guard enabled on port Ethernet1/A.
2011 Jan 27 12:19:18 N7K-X-podP %STP-2-ROOTGUARD_CONFIG_CHANGE: Root guard
enabled on port Ethernet1/B.
2011 Jan 27 12:19:20 N7K-X-podP %STP-2-ROOTGUARD_BLOCK: Root guard blocking
port Ethernet1/B on VLAN0001.
2011 Jan 27 12:19:20 N7K-X-podP %STP-2-ROOTGUARD_BLOCK: Root guard blocking
port Ethernet1/A on VLAN0001.
Step 2 Why does root guard block these ports for VLAN 1?

Step 3 Disable root guard on the trunks from the Cisco Nexus 7000 VDCs to the Cisco
Nexus 5000 Switches in your pod.
N7K-X-podP(config)# interface ethernet 1/A, ethernet 1/B
N7K-X-podP(config-if-range)# no spanning-tree guard root
N7K-X-podP(config-if-range)# 2011 Jan 27 12:34:22 N7K-X-podP %STP-2-
ROOTGUARD_CONFIG_CHANGE: Root guard disabled on port Ethernet1/A.
2011 Jan 27 12:34:22 N7K-X-podP %STP-2-ROOTGUARD_UNBLOCK: Root guard
unblocking port Ethernet1/A on VLAN0001.
2011 Jan 27 12:34:22 N7K-X-podP %STP-2-ROOTGUARD_CONFIG_CHANGE: Root guard
disabled on port Ethernet1/B.
2011 Jan 27 12:34:22 N7K-X-podP %STP-2-ROOTGUARD_UNBLOCK: Root guard
unblocking port Ethernet1/B on VLAN0001.
Step 4 It is a best practice to configure ports connected to end devicessuch as serversas
spanning-tree edge ports. Configure the ports on your Cisco Nexus 5000 Switch that
connect to the lab servers as spanning-tree edge ports.
N5K-P(config)# interface ethernet 1/3, ethernet 1/4
N5K-P(config-if-range)# spanning-tree port type edge
Warning: edge port type (portfast) should only be enabled on ports connected

24 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
to a single host. Connecting hubs, concentrators, switches, bridges, etc...
to this interface when edge port type (portfast) is enabled, can cause
temporary bridging loops.
Use with CAUTION

Edge Port Type (Portfast) will be configured in 2 interfaces due to the range
command but will only have effect when the interfaces are in a non-trunking
mode.

Note The spanning-tree edge port feature is also known as PortFast. However, the Cisco NX-OS
Software does not support the spanning-tree portfast command.

Step 5 Enable UDLD in aggressive mode on the devices in your pod and peer pod to
protect your switches against unidirectional link failures.
N7K-X-podP(config)# feature udld
N7K-X-podP(config)# udld aggressive

N5K-P(config)# feature udld


N5K-P(config)# udld aggressive
Step 6 Use the show udld neighbors command to verify UDLD operation.
N7K-X-podP# show udld neighbors
Port Device Name Device ID Port ID Neighbor State
--------------------------------------------------------------------------
Ethernet1/A SSI141314XP 1 Ethernet1/19 bidirectional
Ethernet1/B SSI141806WM 1 Ethernet1/20 bidirectional
Ethernet1/E JAF1351BCDM 1 Ethernet1/17 bidirectional

Step 7 UDLD can protect against bridging loops caused by physical problems, but it cannot
protect against software-caused spanning-tree failures. The bridge assurance feature
can help protect against bridging loops caused by software failures. Enable bridge
assurance on the link between the Cisco Nexus 7000 VDC in your pod and the VDC
in your peer pod.
N7K-X-podP(config)# interface ethernet 1/E
N7K-X-podP(config-if)# spanning-tree port type network
Step 8 Verify that bridge assurance is enabled on the link between the VDCs using the
show spanning-tree command.
N7K-X-podP# show spanning-tree

VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 0005.9b1f.7c7c
Cost 2
Port 139 (Ethernet1/B)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2 128.129 P2p
Eth1/B Root FWD 2 128.131 P2p
Eth1/E Altn BLK 2 128.145 Network P2p

VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 24586

2011 Cisco Systems, Inc. Lab Guide 25


Address 0026.9804.a944
Cost 2
Port 153 (Ethernet1/E)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 28682 (priority 28672 sys-id-ext 10)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2 128.129 P2p
Eth1/B Desg FWD 2 128.131 P2p
Eth1/E Root FWD 2 128.145 Network P2p

VLAN0011
Spanning tree enabled protocol rstp
Root ID Priority 24587
Address a8b1.d455.6fc4
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24587 (priority 24576 sys-id-ext 11)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2 128.129 P2p
Eth1/B Desg FWD 2 128.131 P2p
Eth1/E Desg FWD 2 128.145 Network P2p

VLAN0012
Spanning tree enabled protocol rstp
Root ID Priority 24588
Address 0026.9804.a944
Cost 2
Port 153 (Ethernet1/E)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 28684 (priority 28672 sys-id-ext 12)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2 128.129 P2p
Eth1/B Desg FWD 2 128.131 P2p
Eth1/E Root FWD 2 128.145 Network P2p

VLAN0013
Spanning tree enabled protocol rstp
Root ID Priority 24589
Address a8b1.d455.6fc4
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 24589 (priority 24576 sys-id-ext 13)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2 128.137 P2p
Eth1/B Desg FWD 2 128.139 P2p
Eth1/E Desg FWD 2 128.153 Network P2p

26 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 9 Which keyword indicates that bridge assurance is enabled on the port?

Step 10 On your Cisco Nexus 7000 VDC, enable bridge assurance on the ports that are
connected to the Cisco Nexus 5000 Switches in your pod and peer pod.
N7K-X-podP(config)# interface ethernet 1/A, ethernet 1/B
N7K-X-podP(config-if-range)# spanning-tree port type network
Step 11 Wait a moment and observe the log messages on the Cisco Nexus 7000 VDC.
N7K-1-pod5(config-if-range)# 2011 Jan 27 12:37:55 N7K-X-podP %STP-2-
BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port Ethernet1/B VLAN0011.
2011 Jan 27 12:37:55 N7K-X-podP %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge
Assurance blocking port Ethernet1/A VLAN0011.
2011 Jan 27 12:37:55 N7K-X-podP %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge
Assurance blocking port Ethernet1/B VLAN0012.
2011 Jan 27 12:37:55 N7K-X-podP %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge
Assurance blocking port Ethernet1/A VLAN0012.
2011 Jan 27 12:37:55 N7K-X-podP %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge
Assurance blocking port Ethernet1/B VLAN0013.
2011 Jan 27 12:37:55 N7K-X-podP %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge
Assurance blocking port Ethernet1/A VLAN0013.
2011 Jan 27 12:37:55 N7K-X-podP %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge
Assurance blocking port Ethernet1/B VLAN0010.
2011 Jan 27 12:37:55 N7K-X-podP %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge
Assurance blocking port Ethernet1/A VLAN0010.
2011 Jan 27 12:37:56 N7K-X-podP %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge
Assurance blocking port Ethernet1/A VLAN0001.
Step 12 Check the spanning-tree inconsistencies:
N7K-X-podP(config-if-range)# show spanning-tree inconsistentports

Name Interface Inconsistency


-------------------- ---------------------- ------------------
VLAN0001 Eth1/1 Bridge Assurance Inconsistent
VLAN0010 Eth1/1 Bridge Assurance Inconsistent
VLAN0010 Eth1/3 Bridge Assurance Inconsistent
VLAN0011 Eth1/1 Bridge Assurance Inconsistent
VLAN0011 Eth1/3 Bridge Assurance Inconsistent
VLAN0012 Eth1/1 Bridge Assurance Inconsistent
VLAN0012 Eth1/3 Bridge Assurance Inconsistent
VLAN0013 Eth1/1 Bridge Assurance Inconsistent
VLAN0013 Eth1/3 Bridge Assurance Inconsistent

Number of inconsistent ports (segments) in the system : 9

Step 13 Can you explain what happened?

Step 14 Repair the misconfiguration by enabling bridge assurance on your Cisco Nexus 5000
Switch for the ports that connect to the Cisco Nexus 7000 VDCs.
N5K-P(config)# interface ethernet 1/19-20
N5K-P(config-if-range)# spanning-tree port type network
Step 15 Ensure that no spanning-tree problems remain in the network by executing the show
spanning-tree inconsistentports command on all switches in your pod and peer
pod and verifying that no inconsistent ports remain.

On your Cisco Nexus 7000 VDC:

2011 Cisco Systems, Inc. Lab Guide 27


N7K-X-podP# show spanning-tree inconsistentports

On your Cisco Nexus 5000 Switch:

N5K-P# show spanning-tree inconsistentports


Step 16 Save the configurations on the switches in your pod.

Activity Verification
You have completed this task when you attain these results:
You have enabled, and later disabled, root guard on the ports on the Cisco Nexus 7000
VDC that lead to the Cisco Nexus 5000 Switches in your pod and peer pod.
You have configured the ports leading to the servers in your pod and peer pod as spanning-
tree edge ports.
You have successfully enabled UDLD in aggressive mode between the switches in your
pod and peer pod.
You have successfully enabled bridge assurance between the switches in your pod and peer
pod.
You have observed the spanning-tree behavior when bridge assurance is only enabled on
one side of a link.

28 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Task 3: Implementing and Verifying MST
During this exercise, you will configure MST and verify that it is operating properly in your
pod and peer pod.

Activity Procedure
Complete these steps:
Step 1 Configure your Cisco Nexus 7000 VDC to participate in an MST region using the
following parameters:

Device Region name Revision number

N7K-1-pod1 Pod1and2 12

N7K-2-pod2 Pod1and2 12

N7K-1-pod3 Pod3and4 34

N7K-2-pod4 Pod3and4 34

N7K-1-pod5 Pod5and6 56

N7K-2-pod6 Pod5and6 56

N7K-X-podP(config)# spanning-tree mst configuration


N7K-X-podP(config-mst)# name PodYandZ
N7K-X-podP(config-mst)# revision YZ
N7K-X-podP(config-mst)# exit
Step 2 Change the spanning-tree mode on your Cisco Nexus 7000 VDC to MST.
N7K-X-podP(config)# spanning-tree mode mst
Step 3 Configure your Cisco Nexus 5000 Switch to participate in an MST region using the
following parameters:

Device Region name Revision number

N5K-1 Pod1and2 12

N5K-2 Pod1and2 12

N5K-3 Pod3and4 34

N5K-4 Pod3and4 34

N5K-5 Pod5and6 56

N5K-6 Pod5and6 56

N5K-P(config)# spanning-tree mst configuration


N5K-P(config-mst)# name PodYandZ
N5K-P(config-mst)# revision YZ
N5K-P(config-mst)# exit
Step 4 Change the spanning-tree mode on your Cisco Nexus 5000 Switch to MST.
N5K-P(config)# spanning-tree mode mst
Step 5 Verify that MST is operating correctly between the VDCs and switches in your pod
and peer pod. (Use the show spanning-tree, show spanning-tree mst, and show
spanning-tree mst configuration commands to verify.)
N7K-X-podP# show spanning-tree

MST0000
Spanning tree enabled protocol mstp

2011 Cisco Systems, Inc. Lab Guide 29


Root ID Priority 32768
Address 0005.9b1f.7c7c
Cost 0
Port 131 (Ethernet1/B)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2000 128.137 Network P2p
Eth1/B Root FWD 2000 128.139 Network P2p
Eth1/E Altn BLK 2000 128.153 Network P2p

Note Be aware that MST configuration is not applied until you exit MST configuration mode.
Therefore, you should leave MST configuration mode before issuing any show commands
to verify MST operation.

Step 6 Which spanning-tree path cost method does MST use by default?

Step 7 How many MST instances are currently being used? Can you achieve VLAN load
balancing with this configuration?

Step 8 Change the MST configuration on your Cisco Nexus 7000 VDC to add two new
MST instances. Map VLANs 11 and 13 to MST instance 1 and map VLANs 10 and
12 to MST instance 2.
N7K-X-podP(config)# spanning-tree mst configuration
N7K-X-podP(config-mst)# instance 1 vlan 11,13
N7K-X-podP(config-mst)# instance 2 vlan 10,12
N7K-X-podP(config-mst)# exit
Step 9 Verify MST operation on the switches in your pod. Is it operating as expected?
N7K-X-podP# show spanning-tree

MST0000
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0005.9b1f.7c7c
Cost 2000
Port 153 (Ethernet1/E)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2000 128.137 Network P2p
Eth1/B Altn BLK 2000 128.139 Network P2p Bound(RSTP)
Eth1/E Root FWD 2000 128.153 Network P2p

MST0001
Spanning tree enabled protocol mstp
Root ID Priority 32769
Address 0026.9804.a944
Cost 2000
Port 153 (Ethernet1/25)

30 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2000 128.137 Network P2p
Eth1/B Altn BLK 2000 128.139 Network P2p Bound(RSTP)
Eth1/E Root FWD 2000 128.153 Network P2p

MST0002
Spanning tree enabled protocol mstp
Root ID Priority 32770
Address 0026.9804.a944
Cost 2000
Port 153 (Ethernet1/E)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2000 128.137 Network P2p
Eth1/B Altn BLK 2000 128.139 Network P2p Bound(RSTP)
Eth1/E Root FWD 2000 128.153 Network P2p

N5K-P# show spanning-tree

MST0000
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0005.9b1f.7c7c
Cost 4000
Port 148 (Ethernet1/20)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)


Address 0005.9b1f.89fc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/3 Desg FWD 2000 128.131 Edge P2p
Eth1/4 Desg FWD 2000 128.132 Edge P2p
Eth1/9 Desg FWD 2000 128.137 P2p
Eth1/10 Desg FWD 2000 128.138 P2p
Eth1/11 Desg FWD 2000 128.139 P2p
Eth1/19 Altn BLK 2000 128.147 Network P2p Bound(RSTP)
Eth1/20 Root FWD 2000 128.148 Network P2p Bound(RSTP)
Step 10 Change the MST configuration on your Cisco Nexus 5000 Switch to match the
configuration on your VDC by mapping VLANs 11 and 13 to MST instance 1 and
mapping VLANs 10 and 12 to MST instance 2, and set the priority level to 61440
for each instance to ensure that the N5K does not become the root bridge.
N5K-P(config)# spanning-tree mst configuration
N5K-P(config-mst)# instance 1 vlan 11,13
N5K-P(config-mst)# instance 2 vlan 10,12
N5K-P(config-mst)# spanning-tree mst 1 priority 61440
N5K-P(config)# spanning-tree mst 2 priority 61440
N5K-P(config)# exit
Step 11 Verify that MST is now operating properly on all devices in your pod and peer pod.

2011 Cisco Systems, Inc. Lab Guide 31


N7K-X-podP# show spanning-tree

MST0000
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0005.9b1f.7c7c
Cost 0
Port 139 (Ethernet1/B)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2000 128.137 Network P2p
Eth1/B Root FWD 2000 128.139 Network P2p
Eth1/E Altn BLK 2000 128.153 Network P2p

MST0001
Spanning tree enabled protocol mstp
Root ID Priority 32769
Address 0005.9b1f.7c7c
Cost 2000
Port 139 (Ethernet1/E)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2000 128.137 Network P2p
Eth1/B Root FWD 2000 128.139 Network P2p
Eth1/E Altn BLK 2000 128.153 Network P2p

MST0002
Spanning tree enabled protocol mstp
Root ID Priority 32770
Address 0005.9b1f.7c7c
Cost 2000
Port 139 (Ethernet1/E)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A Desg FWD 2000 128.137 Network P2p
Eth1/B Root FWD 2000 128.139 Network P2p
Eth1/E Altn BLK 2000 128.153 Network P2p

N5K-P# show spanning-tree

MST0000
Spanning tree enabled protocol mstp
Root ID Priority 32768
Address 0005.9b1f.7c7c
Cost 0
Port 148 (Ethernet1/20)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

32 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)
Address 0005.9b1f.89fc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/3 Desg FWD 2000 128.131 Edge P2p
Eth1/4 Desg FWD 2000 128.132 Edge P2p
Eth1/9 Desg FWD 2000 128.137 P2p
Eth1/10 Desg FWD 2000 128.138 P2p
Eth1/11 Desg FWD 2000 128.139 P2p
Eth1/19 Altn BLK 2000 128.147 Network P2p
Eth1/20 Root FWD 2000 128.148 Network P2p

MST0001
Spanning tree enabled protocol mstp
Root ID Priority 32769
Address 0005.9b1f.7c7c
Cost 4000
Port 148 (Ethernet1/20)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address 0005.9b1f.89fc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/19 Altn BLK 2000 128.147 Network P2p
Eth1/20 Root FWD 2000 128.148 Network P2p

MST0002
Spanning tree enabled protocol mstp
Root ID Priority 32770
Address 0005.9b1f.7c7c
Cost 4000
Port 148 (Ethernet1/20)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)


Address 0005.9b1f.89fc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/19 Altn BLK 2000 128.147 Network P2p
Eth1/20 Root FWD 2000 128.148 Network P2p

Note You should not see any boundary ports in the output of the show spanning-tree
commands.

Step 12 Which switches or VDCs are the root bridges for each of the MST instances? Are
they the same or different?

Step 13 Configure the VDC of switch N7K-1 as the root bridge for MST instance 1 and as
the backup root bridge for MST instance 2.
N7K-1-podP(config)# spanning-tree mst 1 root primary
N7K-1-podP(config)# spanning-tree mst 2 root secondary

2011 Cisco Systems, Inc. Lab Guide 33


Step 14 Configure the VDC of switch N7K-2 as the root bridge for MST instance 2 and as
the backup root bridge for MST instance 1.
N7K-2-podQ(config)# spanning-tree mst 1 root secondary
N7K-2-podQ(config)# spanning-tree mst 2 root primary
Step 15 Verify that the root bridges are selected as expected.
Step 16 Ensure that you have no spanning-tree inconsistent ports or boundary ports on the
switches in your pod and peer pod.

On your Cisco Nexus 7000 VDC:

N7K-X-podP(config)# show spanning-tree | include Bound


N7K-X-podP(config)# show spanning-tree inconsistentports

On your Cisco Nexus 5000 Switch:

N5K-P# show spanning-tree | include Bound


N5K-P# show spanning-tree inconsistentports
Step 17 Save the configurations on the switches in your pod.

Activity Verification
You have completed this task when you attain these results:
You have successfully enabled MST on all switches in your pod.
You have configured the odd VDC as the root for the MST instance that contains the odd
VLANs and the even VDC as the backup root for this MST instance.
You have configured the even VDC as the root for the MST instance that contains the even
VLANs and the odd VDC as the backup root for this MST instance.

34 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 2-2: Configuring vPCs
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure a vPC between the Cisco Nexus 7000 Switch and Cisco
Nexus 5000 Switch at the access layer of the network and configure a Cisco Nexus 2000 Fabric
Extender. After completing this activity, you will be able to meet these objectives:
Create and verify a vPC domain on a Cisco Nexus switch
Create a vPC peer keepalive link between two Cisco Nexus switches and verify proper
operation
Create a vPC peer link between two Cisco Nexus switches and verify proper operation
Configure a vPC on a Cisco Nexus switch and verify proper operation
Configure a Cisco Nexus 2000 Fabric Extender for operation with a Cisco Nexus 7000
VDC

Visual Objective
The figure illustrates what you will accomplish in this activity.

Lab 2-2: Configuring vPCs

N7010-C1 N7010-C2

Nexus 5010 Nexus 5010

Nexus 2248TP Nexus 2248TP

UCS C-series

2011 Cisco Systems, Inc. All rights reserved. DCUFI v4.0LG-4

2011 Cisco Systems, Inc. Lab Guide 35


Required Resources
These are the resources and equipment that are required to complete this activity:
Two Cisco Nexus 7000 VDCs
Two Cisco Nexus 5000 Switches
Two Cisco Nexus 2000 Fabric Extenders
Two Windows 2003 servers

36 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this activity.

Command Description

show license usage Displays the usage of licensed features.

feature vpc Enables the vPC feature.

vpc domain 56 Creates a vPC domain.

peer-gateway Enables the peer-gateway feature.

peer-switch Enables the peer-switch feature.

spanning-tree mst <mst- Changes the spanning-tree priority for a set of multiple
instances> priority spanning tree (MST) instances.
<priority>
ping <ip-address> vrf Verifies IP connectivity to an IP address in a VRF using
<vrf> ICMP echo messages.

peer-keepalive destination Enables the vPC peer keepalive link to the vPC peer IP
<vpc-peer-ip-address> address.

show vpc peer-keepalive Displays status information for the vPC peer keepalive link.

show interface <intf> Displays summarized status information for an interface.


brief
show running-config <intf> Displays the current configuration for an interface.

channel-group <nr> Adds an interface to a port channel.

vpc peer-link Defines a port-channel interface as the vPC peer link.

show vpc consistency- Displays global vPC consistency status.


parameters global
show vpc Displays vPC operational parameters.

feature lacp Enables the use of the Link Aggregation Control Protocol
(LACP).

channel-group <nr> mode Adds an interface to a port-channel that is dynamically


active negotiated through LACP.

show port-channel summary Displays a summarized view of port-channel operation.

show lacp neighbor Displays a list of LACP neighbors and their operational
parameters.

vpc <nr> Adds a port-channel interface to a vPC.

show vpc brief Displays a brief overview of vPC status.

show spanning-tree Displays information related to the Spanning Tree Protocol


(STP).

show version Displays the software version running on the switch.

feature-set fex Enables the features that are necessary to support fabric
extenders in a Cisco Nexus 7000 VDC.

fex <instance> Creates a FEX instance.

switchport mode fex-fabric Changes a switch port into a fabric interface that can be
used to connect a FEX to.

fex associate <instance> Associates a fabric interface with a FEX instance.

2011 Cisco Systems, Inc. Lab Guide 37


Command Description

show fex Displays summarized status information for FEXes that are
connected to the switch.

show fex detail Displays detailed status information for FEXes that are
connected to the switch.

show interface fex-fabric Shows the FEX fabric interfaces on the switch.

reload fex <instance> Reloads a FEX.

show inventory fex Displays the hardware inventory for a FEX.


<instance>
show module fex <instance> Displays the FEX modules including basic hardware and
software information.

switchport mode access Configures a switchport as an access port.

switchport access vlan Configures the access VLAN for a switch port.
<vlan>
no spanning-tree bpduguard Disables the spanning-tree BPDU Guard feature on a
switch port.

spanning-tree port type Changes a port to normal spanning-tree mode.


normal

Job Aids
These job aids are available to help you complete the lab activity.
Lab topology diagram
Lab connections
Lab IP address plan

38 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Task 1: Creating a vPC Domain
During this task, you will configure a vPC domain on the Cisco Nexus 7000 VDC in your pod.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 Verify the current license usage on your Cisco Nexus 7000 VDC.
N7K-X-podP# show license usage
Feature Ins Lic Status Expiry Date Comments
Count
------------------------------------------------------------------------------
SCALABLE_SERVICES_PKG No - Unused -
TRANSPORT_SERVICES_PKG Yes - Unused Never -
LAN_ADVANCED_SERVICES_PKG Yes - Unused Never -
LAN_ENTERPRISE_SERVICES_PKG Yes - In use Never -
------------------------------------------------------------------------------
Step 3 Enable the vPC feature in your VDC.
N7K-X-podP(config)# feature vpc
Step 4 Check the license usage again. Do you require a license to enable vPC on a Cisco
Nexus 7000 Switch?

N7K-X-podP# show license usage


Feature Ins Lic Status Expiry Date Comments
Count
------------------------------------------------------------------------------
SCALABLE_SERVICES_PKG No - Unused -
TRANSPORT_SERVICES_PKG Yes - Unused Never -
LAN_ADVANCED_SERVICES_PKG Yes - Unused Never -
LAN_ENTERPRISE_SERVICES_PKG Yes - In use Never -
------------------------------------------------------------------------------
Step 5 Configure a vPC domain on your VDC. The vPC domain number should be the
same on your pod and your peer pod. If your assigned pod is pod 1 or pod 2, use
vPC domain number 12. If your assigned pod is pod 3 or pod 4, use vPC domain
number 34. If your assigned pod is pod 5 or pod 6, use vPC domain number 56.
N7K-X-podP(config)# vpc domain YZ
Step 6 Enable the vPC peer-gateway feature to allow your switch to forward traffic for the
peer switch router MAC addresses in order to support non-RFC compliant devices.
N7K-X-podP(config-vpc-domain)# peer-gateway
Step 7 Enable the peer-switch feature to optimize spanning-tree processing for the vPC
domain.
N7K-X-podP(config-vpc-domain)# peer-switch
N7K-X-podP(config-vpc-domain)# 2011 Feb 1 17:17:45 N7K-X-podP %STP-2-
VPC_PEERSWITCH_CONFIG_ENABLED: vPC peer-switch configuration is enabled.
Please make sure to configure spanning tree "bridge" priority as per
recommended guidelines to make vPC peer-switch operational.

Step 8 Set the priority for all MST instances to 8192 to ensure that the vPC peer switches
will be the root for the spanning tree.
N7K-X-podP(config)# spanning-tree mst 0-4094 priority 8192

Activity Verification
You have completed this task when you attain these results:

2011 Cisco Systems, Inc. Lab Guide 39


You have configured a vPC domain on your Cisco Nexus 7000 VDC.
You have enabled the peer-gateway and peer-switch features.
You have tuned the spanning-tree priority to ensure that the vPC switches will be the
spanning-tree root.

Task 2: Creating the vPC Peer Keepalive Link


During this exercise, you will configure the vPC peer keepalive link between the VDCs in your
pod and peer pod.

Activity Procedure
Complete these steps:
Step 1 In this task, you will use the management port on the supervisor to establish the vPC
peer keepalive link between the VDC in your pod and the VDC in your peer pod.
Verify that you can ping the peer pod IP address on the out-of-band management
network. You can find the management IP address of your peer pod in the IP
Address Plan job aid at the beginning of the lab guide. (Q is your peers pod
number.)
N7K-X-podP# ping 192.168.0.20Q vrf management
PING 192.168.0.20Q (192.168.0.20Q): 56 data bytes
Request 0 timed out
64 bytes from 192.168.0.20Q: icmp_seq=1 ttl=254 time=1.087 ms
64 bytes from 192.168.0.20Q: icmp_seq=2 ttl=254 time=0.606 ms
64 bytes from 192.168.0.20Q: icmp_seq=3 ttl=254 time=0.668 ms
64 bytes from 192.168.0.20Q: icmp_seq=4 ttl=254 time=0.602 ms

--- 192.168.0.20Q ping statistics ---


5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 0.602/0.74/1.087 ms

Note Do not forget to specify the VRF in the ping command. When no specific VRF is entered, the
Cisco Nexus 7000 Switch will use the default VRF.

Step 2 Configure the vPC peer keepalive link using your peer pod mgmt0 IP address as the
destination. (Q is your peers pod number.)

N7K-X-podP(config)# vpc domain YZ


N7K-X-podP(config-vpc-domain)# peer-keepalive destination 192.168.0.20Q

Note:
--------:: Management VRF will be used as the default VRF ::--------
Step 3 Verify that the peer keepalive link between your pod and your peer pod is
operational.
N7K-X-podP# show vpc peer-keepalive

vPC keep-alive status : peer is alive


--Peer is alive for : (75) seconds, (807) msec
--Send status : Success
--Last send at : 2011.02.01 19:18:23 584 ms
--Sent on interface : mgmt0
--Receive status : Success
--Last receive at : 2011.02.01 19:18:23 862 ms
--Received on interface : mgmt0
--Last update from peer : (0) seconds, (18) msec

vPC Keep-alive parameters


--Destination : 192.168.0.20Q

40 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
--Keepalive interval : 1000 msec
--Keepalive timeout : 5 seconds
--Keepalive hold timeout : 3 seconds
--Keepalive vrf : management
--Keepalive udp port : 3200
--Keepalive tos : 192

Note This step requires configuration on your VDC and your peer pod VDC. Do not proceed to the
next task until this task has been completed on both VDCs and the peer keepalive link is
alive.

Activity Verification
You have completed this task when you attain these results:
You have successfully established the vPC peer keepalive link between your VDC and the
VDC in your peer pod.

Task 3: Creating the vPC Peer Link


During this exercise, you will configure the vPC peer link between the VDC in your pod and
the VDC in your peer pod.

Activity Procedure
Complete these steps:
Step 1 In the previous lab, you should have configured the port on Cisco Nexus 7000 VDC
that connects to your peer pod VDC as a dedicated port. Verify that this interface is
active and configured as a trunk.
N7K-X-podP# show interface ethernet 1/E brief

------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
------------------------------------------------------------------------------
Eth1/E 1 eth trunk up none 10G(D) --

N7K-X-podX# show running-config interface ethernet 1/E

version 5.0(3)

interface Ethernet1/E
switchport
switchport mode trunk
spanning-tree port type network
rate-mode dedicated force
no shutdown

Note The exact interface used to connect the two peer VDCs is different for each peer pod pair.
Refer to the Lab Connections job aid at the beginning of the lab guide to find the correct
interface for your pod.

Step 2 Try to configure this Ethernet interface as the vPC peer link.
N7K-X-podP(config)# interface ethernet 1/E
N7K-X-podP(config-if)# description To N7K-Y-podQ
N7K-X-podP(config-if)# vpc peer-link ?
^
% Invalid command at '^' marker.
N7K-X-podP(config-if)# vpc ?
*** No matching command found in current mode, matching in (config) mode ***

2011 Cisco Systems, Inc. Lab Guide 41


domain Specify domain

Note The vPC peer link must be a port-channel interface. A regular Ethernet port cannot be used
as the peer link.

Step 3 Configure the interface that connects your VDC to the peer pod VDC as a static port
channel member. Use channel group 7 for this port channel.
N7K-X-podP(config)# interface ethernet 1/E
N7K-X-podP(config-if)# channel-group 7
Step 4 Configure the port channel you just created as the vPC peer link.
N7K-X-podP(config)# interface port-channel 7
N7K-X-podP(config-if)# vpc peer-link
Please note that spanning tree port type is changed to "network" port type on
vPC peer-link.
This will enable spanning tree Bridge Assurance on vPC peer-link provided the
STP Bridge Assurance (which is enabled by default) is not disabled.
Step 5 Examine the global vPC consistency parameters.
N7K-X-podP# show vpc consistency-parameters global

Legend:
Type 1 : vPC will be suspended in case of mismatch

Name Type Local Value Peer Value


------------- ---- ---------------------- ---------------------
--
STP Mode 1 MST MST
STP Disabled 1 None None
STP MST Region Name 1 PodYandZ PodYandZ
STP MST Region Revision 1 YZ YZ
STP MST Region Instance to 1
VLAN Mapping
STP Loopguard 1 Disabled Disabled
STP Bridge Assurance 1 Enabled Enabled
STP Port Type, Edge 1 Normal, Disabled, Normal, Disabled,
BPDUFilter, Edge BPDUGuard Disabled Disabled
STP MST Simulate PVST 1 Enabled Enabled
Allowed VLANs - 1,10-13 1,10-13
Local suspended VLANs - - -

Caution If any of the Type-1 global consistency parameters are mismatched, then all vPCs will be
suspended.

Step 6 Verify the vPC status.


N7K-X-podP# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : YZ
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status: success
Type-2 consistency reason : Consistency Check Not Performed
vPC role : secondary
Number of vPCs configured : 0
Peer Gateway : Enabled
Dual-active excluded VLANs : -

vPC Peer-link status


---------------------------------------------------------------------
id Port Status Active vlans

42 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
-- ---- ------ --------------------------------------------------
1 Po7 up 1,10-13

Note Ensure that the peer status is listed as peer adjacency formed ok before continuing to the
next task.

Activity Verification
You have completed this task when you attain these results:
You have configured a port channel between your pod VDC and the peer pod VDC.
You have successfully established the vPC peer link between the VDCs.

Task 4: Configuring a vPC


During this exercise, you will configure a vPC between the Cisco Nexus 5000 Switch in your
pod and the Cisco Nexus 7000 VDCs in your pod and peer pod.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 5000 Switch.
Step 2 Create a port channel using LACP that includes ports ethernet 1/19 and ethernet 1/20
on your Cisco Nexus 5000 Switch. Use channel group 77 for this port channel.
N5K-P# configure
N5K-P(config)# feature lacp
N5K-P(config)# interface ethernet 1/19-20
N5K-P(config-if-range)# channel-group 77 mode active
Step 3 Examine the state of the port channel.
N5K-P# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
------------------------------------------------------------------------------
77 Po77(SD) Eth LACP Eth1/19(I) Eth1/20(I)
Step 4 Switch to your assigned Cisco Nexus 7000 VDC.
Step 5 Configure an LACP-based port channel using the port that connects your VDC to
your Cisco Nexus 5000 Switch. Use 5P as the channel group number, where P is
your pod number.
N7K-X-podP(config)# feature lacp
N7K-X-podP(config)# interface ethernet 1/A
N7K-X-podP(config-if)# channel-group 5P mode active
Step 6 Configure an LACP-based port channel using the port that connects your VDC to
the Cisco Nexus 5000 Switch in your peer pod. Use 5Q as the channel group
number, where Q is the peer pod number.
N7K-X-podP(config)# interface ethernet 1/B
N7K-X-podP(config-if)# channel-group 5Q mode active
Step 7 Switch to your Cisco Nexus 5000 Switch.
Step 8 Examine the status of port channel 77. Did the port channel form correctly? If not,
why not?

2011 Cisco Systems, Inc. Lab Guide 43


N5K-P# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
------------------------------------------------------------------------------
77 Po77(SU) Eth LACP Eth1/19(P) Eth1/20(s)
Step 9 Examine the LACP neighbors on your Cisco Nexus 5000 Switch.
N5K-P# show lacp neighbor
Flags: S - Device is sending Slow LACPDUs F - Device is sending Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
port-channel77 neighbors
Partner's information
Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/19 32768,a8-b1-d4-55-6f-c40x109 252 SA

LACP Partner Partner Partner


Port Priority Oper Key Port State
32768 0x36 0x3d

Partner's information
Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/20 32768,0-26-98-4-a9-44 0x109 0 SA

LACP Partner Partner Partner


Port Priority Oper Key Port State
32768 0x36 0xd

Note Without vPC enabled on the port channels on the Cisco Nexus 7000 VDCs, the Cisco Nexus
5000 Switch detects that it is connected to two different switches.

Step 10 Switch to your Cisco Nexus 7000 Switch.


Step 11 Configure port channel 5P as vPC number 5P and configure port channel 5Q as vPC
number 5Q on your Cisco Nexus 7000 VDC. P represents your pod number, while
Q represents your peer pod number.
N7K-X-podP(config)# interface port-channel 5P
N7K-X-podP(config-if)# vpc 5P

N7K-X-podP(config)# interface port-channel 5Q


N7K-X-podP(config-if)# vpc 5Q
Step 12 Examine the status of the vPCs that you created.
N7K-X-podP# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : YZ
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status: success
Type-2 consistency reason : Consistency Check Not Performed
vPC role : secondary
Number of vPCs configured : 2
Peer Gateway : Enabled
Dual-active excluded VLANs : -

44 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po7 up 1,10-13

vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- -------------------------- ------------
5P Po5P up success success 1,10-13
5Q Po5Q up success success 1,10-13

Note The vPC consistency check results should be listed as success and the status as up for
both vPCs. Troubleshoot as necessary together with the team in your peer pod before
continuing. Use the show vpc consistency-parameters vpc command to examine
potential failed consistency checks for a specific vpc.

Step 13 Switch to your Cisco Nexus 5000 Switch.


Step 14 Examine the status of port channel 77 on your Cisco Nexus 5000 Switch. Did the
port channel form correctly now?

N5K-P# show port-channel summary


Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
------------------------------------------------------------------------------
77 Po77(SU) Eth LACP Eth1/19(P) Eth1/20(P)

Step 15 Examine the LACP neighbors on your Cisco Nexus 5000 Switch.
N5K-P# show lacp neighbor
Flags: S - Device is sending Slow LACPDUs F - Device is sending Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
port-channel77 neighbors
Partner's information
Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/19 32667,0-23-4-ee-be-38 0x4109 547 SA

LACP Partner Partner Partner


Port Priority Oper Key Port State
32768 0x8037 0x3d

Partner's information
Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/20 32667,0-23-4-ee-be-38 0x109 477 SA

LACP Partner Partner Partner


Port Priority Oper Key Port State
32768 0x8037 0x3d

2011 Cisco Systems, Inc. Lab Guide 45


Note The Cisco Nexus 5000 Switch sees the two Cisco Nexus 7000 VDCs as a single LACP
neighbor now. The last octet of the system ID equals the configured vPC domain number.

Step 16 Examine spanning tree on your Cisco Nexus 5000 Switch. Are there any blocked
ports?

N5K-P# show spanning-tree

MST0000
Spanning tree enabled protocol mstp
Root ID Priority 8192
Address 0023.04ee.be38
Cost 0
Port 4172 (port-channel77)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32768 (priority 32768 sys-id-ext 0)


Address 0005.9b1f.89fc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Po77 Root FWD 1000 128.4172 P2p
Eth1/3 Desg FWD 2000 128.131 Edge P2p
Eth1/4 Desg FWD 2000 128.132 Edge P2p
Eth1/9 Desg FWD 2000 128.137 P2p
Eth1/10 Desg FWD 2000 128.138 P2p
Eth1/11 Desg FWD 2000 128.139 P2p
Eth1/12 Desg FWD 2000 128.140 P2p

MST0001
Spanning tree enabled protocol mstp
Root ID Priority 8193
Address 0023.04ee.be38
Cost 1000
Port 4172 (port-channel77)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)


Address 0005.9b1f.89fc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Po77 Root FWD 1000 128.4172 P2p

MST0002
Spanning tree enabled protocol mstp
Root ID Priority 8194
Address 0023.04ee.be38
Cost 1000
Port 4172 (port-channel77)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)


Address 0005.9b1f.89fc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Po77 Root FWD 1000 128.4172 P2p

46 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 17 What is the spanning tree port cost of the uplink to the Cisco Nexus 7000 VDCs?

Step 18 Which switch is the spanning tree root in the network? How was the bridge ID of the
root bridge created?

Step 19 Save the configurations on the switches in your pod.

Activity Verification
You have completed this task when you attain these results:
You have successfully created a vPC between your Cisco Nexus 5000 Switch and the Cisco
Nexus 7000 VDCs in your pod and peer pod.

Task 5: Configuring the Cisco Nexus 2000 Fabric Extender


During this exercise, you will configure your Cisco Nexus 2000 Fabric Extender for use with
your Cisco Nexus 7000 VDC in straight-through mode.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 In order to configure the Cisco Nexus 2248TP Fabric Extender with a Cisco Nexus
7000 Switch, the switch needs to run Cisco NX-OS Release 5.1(1) or newer.
Confirm that the Cisco Nexus 7000 is currently running this version of software or
better.
N7K-X-podP# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents:
http://www.cisco.com/en/US/products/ps9372/tsd_products_support_serie
s_home.html
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php

Software
BIOS: version 3.22.0
kickstart: version 5.1(3)
system: version 5.1(3)
BIOS compile time: 02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.5.1.3.bin
kickstart compile time: 12/25/2020 12:00:00 [12/18/2010 09:55:20]
system image file is: bootflash:///n7000-s1-dk9.5.1.3.bin
system compile time: 11/29/2010 12:00:00 [12/18/2010 11:02:00]

Hardware
cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor module-1X")
Intel(R) Xeon(R) CPU with 4109560 kB of memory.
Processor Board ID JAF1420BRLG

2011 Cisco Systems, Inc. Lab Guide 47


Device name: N7K-1-podP
bootflash: 2000880 kB
slot0: 0 kB (expansion flash)

Kernel uptime is 0 day(s), 5 hour(s), 22 minute(s), 14 second(s)

Last reset
Reason: Unknown
System version: 5.1(3)
Service:

plugin
Core Plugin, Ethernet Plugin
Step 3 Enable the fex feature-set in your VDC.
N7K-X-podP(config)# feature-set fex
Step 4 Create a FEX instance with number 10P, where P is your assigned pod number.
N7K-X-podP(config)# fex 10P
Step 5 Change the port that connects your Cisco Nexus 7000 VDC to your Cisco Nexus
2000 Fabric Extender to a Layer 2 switch port and configure it as a FEX fabric
interface. Refer to the Lab Connections job aid to find the correct port for your
pod.
N7K-X-podP(config)# interface ethernet 1/C
N7K-X-podP(config-if)# switchport
N7K-X-podP(config-if)# switchport mode fex-fabric
Step 6 Assign the FEX fabric port to a channel group to create a port channel. Use 10P as
the channel-group number, where P is your pod number.
N7K-X-podP(config-if)# channel-group 10P
Step 7 Associate the newly-created port channel interface 10P with FEX 10P, where P is
your pod number.
N7K-X-podP(config)# interface port-channel 10P
N7K-X-podP(config-if)# fex associate 10P
Step 8 Enable the FEX fabric interface.
N7K-X-podP(config)# interface ethernet 1/C
N7K-X-podP(config-if)# no shutdown
Step 9 Wait until your FEX is online.
N7K-X-podP# show fex
FEX FEX FEX FEX
Number Description State Model Serial
------------------------------------------------------------------------
10P FEX010P Online N2K-C2248TP-1GE JAF1420AHPE

Note This may take several minutes if the FEX is running a lower version of software than the
switch, because the FEX needs to download the latest version of the Cisco NX-OS
Software.

Step 10 Examine the FEX parameters.


N7K-X-podP# show fex detail
FEX: 10P Description: FEX010P state: Online
FEX version: 5.1(3) [Switch version: 5.1(3)]
FEX Interim version: 5.1(3.1)
Switch Interim version: 5.1(3)
Extender Model: N2K-C2248TP-1GE, Extender Serial: JAF1420AHPE
Part No: 73-12748-05
Card Id: 99, Mac Addr: 54:75:d0:ed:73:42, Num Macs: 64
Module Sw Gen: 12594 [Switch Sw Gen: 21]

48 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
pinning-mode: static Max-links: 1
Fabric port for control traffic: Eth1/C
Fabric interface state:
Po10P - Interface Up. State: Active
Eth1/C - Interface Up. State: Active
Fex Port State Fabric Port Primary Fabric
Eth10P/1/1 Down Po10P Po10P
Eth10P/1/2 Down Po10P Po10P
Eth10P/1/3 Down Po10P Po10P
Eth10P/1/4 Down Po10P Po10P
Eth10P/1/5 Down Po10P Po10P
Eth10P/1/6 Down Po10P Po10P
Eth10P/1/7 Down Po10P Po10P
Eth10P/1/8 Down Po10P Po10P
Eth10P/1/9 Down Po10P Po10P
Eth10P/1/10 Down Po10P Po10P
Eth10P/1/11 Down Po10P Po10P
Eth10P/1/12 Down Po10P Po10P
Eth10P/1/13 Down Po10P Po10P
Eth10P/1/14 Down Po10P Po10P
Eth10P/1/15 Down Po10P Po10P
Eth10P/1/16 Down Po10P Po10P
Eth10P/1/17 Down Po10P Po10P
Eth10P/1/18 Down Po10P Po10P
Eth10P/1/19 Down Po10P Po10P
Eth10P/1/20 Down Po10P Po10P
Eth10P/1/21 Down Po10P Po10P
Eth10P/1/22 Down Po10P Po10P
Eth10P/1/23 Down Po10P Po10P
Eth10P/1/24 Down Po10P Po10P
Eth10P/1/25 Down Po10P Po10P
Eth10P/1/26 Down Po10P Po10P
Eth10P/1/27 Down Po10P Po10P
Eth10P/1/28 Down Po10P Po10P
Eth10P/1/29 Down Po10P Po10P
Eth10P/1/30 Down Po10P Po10P
Eth10P/1/31 Down Po10P Po10P
Eth10P/1/32 Down Po10P Po10P
Eth10P/1/33 Down Po10P Po10P
Eth10P/1/34 Down Po10P Po10P
Eth10P/1/35 Down Po10P Po10P
Eth10P/1/36 Down Po10P Po10P
Eth10P/1/37 Down Po10P Po10P
Eth10P/1/38 Down Po10P Po10P
Eth10P/1/39 Down Po10P Po10P
Eth10P/1/40 Down Po10P Po10P
Eth10P/1/41 Down Po10P Po10P
Eth10P/1/42 Down Po10P Po10P
Eth10P/1/43 Down Po10P Po10P
Eth10P/1/44 Down Po10P Po10P
Eth10P/1/45 Down Po10P Po10P
Eth10P/1/46 Down Po10P Po10P
Eth10P/1/47 Down Po10P Po10P
Eth10P/1/48 Down Po10P Po10P
Logs:
02/02/2011 22:38:28.6274: Module register received
02/02/2011 22:38:28.9016: Registration response sent
02/02/2011 22:38:28.620720: Module Online Sequence
02/02/2011 22:38:32.10864: Module Online
Step 11 Examine the FEX fabric ports.
N7K-X-podP# show interface fex-fabric
Fabric Fabric Fex FEX
Fex Port Port State Uplink Model Serial
---------------------------------------------------------------
10P Eth1/C Active 4 N2K-C2248TP-1GE JAF1420AHPE
Step 12 Reload the FEX. Examine the FEX and FEX fabric interfaces.

2011 Cisco Systems, Inc. Lab Guide 49


N7K-X-podP# reload fex 10P
WARNING: This command will reboot FEX module 10P
Do you want to continue? (y/n) [n] y

N7K-X-podP# 2011 Feb 2 22:51:33 N7K-X-podP %ETH_PORT_CHANNEL-5-FOP_CHANGED:


port-channel10P: first operational port changed from Ethernet1/C to none
2011 Feb 2 22:51:33 N7K-X-podP %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN:
Interface port-channel10P is down (No operational members)
2011 Feb 2 22:51:33 N7K-X-podP %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 4 of
Fex 10P that is connected with Ethernet1/C changed its status from Active to
Disconnected
2011 Feb 2 22:51:33 N7K-X-podP %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED:
Interface Ethernet10P/1/1 is down (Interface removed)
2011 Feb 2 22:51:33 N7K-X-podP %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED:
Interface Ethernet10P/1/2 is down (Interface removed)

<Output omitted>
2011 Feb 2 22:51:33 N7K-X-podP %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED:
Interface Ethernet10P/1/47 is down (Interface removed)
2011 Feb 2 22:51:33 N7K-X-podP %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED:
Interface Ethernet10P/1/48 is down (Interface removed)
2011 Feb 2 22:51:33 N7K-X-podP %FEX-2-NOHMS_ENV_FEX_OFFLINE: FEX-10P Off-line
(Serial Number JAF1420AHPE)
2011 Feb 2 22:51:33 N7K-X-podP %ETH_PORT_CHANNEL-5-PORT_DOWN: port-
channel10P: Ethernet1/C is down
2011 Feb 2 22:51:33 N7K-X-podP %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface
Ethernet1/C is down (Link failure)
2011 Feb 2 22:51:33 N7K-X-podP %ETHPORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN:
Interface port-channel10P is down (No operational members)
2011 Feb 2 22:51:34 N7K-X-podP %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 4 of
Fex 10P that is connected with Ethernet1/C changed its status from
Disconnected to Configured

N7K-X-podP# show fex


FEX FEX FEX FEX
Number Description State Model Serial
------------------------------------------------------------------------
10P FEX010P Offline N2K-C2248TP-1GE JAF1420AHPE

N7K-X-podP# show interface fex-fabric


Fabric Fabric Fex FEX
Fex Port Port State Uplink Model Serial
---------------------------------------------------------------
10P Eth1/C Configured 4 N2K-C2248TP-1GE JAF1420AHPE

N7K-X-podP# 2011 Feb 2 22:52:37 N7K-1-pod5 %ETHPORT-5-SPEED: Interface


Ethernet1/C, operational speed changed to 10 Gbps
2011 Feb 2 22:52:37 N7K-X-podP %ETHPORT-5-IF_DUPLEX: Interface Ethernet1/C,
operational duplex mode changed to Full
2011 Feb 2 22:52:37 N7K-X-podP %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface
Ethernet1/C, operational Receive Flow Control state changed to off
2011 Feb 2 22:52:37 N7K-X-podP %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface
Ethernet1/C, operational Transmit Flow Control state changed to off
2011 Feb 2 22:52:37 N7K-X-podP %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 0 of
Fex 10P that is connected with Ethernet1/C changed its status from Configured
to Fabric Up
2011 Feb 2 22:52:37 N7K-X-podP %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 4 of
Fex 10P that is connected with Ethernet1/C changed its status from Fabric Up
to Connecting
2011 Feb 2 22:52:37 N7K-X-podP %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 4 of
Fex 10P that is connected with Ethernet1/C changed its status from Connecting
to Active
2011 Feb 2 22:52:37 N7K-X-podP %ETHPORT-5-SPEED: Interface port-channel10P,
operational speed changed to 10 Gbps
2011 Feb 2 22:52:37 N7K-X-podP %ETHPORT-5-IF_DUPLEX: Interface port-
channel10P, operational duplex mode changed to Full
2011 Feb 2 22:52:37 N7K-X-podP %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface port-
channel10P, operational Receive Flow Control state changed to off

50 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
2011 Feb 2 22:52:37 N7K-X-podP %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface port-
channel10P, operational Transmit Flow Control state changed to off
2011 Feb 2 22:52:37 N7K-X-podP %ETH_PORT_CHANNEL-5-PORT_UP: port-channel10P:
Ethernet1/C is up
2011 Feb 2 22:52:37 N7K-X-podP %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-
channel10P: first operational port changed from none to Ethernet1/C
2011 Feb 2 22:52:37 N7K-X-podP %ETHPORT-5-IF_UP: Interface port-channel10P is
up in mode Fex Fabric
2011 Feb 2 22:52:37 N7K-X-podP %ETHPORT-5-IF_UP: Interface Ethernet1/C is up
in mode Fex Fabric
2011 Feb 2 22:52:35 N7K-X-podP %SYSMGR-FEX10P-5-MODULE_ONLINE: System Manager
has received notification of local module becoming online.
2011 Feb 2 22:52:35 N7K-X-podP %SATCTRL-FEX10P-2-SATCTRL: FEX-10P Module 1:
Cold boot
2011 Feb 2 22:52:46 N7K-X-podP %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface
Ethernet10P/1/1 is down (Administratively down)
2011 Feb 2 22:52:46 N7K-X-podP %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface
Ethernet10P/1/2 is down (Administratively down)

<Output omitted>
2011 Feb 2 22:52:46 N7K-X-podP %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface
Ethernet10P/1/47 is down (Administratively down)
2011 Feb 2 22:52:46 N7K-X-podP %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface
Ethernet10P/1/48 is down (Administratively down)

Tip Issue the terminal monitor command to see the log messages in your SSH or telnet
session.

Step 13 Has the port state changed on the Cisco Nexus 7000 Ethernet interfaces?

Step 14 How long does it take to complete the reload on the Cisco Nexus 2000 Fabric
Extender?

Step 15 View the hardware inventory for the FEX.


N7K-X-podP# show inventory fex 10P
NAME: "FEX 10P CHASSIS", DESCR: "N2K-C2248TP-1GE CHASSIS"
PID: N2K-C2248TP-1GE , VID: V02 , SN: JAF1420AHPE

NAME: "FEX 10P Module 1", DESCR: "Fabric Extender Module: 48x1GE, 4x10GE
Supervisor"
PID: N2K-C2248TP-1GE , VID: V02 , SN: SSI141804J9

NAME: "FEX 10P Fan 1", DESCR: "Fabric Extender Fan module"
PID: N2K-C2248-FAN , VID: N/A , SN: N/A

NAME: "FEX 101 Power Supply 1", DESCR: "Fabric Extender AC power supply"
PID: N2200-PAC-400W , VID: V01 , SN: LIT1423019W

NAME: "FEX 101 Power Supply 2", DESCR: "Fabric Extender AC power supply"
PID: N2200-PAC-400W , VID: V01 , SN: LIT1423019N

Step 16 Examine the modules on the FEX.


N7K-X-podP# show module fex 10P

FEX Mod Ports Card Type Model Status.


--- --- ----- ---------------------------------- ------------------ ----------
-
10P 1 48 Fabric Extender 48x1GE + 4x10G M N2K-C2248TP-1GE ok

FEX Mod Sw Hw World-Wide-Name(s) (WWN)

2011 Cisco Systems, Inc. Lab Guide 51


--- --- -------------- ------ ----------------------------------------------
-
10P 1 5.1(3) 3.5 --

FEX Mod MAC-Address(es) Serial-Num


--- --- -------------------------------------- ----------
10P 1 5475.d0ed.7340 to 5475.d0ed.736f JAF1420AHPE
Step 17 Configure interface Ethernet 1/2 on your FEX as an access port in VLAN 10 and
enable it.
N7K-X-podP(config)# interface ethernet 10P/1/2
N7K-X-podP(config-if)# switchport mode access
N7K-X-podP(config-if)# switchport access vlan 10
N7K-X-podP(config-if)# no shutdown
Step 18 Verify the spanning-tree details for interface Ethernet 1/2 on your FEX. Are any
special spanning tree features enabled?

N7K-X-podP# show spanning-tree vlan 10 interface ethernet 10P/1/2 detail

Port 4200 (Ethernet10P/1/2) of MST0002 is designated forwarding


Port path cost 20000, Port priority 128, Port Identifier 128.4200
Designated root has priority 8194, address 0023.04ee.be38
Designated bridge has priority 8194, address a8b1.d455.6fc4
Designated port id is 128.4200, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
The port type is edge
Link type is point-to-point by default, Internal
Bpdu guard is enabled
Bpdu filter is enabled by default
PVST Simulation is enabled by default
BPDU: sent 11, received 0
Step 19 Try to disable the BPDU Guard and spanning-tree edge port features on the
interface.
N7K-X-podP(config-if)# interface ethernet 10P/1/2
N7K-X-podP(config-if)# no spanning-tree bpduguard
ERROR: Command not supported on fex port
N7K-X-podP(config-if)# spanning-tree port type normal
ERROR: Command not supported on fex port

Note FEX ports are intended to connect servers only. BPDU Guard and spanning-tree port type
edge are enabled by default and cannot be disabled.

Step 20 Save the configurations on the switches in your pod.

Activity Verification
You have completed this task when you attain these results:
You have successfully enabled a Cisco Nexus 2000 Fabric Extender on your Cisco Nexus
7000 VDC.
You have configured a port on the FEX and examined the spanning-tree behavior for the
FEX ports.

52 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 2-3: Configuring Layer 3 Switching
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure Layer 3 switching features between your Cisco Nexus 7000
VDC and your peer Cisco Nexus 7000 VDC. After completing this activity, you will be able to
meet these objectives:
Configure the Cisco Nexus 7000 Switch to support RIP and verify the configuration
Configure VRF instances with static routing and verify the configuration
Configure VRF instances with OSPFv2 and verify the configuration
Configure VRF instances with EIGRP and verify the configuration

Visual Objective
The figure illustrates what you will accomplish in this activity.

Lab 2-3: Configuring Layer 3 Switching

N7010-C1 N7010-C2
RIP
Static
OSPF
EIGRP

2011 Cisco Systems, Inc. All rights reserved. DCUFI v4.0LG-5

Required Resources
These are the resources and equipment that are required to complete this activity:
Two Cisco Nexus 7000 VDCs

2011 Cisco Systems, Inc. Lab Guide 53


Command List
The table describes the commands that are used in this activity.

Command Description

feature interface-vlan Enables the interface-vlan feature, which allows the


creation of switched virtual interfaces (SVI)

ip address Configures an IP address and prefix on an interface.


<address>/<prefix>
feature rip Enables the RIP feature.

show license usage Displays the license usage in a VDC.

ip router rip <tag> Activates a RIP process on an interface.

show ip route Displays the IP routing table.

show ip rip Displays basic parameters for a RIP process.

router rip <tag> Starts a RIP routing process.

show vrf Lists the VRFs that are present in a VDC.

show vrf detail Displays details for the VRFs in a VDC.

show vrf <vrf> interface Lists the interfaces that are associated with a VRF.

vrf member <vrf> Associates an interface with a VRF.

vrf context <vrf> Creates a new VRF context.

ip route <subnet>/<prefix> Creates a static route to a subnet using a specified next


<next-hop> hop router.

show ip route vrf <vrf> Displays the IP routing table for a VRF.

routing-context vrf <vrf> Sets the scope for routing-related commands to a specific
VRF.

feature ospf Enables the OSPF feature.

ip router ospf <tag> area Enables an OSPF process on an interface for a specific
<area> area.

show ip ospf Displays basic parameters for an OSPF process.

router ospf <tag> Starts an OSPF routing process.

show ip ospf vrf <vrf> Displays basic parameters for an OSPF process in a VRF.

show ip ospf neighbors vrf Displays the list of OSPF neighbors for a VRF.
<vrf>
show ip ospf database vrf Lists the content of the OSPF database for a VRF.
<vrf>
router-id <id> Sets the router ID for an OSPF process.

vrf <vrf> Enters VRF configuration mode under a routing process.

show ip ospf interface Displays OSPF interface parameters.


<intf>
auto-cost reference- Changes the OSPF auto-cost reference bandwidth.
bandwidth <bw> <unit>
show ip ospf interface Displays an overview of the interfaces that are enabled for
brief OSPF.

54 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
feature eigrp Enables the EIGRP feature.

router eigrp <tag> Starts an EIGRP routing process.

ip router eigrp <tag> Activates an EIGRP routing process on an interface.

show ip eigrp Displays basic EIGRP parameters.

autonomous-system <as-nr> Sets the autonomous system (AS) number for EIGRP in a
VRF.

show ip eigrp neighbors Displays the list of EIGRP neighbors.

Job Aids
These job aids are available to help you complete the lab activity.
Lab topology diagram
Lab connections
Lab IP address plan

2011 Cisco Systems, Inc. Lab Guide 55


Task 1: Configuring RIP
During this task, you will configure the routing information protocol on the Cisco Nexus 7000
VDC in your pod.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 First remove the vPC configuration from the previous lab.
N7K-X-podP(config)# no feature vpc
Step 3 Remove the port channels 5P and 5Q that you created in the previous lab, where P is
your pod number and Q is your peer pod number.
N7K-X-podP(config)# no interface port-channel 5P
N7K-X-podP(config)# no interface port-channel 5Q

Note Removing a port channel interface also automatically removes the channel-group
commands from the physical interfaces associated with that port channel.

Step 4 Connect to your assigned Cisco Nexus 5000 Switch.


Step 5 Remove the port channel 77 that you created in the previous lab.
N5K-P(config)# no interface port-channel 77
Step 6 Switch to your Cisco Nexus 7000 VDC.
Step 7 Configure an SVI on your Cisco Nexus 7000 VDC for VLAN 10. Assign IP address
172.16.10.7P/24 to it where P is your pod number.
N7K-X-podP(config)# interface vlan 10
^
Invalid command (interface name) at '^' marker.
N7K-X-podP(config)# feature interface-vlan
N7K-X-podP(config)# interface vlan 10
N7K-X-podP(config-if)# ip address 172.16.10.7P/24
N7K-X-podP(config-if)# no shutdown

Note The interface-vlan feature needs to be enabled before SVIs can be created.

Step 8 Ping the IP address of your peer pod 172.16.10.7Q, where Q is your peer pod
number, to confirm IP connectivity between the two pods.
N7K-X-podP# ping 172.16.10.7Q
PING 172.16.10.7Q (172.16.10.7Q): 56 data bytes
Request 0 timed out
64 bytes from 172.16.10.7Q: icmp_seq=1 ttl=254 time=1.22 ms
64 bytes from 172.16.10.7Q: icmp_seq=2 ttl=254 time=0.701 ms
64 bytes from 172.16.10.7Q: icmp_seq=3 ttl=254 time=0.999 ms
64 bytes from 172.16.10.7Q: icmp_seq=4 ttl=254 time=1.023 ms

--- 172.16.10.7Q ping statistics ---


5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 0.701/0.985/1.22 ms

Note Do not proceed until you have confirmed IP connectivity on VLAN 10 between your pod and
the peer pod.

Step 9 Enable the RIP feature in your VDC.

56 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
N7K-X-podP(config)# feature rip
Step 10 Verify the current license usage on your Cisco Nexus 7000 VDC.
N7K-X-podP# show license usage
Feature Ins Lic Status Expiry Date Comments
Count
------------------------------------------------------------------------------
SCALABLE_SERVICES_PKG No - Unused -
TRANSPORT_SERVICES_PKG Yes - Unused Never -
LAN_ADVANCED_SERVICES_PKG Yes - Unused Never -
LAN_ENTERPRISE_SERVICES_PKG Yes - In use Never -
------------------------------------------------------------------------------
Step 11 Do you require a license to use RIP on a Cisco Nexus 7000 Switch?

Step 12 Configure loopback interface 10 on your VDC and assign IP address


192.168.10.7P/32 where P is your assigned pod number.
N7K-X-podP(config)# interface loopback 10
N7K-X-podP(config-if)# ip address 192.168.10.7P/32
Step 13 Enable RIP on the loopback 10 interface. Choose your own process tag for the RIP
process. However, ensure that you use the same process tag consistently in this task
to avoid creating multiple RIP routing processes.
N7K-X-podP(config)# interface loopback 10
N7K-X-podP(config-if)# ip router rip MYRIP
Step 14 Enable the same RIP process on the VLAN 10 interface.
N7K-X-podP(config)# interface vlan 10
N7K-X-podP(config-if)# ip router rip MYRIP
Step 15 Wait for your peer pod to complete the configuration and verify the routing table.
N7K-X-podP# show ip route
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]

172.16.10.0/24, ubest/mbest: 1/0, attached


*via 172.16.10.7P, Vlan10, [0/0], 02:21:25, direct
172.16.10.7P/32, ubest/mbest: 1/0, attached
*via 172.16.10.7P, Vlan10, [0/0], 02:21:25, local
192.168.10.7P/32, ubest/mbest: 2/0, attached
*via 192.168.10.7P, Lo10, [0/0], 03:23:43, local
*via 192.168.10.7P, Lo10, [0/0], 03:23:43, direct

Note The routing table contains not only the expected directly attached subnets as direct routes,
but it also lists /32 local entries for locally configured IP addresses.

Step 16 Examine the RIP process.


N7K-X-podP# show ip rip
Note: process currently not running
Step 17 Enable the RIP process using the appropriate process tag.
N7K-X-podP(config)# router rip MYRIP
N7K-X-podP(config-router)#
Step 18 Examine the RIP process again.
N7K-X-podP# show ip rip
Process Name "rip-MYRIP" VRF "default"
RIP port 520, multicast-group 224.0.0.9
Admin-distance: 120
Updates every 30 sec, expire in 180 sec

2011 Cisco Systems, Inc. Lab Guide 57


Collect garbage in 120 sec
Default-metric: 1
Max-paths: 8
Process is up and running
Interfaces supported by ipv4 RIP :
loopback10
Vlan10
Step 19 Examine the routing table again.
N7K-X-podP# show ip route
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]

172.16.10.0/24, ubest/mbest: 1/0, attached


*via 172.16.10.7P, Vlan10, [0/0], 00:10:37, direct
172.16.10.7P/32, ubest/mbest: 1/0, attached
*via 172.16.10.7P, Vlan10, [0/0], 00:10:37, local
192.168.10.7P/32, ubest/mbest: 2/0, attached
*via 192.168.10.7P, Lo10, [0/0], 00:02:26, local
*via 192.168.10.7P, Lo10, [0/0], 00:02:26, direct
192.168.10.7Q/32, ubest/mbest: 1/0
*via 172.16.10.7Q, Vlan10, [120/2], 00:00:49, rip-MYRIP, rip
Step 20 Do you see a route from your peer pod advertised by RIP?

Step 21 Ping the loopback 10 IP address 192.168.10.7Q of your peer pod, where Q equals
your peer pod number. Use your own loopback 10 IP address 192.168.10.7P as the
source, where P equals your pod number.
N7K-X-podP# ping 192.168.10.7Q source 192.168.10.7P
PING 192.168.10.7Q (192.168.10.7Q) from 192.168.10.7P: 56 data bytes
64 bytes from 192.168.10.7Q: icmp_seq=0 ttl=254 time=1.338 ms
64 bytes from 192.168.10.7Q: icmp_seq=1 ttl=254 time=0.809 ms
64 bytes from 192.168.10.7Q: icmp_seq=2 ttl=254 time=0.791 ms
64 bytes from 192.168.10.7Q: icmp_seq=3 ttl=254 time=0.762 ms
64 bytes from 192.168.10.7Q: icmp_seq=4 ttl=254 time=0.754 ms

--- 192.168.10.7Q ping statistics ---


5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.754/0.89/1.338 ms
Step 22 Do not proceed to the next task until you succeed in pinging the peer pod loopback
10 IP address. Troubleshoot together with your peer pod as necessary.

Activity Verification
You have completed this task when you attain these results:
You have removed the vPC and port channel configuration from the previous lab.
You have created an SVI for VLAN 10 and verified IP connectivity for this VLAN.
You have configured RIP on your Cisco Nexus 7000 VDC.
You have verified that RIP is exchanging routing information between your pod and your
peer pod.
You have successfully pinged the loopback 10 IP address on your peer pod.

58 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Task 2: Configuring VRFs and Static Routing
During this task, you will configure a VRF and static routing for that VRF on the Cisco Nexus
7000 VDC in your pod.

Activity Procedure
Complete these steps:
Step 1 Examine the VRFs that exist by default on the Cisco Nexus 7000 VDC in your pod.
N7K-X-podP# show vrf
VRF-Name VRF-ID State Reason
default 1 Up --
management 2 Up --
Step 2 Examine the VRFs in more detail.
N7K-X-podP# show vrf detail
VRF-Name: default, VRF-ID: 1, State: Up
Table-ID: 0x80000007, AF: IPv6, Fwd-ID: 0x80000007, State: Up
Table-ID: 0x00000007, AF: IPv4, Fwd-ID: 0x00000007, State: Up

VRF-Name: management, VRF-ID: 2, State: Up


Table-ID: 0x80000008, AF: IPv6, Fwd-ID: 0x80000008, State: Up
Table-ID: 0x00000008, AF: IPv4, Fwd-ID: 0x00000008, State: Up

Note VRFs are enabled for both IPv4 and IPv6 by default in the Cisco NX-OS Software.

Step 3 Examine the interface assignments for these VRFs in your pod VDC.
N7K-X-podP# show vrf default interface
Interface VRF-Name VRF-ID
Vlan1 default 1
Vlan10 default 1
loopback10 default 1
Ethernet1/E default 1
Ethernet1/F default 1
Ethernet1/G default 1
Ethernet1/H default 1

N7K-X-podP# show vrf management interface


Interface VRF-Name VRF-ID
mgmt0 management 2

Step 4 Try to reassign the Vlan 1 interface from the default VRF to the management VRF.
N7K-X-podP(config)# interface vlan 1
N7K-X-podP(config-if)# vrf member management
Step 5 What is the result?

Step 6 Create a new VRF named STATIC-VRF and examine the available configuration
commands for the VRF.
N7K-X-podP(config)# vrf context STATIC-VRF
N7K-X-podP(config-vrf)# ?
ip Configure IP features
ipv6 Configure IPv6 features
no Negate a command or set its defaults
shutdown Shutdown current VRF
end Go to exec mode
exit Exit from command interpreter
pop Pop mode from stack or restore from name
push Push current mode to stack or save it under name

2011 Cisco Systems, Inc. Lab Guide 59


where Shows the cli context you are in

Note It is currently not possible to configure Route Distinguishers (RD) and Route Targets (RT),
which are required for MPLS VPNv4 or VPNv6 routes.

Step 7 Create an SVI for VLAN 11 and configure IP address 172.16.11.7P/24 on it where P
is your assigned pod number. Enable the interface.
N7K-X-podP(config)# interface vlan 11
N7K-X-podP(config-if)# ip address 172.16.11.7P/24
N7K-X-podP(config-if)# no shutdown
Step 8 Assign the Vlan 11 interface to the VRF STATIC-VRF.
N7K-X-podP(config-if)# vrf member STATIC-VRF
% Deleted all L3 config on interface Vlan11

Note The Cisco NX-OS Software supports tab completion for VRF names.

Step 9 Examine the running configuration for the Vlan 11 interface.


N7K-X-podP(config-if)# show running-config interface vlan 11

!Command: show running-config interface Vlan11


!Time: Fri Feb 4 01:21:56 2011

version 5.1(2)

interface Vlan11
no shutdown
vrf member STATIC-VRF

Note The IP address and any other IP configuration is removed from an interface when it is
assigned to a different VRF.

Step 10 Reassign the IP address you configured in Step 7.


N7K-X-podP(config-if)# ip address 172.16.11.7P/24
Step 11 Ping the IP address of your peer pod 172.16.11.7Q, where Q is your peer pod
number, to confirm IP connectivity between the two pods on VLAN 11.
N7K-X-podP# ping 172.16.11.7Q vrf STATIC-VRF
PING 172.16.11.7Q (172.16.11.7Q): 56 data bytes
64 bytes from 172.16.11.7Q: icmp_seq=0 ttl=254 time=1.049 ms
64 bytes from 172.16.11.7Q: icmp_seq=1 ttl=254 time=0.642 ms
64 bytes from 172.16.11.7Q: icmp_seq=2 ttl=254 time=3.172 ms
64 bytes from 172.16.11.7Q: icmp_seq=3 ttl=254 time=0.814 ms
64 bytes from 172.16.11.7Q: icmp_seq=4 ttl=254 time=0.819 ms

--- 172.16.11.7Q ping statistics ---


5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.642/1.299/3.172 ms

Note Do not forget to specify the VRF in the ping command.

Step 12 Configure loopback interface 11 on your VDC, assign it to VRF STATIC-VRF, and
assign IP address 192.168.11.7P/32 where P is your assigned pod number.
N7K-X-podP(config)# interface loopback 11
N7K-X-podP(config-if)# vrf member STATIC-VRF
% Deleted all L3 config on interface loopback11
N7K-X-podP(config-if)# ip address 192.168.11.7P/32

60 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 13 Create a static route for VRF VRF-STATIC that points to the loopback 11 IP
address of your peer pod (192.168.11.Q/32) via the VLAN 11 IP address of your
peer pod (172.16.11.7Q) (where Q is your peer pod number).
N7K-X-podP(config)# vrf context STATIC-VRF
N7K-X-podP(config-vrf)# ip route 192.168.11.7Q/32 172.16.11.7Q

Note Inter-VRF static routes are not supported. The next-hop for a static route should always be
in the same VRF.

Step 14 Examine the routing table for VRF STATIC-VRF.


N7K-X-podP# show ip route vrf STATIC-VRF
IP Route Table for VRF "STATIC-VRF"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]

172.16.11.0/24, ubest/mbest: 1/0, attached


*via 172.16.11.7P, Vlan11, [0/0], 11:03:15, direct
172.16.11.7P/32, ubest/mbest: 1/0, attached
*via 172.16.11.7P, Vlan11, [0/0], 11:03:15, local
192.168.11.7P/32, ubest/mbest: 2/0, attached
*via 192.168.11.7P, Lo11, [0/0], 00:29:00, local
*via 192.168.11.7P, Lo11, [0/0], 00:29:00, direct
192.168.11.7Q/32, ubest/mbest: 1/0
*via 172.16.11.7Q, Vlan11, [1/0], 00:09:14, static

Note If you do not specify the VRF, the default VRF is used for all IP routing-related commands.

Step 15 Set the scope of all Cisco NX-OS IP routing-related commands to use the VRF
STATIC-VRF for your current session.
N7K-X-podP# routing-context vrf STATIC-VRF
Step 16 Ping the loopback 11 IP address 192.168.11.7Q of your peer pod, where Q is your
peer pod number. Use your own loopback 11 IP address 192.168.11.7P as the
source, where P is your pod number.
N7K-X-podP%STATIC-VRF# ping 192.168.11.7Q source 192.168.11.7P
PING 192.168.11.7Q (192.168.11.7Q) from 192.168.11.7P: 56 data bytes
Request 0 timed out
64 bytes from 192.168.11.7Q: icmp_seq=1 ttl=254 time=1.259 ms
64 bytes from 192.168.11.7Q: icmp_seq=2 ttl=254 time=0.82 ms
64 bytes from 192.168.11.7Q: icmp_seq=3 ttl=254 time=0.648 ms
64 bytes from 192.168.11.7Q: icmp_seq=4 ttl=254 time=0.833 ms

--- 192.168.11.7Q ping statistics ---


5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 0.648/0.89/1.259 ms
Step 17 Do not proceed to the next task until you succeed in pinging the peer pod loopback
11 IP address. Troubleshoot together with your peer pod as necessary.
Step 18 Reset the command scope to the default VRF.
N7K-X-podP%STATIC-VRF# routing-context vrf default

Activity Verification
You have completed this task when you attain these results:
You have created a new VRF in your Cisco Nexus 7000 VDC.
You have created an SVI for VLAN 11, assigned it to a VRF, and verified IP connectivity
for this VLAN.
2011 Cisco Systems, Inc. Lab Guide 61
You have configured a static route in a VRF and you have verified that the route was
installed in the routing table for the VRF.
You have successfully pinged the loopback 11 IP address in the VRF on your peer pod.

Task 3: Configuring VRFs and OSPFv2


During this task, you will configure a VRF and configure OSPFv2 for that VRF on the Cisco
Nexus 7000 VDC in your pod.

Activity Procedure
Complete these steps:
Step 1 Create a VRF context named OSPF-VRF.
N7K-X-podP(config)# vrf context OSPF-VRF
Step 2 Create an SVI for VLAN 12 and assign it to the VRF OSPF-VRF.
N7K-X-podP(config)# interface vlan 12
N7K-X-podP(config-if)# vrf member OSPF-VRF
% Deleted all L3 config on interface Vlan12
Step 3 Configure IP address 172.16.12.7P/24 on interface vlan 12 where P is your assigned
pod number and enable the interface.
N7K-X-podP(config-if)# ip address 172.16.12.7P/24
N7K-X-podP(config-if)# no shutdown
Step 4 Ping the IP address of your peer pod 172.16.12.7Q, where Q is your peer pod
number, to confirm IP connectivity between the two pods on VLAN 12.
N7K-X-podP# ping 172.16.12.7Q vrf OSPF-VRF
PING 172.16.12.7Q (172.16.12.7Q): 56 data bytes
Request 0 timed out
64 bytes from 172.16.12.7Q: icmp_seq=1 ttl=254 time=1.217 ms
64 bytes from 172.16.12.7Q: icmp_seq=2 ttl=254 time=0.771 ms
64 bytes from 172.16.12.7Q: icmp_seq=3 ttl=254 time=0.832 ms
64 bytes from 172.16.12.7Q: icmp_seq=4 ttl=254 time=0.843 ms

--- 172.16.12.7Q ping statistics ---


5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 0.771/0.915/1.217 ms
Step 5 Configure loopback interface 12 on your VDC, assign it to VRF OSPF-VRF, and
assign IP address 192.168.12.7P/32 where P is your assigned pod number.
N7K-X-podP(config)# interface loopback 12
N7K-X-podP(config-if)# vrf member OSPF-VRF
% Deleted all L3 config on interface loopback12
N7K-X-podP(config-if)# ip address 192.168.12.7P/32
Step 6 Enable the OSPF feature.
N7K-X-podP(config)# feature ospf

Caution If a warning LAN_ENTERPRISE_SERVICES_PKG license not installed. ospf feature will be


shutdown after grace period of approximately XXX day(s) is displayed, make sure to install
the license key before the grace period expires. The Cisco NX-OS Software enforces the
use of licenses and will delete all unlicensed features from your configuration when the
grace period expires.

Step 7 Verify the license usage in your VDC.


N7K-X-podP# show license usage
Feature Ins Lic Status Expiry Date Comments
Count

62 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
------------------------------------------------------------------------------
--
ENHANCED_LAYER2_PKG No - Unused -
SCALABLE_SERVICES_PKG No - Unused -
TRANSPORT_SERVICES_PKG Yes - Unused Never -
LAN_ADVANCED_SERVICES_PKG Yes - Unused Never -
LAN_ENTERPRISE_SERVICES_PKG Yes - In use Never -
------------------------------------------------------------------------------
--
Step 8 Which licenses are in use on your VDC?

Step 9 Verify which features cause the Enterprise Services License to be used.
N7K-X-podP# show license usage LAN_ENTERPRISE_SERVICES_PKG
Application
-----------
ospf@4
-----------

Note The @4 in the command output specifies the VDC in which the feature is used. In this
specific example, OSPF is in use in VDC 4. The output in your pod may be different
depending on your VDC number.

Step 10 Configure OSPF in area 0 on interface vlan 12. Use a process ID of your choice, but
make sure you use the same process ID consistently throughout this exercise.
N7K-X-podP(config)# interface vlan 12
N7K-X-podP(config-if)# ip router ospf MYOSPF area 0
Step 11 Configure OSPF in area P, where P is your assigned pod number, on interface
loopback 12. Use the same process ID as in the previous step.
N7K-X-podP(config)# interface loopback 12
N7K-X-podP(config-if)# ip router ospf MYOSPF area P
Step 12 Examine the OSPF process.
N7K-X-podP# show ip ospf
Note: process currently not running
Step 13 Configure the OSPF process using the process ID used in the previous steps.
N7K-X-podP(config)# router ospf MYOSPF
Step 14 Examine the OSPF process again.
N7K-X-podP# show ip ospf
Routing Process MYOSPF with ID 192.168.10.7P VRF default
Stateful High Availability enabled
Graceful-restart is configured
Grace period: 60 state: Inactive
Last graceful restart exit status: None
Supports only single TOS(TOS0) routes
Supports opaque LSA
Administrative distance 110
Reference Bandwidth is 40000 Mbps
Initial SPF schedule delay 200.000 msecs,
minimum inter SPF delay of 1000.000 msecs,
maximum inter SPF delay of 5000.000 msecs
Initial LSA generation delay 0.000 msecs,
minimum inter LSA delay of 5000.000 msecs,
maximum inter LSA delay of 5000.000 msecs
Minimum LSA arrival 1000.000 msec
LSA group pacing timer 10 secs
Maximum paths to destination 8
Number of external LSAs 0, checksum sum 0
Number of opaque AS LSAs 0, checksum sum 0

2011 Cisco Systems, Inc. Lab Guide 63


Number of areas is 0, 0 normal, 0 stub, 0 nssa
Number of active areas is 0, 0 normal, 0 stub, 0 nssa
Step 15 Why does the output not reflect any configured areas?

Step 16 Verify the OSPF process for the VRF OSPF-VRF.


N7K-X-podP# show ip ospf vrf OSPF-VRF
Routing Process MYOSPF with ID 192.168.12.7P VRF OSPF-VRF
Stateful High Availability enabled
Graceful-restart is configured
Grace period: 60 state: Inactive
Last graceful restart exit status: None
Supports only single TOS(TOS0) routes
Supports opaque LSA
This router is an area border
Administrative distance 110
Reference Bandwidth is 40000 Mbps
Initial SPF schedule delay 200.000 msecs,
minimum inter SPF delay of 1000.000 msecs,
maximum inter SPF delay of 5000.000 msecs
Initial LSA generation delay 0.000 msecs,
minimum inter LSA delay of 5000.000 msecs,
maximum inter LSA delay of 5000.000 msecs
Minimum LSA arrival 1000.000 msec
LSA group pacing timer 10 secs
Maximum paths to destination 8
Number of external LSAs 0, checksum sum 0
Number of opaque AS LSAs 0, checksum sum 0
Number of areas is 2, 2 normal, 0 stub, 0 nssa
Number of active areas is 2, 2 normal, 0 stub, 0 nssa
Area BACKBONE(0.0.0.0)
Area has existed for 01:06:27
Interfaces in this area: 1 Active interfaces: 1
Passive interfaces: 0 Loopback interfaces: 0
No authentication available
SPF calculation has run 3 times
Last SPF ran for 0.000249s
Area ranges are
Number of LSAs: 5, checksum sum 0x1f8b1
Area (0.0.0.P) (Inactive)
Area has existed for 01:06:27
Interfaces in this area: 1 Active interfaces: 1
Passive interfaces: 1 Loopback interfaces: 1
No authentication available
SPF calculation has run 3 times
Last SPF ran for 0.000078s
Area ranges are
Number of LSAs: 3, checksum sum 0x1ee75

Note It is not necessary to enable the VRF specifically under the OSPF process. If you enable the
process on an interface that is a member of a VRF, then the process is automatically
enabled for that VRF.

Step 17 Verify that an OSPF adjacency has been established between your VDC and the
VDC in your peer pod.
N7K-X-podP# show ip ospf neighbors vrf OSPF-VRF
OSPF Process ID MYOSPF VRF OSPF-VRF
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
192.168.12.7Q 1 FULL/BDR 00:06:55 172.16.12.7Q Vlan12

Note Dont forget to specify the VRF in the command.

64 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 18 Examine the OSPF database for VRF OSPF-VRF.
N7K-X-podP# show ip ospf database vrf OSPF-VRF
OSPF Router with ID (192.168.12.7P) (Process ID MYOSPF VRF OSPF-VRF)

Router Link States (Area 0.0.0.0)

Link ID ADV Router Age Seq# Checksum Link Count


192.168.12.7P 192.168.12.7P 1795 0x80000007 0xb7c3 1
192.168.12.7Q 192.168.12.7Q 1795 0x80000005 0xb9c0 1

Network Link States (Area 0.0.0.0)

Link ID ADV Router Age Seq# Checksum


172.16.12.7P 192.168.12.7P 1795 0x80000004 0x3dc2

Summary Network Link States (Area 0.0.0.0)

Link ID ADV Router Age Seq# Checksum


192.168.12.7P 192.168.12.7P 253 0x80000007 0x1eb6
192.168.12.7Q 192.168.12.7Q 1795 0x80000004 0x14c1

Router Link States (Area 0.0.0.P)

Link ID ADV Router Age Seq# Checksum Link Count


192.168.12.7P 192.168.12.7P 253 0x80000007 0x7098 1

Summary Network Link States (Area 0.0.0.P)

Link ID ADV Router Age Seq# Checksum


172.16.12.0 192.168.12.7P 253 0x80000007 0xc2e2
192.168.12.7Q 192.168.12.7P 1785 0x80000004 0xab03

Step 19 Change the OSPF router ID to P.P.P.P, where P is your pod number.
N7K-X-podP(config)# router ospf MYOSPF
N7K-X-podP(config-router)# router-id P.P.P.P
Step 20 Examine the router ID for the OSPF process for the VRF OSPF-VRF.
N7K-X-podP# show ip ospf vrf OSPF-VRF | include ID
Routing Process MYOSPF with ID 192.168.12.7P VRF OSPF-VRF
Step 21 Did the router ID change?

Step 22 Examine the router ID for the default VRF.


N7K-X-podP# show ip ospf | include ID
Routing Process MYOSPF with ID P.P.P.P VRF default
Step 23 Change the OSPF router ID to P.P.P.P for the VRF OSPF-VRF, where P is your
pod number.
N7K-X-podX(config)# router ospf MYOSPF
N7K-X-podX(config-router)# vrf OSPF-VRF
N7K-X-podX(config-router-vrf)# router-id P.P.P.P
Step 24 Enable OSPF adjacency logging for the VRF OSPF-VRF.
N7K-X-podP(config-router-vrf)# log-adjacency-changes
Step 25 Examine the OSPF router ID for the VRF again.
N7K-X-podP# show ip ospf vrf OSPF-VRF | include ID
Routing Process MYOSPF with ID P.P.P.P VRF OSPF-VRF

Note It is not necessary to clear or restart the OSPF process for the router ID change to be
applied.

2011 Cisco Systems, Inc. Lab Guide 65


Step 26 Examine the OSPF interface cost for interface vlan 12.
N7K-X-podP# show ip ospf interface vlan 12
Vlan12 is up, line protocol is up
IP address 172.16.12.7P/24, Process ID MYOSPF VRF OSPF-VRF, area 0.0.0.0
Enabled by interface configuration
State BDR, Network type BROADCAST, cost 40
Index 2, Transmit delay 1 sec, Router Priority 1
Designated Router ID: Q.Q.Q.Q, address: 172.16.12.7Q
Backup Designated Router ID: P.P.P.P, address: 172.16.12.7P
1 Neighbors, flooding to 1, adjacent with 1
Timer intervals: Hello 10, Dead 40, Wait 40, Retransmit 5
Hello timer due in 00:00:01
No authentication
Number of opaque link LSAs: 0, checksum sum 0

Step 27 How is the interface cost calculated?

Step 28 Change the OSPF reference bandwidth to 100 Mbps to match the reference
bandwidth of older devices on the network.
N7K-X-podP(config)# router ospf MYOSPF
N7K-X-podP(config-router)# vrf OSPF-VRF
N7K-X-podP(config-router-vrf)# auto-cost reference-bandwidth ?
<1-4000000> Rate in Mbps (bandwidth) (Default)
*Default value is 40000
<1-4000> Rate in Gbps (bandwidth)
*Default value is 40

N7K-X-podP(config-router-vrf)# auto-cost reference-bandwidth 100 Mbps


Step 29 Verify that the OSPF interface cost has changed to reflect the new reference
bandwidth.
N7K-X-podP# show ip ospf interface brief vrf OSPF-VRF
OSPF Process ID MYOSPF VRF OSPF-VRF
Total number of interface: 2
Interface ID Area Cost State Neighbors
Status
Vlan12 2 0.0.0.0 1 BDR 1 up
Lo12 1 0.0.0.P 1 LOOPBACK 0 up
Step 30 Examine the routing table for VRF OSPF-VRF.
N7K-X-podP# show ip route vrf OSPF-VRF
IP Route Table for VRF "OSPF-VRF"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]

172.16.12.0/24, ubest/mbest: 1/0, attached


*via 172.16.12.7P, Vlan12, [0/0], 03:36:58, direct
172.16.12.7P/32, ubest/mbest: 1/0, attached
*via 172.16.12.7P, Vlan12, [0/0], 03:36:58, local
192.168.12.7P/32, ubest/mbest: 2/0, attached
*via 192.168.12.7P, Lo12, [0/0], 03:30:51, local
*via 192.168.12.7P, Lo12, [0/0], 03:30:51, direct
192.168.12.7Q/32, ubest/mbest: 1/0
*via 172.16.12.7Q, Vlan12, [110/41], 00:05:01, ospf-MYOSPF, inter
Step 31 Ping the loopback 12 IP address 192.168.12.7Q of your peer pod, where Q is your
peer pod number. Use your own loopback 12 IP address 192.168.12.7P as the
source, where P is your pod number.
N7K-X-podP# ping 192.168.12.7Q source 192.168.12.7P vrf OSPF-VRF
PING 192.168.12.7Q (192.168.12.7Q) from 192.168.12.7P: 56 data bytes
64 bytes from 192.168.12.7Q: icmp_seq=0 ttl=254 time=1.212 ms
64 bytes from 192.168.12.7Q: icmp_seq=1 ttl=254 time=0.718 ms

66 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
64 bytes from 192.168.12.7Q: icmp_seq=2 ttl=254 time=0.836 ms
64 bytes from 192.168.12.7Q: icmp_seq=3 ttl=254 time=0.848 ms
64 bytes from 192.168.12.7Q: icmp_seq=4 ttl=254 time=0.846 ms

--- 192.168.12.7Q ping statistics ---


5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.718/0.891/1.212 ms

Step 32 Do not proceed to the next task until you succeed in pinging the peer pod loopback
12 IP address. Troubleshoot together with your peer pod as necessary.

Activity Verification
You have completed this task when you attain these results:
You have created a new VRF in your Cisco Nexus 7000 VDC.
You have created an SVI for VLAN 12, assigned it to a VRF, and verified IP connectivity
for this VLAN.
You have enabled OSPF for the VRF and verified its operation.
You have successfully pinged the loopback 12 IP address in the VRF on your peer pod.

Task 4: Configuring VRFs and EIGRP


During this task, you will configure a VRF and configure EIGRP for that VRF on the Cisco
Nexus 7000 VDC in your pod.

Activity Procedure
Complete these steps:
Step 1 Create a VRF context named EIGRP-VRF.
N7K-X-podP(config)# vrf context EIGRP-VRF
Step 2 Create an SVI for VLAN 13 and assign it to the VRF EIGRP-VRF.
N7K-X-podP(config)# interface vlan 13
N7K-X-podP(config-if)# vrf member EIGRP-VRF
% Deleted all L3 config on interface Vlan13
Step 3 Configure IP address 172.16.13.7P/24 on interface vlan 13 where P is your assigned
pod number and enable the interface.
N7K-X-podP(config-if)# ip address 172.16.13.7P/24
N7K-X-podP(config-if)# no shutdown
Step 4 Set the scope of all Cisco NX-OS IP routing-related commands to use the VRF
EIGRP-VRF for your current session.
N7K-X-podP# routing-context vrf EIGRP-VRF
Step 5 Ping the IP address of your peer pod 172.16.13.7Q, where Q is your peer pod
number, to confirm IP connectivity between the two pods on VLAN 13.
N7K-X-podP%EIGRP-VRF# ping 172.16.13.7Q
PING 172.16.13.7Q (172.16.13.7Q): 56 data bytes
Request 0 timed out
64 bytes from 172.16.13.7Q: icmp_seq=1 ttl=254 time=1.187 ms
64 bytes from 172.16.13.7Q: icmp_seq=2 ttl=254 time=0.854 ms
64 bytes from 172.16.13.7Q: icmp_seq=3 ttl=254 time=0.669 ms
64 bytes from 172.16.13.7Q: icmp_seq=4 ttl=254 time=0.729 ms

--- 172.16.13.7Q ping statistics ---


5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 0.669/0.859/1.187 ms

2011 Cisco Systems, Inc. Lab Guide 67


Step 6 Configure loopback interface 13 on your VDC, assign it to VRF EIGRP-VRF, and
assign IP address 192.168.13.7P/32 where P is your assigned pod number.
N7K-X-podP%EIGRP-VRF(config)# interface loopback 13
N7K-X-podP%EIGRP-VRF(config-if)# vrf member EIGRP-VRF
% Deleted all L3 config on interface loopback13
N7K-X-podP%EIGRP-VRF(config-if)# ip address 192.168.13.7P/32
Step 7 Enable the EIGRP feature.
N7K-X-podP%EIGRP-VRF(config)# feature eigrp
Step 8 Examine the license usage for the Enterprise Services License.
N7K-X-podP%EIGRP-VRF# show license usage LAN_ENTERPRISE_SERVICES_PKG
Application
-----------
ospf@4
eigrp@4
-----------
Step 9 Configure an EIGRP process with process tag MYEIGRP.
N7K-X-podP%EIGRP-VRF(config)# router eigrp MYEIGRP
Step 10 Activate EIGRP on interface vlan 13.
N7K-X-podP%EIGRP-VRF(config)# interface vlan 13
N7K-X-podP%EIGRP-VRF(config-if)# ip router eigrp MYEIGRP
Step 11 Activate EIGRP on interface loopback 13.
N7K-X-podP%EIGRP-VRF(config)# interface loopback 13
N7K-X-podP%EIGRP-VRF(config-if)# ip router eigrp MYEIGRP
Step 12 Examine the EIGRP process.
N7K-X-podP%EIGRP-VRF# show ip eigrp
IP-EIGRP AS 0 ID 192.168.13.7P VRF EIGRP-VRF
Process-tag: MYEIGRP
Status: shutdown
Authentication mode: none
Authentication key-chain: none
Metric weights: K1=1 K2=0 K3=1 K4=0 K5=0
IP proto: 88 Multicast group: 224.0.0.10
Int distance: 90 Ext distance: 170
Max paths: 8
Number of EIGRP interfaces: 2 (1 loopbacks)
Number of EIGRP passive interfaces: 0
Number of EIGRP peers: 0
Graceful-Restart: Enabled
Stub-Routing: Disabled
NSF converge time limit/expiries: 120/0
NSF route-hold time limit/expiries: 240/0
NSF signal time limit/expiries: 20/0
Redistributed max-prefix: Disabled
Step 13 Why is the EIGRP process shut down?

Step 14 Configure EIGRP autonomous system number 42 for the VRF EIGRP-VRF.
N7K-X-podP%EIGRP-VRF(config)# router eigrp MYEIGRP
N7K-X-podP%EIGRP-VRF(config-router)# vrf EIGRP-VRF
N7K-X-podP%EIGRP-VRF(config-router-vrf)# autonomous-system 42
Step 15 Examine the EIGRP process again.
N7K-X-podP%EIGRP-VRF# show ip eigrp
IP-EIGRP AS 42 ID 192.168.13.7P VRF EIGRP-VRF
Process-tag: MYEIGRP
Status: running
Authentication mode: none
Authentication key-chain: none

68 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Metric weights: K1=1 K2=0 K3=1 K4=0 K5=0
IP proto: 88 Multicast group: 224.0.0.10
Int distance: 90 Ext distance: 170
Max paths: 8
Number of EIGRP interfaces: 2 (1 loopbacks)
Number of EIGRP passive interfaces: 0
Number of EIGRP peers: 0
Graceful-Restart: Enabled
Stub-Routing: Disabled
NSF converge time limit/expiries: 120/0
NSF route-hold time limit/expiries: 240/0
NSF signal time limit/expiries: 20/0
Redistributed max-prefix: Disabled
Step 16 Verify that an EIGRP adjacency has been established between your VDC and the
VDC in your peer pod.
N7K-X-podP%EIGRP-VRF# show ip eigrp neighbors
IP-EIGRP neighbors for process 42 VRF EIGRP-VRF
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.13.7Q Vlan13 14 00:00:09 1 200 0 3
Step 17 Examine the routing table for VRF EIGRP-VRF.
N7K-X-podP%EIGRP-VRF# show ip route
IP Route Table for VRF "EIGRP-VRF"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]

172.16.13.0/24, ubest/mbest: 1/0, attached


*via 172.16.13.7P, Vlan13, [0/0], 00:28:39, direct
172.16.13.75/32, ubest/mbest: 1/0, attached
*via 172.16.13.7P, Vlan13, [0/0], 00:28:39, local
192.168.13.7P/32, ubest/mbest: 2/0, attached
*via 192.168.13.7P, Lo13, [0/0], 00:21:17, local
*via 192.168.13.7P, Lo13, [0/0], 00:21:17, direct
192.168.13.7Q/32, ubest/mbest: 1/0
*via 172.16.13.7Q, Vlan13, [90/130816], 00:02:45, eigrp-MYEIGRP, internal
Step 18 Ping the loopback 13 IP address 192.168.13.7Q of your peer pod, where Q is your
peer pod number. Use your own loopback 13 IP address 192.168.13.7P as the
source, where P is your pod number.
N7K-X-podP%EIGRP-VRF# ping 192.168.13.7Q source 192.168.13.7P
PING 192.168.13.7Q (192.168.13.7Q) from 192.168.13.7P: 56 data bytes
64 bytes from 192.168.13.7Q: icmp_seq=0 ttl=254 time=1.378 ms
64 bytes from 192.168.13.7Q: icmp_seq=1 ttl=254 time=0.732 ms
64 bytes from 192.168.13.7Q: icmp_seq=2 ttl=254 time=0.831 ms
64 bytes from 192.168.13.7Q: icmp_seq=3 ttl=254 time=0.724 ms
64 bytes from 192.168.13.7Q: icmp_seq=4 ttl=254 time=0.755 ms

--- 192.168.13.7Q ping statistics ---


5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.724/0.883/1.378 ms
Step 19 Reset the command scope to the default VRF.
N7K-X-podP%EIGRP-VRF# routing-context vrf default
Step 20 Save the configuration on your Cisco Nexus 7000 VDC.

Activity Verification
You have completed this task when you attain these results:
You have created a new VRF in your Cisco Nexus 7000 VDC.
You have created an SVI for VLAN 13, assigned it to a VRF, and verified IP connectivity
for this VLAN.

2011 Cisco Systems, Inc. Lab Guide 69


You have enabled EIGRP for the VRF and verified its operation.
You have successfully pinged the loopback 13 IP address in the VRF on your peer pod.

70 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 3-1: Configuring Security Features
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure Cisco NX-OS security features on your Cisco Nexus 5000
Switch and Cisco Nexus 7000 VDC. After completing this activity, you will be able to meet
these objectives:
Configure and verify access lists using atomic programming
Configure port security on the Cisco Nexus 7000 Switch and verify the configuration has
been applied as per the design requirements
Configure traffic storm control on the Cisco Nexus 7000 Switch and verify the
configuration has been applied as per the design requirements

Visual Objective
The figure illustrates what you will accomplish in this activity.

Lab 3-1: Configuring Security Features

N7010-C1 N7010-C2

Nexus 5010 Nexus 5010

Nexus 2248TP Nexus 2248TP

UCS C-series

2011 Cisco Systems, Inc. All rights reserved. DCUFI v4.0LG-6

Required Resources
These are the resources and equipment that are required to complete this activity:
Two Cisco Nexus 7000 VDCs
Two Cisco Nexus 5000 Switches
Two Windows 2003 servers

2011 Cisco Systems, Inc. Lab Guide 71


Command List
The table describes the commands that are used in this activity.

Command Description

switchport access vlan Configures the VLAN for an access port.


<vlan>
spanning-tree port type Configures an interface as a spanning-tree edge port.
edge
object-group ip port Defines an IP port object group.
<name>
object-group ip address Defines an IP address object group.
<name>
configure session <name> Starts a configuration session.

ip access-list <name> Defines an IP access-list.

show running-config aclmgr Shows the elements of the running configuration that are
related to access-lists.

show configuration session Shows the content of a configuration session.

ip access-group <name> in Associates an access-list with a Layer 3 interface.

verify Verify that an access-list can be installed in the forwarding


engines of a Cisco Nexus switch.

commit Commits the statements in a configuration session to the


running configuration.

show access-lists <name> Displays the access-lists on the switch.

statistics per-entry Enables the gathering of statistics for an access-list.

show access-lists <name> Shows an access-list after expansion of any included


expanded object groups.

feature port-security Enables the port security feature.

switchport port-security Enables port security on an interface.

show running-config port- Shows the elements of the running configuration that are
security all related to port security including default values.

show port-security address Shows the static and dynamic port security addresses in
the system.

switchport port-security Configures a static port security MAC address for an


mac-address <address> interface.

show logging last <nr> Shows the last number of lines in the system log.

storm-control broadcast Enables storm control for broadcast traffic at the configured
level <percent> level.

storm-control multicast Enables storm control for multicast traffic at the configured
level <percent> level.

storm-control unicast Enables storm control for unicast traffic at the configured
level <percent> level.

show interface <intf> Displays the operational traffic storm-control parameters


counters storm-control and statistics.

72 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Job Aids
These job aids are available to help you complete the lab activity.
Lab topology diagram
Lab connections
Lab IP address plan

2011 Cisco Systems, Inc. Lab Guide 73


Task 1: Configuring Access Lists
During this task, you will configure access lists on the Cisco Nexus 7000 VDC in your pod.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 5000 Switch.
Step 2 Assign the 10 Gigabit Ethernet port that connects to the Windows server to VLAN
10 and make it a spanning-tree edge port.
N5K-P(config)# interface ethernet 1/3
N5K-P(config-if)# switchport access vlan 10
N5K-P(config-if)# spanning-tree port type edge
Warning: Edge port type (portfast) should only be enabled on ports connected
to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when edge port type (portfast) is enabled, can cause temporary
bridging loops.
Use with CAUTION

Edge Port Type (Portfast) has been configured on Ethernet1/3 but will only
have effect when the interface is in a non-trunking mode.

Step 3 Connect to your assigned Windows server and configure IP address


172.16.10.1P1/24, where P is your pod number, on the network adapter named
CNA2nexus5K that connects to your Cisco Nexus 5000 Switch.
Step 4 From your Windows server ping the IP address of your Cisco Nexus 7000 VDC in
VLAN 10, which is 172.16.10.7P/24, where P is your pod number.
C:\Documents and Settings\Administrator> ping 172.16.10.7P

Pinging 172.16.10.7P with 32 bytes of data:

Reply from 172.16.10.7P: bytes=32 time=1ms TTL=255


Reply from 172.16.10.7P: bytes=32 time<1ms TTL=255
Reply from 172.16.10.7P: bytes=32 time<1ms TTL=255
Reply from 172.16.10.7P: bytes=32 time<1ms TTL=255

Ping statistics for 172.16.10.7P:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\Documents and Settings\Administrator>


Step 5 Use telnet or SSH to connect from your Windows server to your Cisco Nexus 7000
Switch on the VLAN 10 IP address 172.16.10.7P, where P equals your pod number.
Disconnect after verifying that you can log in to your VDC.
C:\Documents and Settings\Administrator> telnet 172.16.10.7P
User Access Verification
login: admin
Password:
Last login: Fri Feb 18 00:45:04 from 172.16.10.1P1
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at

74 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
N7K-X-podP# exit

Connection to host lost.

C:\Documents and Settings\Administrator>


Step 6 Connect to your assigned Cisco Nexus 7000 VDC.
Step 7 Configure an IP port object group named VIRTUAL-TERMINAL that includes
ports 22 (SSH), 23 (telnet), and 513 (rlogin).
N7K-X-podP(config)# object-group ip port VIRTUAL-TERMINAL
N7K-X-podP(config-port-ogroup)# range 22 23
N7K-X-podP(config-port-ogroup)# eq 513
Step 8 Configure an IP address object group named MGMT-LANS that includes the
subnets 172.16.10.0/24, 172.16.11.0/24, and 172.16.12.0/24.
N7K-X-podP(config)# object-group ip address MGMT-LANS
N7K-X-podP(config-ipaddr-ogroup)# 172.16.10.0/24
N7K-X-podP(config-ipaddr-ogroup)# 172.16.11.0/24
N7K-X-podP(config-ipaddr-ogroup)# 172.16.12.0/24
Step 9 Exit configuration mode and start a configuration session named MGMT-ACL.
N7K-X-podP# configure session MGMT-ACL
Config Session started, Session ID is 1
Enter configuration commands, one per line. End with CNTL/Z.
N7K-X-podP(config-s)#
Step 10 How can you see that you are in a configuration session instead of normal
configuration mode?

Step 11 Create an IP access list named REMOTE-LOGIN-ONLY.


N7K-X-podP(config-s)# ip access-list REMOTE-LOGIN-ONLY
Step 12 Configure an access list line that permits TCP traffic from the networks defined in
the object group MGMT-LANS to any other IP address using the destination ports
defined in the object group VIRTUAL-TERMINAL.
N7K-X-podP(config-s-acl)# permit tcp addrgroup MGMT-LANS any portgroup
VIRTUAL-TERMINAL
Step 13 Exit configuration mode.
N7K-X-podP(config-s-acl)# end
Step 14 Examine the running configuration to see if any access lists are present.
N7K-X-podP# show running-config aclmgr

!Command: show running-config aclmgr


!Time: Fri Feb 18 01:52:01 2011

version 5.1(3)
object-group ip address MGMT-LANS
10 172.16.10.0/24
20 172.16.11.0/24
30 172.16.12.0/24
object-group ip port VIRTUAL-TERMINAL
10 range 22 23
20 eq 513
Step 15 Do you see the access list REMOTE-LOGIN-ONLY? Why or why not?

2011 Cisco Systems, Inc. Lab Guide 75


Step 16 Examine the active configuration sessions in your VDC.
N7K-X-podP# show configuration session

config session MGMT-LANS


0001 ip access-list REMOTE-LOGIN-ONLY
0002 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL

Number of active configuration sessions = 1


Step 17 Enter the configuration session MGMT-ACL again and go back to configuration
mode for access list REMOTE-LOGIN-ONLY.
N7K-X-podP# configure session MGMT-ACL
Config Session started, Session ID is 1
Enter configuration commands, one per line. End with CNTL/Z.
N7K-X-podP(config-s)# ip access-list REMOTE-LOGIN-ONLY
Step 18 Add an access list line that explicitly drops all other IP packets.
N7K-X-podP(config-s-acl)# deny ip any any
Step 19 Apply the access list REMOTE-LOGIN-ONLY as an inbound access list on
interface VLAN 10 on your Cisco Nexus 7000 VDC.
N7K-X-podP(config-s)# interface vlan 10
N7K-X-podP(config-s-if)# ip access-group REMOTE-LOGIN-ONLY in
Step 20 Without leaving the configuration session, examine the configuration session
MGMT-ACL.
N7K-X-podP(config-s-if)# show configuration session MGMT-ACL
config session name MGMT-ACL
0001 ip access-list REMOTE-LOGIN-ONLY
0002 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
0003 ip access-list REMOTE-LOGIN-ONLY
0004 deny ip any any
0005 interface Vlan10
0006 ip access-group REMOTE-LOGIN-ONLY in
Step 21 Verify the configuration session to see if it can be installed in the forwarding
engines on the I/O modules.
N7K-X-podP(config-s-if)# verify
Verification Successful
Step 22 Commit the access list to the configuration.
N7K-X-podP(config-s)# commit
Commit Successful
Step 23 Examine the running configuration again to see if any access lists are present.
N7K-X-podP# show running-config aclmgr

!Command: show running-config aclmgr


!Time: Fri Feb 18 02:06:12 2011

version 5.1(2)
object-group ip address MGMT-LANS
10 172.16.10.0/24
20 172.16.11.0/24
30 172.16.12.0/24
object-group ip port VIRTUAL-TERMINAL
10 range 22 23
20 eq 513
ip access-list REMOTE-LOGIN-ONLY
10 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
20 deny ip any any

interface Vlan10
ip access-group REMOTE-LOGIN-ONLY in

76 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 24 Was the access list entered into the configuration and applied to interface VLAN 10?

Step 25 Connect to your assigned Windows server and ping to the IP address of your Cisco
Nexus 7000 VDC in VLAN 10, which is 172.16.10.7P/24, where P is your pod
number.
C:\Documents and Settings\Administrator> ping 172.16.10.7P

Pinging 172.16.10.7P with 32 bytes of data:

Request timed out.


Request timed out.
Request timed out.
Request timed out.

Ping statistics for 172.16.10.7P:


Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\Administrator>


Step 26 Use telnet or SSH to connect from your Windows server to your Cisco Nexus 7000
Switch on the VLAN 10 IP address 172.16.10.7P, where P is your pod number.
Disconnect after verifying that you can log in to your VDC.
C:\Documents and Settings\Administrator> telnet 172.16.10.7P
User Access Verification
login: admin
Password:
Last login: Fri Feb 18 00:45:04 from 192.168.0.P1
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
N7K-X-podP# exit

Connection to host lost.

C:\Documents and Settings\Administrator>


Step 27 Connect to your assigned Cisco Nexus 7000 VDC.
Step 28 Examine the access list REMOTE-LOGIN-ONLY.
N7K-X-podP# show access-lists REMOTE-LOGIN-ONLY

IP access list REMOTE-LOGIN-ONLY


10 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
20 deny ip any any
Step 29 Do you see any hits on the access list lines?

Step 30 Enable statistics gathering for access list REMOTE-LOGIN-ONLY.


N7K-X-podP# configure
N7K-X-podP(config)# ip access-list REMOTE-LOGIN-ONLY
N7K-X-podP(config-acl)# statistics per-entry

2011 Cisco Systems, Inc. Lab Guide 77


Note By default the Cisco Nexus switches do not collect access list statistics.

Step 31 Connect to your assigned Windows server and repeat the connectivity tests from
Step 25 and Step 26. Then return to your VDC.
Step 32 Examine the access list REMOTE-LOGIN-ONLY again.
N7K-X-podP# show access-lists REMOTE-LOGIN-ONLY

IP access list REMOTE-LOGIN-ONLY


statistics per-entry
10 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
20 deny ip any any [match=19]
Step 33 Do you see hit counts for both access list lines now?

Step 34 Expand the access list to see the hit counts for telnet, SSH, and rlogin.
N7K-X-podP# show access-lists REMOTE-LOGIN-ONLY expanded

IP access list REMOTE-LOGIN-ONLY


statistics per-entry
10 permit tcp 172.16.10.0/24 any range 22 telnet [match=43]
10 permit tcp 172.16.10.0/24 any eq login [match=0]
10 permit tcp 172.16.11.0/24 any range 22 telnet [match=0]
10 permit tcp 172.16.11.0/24 any eq login [match=0]
10 permit tcp 172.16.12.0/24 any range 22 telnet [match=0]
10 permit tcp 172.16.12.0/24 any eq login [match=0]
20 deny ip any any [match=19]
Step 35 Remove the access list REMOTE-LOGIN-ONLY from interface VLAN 10.
N7K-X-podP(config)# int vlan 10
N7K-X-podP(config-if)# no ip access-group REMOTE-LOGIN-ONLY in

Activity Verification
You have completed this task when you attain these results:
You have assigned your Windows server to VLAN 10 and assigned an IP address to it.
You have verified connectivity from your Windows server to your Cisco Nexus 7000 VDC
in VLAN 10.
You have configured an access list and applied it to the VLAN 10 interface on your Cisco
Nexus 7000 VDC, using the session manager feature.
You have verified the operation of the access list and enabled statistics gathering for it.
You have removed the access list from interface VLAN 10 on your VDC.

Task 2: Configuring Port Security


During this task, you will configure the port security feature on the Cisco Nexus 7000 VDC in
your pod.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 Switch.
Step 2 Configure interface Ethernet 10P/1/2, where P is your pod number, on your assigned
Cisco Nexus 2000 Fabric Extender as an access port in VLAN 11.
N7K-X-podP(config)# interface ethernet 10P/1/2

78 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
N7K-X-podP(config-if)# switchport access vlan 11
Step 3 Connect to your assigned Windows server and configure IP address
172.16.11.1P1/24, where P is your pod number, on the network adapter that
connects to your Cisco Nexus 2000 FEX.
Step 4 From your Windows server, ping to the IP address of your Cisco Nexus 7000 VDC
in VLAN 11, which is 172.16.11.7P/24, where P is your pod number.
C:\Documents and Settings\Administrator> ping 172.16.11.7P

Pinging 172.16.11.7P with 32 bytes of data:

Reply from 172.16.11.7P: bytes=32 time=1ms TTL=255


Reply from 172.16.11.7P: bytes=32 time<1ms TTL=255
Reply from 172.16.11.7P: bytes=32 time<1ms TTL=255
Reply from 172.16.11.7P: bytes=32 time<1ms TTL=255

Ping statistics for 172.16.11.7P:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
Step 5 Enable the port security feature.
N7K-X-podP(config)# feature port-security
Step 6 Configure port security on interface Ethernet 10P/1/2, where P is your pod number.
N7K-X-podP(config)# interface ethernet 10P/1/2
N7K-X-podP(config-if)# switchport port-security
Step 7 Examine the default port security parameters.
N7K-X-podP# show running-config port-security all

!Command: show running-config port-security all


!Time: Fri Feb 18 18:49:31 2011

version 5.1(3)
feature port-security

logging level port-security 5

interface Ethernet10P/1/2
switchport port-security
switchport port-security aging type absolute
switchport port-security aging time 0
switchport port-security maximum 1
switchport port-security violation shutdown
no switchport port-security mac-address sticky
Step 8 Which action will the switch take when a security violation occurs? How many
concurrent MAC addresses are allowed on the port?

Step 9 Repeat the connectivity test from Step 4.


C:\Documents and Settings\Administrator> ping 172.16.11.7P

Pinging 172.16.11.7P with 32 bytes of data:

Request timed out.


Reply from 172.16.11.7P: bytes=32 time=1ms TTL=255
Reply from 172.16.11.7P: bytes=32 time<1ms TTL=255
Reply from 172.16.11.7P: bytes=32 time<1ms TTL=255

Ping statistics for 172.16.11.7P:


Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:

2011 Cisco Systems, Inc. Lab Guide 79


Minimum = 0ms, Maximum = 1ms, Average = 0ms
Step 10 Examine the secure MAC addresses that were learned.
N7K-X-podP# show port-security address

Total Secured Mac Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 8192

----------------------------------------------------------------------
Secure Mac Address Table
----------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ------ ----- -------------
11 001B.2185.F266 DYNAMIC Ethernet10P/1/2 0
======================================================================
Step 11 Shut down interface Ethernet 10P/1/2 (where P is your pod number), configure
0000.0c12.3456 as the static secure MAC address for the interface, and re-enable the
interface.
N7K-X-podP(config)# interface ethernet 10P/1/2
N7K-X-podP(config-if)# shutdown
N7K-X-podP(config-if)# switchport port-security mac-address 0000.0c12.3456
N7K-X-podP(config-if)# no shutdown
N7K-X-podP(config-if)# 2011 Feb 18 06:47:23 N7K-X-podP %$ VDC-2 %$ %ETHPORT-2-
IF_DOWN_ERROR_DISABLED: Interface Ethernet10P/1/2 is down (Error disabled.
Reason:Security violation)
Step 12 Examine the secure MAC address table again.
N7K-X-podP# show port-security address

Total Secured Mac Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 8192

----------------------------------------------------------------------
Secure Mac Address Table
----------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ------ ----- -------------
11 0000.0C12.3456 STATIC Ethernet10P/1/2 0
======================================================================
Step 13 Repeat the connectivity test from Step 4.
C:\Documents and Settings\Administrator> ping 172.16.11.7P

Pinging 172.16.11.7P with 32 bytes of data:

Request timed out.


Request timed out.
Request timed out.
Request timed out.

Ping statistics for 172.16.11.7P:


Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Step 14 Display the brief interface information for interface Ethernet 10P/1/2, where P is
your pod number.
N7K-X-podP# show interface ethernet 10P/1/2 brief

------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
------------------------------------------------------------------------------
Eth10P/1/2 11 eth access down Sec-violation errDisable auto(D) --
Step 15 What is the state of the interface?

80 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 16 Examine the last line in the system log.
N7K-X-podP# show logging last 1
2011 Feb 18 19:03:20 N7K-X-podP %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface
Ethernet10P/1/2 is down (Error disabled. Reason:Security violation)
Step 17 Remove the statically configured secure MAC address from interface Ethernet
10P/1/2, where P equals your pod number.
N7K-X-podP(config)# interface ethernet 10P/1/2
N7K-X-podP(config-if)# no switchport port-security mac-address 0000.0c12.3456
Step 18 Examine the interface state again.
N7K-X-podP# show interface ethernet 10P/1/2 brief

------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
------------------------------------------------------------------------------
Eth10P/1/2 11 eth access down Sec-violation errDisable auto(D) --
Step 19 Has the interface become active again?

Step 20 Reactivate the interface by disabling and re-enabling it.


N7K-X-podP(config)# interface ethernet 10P/1/2
N7K-X-podP(config-if)# shutdown
N7K-X-podP(config-if)# no shutdown
Step 21 Repeat the connectivity test from Step 4 to confirm that the connection is working
again.
C:\Documents and Settings\Administrator> ping 172.16.11.7P

Pinging 172.16.11.7P with 32 bytes of data:

Reply from 172.16.11.7P: bytes=32 time<1ms TTL=255


Reply from 172.16.11.7P: bytes=32 time<1ms TTL=255
Reply from 172.16.11.7P: bytes=32 time<1ms TTL=255
Reply from 172.16.11.7P: bytes=32 time<1ms TTL=255

Ping statistics for 172.16.11.7P:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Step 22 Do not continue to the next task until you have restored connectivity from your
server to your Cisco Nexus 7000 VDC on VLAN 11. Troubleshoot as necessary.

Activity Verification
You have completed this task when you attain these results:
You have assigned your Windows server to VLAN 11 and assigned an IP address to it.
You have verified connectivity from your Windows server to your Cisco Nexus 7000 VDC
in VLAN 11.
You have configured port security on your Cisco Nexus 7000 VDC for the port on the
Cisco Nexus 2000 FEX that connects to your Windows server.
You have verified the operation of port security.
You have verified that connectivity on VLAN 11 is restored at the end of the lab.

2011 Cisco Systems, Inc. Lab Guide 81


Task 3: Configuring Traffic Storm Control
During this task, you will configure the storm control feature on the Cisco Nexus 7000 VDC in
your pod and verify its operation.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 Switch.
Step 2 On the trunks that connect your Cisco Nexus 7000 Switch to your Cisco Nexus 5000
Switch and the Cisco Nexus 5000 Switch in your peer pod, configure traffic storm
control. Set the threshold for broadcasts to 30 percent, for multicast to 40 percent,
and for unicast to 50 percent.
N7K-X-podP(config)# interface ethernet 1/A, ethernet 1/B
N7K-X-podP(config-if-range)# storm-control broadcast level 30
N7K-X-podP(config-if-range)# storm-control multicast level 40
N7K-X-podP(config-if-range)# storm-control unicast level 50
Step 3 Examine traffic storm control operation on the configured interfaces.
N7K-X-podP# show interface e 1/A, e 1/B counters storm-control

------------------------------------------------------------------------------
--
Port UcastSupp % McastSupp % BcastSupp % TotalSuppDiscards
------------------------------------------------------------------------------
--
Eth1/A 50.00 50.00 50.00 0
Eth1/B 50.00 50.00 50.00 0
Step 4 Examine the running configuration for the interfaces that connect to the Cisco Nexus
5000 Switches.
N7K-X-podP# show running-config interface ethernet 1/A, ethernet 1/B

!Command: show running-config interface Ethernet1/A, Ethernet1/B


!Time: Fri Feb 18 12:46:07 2011

version 5.1(3)

interface Ethernet1/A
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 50
storm-control multicast level 50
storm-control unicast level 50
no shutdown

interface Ethernet1/B
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 50
storm-control multicast level 50
storm-control unicast level 50
no shutdown
Step 5 Does the configuration reflect the commands that you typed?

Step 6 Change the storm-control level for multicast to 40 percent and examine the
configuration on the interfaces again.
N7K-X-podP(config)# interface ethernet 1/A, ethernet 1/B

82 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
N7K-X-podP(config-if-range)# storm-control multicast level 40
N7K-X-podP(config-if-range)# show running-config interface ethernet 1/A,
ethernet 1/B

!Command: show running-config interface Ethernet1/A, Ethernet1/B


!Time: Fri Feb 18 12:51:12 2011

version 5.1(3)

interface Ethernet1/A
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
no shutdown

interface Ethernet1/B
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
no shutdown

Note Effectively there is only a single threshold for traffic storm control, which can be applied to
any combination of unicast, multicast, and broadcast traffic. The traffic types are not
controlled individually.

Step 7 Save the configurations on your Cisco Nexus 7000 VDC and Cisco Nexus 5000
Switch.

Activity Verification
You have completed this task when you attain these results:
You have configured traffic storm control on your Cisco Nexus 7000 VDC.

2011 Cisco Systems, Inc. Lab Guide 83


Lab 3-2: Configuring OTV
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure OTV between your Cisco Nexus 7000 VDC and your peer
Cisco Nexus 7000 VDC. After completing this activity, you will be able to meet these
objectives:
Configure a Cisco Nexus 7000 Switch to support OTV and verify the configuration

Visual Objective
The figure illustrates what you will accomplish in this activity.

Lab 3-2: Configuring OTV

N7010-C1 N7010-C2

Nexus 5010 Nexus 5010

2011 Cisco Systems, Inc. All rights reserved. DCUFI v4.0LG-7

Required Resources
These are the resources and equipment that are required to complete this activity:
Two Cisco Nexus 7000 VDCs
Two Cisco Nexus 5000 Switches
Two Windows 2003 servers

84 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this activity.

Command Description

feature interface-vlan Enables the interface-vlan feature, which allows SVIs to be


created.

show license usage Displays the license usage in a VDC.

feature otv Enables the OTV feature.

otv site-vlan <vlan> Defines the OTV site VLAN.

ip igmp version <version> Configures the IGMP version.

interface overlay <nr> Creates an OTV overlay.

otv join-interface <intf> Defines the OTV join interface for an overlay.

otv control-group Defines the OTV control multicast group for an overlay.
<multicast-group>
otv data-group <multicast- Defines the range of multicast groups to be used for
group-range> multicast forwarding on an overlay.

otv extend-vlan <vlan- Defines the range of VLANs that are extended across an
range> overlay.

show otv overlay <nr> Displays basic parameters and status information for an
OTV overlay.

show otv adjacency Displays the list of OTV adjacencies on a VDC.

show otv route Displays the OTV mac routing table.

show otv arp-nd-cache Displays the content of the OTV ARP and neighbor
discovery (ND) cache.

show spanning-tree vlan Displays the spanning-tree state for a VLAN.


<vlan>

Job Aids
These job aids are available to help you complete the lab activity.
Lab topology diagram
Lab connections
Lab IP address plan

2011 Cisco Systems, Inc. Lab Guide 85


Task 1: Configuring Basic OTV
During this task, you will configure OTV on the Cisco Nexus 7000 VDC in your pod.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 First remove the routing protocol feature configuration from the previous lab.
N7K-X-podP(config)# no feature rip
N7K-X-podP(config)# no feature ospf
N7K-X-podP(config)# no feature eigrp
Step 3 Remove the interface VLAN feature configuration from the previous lab.
N7K-X-podP(config)# no feature interface-vlan

Note Currently, OTV and SVI cannot coexist in the same VDC. You must disable the interface
VLAN feature for OTV to function properly.

Step 4 Remove the port channel interface 7 that you created in the previous lab from your
Cisco Nexus 7000 VDC.
N7K-X-podP(config)# no interface port-channel 7

Step 5 Shut down the interface on your Cisco Nexus 7000 VDC that leads to your peer pod
Cisco Nexus 5000 Switch. Use the table below to find the correct interface.

Device Pod 1 and 2

N7K-Odd-podP Ethernet 1/B

N7K-Even-podP Ethernet 1/A

N7K-X-podP(config)# interface ethernet 1/A or B


N7K-X-podP(config-if)# shutdown
Step 6 Connect to your assigned Cisco Nexus 5000 Switch.
Step 7 Configure an SVI on your Cisco Nexus 5000 Switch for VLAN 10. Assign IP
address 172.16.10.5P/24 to it where P is your pod number.
N5K-P(config)# feature interface-vlan
N5K-P(config)# interface vlan 10
N5K-P(config-if)# ip address 172.16.10.5P/24
N5K-P(config-if)# no shutdown
Step 8 Ping the IP address of your peer pod 172.16.10.5Q, where Q is your peer pod
number, to confirm IP connectivity between the two pods.
N5K-P# ping 172.16.10.5Q
PING 172.16.10.5Q (172.16.10.5Q): 56 data bytes
Request 0 timed out
64 bytes from 172.16.10.5Q: icmp_seq=1 ttl=254 time=1.186 ms
64 bytes from 172.16.10.5Q: icmp_seq=2 ttl=254 time=0.84 ms
64 bytes from 172.16.10.5Q: icmp_seq=3 ttl=254 time=0.752 ms
64 bytes from 172.16.10.5Q: icmp_seq=4 ttl=254 time=0.714 ms

--- 172.16.10.5Q ping statistics ---


5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 0.714/0.872/1.186 ms

86 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 9 Do not proceed to the next step until you succeed in pinging the peer pod Cisco
Nexus 5000 Switch VLAN 10 IP address. Troubleshoot together with your peer pod
as necessary.
Step 10 Connect to your assigned Cisco Nexus 7000 VDC.
Step 11 Change the interface on your Cisco Nexus 7000 VDC that connects to your peer
Cisco Nexus 7000 VDC to a routed port. Use the Lab Connections job aid to
determine the correct interface.
N7K-X-podP(config)# interface ethernet 1/E
N7K-X-podP(config-if)# no switchport
Step 12 Configure IP address 10.7.7.P/24, where P is your pod number, on the routed
interface that connects to your peer Cisco Nexus 7000 VDC.
N7K-X-podP(config-if)# ip address 10.7.7.P/24
Step 13 Ping the IP address of your peer pod 10.7.7.Q, where Q is your peer pod number, to
confirm IP connectivity between the VDCs.
N7K-X-podP# ping 10.7.7.Q
PING 10.7.7.Q (10.7.7.Q): 56 data bytes
64 bytes from 10.7.7.Q: icmp_seq=0 ttl=254 time=1.18 ms
64 bytes from 10.7.7.Q: icmp_seq=1 ttl=254 time=0.697 ms
64 bytes from 10.7.7.Q: icmp_seq=2 ttl=254 time=0.846 ms
64 bytes from 10.7.7.Q: icmp_seq=3 ttl=254 time=0.849 ms
64 bytes from 10.7.7.Q: icmp_seq=4 ttl=254 time=0.725 ms

--- 10.7.7.Q ping statistics ---


5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.697/0.859/1.18 ms

Note This interface will be used as the OTV join interface. Do not proceed to the next step until
you have verified IP connectivity between the VDCs for this link.

Step 14 Switch to your Cisco Nexus 5000 Switch.


Step 15 Verify that you can no longer ping from your Cisco Nexus 5000 Switch to your peer
pod Cisco Nexus 5000 Switch on VLAN 10.
N5K-P# ping 172.16.10.5Q
PING 172.16.10.5Q (172.16.10.5Q): 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out

--- 172.16.10.5Q ping statistics ---


5 packets transmitted, 0 packets received, 100.00% packet loss
Step 16 Why can you not ping between the Cisco Nexus 5000 Switches anymore?

Note Verify that you have shut down the trunk from your Cisco Nexus 7000 VDC to your peer pod
Cisco Nexus 5000 Switch if you can still ping to the peer Cisco Nexus 5000 Switch. You
should not be able to ping between the Cisco Nexus 5000 Switches in your pod and peer
pod until OTV has been configured to extend VLAN 10 between the pods.

2011 Cisco Systems, Inc. Lab Guide 87


Step 17 Switch back to your Cisco Nexus 7000 VDC.
Step 18 Examine the license usage on your Cisco Nexus 7000 VDC.
N7K-X-podP# show license usage
Feature Ins Lic Status Expiry Date Comments
Count
------------------------------------------------------------------------------
ENHANCED_LAYER2_PKG No - Unused -
SCALABLE_SERVICES_PKG No - Unused -
TRANSPORT_SERVICES_PKG Yes - Unused Never -
LAN_ADVANCED_SERVICES_PKG Yes - Unused Never -
LAN_ENTERPRISE_SERVICES_PKG Yes - Unused Never -
------------------------------------------------------------------------------
Step 19 Enable the OTV feature.
N7K-X-podP(config)# feature otv
Step 20 Examine the license usage again.
N7K-X-podP# show license usage
Feature Ins Lic Status Expiry Date Comments
Count
------------------------------------------------------------------------------
--
ENHANCED_LAYER2_PKG No - Unused -
SCALABLE_SERVICES_PKG No - Unused -
TRANSPORT_SERVICES_PKG Yes - In use Never -
LAN_ADVANCED_SERVICES_PKG Yes - Unused Never -
LAN_ENTERPRISE_SERVICES_PKG Yes - Unused Never -
------------------------------------------------------------------------------
--
Step 21 Which license does the OTV feature require?

Step 22 Configure VLAN 13 as the OTV site VLAN.


N7K-X-podP(config)# otv site-vlan 13
N7K-X-podP(config-site-vlan)#
Step 23 Configure the OTV join interface to use IGMP version 3.
N7K-X-podP(config)# interface e 1/E
N7K-X-podP(config-if)# ip igmp version 3
Step 24 Increase the MTU on this interface to the maximum of 9216 bytes.
N7K-X-podP(config-if)# mtu 9216
Step 25 Create an OTV overlay interface 1. Configure it to use the interface that connects
your Cisco Nexus 7000 VDC to your peer pod VDC as the join interface.
N7K-X-podP(config)# interface overlay 1
N7K-X-podP(config-if-overlay)# otv join-interface ethernet 1/E
OTV needs join interfaces to be configured for IGMP version 3

Note A warning about using IGMPv3 on the join interface is displayed, regardless of the actual
configuration of the join interface.

Step 26 Configure multicast group 239.7.7.7 as the OTV control multicast group.
N7K-X-podP(config-if-overlay)# otv control-group 239.7.7.7
Step 27 Configure the multicast range 232.7.7.0/24 as the SSM group range for OTV
multicast data.
N7K-X-podP(config-if-overlay)# otv data-group 232.7.7.0/24
Step 28 Extend VLANs 1012 across the overlay.

88 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
N7K-X-podP(config-if-overlay)# otv extend-vlan 10-12
Step 29 Examine the overlay interface.
N7K-X-podP# show otv overlay 1

OTV Overlay Information

Overlay interface Overlay1

VPN name : Overlay1


VPN state : DOWN (admin down)
Extended vlans : 10-12 (Total:3)
Control group : 239.7.7.7
Data group range(s) : 232.7.7.0/24
Join interface(s) : Eth1/E (10.7.7.P)
Site vlan : 13 (up)
Step 30 Enable the overlay interface.
N7K-X-podP(config)# interface overlay 1
N7K-X-podP(config-if-overlay)# no shutdown
Step 31 Examine the overlay interface again.
N7K-X-podP# show otv overlay 1

OTV Overlay Information

Overlay interface Overlay1

VPN name : Overlay1


VPN state : UP
Extended vlans : 10-12 (Total:3)
Control group : 239.7.7.7
Data group range(s) : 232.7.7.0/24
Join interface(s) : Eth1/E (10.7.7.P)
Site vlan : 13 (up)
Step 32 Verify that your VDC has established an OTV adjacency with the VDC in your peer
pod.
N7K-X-podP# show otv adjacency
Overlay Adjacency database

Overlay-Interface Overlay1 :
Hostname System-ID Dest Addr Up Time
State
N7K-Y-podQ 0026.9804.a944 10.7.7.Q 00:01:30 UP
Step 33 Examine the OTV MAC routing table to see if any MAC addresses were learned.
N7K-X-podP# show otv route
Step 34 Do you see any MAC addresses in the OTV MAC routing table? Why or why not?

Step 35 Switch to your Cisco Nexus 5000 Switch.


Step 36 Ping the IP address of your peer pod 172.16.10.5Q from your Cisco Nexus 5000
Switch, where Q is your peer pod number.
N5K-P# ping 172.16.10.5Q
PING 172.16.10.5Q (172.16.10.5Q): 56 data bytes
Request 0 timed out
Request 1 timed out
64 bytes from 172.16.10.5Q: icmp_seq=2 ttl=254 time=1.189 ms
64 bytes from 172.16.10.5Q: icmp_seq=3 ttl=254 time=0.859 ms
64 bytes from 172.16.10.5Q: icmp_seq=4 ttl=254 time=0.8 ms

--- 172.16.10.5Q ping statistics ---


5 packets transmitted, 3 packets received, 40.00% packet loss

2011 Cisco Systems, Inc. Lab Guide 89


round-trip min/avg/max = 0.8/0.949/1.189 ms
Step 37 Switch back to your Cisco Nexus 7000 VDC.
Step 38 Examine the OTV MAC routing table again.
N7K-X-podP# show otv route

OTV Unicast MAC Routing Table For Overlay1

VLAN MAC-Address Metric Uptime Owner Next-hop(s)


---- -------------- ------ -------- --------- -----------
10 0005.9b1f.7c7c 42 00:00:45 overlay N7K-Y-podQ
10 0005.9b1f.89fc 1 00:00:46 site Ethernet1/A or B
Step 39 Examine the OTV ARP cache.
N7K-X-podP# show otv arp-nd-cache
OTV ARP/ND L3->L2 Address Mapping Cache

Overlay Interface Overlay1


VLAN MAC Address Layer-3 Address Age Expires In
10 0005.9b1f.7c7c 172.16.10.5Q 00:04:37 00:03:22
Step 40 Examine the spanning-tree topology for VLAN 10.
N7K-X-podP# show spanning-tree vlan 10

MST0002
Spanning tree enabled protocol mstp
Root ID Priority 8194
Address a8b1.d455.6fc4
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8194 (priority 8192 sys-id-ext 2)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A or B Desg FWD 2000 128.137 Network P2p
Step 41 Which bridge is the root of the spanning tree for VLAN 10?

Step 42 Ask your lab partners in the peer pod which bridge is listed as the root of the
spanning tree on their VDC. Is it the same? If not, can you explain why?

Step 43 Save the configurations on your Cisco Nexus 7000 VDC and Cisco Nexus 5000
Switch.

Activity Verification
You have completed this task when you attain these results:
You have removed the unnecessary configurations from the previous lab.
You have successfully established an OTV adjacency between your Cisco Nexus 7000
VDC and your peer pod VDC.
You have successfully extended VLAN 10 across the OTV overlay.
You have examined OTV and spanning-tree operation.

90 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 3-3: Configuring QoS
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure the Cisco Nexus 7000 Switch QoS features to support the lab
requirements. After completing this activity, you will be able to meet these objectives:
Log on to a Windows host and generate some traffic against which the QoS configuration
can be tested
Configure type QoS class maps and verify the configuration
Configure type QoS policy maps and verify the configuration
Configure type QoS service policies and verify that the configuration has been applied to
the correct traffic stream and is performing as expected

Visual Objective
The figure illustrates what you will accomplish in this activity.

Lab 3-3: Configuring QoS

N7010-C1 N7010-C2

Nexus 5010 Nexus 5010

Cisco UCS
C-series

2011 Cisco Systems, Inc. All rights reserved. DCUFI v4.0LG-8

Required Resources
These are the resources and equipment that are required to complete this activity:
Two Cisco Nexus 7000 VDCs
Two Cisco Nexus 5000 Switches
Two Windows 2003 servers

2011 Cisco Systems, Inc. Lab Guide 91


Command List
The table describes the commands that are used in this activity.

Command Description

ip access-list <name> Defines an IP access list.

statistics per-entry Enables the gathering of statistics for an access list.

class-map type qos <name> Creates a class-map of type QoS.

match access-group name Matches packets that are permitted by an access list.
<name>
show class-map type qos Displays the class maps of type QoS.

match cos <cos> Matches packets with a specific CoS value.

show class-map <name> Displays all class maps on the switch.

show running-config ipqos Shows the elements of the running configuration that are
related to QoS.

policy-map type qos <name> Creates a policy-map of type QoS.

class type qos <name> Enters class configuration mode for a class within the
policy map.

set qos-group <nr> Sets the internal QoS group marker.

show policy-map type qos Displays all policy-maps of type QoS on the switch.

class-map type network-qos Creates a class map of type network-qos.


<name>
match qos-group <nr> Matches packets with a specific QoS group value.

policy-map type network- Creates a policy-map of type network-qos.


qos <name>
class type network-qos Enters class configuration mode for a class within the
<name> policy-map

set cos <cos> Sets the CoS value.

show policy-map type Displays all policy-maps of type network-qos on the switch.
network-qos
set dscp <dscp> Sets the DSCP value.

system qos Enters system QoS configuration.

service-policy type qos Associates an ingress policy-map of type QoS with an


input <name> interface.

service-policy type Associates a policy-map of type network QoS with the


network-qos <name> system QoS target.

show policy-map system Displays the policy-maps that are associated with the
system QoS target.

show policy-map interface Displays the policy-map of type QoS that is associated with
<intf> type qos an interface, including packet statistics for that interface.

92 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Job Aids
These job aids are available to help you complete the lab activity.
Lab topology diagram
Lab connections
Lab IP address plan

2011 Cisco Systems, Inc. Lab Guide 93


Task 1: Generate Traffic
During this task, you will generate network traffic of various types from the Windows server in
your pod.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Windows server.
Step 2 Open a command prompt and verify that the iperf utility is present on the server by
typing iperf -h. This should present you with the help text for the iperf utility.
C:\Documents and Settings\Administrator> iperf -h
Usage: iperf [-s|-c host] [options]
iperf [-h|--help] [-v|--version]

Client/Server:
-f, --format [kmKM] format to report: Kbits, Mbits, KBytes, MBytes
-i, --interval # seconds between periodic bandwidth reports
-l, --len #[KM] length of buffer to read or write (default 8 KB)
-m, --print_mss print TCP maximum segment size (MTU - TCP/IP
header)
-o, --output <filename> output the report or error message to this
specifie
d file
-p, --port # server port to listen on/connect to
-u, --udp use UDP rather than TCP
-w, --window #[KM] TCP window size (socket buffer size)
-B, --bind <host> bind to <host>, an interface or multicast address
-C, --compatibility for use with older versions does not sent extra
msgs
-M, --mss # set TCP maximum segment size (MTU - 40 bytes)
-N, --nodelay set TCP no delay, disabling Nagle's Algorithm
-V, --IPv6Version Set the domain to IPv6

Server specific:
-s, --server run in server mode
-D, --daemon run the server as a daemon
-R, --remove remove service in win32

Client specific:
-b, --bandwidth #[KM] for UDP, bandwidth to send at in bits/sec
(default 1 Mbit/sec, implies -u)
-c, --client <host> run in client mode, connecting to <host>
-d, --dualtest Do a bidirectional test simultaneously
-n, --num #[KM] number of bytes to transmit (instead of -t)
-r, --tradeoff Do a bidirectional test individually
-t, --time # time in seconds to transmit for (default 10 secs)
-F, --fileinput <name> input the data to be transmitted from a file
-I, --stdin input the data to be transmitted from stdin
-L, --listenport # port to recieve bidirectional tests back on
-P, --parallel # number of parallel client threads to run
-T, --ttl # time-to-live, for multicast (default 1)

Miscellaneous:
-h, --help print this message and quit
-v, --version print version information and quit

[KM] Indicates options that support a K or M suffix for kilo- or mega-

The TCP window size option can be set by the environment variable
TCP_WINDOW_SIZE. Most other options can be set by an environment variable
IPERF_<long option name>, such as IPERF_BANDWIDTH.

Report bugs to <dast@nlanr.net>

94 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Note If the iperf utility is not present on the server, ask the instructor for assistance.

Step 3 Start an iperf server on your system in daemon mode. Use the iSCSI TCP port 3260
as the port and set the TCP window size to 64 kB.
C:\Documents and Settings\Administrator> iperf -s -D -p 3260 w 64k
------------------------------------------------------------
Server listening on TCP port 3260
TCP window size: 64.0 KByte
------------------------------------------------------------
IPerf Service started.
Step 4 Check with your peer pod if they have started the iperf daemon on their server.
Step 5 Use the iperf client to connect to the iperf service on your peer pod Windows server
on VLAN 10. The IP address of your peer pod is 172.16.10.1Q1, where Q is your
peer pod number. Set the TCP window size to 64 kB and use TCP port 3260 as the
destination port.
C:\Documents and Settings\Administrator> iperf -c 172.16.10.1Q1 -w 64k -p 3260
------------------------------------------------------------
Client connecting to 172.16.10.1Q1, TCP port 3260
TCP window size: 64.0 KByte
------------------------------------------------------------
[1884] local 172.16.10.1P1 port 1337 connected with 172.16.10.1Q1 port 3260
[ ID] Interval Transfer Bandwidth
[1884] 0.0-10.0 sec 1.37 GBytes 1.18 Gbits/sec
Step 6 What is the transfer speed that you achieved?

Step 7 Connect to your peer pod Cisco Nexus 5000 Switch using SSH or Telnet on VLAN
10. The IP address of your peer pod Cisco Nexus 5000 Switch is 172.16.10.5Q,
where Q is your peer pod number.
C:\Documents and Settings\Administrator> telnet 172.16.10.5Q
Nexus 5000 Switch
login: admin
Password:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
N5K-2# exit

Connection to host lost.

C:\Documents and Settings\Administrator>


Step 8 Do not continue to the next task until you have verified that you can transfer data on
TCP port 3260 to your peer pod server and that you can use Telnet or SSH to
connect to your peer pod Cisco Nexus 5000 Switch. Troubleshoot as necessary.

Activity Verification
You have completed this task when you attain these results:

2011 Cisco Systems, Inc. Lab Guide 95


You can transfer data between your Windows server and your peer pod Windows server
using the iperf utility.
You can connect to your peer pod Cisco Nexus 5000 Switch using Telnet or SSH.

Task 2: Configure Class Maps


During this task, you will configure class maps of type QoS on your Cisco Nexus 5000 Switch
and Cisco Nexus 7000 VDC.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 5000 Switch.
Step 2 Configure an access list named ISCSI-TRAFFIC that matches TCP port 3260 for
either the source or the destination port. Enable statistics gathering for the access
list.
N5K-P(config)# ip access-list ISCSI-TRAFFIC
N5K-P(config-acl)# permit tcp any any eq 3260
N5K-P(config-acl)# permit tcp any eq 3260 any
N5K-P(config-acl)# statistics per-entry
Step 3 Configure an access list named MGMT-TRAFFIC that matches TCP ports 22 and
23 for either the source or the destination port. Enable statistics gathering for the
access list.
N5K-P(config)# ip access-list MGMT-TRAFFIC
N5K-P(config-acl)# permit tcp any any eq 22
N5K-P(config-acl)# permit tcp any eq 22 any
N5K-P(config-acl)# permit tcp any any eq 23
N5K-P(config-acl)# permit tcp any eq 23 any
N5K-P(config-acl)# statistics per-entry
Step 4 Create a class map of type QoS named STORAGE
N5K-P(config)# class-map type qos STORAGE
N5K-P(config-cmap-qos)#
Step 5 Configure this class map to match all traffic that is permitted by access list ISCSI-
TRAFFIC.
N5K-1(config-cmap-qos)# match access-group name ISCSI-TRAFFIC
Step 6 Configure a second class map of type QoS named NET-MGMT that matches access
list MGMT-TRAFFIC.
N5K-P(config)# class-map type qos NET-MGMT
N5K-P(config-cmap-qos)# match access-group name MGMT-TRAFFIC

Note The classes that are defined in this task will be used in the next task to define a QoS
marking policy.

96 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 7 Examine the class maps of type QoS that exist on the switch.
N5K-P# show class-map type qos

Type qos class-maps


===================

class-map type qos match-all STORAGE


match access-group name ISCSI-TRAFFIC

class-map type qos match-all NET-MGMT


match access-group name MGMT-TRAFFIC

class-map type qos match-any class-fcoe


match cos 3

class-map type qos match-any class-default


match any

class-map type qos match-any class-all-flood


match all flood

class-map type qos match-any class-ip-multicast


match ip multicast
Step 8 Are there any class maps present in addition to the class maps that you created? Can
you guess what their function is?

Step 9 Connect to your assigned Cisco Nexus 7000 VDC.


Step 10 Create a class map of type QoS named STORAGE.
N7K-X-podP(config)# class-map type qos STORAGE
N7K-X-podP(config-cmap-qos)#
Step 11 Configure this class map to match packets with CoS value 4.
N7K-X-podP(config-cmap-qos)# match cos 4

Note A common QoS principle is to classify and mark packets as close to the edge of the network
as possible. In this exercise, the Cisco Nexus 7000 VDC does not need to use an access list
to classify the packets, because the Cisco Nexus 5000 Switch will mark them with a specific
CoS value for each class.

Step 12 Examine your QoS class map.


N7K-X-podP# show class-map STORAGE

Type qos class-maps


====================

class-map type qos match-all STORAGE


match cos 4
Step 13 Configure a second class map named NET-MGMT, which matches packets with
CoS value 2.
N7K-X-podP(config)# class-map type qos NET-MGMT
N7K-X-podP(config-cmap-qos)# match cos 2

2011 Cisco Systems, Inc. Lab Guide 97


Step 14 Examine the QoS elements of the running configuration to verify that your class
maps have been configured correctly.
N7K-X-podP# show running-config ipqos

!Command: show running-config ipqos


!Time: Sat Feb 19 18:11:41 2011

version 5.1(3)
class-map type qos match-all STORAGE
match cos 4
class-map type qos match-all NET-MGMT
match cos 2

Activity Verification
You have completed this task when you attain these results:
You have defined a class-map for storage traffic and for network management traffic based
on access-lists on your Cisco Nexus 5000 Switch.
You have defined a class-map for storage traffic and for network management traffic based
on packet markings on your Cisco Nexus 7000 VDC.

Task 3: Configure Policy Maps


During this task, you will configure policy-maps of type QoS on your Cisco Nexus 5000
Switch and Cisco Nexus 7000 VDC.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 5000 Switch.

Note The objective of this task is to set the Layer 2 CoS and DSCP marking in the packets for the
traffic classes defined in the previous task. This allows other QoS policies to act on the
markings without a need to classify the packets using access lists.

Step 2 Create a policy map of type QoS named CLASSIFICATION and associate the class
map STORAGE with it.
N5K-P(config)# policy-map type qos CLASSIFICATION
N5K-P(config-pmap-qos)# class type qos STORAGE
N5K-P(config-pmap-c-qos)#
Step 3 Examine the available commands in the configuration submode for the class.
N5K-P(config-pmap-c-qos)# ?
no Negate a command or set its defaults
set Set attribute
end Go to exec mode
exit Exit from command interpreter
pop Pop mode from stack or restore from name
push Push current mode to stack or save it under name
where Shows the cli context you are in

N5K-P(config-pmap-c-qos)# set ?
dscp DSCP in IP(v4) and IPv6 packets
precedence Precedence in IP(v4) and IPv6 packets
qos-group Qos-group

N5K-P(config-pmap-c-qos)# set qos-group ?


<1-5> Qos-group value

98 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 4 Can you set the CoS marking in this policy-map?

Note The Cisco Nexus 5000 Switch does not allow the CoS value to be set directly, but
implements this through a two-step mechanism. First an internal marker, the QoS group, is
set. Subsequently, the internal QoS group marker can be used to set the CoS value.

Step 5 Set the QoS group value for this traffic class to 4.
N5K-P(config-pmap-c-qos)# set qos-group 4
Step 6 Associate the class map NET-MGMT with the policy map and set the QoS group
value to 2.
N5K-P(config-pmap-qos)# class type qos NET-MGMT
N5K-P(config-pmap-c-qos)# set qos-group 2
N5K-P(config-pmap-c-qos)# class type qos class-fcoe
N5K-P(config-pmap-c-qos)# set qos-group 1

Step 7 Examine the policy maps of type QoS that exist on the switch.
N5K-P# show policy-map type qos

Type qos policy-maps


====================

policy-map type qos CLASSIFICATION


class type qos STORAGE
set qos-group 4
class type qos NET-MGMT
set qos-group 2
class type qos class-fcoe
set qos-group 1
class type qos class-default
set qos-group 0
policy-map type qos default-in-policy
class type qos class-default
set qos-group 0
policy-map type qos default-in-policy
class type qos class-fcoe
set qos-group 1
class type qos class-default
set qos-group 0
Step 8 Are there any predefined policy maps and classes present? What is their function?

Step 9 Create a class map of type network-qos named STORAGE and examine the
configuration options in this class map.
N5K-P(config)# class-map type network-qos STORAGE
N5K-P(config-cmap-nq)# ?
description Class-Map description
match Classification criteria
no Negate a command or set its defaults
end Go to exec mode
exit Exit from command interpreter
pop Pop mode from stack or restore from name
push Push current mode to stack or save it under name
where Shows the cli context you are in

N5K-P(config-cmap-nq)# match ?
qos-group QoS-group

2011 Cisco Systems, Inc. Lab Guide 99


N5K-P(config-cmap-nq)# match qos-group ?
<1-5> QoS-group value

Note In order to set the CoS markings on the Cisco Nexus 5000 Switch, it is necessary to create
a policy map of type network-qos and associated class maps. Class maps of type network-
qos can only match the internal QoS group marker.

Step 10 Configure this class map to match all packets with internal QoS group marker 4.
N5K-P(config-cmap-nq)# match qos-group 4
Step 11 Configure a class map of type network-qos named NET-MGMT, which matches all
packets with internal QoS group marker 2.
N5K-P(config)# class-map type network-qos NET-MGMT
N5K-P(config-cmap-nq)# match qos-group 2
Step 12 Configure a policy map of type network-qos named MARKING, which sets the CoS
value to 4 for the class STORAGE and sets the CoS value to 2 for the class NET-
MGMT.
N5K-P(config)# policy-map type network-qos MARKING
N5K-P(config-pmap-nq)# class type network-qos STORAGE
N5K-P(config-pmap-nq-c)# set cos 4
N5K-P(config-pmap-nq-c)# class type network-qos NET-MGMT
N5K-P(config-pmap-nq-c)# set cos 2
N5K-P(config-pmap-nq-c)# class type network-qos class-fcoe
N5K-P(config-pmap-nq-c)# pause no-drop
N5K-P(config-pmap-nq-c)# mtu 2158
Step 13 Examine the policy maps of type network-qos that exist on the switch.
N5K-P# show policy-map type network-qos

Type network-qos policy-maps


===============================

policy-map type network-qos MARKING


class type network-qos STORAGE
set cos 4
mtu 1500
class type network-qos NET-MGMT
set cos 2
mtu 1500
class type network-qos class-fcoe
pause no-drop
mtu 2158
class type network-qos class-default
mtu 1500
multicast-optimize
policy-map type network-qos default-nq-policy
class type network-qos class-default
mtu 1500
multicast-optimize
policy-map type network-qos fcoe-default-nq-policy
class type network-qos class-fcoe
pause no-drop
mtu 2158
class type network-qos class-default
mtu 1500
multicast-optimize

Note In addition to marking, the policy maps of type network-qos are also used to define per-
traffic-class settings, such as the maximum transmission unit (MTU) and priority flow control
(PFC) on the Cisco Nexus 5000 Switch.

100 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 14 Connect to your assigned Cisco Nexus 7000 VDC.
Step 15 Define a policy map of type QoS named MARKING and associate the class map
STORAGE with it.
N7K-X-podP(config)# policy-map type qos MARKING
N7K-X-podP(config-pmap-qos)# class type qos STORAGE
N7K-X-podP(config-pmap-c-qos)#
Step 16 Examine the available options for the set command in the configuration submode for
the class.
N7K-X-podP(config-pmap-c-qos)# set ?
cos IEEE 802.1Q class of service
discard-class Discard class
dscp DSCP in IP(v4) and IPv6 packets
load-sharing Load sharing across ECMP by set out-of-order bit
precedence Precedence in IP(v4) and IPv6 packets
qos-group Qos-group
Step 17 Can you set the CoS marker directly in a policy map of type QoS on the Cisco
Nexus 7000 Switch?

Step 18 Mark all packets in the class STORAGE with DSCP value af41 and mark all packets
in the class NET-MGMT with DSCP value cs2.
N7K-X-podP(config-pmap-qos)# class type qos STORAGE
N7K-X-podP(config-pmap-c-qos)# set dscp af41
N7K-X-podP(config-pmap-c-qos)# class type qos NET-MGMT
N7K-X-podP(config-pmap-c-qos)# set dscp cs2
Step 19 Examine the policy maps of type QoS that exist on the switch.
N7K-1-pod1# show policy-map type qos

Type qos policy-maps


====================

policy-map type qos MARKING


class STORAGE
set dscp af41
class NET-MGMT
set dscp cs2

Activity Verification
You have completed this task when you attain these results:
You have defined a policy map of type QoS and a policy map of type network-qos that
mark storage traffic and network management traffic with CoS markings on your Cisco
Nexus 5000 Switch.
You have defined a policy map of type QoS that marks storage traffic and network
management traffic with DSCP markings on your Cisco Nexus 7000 VDC.

Task 4: Configure Service Policies


During this task, you will configure service policies of type QoS on your Cisco Nexus 5000
Switch and Cisco Nexus 7000 VDC and verify their operation.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 5000 Switch.

2011 Cisco Systems, Inc. Lab Guide 101


Step 2 Enter system qos configuration mode.
N5K-P(config)# system qos
N5K-P(config-sys-qos)#

Note QoS service policies that are applied to the system qos target act as defaults for all
interfaces on a Cisco Nexus 5000 Switch.

Step 3 Apply the policy map CLASSIFICATION as the default input service policy of type
QoS.
N5K-P(config-sys-qos)# service-policy type qos input CLASSIFICATION
Step 4 Apply the policy map MARKING as the default network-qos policy.
N5K-P(config-sys-qos)# service-policy type network-qos MARKING
Step 5 Examine the system service policies.
N5K-P# show policy-map system

Type network-qos policy-maps


===============================

policy-map type network-qos MARKING


class type network-qos STORAGE match qos-group 4
set cos 4
mtu 1500
class type network-qos NET-MGMT match qos-group 2
set cos 2
mtu 1500
class type network-qos class-fcoe match qos-group 1
pause no-drop
mtu 2158
class type network-qos class-default match qos-group 0
mtu 1500
multicast-optimize
Service-policy (qos) input: CLASSIFICATION
policy statistics status: disabled

Class-map (qos): STORAGE (match-all)


Match: access-group ISCSI-TRAFFIC
set qos-group 4

Class-map (qos): NET-MGMT (match-all)


Match: access-group MGMT-TRAFFIC
set qos-group 2

Class-map (qos): class-fcoe (match-any)


Match: cos 3
set qos-group 1

Class-map (qos): class-default (match-any)


Match: any
set qos-group 0
Service-policy (queuing) input: fcoe-default-in-policy
policy statistics status: disabled

Class-map (queuing): class-fcoe (match-any)


Match: qos-group 1
bandwidth percent 50

Class-map (queuing): class-default (match-any)


Match: qos-group 0
bandwidth percent 50

Service-policy (queuing) output: fcoe-default-out-policy

102 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
policy statistics status: disabled

Class-map (queuing): class-fcoe (match-any)


Match: qos-group 1
bandwidth percent 50

Class-map (queuing): class-default (match-any)


Match: qos-group 0
bandwidth percent 50
Step 6 Examine the service policies of type QoS for interface Ethernet 1/3.
N5K-P# show policy-map interface ethernet 1/3 type qos

Global statistics status : disabled

Ethernet1/3

Service-policy (qos) input: CLASSIFICATION


policy statistics status: disabled

Class-map (qos): STORAGE (match-all)


Match: access-group ISCSI-TRAFFIC
set qos-group 4

Class-map (qos): NET-MGMT (match-all)


Match: access-group MGMT-TRAFFIC
set qos-group 2

Class-map (qos): class-fcoe (match-any)


Match: cos 3
set qos-group 1

Class-map (qos): class-default (match-any)


Match: any
set qos-group 0
Step 7 Was the system QoS policy inherited by the interface?

Step 8 Connect to your assigned Cisco Nexus 7000 VDC.


Step 9 Apply the policy map MARKING as an input service policy of type QoS on the
interface that connects to your Cisco Nexus 5000 Switch. Refer to the Lab
Connections Job Aid in the beginning of this lab guide to find the correct interface.
N7K-X-podP(config)# interface ethernet 1/A or B
N7K-X-podP(config-if)# service-policy type qos input MARKING
Step 10 Connect to your assigned Windows server.
Step 11 Repeat the connection tests performed in Task 1 in which you used the iperf client to
connect to the iperf service on your peer pod Windows server on VLAN 10. The IP
address of your peer pod is 172.16.10.1Q1, where Q is your peer pod number. Set
the TCP window size to 64 kB and use TCP port 3260 as the destination port.
C:\Documents and Settings\Administrator> iperf -c 172.16.10.1Q1 -w 64k -p 3260
------------------------------------------------------------
Client connecting to 172.16.10.1Q1, TCP port 3260
TCP window size: 64.0 KByte
------------------------------------------------------------
[1884] local 172.16.10.1P1 port 1359 connected with 172.16.10.1Q1 port 3260
[ ID] Interval Transfer Bandwidth
[1884] 0.0-10.0 sec 1.37 GBytes 1.17 Gbits/sec

2011 Cisco Systems, Inc. Lab Guide 103


Step 12 Connect to your peer pod Cisco Nexus 5000 Switch using SSH or Telnet on VLAN
10. The IP address of your peer pod Cisco Nexus 5000 Switch is 172.16.10.5Q,
where Q is your peer pod number.
C:\Documents and Settings\Administrator> telnet 172.16.10.5Q
Nexus 5000 Switch
login: admin
Password:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
N5K-Q# exit

Connection to host lost.

C:\Documents and Settings\Administrator>


Step 13 Connect to your Cisco Nexus 7000 VDC.
Step 14 Examine the policy map on the interface that connects to your Cisco Nexus 5000
Switch.
N7K-X-podP# show policy-map interface ethernet 1/A or B type qos

Global statistics status : enabled

Ethernet1/A or B

Service-policy (qos) input: MARKING


policy statistics status: enabled (current status: enabled)

Class-map (qos): STORAGE (match-all)


1052366 packets
Match: cos 4
set dscp af41

Class-map (qos): NET-MGMT (match-all)


42 packets
Match: cos 2
set dscp cs2
Step 15 Do you see hit counts in the policy on the interface for both traffic classes?

Step 16 Save the configurations on your Cisco Nexus 5000 Switch and Cisco Nexus 7000
VDC.

Activity Verification
You have completed this task when you attain these results:
You have associated a policy map of type QoS and a policy map of type network-qos as
service policies with the system QoS target on your Cisco Nexus 5000 Switch.
You have associated a policy-map of type QoS as a service policy with the interface that
connects to your Cisco Nexus 5000 on your Cisco Nexus 7000 VDC.

104 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
You have verified the operation of the classification and marking polices through testing.

2011 Cisco Systems, Inc. Lab Guide 105


Lab 4-1: Configuring System Management
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure the system management features on the Cisco Nexus 7000
Switch to support the implementation plan requirements. After completing this activity, you
will be able to meet these objectives:
Configure Cisco Fabric Services on the Cisco Nexus 7000 Switch and verify the
configuration
Configure the scheduler to run a job periodically and on-demand, and verify the job runs
when required automatically
Configure Smart Call Home to send an email message when an event occurs, and verify
that the email is received by the intended recipient

Visual Objective
The figure illustrates what you will accomplish in this activity.

Lab 4-1: Configuring System


Management

Management

N7010-C1 N7010-C2

2011 Cisco Systems, Inc. All rights reserved. DCUFI v4.0LG-9

Required Resources
These are the resources and equipment that are required to complete this activity:
Two Cisco Nexus 7000 VDCs
Two Cisco Nexus 5000 Switches
Two Windows 2003 servers

106 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this activity.

Command Description

cfs ipv4 mcast-address Changes the IPv4 multicast address used for Cisco Fabric
<group-address> Services over IPv4.

cfs ipv4 distribute Enables Cisco Fabric Services distribution over IPv4

show cfs peers Displays the active Cisco Fabric Services peers.

cfs region <nr> Creates a Cisco Fabric Services region.

role Assigns the role application to the Cisco Fabric Services


region.

radius Assigns the radius application to the Cisco Fabric Services


region.

show cfs regions Displays the active Cisco Fabric Services regions.

<application> distribute Enables Cisco Fabric Services distribution for an


application.

role name <name> Creates a user role.

rule <nr> permit read Creates a rule that grants read access for a specific
feature <feature> feature.

rule <nr> permit read- Creates a rule that grants read-write access for a specific
write feature <feature> feature.

show role name <name> Displays a specific user role on the switch.

show <application> Displays the pending Cisco Fabric Services changes for an
pending-diff application.

show cfs lock Displays the Cisco Fabric Services locks in the fabric.

<application> commit Commits the pending changes for an application to the


fabric.

radius-server host <ip- Configures a RADIUS server and key.


address> key <key>
show radius-server <ip- Displays the RADIUS servers on the switch.
address>
show cli variables Displays the Cisco NX-OS system and user defined CLI
variables.

copy running-config Copies the current running configuration to a file in


bootflash:/<filename> bootflash.

dir bootflash: Lists the files in bootflash.

copy bootflash:<filename> Copies a file in bootflash to a TFTP server.


tftp://<ip-address> vrf
<vrf>
feature scheduler Enables the scheduler feature.

scheduler job name <name> Creates a scheduler job.

2011 Cisco Systems, Inc. Lab Guide 107


scheduler schedule name Creates a schedule.
<name>
job name <name> Assigns a job to a schedule.

time start +<time> Sets the start time for a schedule as an offset to the current
time.

show scheduler schedule Displays the configured schedules on the switch.

show scheduler logfile Displays the scheduler log.

time weekly <day-and-time> Sets a weekly recurring time for a schedule.

callhome Enters Smart Call Home configuration mode.

email-contact <email- Sets the email contact for Smart Call Home.
address>
phone-contact <phone- Sets the contact phone number for Smart Call Home.
number>
streetaddress <address> Sets the contact address for Smart Call Home.

destination-profile <name> Creates a Smart Call Home destination profile using XML,
format <format> short text, or full text format.

destination-profile <name> Sets the Smart Call Home message level for a destination
message-level <level> profile.

destination-profile <name> Sets the Smart Call Home alert groups for a destination
alert-group <groups> profile.

destination-profile <name> Sets the email-address to send Smart Call Home


email-addr <email-address> messages to for a destination profile.

show callhome destination- Displays the operational parameters for a Smart Call Home
profile profile <name> destination profile.

destination-profile <name> Sets the maximum message size for a Smart Call Home
message-size <size> destination profile.

transport email smtp- Sets the IP address for the SMTP server that is used to
server <ip-address> use- send Smart Call Home messages.
vrf <vrf>
transport email from Sets the from email address used in Smart Call Home
<email-address> messages.

transport email reply-to Sets the reply-to email address used in Smart Call Home
<email-address> messages.

show callhome transport Displays the transport settings for Smart Call Home
messages.

enable Enables Smart Call Home

snmp-server contact Sets the SNMP sysContact name.


<contact-name>
callhome test Generates a Smart Call Home message for testing
purposes.

108 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Job Aids
These job aids are available to help you complete the lab activity.
Lab topology diagram
Lab connections
Lab IP address plan

2011 Cisco Systems, Inc. Lab Guide 109


Task 1: Configure Cisco Fabric Services
During this task, you will configure Cisco Fabric Services on the Cisco Nexus 7000 VDC in
your pod.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 Change the multicast address used for Cisco Fabric Services over IPv4 according to
the following table:

Device Cisco Fabric Services


multicast address

N7K-1-pod1 239.255.12.12

N7K-2-pod2 239.255.12.12

N7K-1-pod3 239.255.34.34

N7K-2-pod4 239.255.34.34

N7K-1-pod5 239.255.56.56

N7K-2-pod6 239.255.56.56

N7K-X-podP(config)# cfs ipv4 mcast-address 239.255.YZ.YZ


Distribution over this IP type will be affected
Change multicast address for CFS-IP ?
Are you sure? (y/n) [n] y
N7K-X-podP(config)#
Step 3 Enable Cisco Fabric Services distribution over IPv4 on your Cisco Nexus 7000
VDC.
N7K-X-podP(config)# cfs ipv4 distribute
Step 4 Examine the Cisco Fabric Services peers that were discovered.
N7K-X-podP# show cfs peers

Physical Fabric
-------------------------------------------------------------------------
Switch WWN IP Address
-------------------------------------------------------------------------
20:00:f0:25:72:a9:e3:42 192.168.0.20P [Local]
20:00:10:8c:cf:14:62:c2 192.168.0.20Q

Total number of entries = 2

Note Do not continue to the next step until this command lists exactly two entries, your own Cisco
Nexus 7000 VDC and your peer pod Cisco Nexus 7000 VDC. Each pair of peer pods uses a
unique multicast address to separate them from other pairs of peer pods in the same lab. In
this lab task, you will be working very closely with your peer pod and it is important that you
progress through the lab at the same pace.

110 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 5 Define a Cisco Fabric Services region on your Cisco Nexus 7000 VDC according to
the following table.

Device Cisco Fabric


Services
region

N7K-1-pod1 12

N7K-2-pod2 12

N7K-1-pod3 34

N7K-2-pod4 34

N7K-1-pod5 56

N7K-2-pod6 56

N7K-X-podP(config)# cfs region YZ


N7K-X-podP(config-cfs-region)#
Step 6 Add the applications role and radius to the Cisco Fabric Services region.
N7K-X-podP(config-cfs-region)# role
WARNING: If an Application is moved/assigned to a new region,
its scope is restricted to that region and it ignores all other regions
for distribution or merge.
Are you sure? (y/n) [n] y
N7K-X-podP(config-cfs-region)# radius
WARNING: If an Application is moved/assigned to a new region,
its scope is restricted to that region and it ignores all other regions
for distribution or merge.
Are you sure? (y/n) [n] y
N7K-X-podP(config-cfs-region)#
Step 7 Examine the Cisco Fabric Services region you created.
N7K-X-podP# show cfs regions
N7K-X-podP#

Note Even though the applications have been assigned to the region, they have not been
activated for Cisco Fabric Services distribution yet. Therefore, they do not show in the output
of the show cfs regions command.

Step 8 Enable Cisco Fabric Services distribution for the applications role and radius.
N7K-X-podP(config)# role distribute
N7K-X-podP(config)# radius distribute
Step 9 Re-examine the Cisco Fabric Services region.
N7K-X-podP# show cfs regions

Region-ID : YZ
Application: role
Scope : Physical-fc-ip
-------------------------------------------------------------------------
Switch WWN IP Address
-------------------------------------------------------------------------
20:00:f0:25:72:a9:e3:42 192.168.0.20P [Local]
20:00:10:8c:cf:14:62:c2 192.168.0.20Q

Total number of entries = 2

Region-ID : YZ
Application: radius

2011 Cisco Systems, Inc. Lab Guide 111


Scope : Physical-fc-ip
-------------------------------------------------------------------------
Switch WWN IP Address
-------------------------------------------------------------------------
20:00:f0:25:72:a9:e3:42 192.168.0.20P [Local]
20:00:10:8c:cf:14:62:c2 192.168.0.20Q

Total number of entries = 2

Step 10 Define a user role named TIER-2-OPS. This can result in two possible outcomes.
First possible result:
N7K-X-podP(config)# role name TIER-2-OPS
N7K-X-podP(config-role)#

Second possible result:


N7K-X-podP(config)# role name TIER-2-OPS
ERROR: Operation failed. Fabric is already locked
N7K-X-podP(config)#

Note The outcome of this command depends on who enters the role command first. Cisco Fabric
Services locks the fabric for the application as soon as you start configuring it. Other
switches cannot make changes as long as the lock remains.

Step 11 If you got the first result on the previous step, continue here. If you get the second
result on the previous step, skip the next series of steps and continue at Step 22.
Step 12 Add a rule to the role TIER-2-OPS that adds read access to the role for all features.
N7K-X-podP(config-role)# rule 1 permit read
Step 13 Add three more rules to add read-write rights for the diagnostics, ping, and
vlan features.
N7K-X-podP(config-role)# rule 2 permit read-write feature diagnostics
N7K-X-podP(config-role)# rule 3 permit read-write feature ping
N7K-X-podP(config-role)# rule 4 permit read-write feature vlan
Step 14 Examine the role TIER-2-OPS.
N7K-X-podP# show role name TIER-2-OPS
^
% Invalid command at '^' marker.
Step 15 Why do you get an error message?

Step 16 Examine the pending Cisco Fabric Services changes for the role application.
N7K-X-podP# show role pending-diff
+Role: TIER-2-OPS
+ Description: new role
+ Vlan policy: permit (default)
+ Interface policy: permit (default)
+ Vrf policy: permit (default)
+ -------------------------------------------------------------------
+ Rule Perm Type Scope Entity

+ -------------------------------------------------------------------
+ 4 permit read-write feature vlan
+ 3 permit read-write feature ping
+ 2 permit read-write feature diagnostics
+ 1 permit read
Step 17 Examine the Cisco Fabric Services locks for the fabric.
N7K-X-podP# show cfs lock

112 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Application: role
Scope : Physical-fc-ip
------------------------------------------------------------------------------
Switch WWN IP Address User Name User Type
------------------------------------------------------------------------------
20:00:f0:25:72:a9:e3:42 192.168.0.20P admin CLI/SNMP v3

Total number of entries = 1

Note Depending on the step that your peer pod is at in the exercise, you may also see a lock for
the radius application.

Step 18 Commit the pending Cisco Fabric Services changes for the role application to the
fabric.
N7K-X-podP(config)# role commit
Step 19 Examine the role TIER-2-OPS again.
N7K-X-podP# show role name TIER-2-OPS

Role: TIER-2-OPS
Description: new role
Vlan policy: permit (default)
Interface policy: permit (default)
Vrf policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
4 permit read-write feature vlan
3 permit read-write feature ping
2 permit read-write feature diagnostics
1 permit read
Step 20 Ask your lab partners in the peer pod to execute the show role name TIER-2-OPS
command on their Cisco Nexus 7000 VDC. Do they see the newly created role in
their VDC?

Step 21 Switch back to the user role named TIER-2-OPS. This can result in two possible
outcomes.
First possible result:
N7K-X-podP(config)# role name TIER-2-OPS
N7K-X-podP(config-role)#

Second possible result:


N7K-X-podP(config)# role name TIER-2-OPS
ERROR: Operation failed. Fabric is already locked
N7K-X-podP(config)#

Step 22 Examine the Cisco Fabric Services locks for the fabric.
N7K-X-podP(config)# show cfs lock

Application: role
Scope : Physical-fc-ip
------------------------------------------------------------------------------
Switch WWN IP Address User Name User Type
------------------------------------------------------------------------------
20:00:f0:25:72:a9:e3:42 192.168.0.20Q admin CLI/SNMP v3

Total number of entries = 1

2011 Cisco Systems, Inc. Lab Guide 113


Note You cannot configure anything for the role application until your peer pod releases the lock
by committing or aborting the configuration.

Step 23 If your Nexus is locked out of the cfs configuration skip the next series of steps and
continue at Step 33.
Step 24 Configure a RADIUS server with IP address 192.168.0.P1, where P is your pod
number. Configure Se3cr3t-K3y as the RADIUS server key.
N7K-X-podP(config)# radius-server host 192.168.0.P1 key S3cr3t-K3y
Step 25 Add a second RADIUS server with IP address 192.168.0.Q1, where Q is your peer
pod number. Again, configure S3cr3t-K3y as the RADIUS server key.
N7K-X-podP(config)# radius-server host 192.168.0.Q1 key S3cr3t-K3y
Step 26 Examine the RADIUS servers that you configured.
N7K-X-podP# show radius-server 192.168.0.P1
RADIUS server not found
N7K-X-podP# show radius-server 192.168.0.Q1
RADIUS server not found
Step 27 Why do you not see the configured RADIUS servers?

Step 28 Examine the pending Cisco Fabric Services changes for the radius application.
N7K-X-podP# show radius pending-diff
+radius-server host 192.168.0.P1 authentication accounting
+radius-server host 192.168.0.Q1 authentication accounting
Step 29 Examine the Cisco Fabric Services locks for the fabric.
N7K-X-podP# show cfs lock

Application: radius
Scope : Physical-fc-ip
------------------------------------------------------------------------------
--
Switch WWN IP Address User Name User Type
------------------------------------------------------------------------------
--
20:00:10:8c:cf:14:62:c2 192.168.0.20P admin CLI/SNMP v3

Total number of entries = 1

Note Depending on the step that your peer pod is at in the exercise, you may also see a lock for
the role application.

Step 30 Commit the pending Cisco Fabric Services changes for the radius application to
the fabric.
N7K-X-podP(config)# radius commit
Step 31 Examine the RADIUS servers again.
N7K-X-podP# show radius-server
retransmission count:1
timeout value:5
deadtime value:0
source interface:any available
total number of servers:2

following RADIUS servers are configured:


192.168.0.P1:
available for authentication on port:1812
available for accounting on port:1813

114 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
RADIUS shared secret:********
192.168.0.Q1:
available for authentication on port:1812
available for accounting on port:1813
RADIUS shared secret:********
Step 32 Ask your lab partners in the peer pod to execute the show radius-server command
on their Cisco Nexus 7000 VDC. Do they see the newly created RADIUS servers in
their VDC? Were the RADIUS secret keys also exchanged through Cisco Fabric
Services?

Caution The RADIUS server information is exchanged through Cisco Fabric Services, but the
RADIUS server keys are not included. The global radius-server key command can be used
to set a default key for all RADIUS servers.

Step 33 Verify with your peer pod that you see the role and RADIUS servers that were
distributed through Cisco Fabric Services in this exercise in both Cisco Nexus 7000
VDCs before moving on to the next task.

Activity Verification
You have completed this task when you attain these results:
You have enabled Cisco Fabric Services distribution using IPv4 and configured a Cisco
Fabric Services region and IPV4 multicast group.
You have created a new role, distributed the role configuration through Cisco Fabric
Services between your pod and peer pod VDCs, and verified the operation of Cisco Fabric
Services.
You have configured two RADIUS servers, distributed the RADIUS configuration through
Cisco Fabric Services between your pod and peer pod VDCs, and verified the operation of
Cisco Fabric Services.

Task 2: Configure the Scheduler


During this task, you will configure the Cisco NX-OS scheduler on the Cisco Nexus 7000 VDC
in your pod.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 Examine the default CLI variables that are available on your VDC.
N7K-X-podP# show cli variables
VSH Variable List (* = session vars)
-----------------
SWITCHNAME="N7K-X-podP"
TIMESTAMP="2011-02-21-01.23.57"
Step 3 Copy the running configuration to a file in bootflash on the supervisor module that
uses the SWITCHNAME and TIMESTAMP variables to create the filename. Use
$(SWITCHNAME)-$(TIMESTAMP).cfg as the name for the file in bootflash.
N7K-X-podP# copy running-config bootflash:/$(SWITCHNAME)-$(TIMESTAMP).cfg
Copy complete, now saving to disk (please wait)...
Step 4 List the files in bootflash to verify that the file has been created with the correct
hostname and timestamp.

2011 Cisco Systems, Inc. Lab Guide 115


N7K-X-podP# dir bootflash:
5454 Feb 21 01:26:44 2011 N7K-X-podP-2011-02-21-01.26.44.cfg
Step 5 Copy the file from bootflash to the TFTP server running on your Windows server.
Use the IP address on the management network for the server, which is
192.168.0.P1, where P is your pod number.
N7K-X-podP# copy bootflash:N7K-X-podP-2011-02-21-01.26.44.cfg
tftp://192.168.0.P1 vrf management
Trying to connect to tftp server......
Connection to Server Established.

TFTP put operation was successful


Copy complete, now saving to disk (please wait)...

Note Do not continue to the next step until you have successfully created a copy of the
configuration in the bootflash of the Cisco Nexus 7000 supervisor module and subsequently
copied it to the TFTP server in your pod.

Step 6 Enable the scheduler feature.


N7K-X-podP(config)# feature scheduler
Step 7 Create a scheduler job named BACKUP-CONFIG that performs the following tasks:
1. Copy the running configuration to bootflash using $(SWITCHNAME)-
$(TIMESTAMP).cfg as the filename.
2. Copy the running configuration to the TFTP server in your pod using the
management IP address. Again use $(SWITCHNAME)-
$(TIMESTAMP).cfg as the filename.
N7K-X-podP(config)# scheduler job name BACKUP-CONFIG
N7K-X-podP(config-job)# copy running-config bootflash:/$(SWITCHNAME)-
$(TIMESTAMP).cfg
N7K-X-podP(config-job)# copy running-config tftp://192.168.0.P1/$(SWITCHNAME)-
$(TIMESTAMP).cfg vrf management
N7K-1-pod1(config-job)# exit
Step 8 Create a schedule named TEST-BACKUP that runs the job BACKUP-CONFIG
once, starting one minute after you configure the schedule.
N7K-X-podP(config)# scheduler schedule name TEST-BACKUP
N7K-X-podP(config-schedule)# job name BACKUP-CONFIG
N7K-X-podP(config-schedule)# time start +1
Step 9 Examine the schedule.
N7K-X-podP# show scheduler schedule
Schedule Name : TEST-BACKUP
---------------------------------
User Name : admin
Schedule Type : Run once on Mon Feb 21 14:14:00 2011
Last Execution Time : Yet to be executed
-----------------------------------------------
Job Name Last Execution Status
-----------------------------------------------
BACKUP-CONFIG -NA-
==============================================================================
Step 10 Wait a minute and then examine the schedule again.
N7K-X-podP# show scheduler schedule
Schedule Name : TEST-BACKUP
---------------------------------
User Name : admin
Schedule Type : Run once on Mon Feb 21 14:14:00 2011
Last Execution Time : Mon Feb 21 14:14:00 2011
Last Completion Time: Mon Feb 21 14:14:04 2011

116 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Execution count : 1
-----------------------------------------------
Job Name Last Execution Status
-----------------------------------------------
BACKUP-CONFIG Success (0)
==============================================================================
Step 11 Did the backup job succeed?

Step 12 Examine the scheduler log.


N7K-X-podP# show scheduler logfile
==============================================================================
Job Name : BACKUP-CONFIG Job Status: Success (0)
Schedule Name : TEST-BACKUP User Name : admin
Completion time: Mon Feb 21 14:14:04 2011
--------------------------------- Job Output ---------------------------------
`copy running-config bootflash:/N7K-X-podP-2011-02-21-14.14.00.cfg`
Copy complete, now saving to disk (please wait)...
`copy running-config tftp://192.168.0.P1/N7K-X-podP-2011-02-21-14.14.02.cfg
vrf management `
Connection to Server Established.
[ ] 0.50KBTrying to connect to tftp
server......

TFTP put operation was successful


Copy complete, now saving to disk (please wait)...
`end`
==============================================================================
Step 13 Examine the TFTP directory on the server and bootflash on the Cisco Nexus 7000
Switch to verify that the files are present.
Step 14 Remove the schedule TEST-BACKUP and create a new schedule named WEEKLY-
BACKUP, which runs the job BACKUP-CONFIG every Sunday at 10:00 PM.
N7K-X-podP(config)# no scheduler schedule name TEST-BACKUP
N7K-X-podP(config)# scheduler schedule name WEEKLY-BACKUP
N7K-X-podP(config-schedule)# job name BACKUP-CONFIG
N7K-X-podP(config-schedule)# time weekly 1:22:00
Step 15 Examine the WEEKLY-BACKUP schedule.
N7K-X-podP# show scheduler schedule name WEEKLY-BACKUP
Schedule Name : WEEKLY-BACKUP
-----------------------------------
User Name : admin
Schedule Type : Run on every Sunday at 22 Hrs 0 Mins
Last Execution Time : Yet to be executed
-----------------------------------------------
Job Name Last Execution Status
-----------------------------------------------
BACKUP-CONFIG -NA-
==============================================================================

Activity Verification
You have completed this task when you attain these results:
You have created a manual backup of the configuration using the system CLI variables in
bootflash and on a TFTP server.
You have created a scheduler job that creates a backup of the running configuration in
bootflash and on the TFTP server and successfully run the scheduler job as a one-time job.
You have configured a weekly backup schedule for the backup scheduler job.

2011 Cisco Systems, Inc. Lab Guide 117


Task 3: Configure Smart Call Home
During this task, you will configure the Smart Call Home feature on the Cisco Nexus 7000
VDC in your pod.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 Enter Smart Call Home configuration mode and specify customer information
according to the following table:

Parameter Value

Email contact podP-admin@example.net, where P is your pod number

Phone contact +1-555-012-3456

Street address 123 Main Street, Sometown, USA

N7K-X-podP(config)# callhome
N7K-X-podP(config-callhome)# email-contact podP-admin@example.net
N7K-X-podP(config-callhome)# phone-contact +1-555-012-3456
N7K-X-podP(config-callhome)# streetaddress 123 Main Street, Sometown, USA
Step 3 Verify the operational Smart Call Home parameters.
N7K-X-podP# show callhome
callhome disabled
Callhome Information:
contact person name(sysContact):
contact person's email:podP-admin@example.net
contact person's phone number:+1-555-012-3456
street addr:123 Main Street, Sometown, USA
site id:
customer id:
contract id:
switch priority:7
duplicate message throttling : enabled
periodic inventory : enabled
periodic inventory time-period : 7 days
periodic inventory timeofday : 08:00 (HH:MM)
Distribution : Disabled
Step 4 Create a destination profile named NEXUS-LAB using the information in the
following table.

Parameter Value

Profile name NEXUS-LAB

Message format Full text

Message level 2

Alert group All

Destination email address podP@cisco.com, where P is your pod number

N7K-X-podP(config)# callhome
N7K-X-podP(config-callhome)# destination-profile NEXUS-OPS format full-txt
N7K-X-podP(config-callhome)# destination-profile NEXUS-OPS message-level 2
N7K-X-podP(config-callhome)# destination-profile NEXUS-OPS alert-group all
N7K-X-podP(config-callhome)# destination-profile NEXUS-OPS email-addr
podP@cisco.com

118 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 5 Examine the Smart Call Home destination profile NEXUS-LAB.
N7K-X-podP# show callhome destination-profile profile NEXUS-OPS
NEXUS-OPS destination profile information
maximum message size:2500000
message format:full-txt
message-level:2
transport-method:email
email addresses configured:
podP@cisco.com

url addresses configured:

alert groups configured:


all
Step 6 Configure two more destination profiles according to the following table.

Parameter Value

Profile name SMS

Message format Short text

Message level 6

Message size 160 characters

Alert group All

Destination email address podP@cisco.com, where P is your pod number

Parameter Value

Profile name TICKETING-SYSTEM

Message format XML

Message level 1

Alert group All

Destination email address podP@cisco.com, where P is your pod number

Note The three destination profiles represent three different uses of Smart Call Home. The
NEXUS-OPS profile is used to send email to a group of network operators. The SMS profile
is used to send high priority messages to a select group of users via an email-to-SMS
gateway. The TICKETING-SYSTEM profile is used to send messages to a ticketing system
that can parse XML-based messages. Normally, each of these profiles would use a separate
destination email address, but in this lab exercise the same email address is used for all
three profiles.

N7K-X-podP(config)# callhome
N7K-X-podP(config-callhome)# destination-profile SMS format short-txt
N7K-X-podP(config-callhome)# destination-profile SMS message-level 6
N7K-X-podP(config-callhome)# destination-profile SMS message-size 160
N7K-X-podP(config-callhome)# destination-profile SMS alert-group all
N7K-X-podP(config-callhome)# destination-profile SMS email-addr podP@cisco.com
N7K-X-podP(config-callhome)# destination-profile TICKETING-SYSTEM format XML
N7K-X-podP(config-callhome)# destination-profile TICKETING-SYSTEM message-
level 1
N7K-X-podP(config-callhome)# destination-profile TICKETING-SYSTEM alert-group
all
N7K-X-podP(config-callhome)# destination-profile TICKETING-SYSTEM email-addr
podP@cisco.com

2011 Cisco Systems, Inc. Lab Guide 119


Step 7 Configure the global Smart Call Home email settings according to the following
table.

Parameter Value

SMTP server 192.168.0.10

VRF Management

From email address callhome@example.net

Reply-to email address podP-admin@example.net, where P is your pod number

N7K-X-podP(config-callhome)# transport email smtp-server 192.168.0.10 use-vrf


management
N7K-X-podP(config-callhome)# transport email from callhome@example.net
N7K-X-podP(config-callhome)# transport email reply-to podP-admin@example.net
Step 8 Examine the Smart Call Home transport parameters.
N7K-X-podP# show callhome transport
http vrf:default

from email addr:callhome@example.net


reply to email addr:podP-admin@example.net

smtp server:192.168.0.10
smtp server port:25
smtp server vrf:management
smtp server priority:0
Step 9 Enable Smart Call Home.
N7K-X-podP(config)# callhome
N7K-X-podP(config-callhome)# enable
sysContact is not configured
callhome can not be enabled on the switch,
because necessary configuration has not been done
Please check if all of following configuration is done
contact person name(sysContact)
contact person's email
contact person's phone number
street addr
To configure sysContact, please use snmp-server command

Note In addition to the Smart Call Home parameters, the Smart Call Home feature also requires
the SNMP sysContact variable to be set.

Step 10 Configure the SNMP sysContact to be Pod P Administrator, where P is your pod
number.
N7K-X-podP(config)# snmp-server contact Pod P Administrator
Step 11 Enable Smart Call Home.
N7K-X-podP(config)# callhome
N7K-X-podP(config-callhome)# enable
Step 12 Generate test messages to verify the operation of Smart Call Home.
N7K-X-podP# callhome test
trying to send test callhome message
successfully sent test callhome message
warning:
The specified message level for destination profile: SMS is higher than the
level for alert Test(2)
The specified message level for destination profile: SMS is higher than the
level for alert Test(2)
no email address configured for destination profile:full_txt

120 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
The specified message level for destination profile: SMS is higher than the
level for alert Test(2)
no email address configured for destination profile:short_txt
The specified message level for destination profile: SMS is higher than the
level for alert Test(2)
no email address configured for destination profile:CiscoTAC-1

Note Smart Call Home messages will only be sent successfully for the profiles NEXUS-OPS and
TICKETING-SYSTEM. No messages will be sent for the profile SMS, because the inventory
message that is sent by the test has a lower level (2) than the configured Call Home level for
the destination profile SMS (6). The other warning messages are related to destination
profiles that are predefined, but unconfigured.

Step 13 Connect to your assigned Windows server.


Step 14 Open a browser to the lab email server at http://192.168.0.10/mail. Log in to the
web mail on the server using podP as the username and password, where P is your
pod number.

Note The lab that you are working on may use a different solution to view the Smart Call Home
email messages. If you cannot access the web mail using the method described in this lab
guide, ask the instructor for the appropriate procedure to access the email messages.

Step 15 Verify that you have two new email messages in your inbox with content that is
similar to the content below.
Full text message for destination profile NEXUS-OPS

From: callhome@example.net
Reply-To: podP-admin@example.net
To: pod1@cisco.com
Subject: System Notification from N7K-X-podP - test:test - 2011-02-21 16:36:39
GMT+00:00 Test Test message

Severity Level:2
Series:Nexus7000
Switch Priority:7
Device Id:N7K-C7010@C@JAF1447ALGQ
Server Id:N7K-C7010@C@JAF1447ALGQ
Time of Event:2011-02-21 16:36:39 GMT+00:00
Message Name:test
Message Type:test
System Name:N7K-X-podP
Contact Name:Pod P Administrator
Contact Email:podP-admin@example.net
Contact Phone:+1-555-012-3456
Street Address:123 Main Street, Sometown, USA
Event Description:Test Test message
start chassis information:
Affected Chassis:N7K-C7010
Affected Chassis Serial Number:JAF1447ALGQ
Affected Chassis Hardware Version:2.0
Affected Chassis Software Version:5.1(2)
Affected Chassis Part No:73-10900-06
end chassis information:
start attachment
name:show version
type:text
data:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents:

2011 Cisco Systems, Inc. Lab Guide 121


http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.ht
ml
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php

Software
BIOS: version 3.22.0
kickstart: version 5.1(3)
system: version 5.1(3)
BIOS compile time: 02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.5.1.3.bin
kickstart compile time: 12/25/2020 12:00:00 [12/18/2010 09:55:20]
system image file is: bootflash:///n7000-s1-dk9.5.1.3.bin
system compile time: 11/29/2010 12:00:00 [12/18/2010 11:02:00]

Hardware
cisco Nexus7000 C7010 (10 Slot) Chassis ("Supervisor module-1X"
Intel(R) Xeon(R) CPU with 4109560 kB of memory.
Processor Board ID JAF1451BMKM

Device name: N7K-X-podP


bootflash: 2029608 kB
slot0: 0 kB (expansion flash)

Kernel uptime is 3 day(s), 0 hour(s), 9 minute(s), 42 second(s)

Last reset
Reason: Unknown
System version: 5.1(3)
Service:

plugin
Core Plugin, Ethernet Plugin
end attachment
start attachment
name:show module
type:text
data:
Mod Ports Module-Type Model Status
--- ----- -------------------------------- ------------------ ------------
1 32 10 Gbps Ethernet XL Module N7K-M132XP-12L ok
5 0 Supervisor module-1X N7K-SUP1 active *

Mod Sw Hw
--- -------------- ------
1 5.1(2) 1.0
5 5.1(2) 1.8

Mod MAC-Address(es) Serial-Num


--- -------------------------------------- ----------
1 c4-71-fe-38-ec-1c to c4-71-fe-38-ec-40 JAF1448ABRN
5 8c-b6-4f-e6-00-c0 to 8c-b6-4f-e6-00-c8 JAF1451BMKM

Mod Online Diag Status


--- ------------------
1 Pass
5 Pass

Xbar Ports Module-Type Model Status

122 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
--- ----- -------------------------------- ------------------ ------------
1 0 Fabric Module 1 N7K-C7010-FAB-1 ok
2 0 Fabric Module 1 N7K-C7010-FAB-1 ok
3 0 Fabric Module 1 N7K-C7010-FAB-1 ok

Xbar Sw Hw
--- -------------- ------
1 NA 1.1
2 NA 1.1
3 NA 1.1

Xbar MAC-Address(es) Serial-Num


--- -------------------------------------- ----------
1 NA JAF1452CLQL
2 NA JAF1451CKGH
3 NA JAF1451CKAS

* this terminal session


end attachment
start attachment
name:show vdc current-vdc
type:text
data:
Current vdc is 2 - podP
end attachment
start attachment
name:show vdc membership
type:text
data:

vdc_id: 2 vdc_name: podP interfaces:


Ethernet1/A Ethernet1/B Ethernet1/C
Ethernet1/D Ethernet1/E Ethernet1/F
Ethernet1/G Ethernet1/H

Ethernet10P/1/1 Ethernet10P/1/2 Ethernet10P/1/3


Ethernet10P/1/4 Ethernet10P/1/5 Ethernet10P/1/6
Ethernet10P/1/7 Ethernet10P/1/8 Ethernet10P/1/9
Ethernet10P/1/10 Ethernet10P/1/11 Ethernet10P/1/12
Ethernet10P/1/13 Ethernet10P/1/14 Ethernet10P/1/15
Ethernet10P/1/16 Ethernet10P/1/17 Ethernet10P/1/18
Ethernet10P/1/19 Ethernet10P/1/20 Ethernet10P/1/21
Ethernet10P/1/22 Ethernet10P/1/23 Ethernet10P/1/24
Ethernet10P/1/25 Ethernet10P/1/26 Ethernet10P/1/27
Ethernet10P/1/28 Ethernet10P/1/29 Ethernet10P/1/30
Ethernet10P/1/31 Ethernet10P/1/32 Ethernet10P/1/33
Ethernet10P/1/34 Ethernet10P/1/35 Ethernet10P/1/36
Ethernet10P/1/37 Ethernet10P/1/38 Ethernet10P/1/39
Ethernet10P/1/40 Ethernet10P/1/41 Ethernet10P/1/42
Ethernet10P/1/43 Ethernet10P/1/44 Ethernet10P/1/45
Ethernet10P/1/46 Ethernet10P/1/47 Ethernet10P/1/48

end attachment

XML message for destination profile TICKETING-SYSTEM

From: callhome@example.net
Reply-To: podP-admin@example.net
To: podP@cisco.com
Subject: System Notification from N7K-X-podP - test:test - 2011-02-21 16:36:39
GMT+00:00 Test Test message

<?xml version="1.0" encoding="UTF-8" ?>


<soap-env:Envelope xmlns:soap-env="http://www.w3.org/2003/05/soap-envelope">
<soap-env:Header>

2011 Cisco Systems, Inc. Lab Guide 123


<aml-session:Session
xmlns:aml-session="http://www.cisco.com/2004/01/aml-session"
soap-env:mustUnderstand="true"
soap-env:role="http://www.w3.org/2003/05/soap-envelope/role/next">
<aml-session:To>http://tools.cisco.com/neddce/services/DDCEService</aml-
session:To>
<aml-session:Path>
<aml-session:Via>http://www.cisco.com/appliance/uri</aml-session:Via>
</aml-session:Path>
<aml-session:From>http://www.cisco.com/appliance/uri</aml-session:From>
<aml-session:MessageId>1008:JAF1447ALGQ:4D629498</aml-session:MessageId>
</aml-session:Session>
</soap-env:Header>
<soap-env:Body>
<aml-block:Block xmlns:aml-block="http://www.cisco.com/2004/01/aml-block">
<aml-block:Header>
<aml-block:Type>http://www.cisco.com/2005/05/callhome/test</aml-block:Type>
<aml-block:CreationDate>2011-02-21 16:36:39 GMT+00:00</aml-block:CreationDate>
<aml-block:Builder>
<aml-block:Name>NEXUS</aml-block:Name>
<aml-block:Version>5.1</aml-block:Version>
</aml-block:Builder>
<aml-block:BlockGroup>
<aml-block:GroupId>1009:JAF1447ALGQ:4D629498</aml-block:GroupId>
<aml-block:Number>0</aml-block:Number>
<aml-block:IsLast>true</aml-block:IsLast>
<aml-block:IsPrimary>true</aml-block:IsPrimary>
<aml-block:WaitForPrimary>false</aml-block:WaitForPrimary>
</aml-block:BlockGroup>
<aml-block:Severity>2</aml-block:Severity>
</aml-block:Header>
<aml-block:Content>
<ch:CallHome xmlns:ch="http://www.cisco.com/2005/05/callhome" version="1.0">
<ch:EventTime>2011-02-21 16:36:39 GMT+00:00</ch:EventTime>
<ch:MessageDescription>Test Test message</ch:MessageDescription>
<ch:Event>
<ch:Type>test</ch:Type>
<ch:SubType>test</ch:SubType>
<ch:Brand>Cisco</ch:Brand>
<ch:Series>Nexus7000</ch:Series>
</ch:Event>
<ch:CustomerData>
<ch:UserData>
<ch:Email>pod1-admin@example.net</ch:Email>
</ch:UserData>
<ch:ContractData>
<ch:DeviceId>N7K-C7010@C@JAF1447ALGQ</ch:DeviceId>
</ch:ContractData>
<ch:SystemInfo>
<ch:Name>N7K-1-pod1</ch:Name>
<ch:Contact>Pod 1 Administrator</ch:Contact>
<ch:ContactEmail>pod1-admin@example.net</ch:ContactEmail>
<ch:ContactPhoneNumber>+1-555-012-3456</ch:ContactPhoneNumber>
<ch:StreetAddress>123 Main Street, Sometown, USA</ch:StreetAddress>
</ch:SystemInfo>
</ch:CustomerData>
<ch:Device>
<rme:Chassis xmlns:rme="http://www.cisco.com/rme/4.0">
<rme:Model>N7K-C7010</rme:Model>
<rme:HardwareVersion>2.0</rme:HardwareVersion>
<rme:SerialNumber>JAF1447ALGQ</rme:SerialNumber>
</rme:Chassis>
</ch:Device>
</ch:CallHome>
</aml-block:Content>
<aml-block:Attachments>
<aml-block:Attachment type="inline">
<aml-block:Name>show version</aml-block:Name>

124 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
<aml-block:Data encoding="plain">
<![CDATA[Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents:
http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.ht
ml
Copyright (c) 2002-2010, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php

Software
BIOS: version 3.22.0
kickstart: version 5.1(3)
system: version 5.1(3)
BIOS compile time: 02/20/10
kickstart image file is: bootflash:///n7000-s1-kickstart.5.1.3.bin
kickstart compile time: 12/25/2020 12:00:00 [12/18/2010 09:55:20]
system image file is: bootflash:///n7000-s1-dk9.5.1.3.bin
system compile time: 11/29/2010 12:00:00 [12/18/2010 11:02:00]

Hardware
cisco Nexus7000 C7010 (10 Slot) Chassis (\"Supervisor module-1X\"
Intel(R) Xeon(R) CPU with 4109560 kB of memory.
Processor Board ID JAF1451BMKM

Device name: N7K-X-podP


bootflash: 2029608 kB
slot0: 0 kB (expansion flash)

Kernel uptime is 3 day(s), 0 hour(s), 9 minute(s), 42 second(s)

Last reset
Reason: Unknown
System version: 5.1(3)
Service:

plugin
Core Plugin, Ethernet Plugin
]]>
</aml-block:Data>
</aml-block:Attachment>
<aml-block:Attachment type="inline">
<aml-block:Name>show module</aml-block:Name>
<aml-block:Data encoding="plain">
<![CDATA[Mod Ports Module-Type Model
Status
--- ----- -------------------------------- ------------------ ------------
1 32 10 Gbps Ethernet XL Module N7K-M132XP-12L ok
5 0 Supervisor module-1X N7K-SUP1 active *

Mod Sw Hw
--- -------------- ------
1 5.1(2) 1.0
5 5.1(2) 1.8

Mod MAC-Address(es) Serial-Num


--- -------------------------------------- ----------
1 c4-71-fe-38-ec-1c to c4-71-fe-38-ec-40 JAF1448ABRN
5 8c-b6-4f-e6-00-c0 to 8c-b6-4f-e6-00-c8 JAF1451BMKM

2011 Cisco Systems, Inc. Lab Guide 125


Mod Online Diag Status
--- ------------------
1 Pass
5 Pass

Xbar Ports Module-Type Model Status


--- ----- -------------------------------- ------------------ ------------
1 0 Fabric Module 1 N7K-C7010-FAB-1 ok
2 0 Fabric Module 1 N7K-C7010-FAB-1 ok
3 0 Fabric Module 1 N7K-C7010-FAB-1 ok

Xbar Sw Hw
--- -------------- ------
1 NA 1.1
2 NA 1.1
3 NA 1.1

Xbar MAC-Address(es) Serial-Num


--- -------------------------------------- ----------
1 NA JAF1452CLQL
2 NA JAF1451CKGH
3 NA JAF1451CKAS

* this terminal session


]]>
</aml-block:Data>
</aml-block:Attachment>
<aml-block:Attachment type="inline">
<aml-block:Name>show vdc current-vdc</aml-block:Name>
<aml-block:Data encoding="plain">
<![CDATA[Current vdc is 2 - pod1
]]>
</aml-block:Data>
</aml-block:Attachment>
<aml-block:Attachment type="inline">
<aml-block:Name>show vdc membership</aml-block:Name>
<aml-block:Data encoding="plain">
<![CDATA[
vdc_id: 2 vdc_name: podP interfaces:
Ethernet1/A Ethernet1/B Ethernet1/C
Ethernet1/D Ethernet1/E Ethernet1/F
Ethernet1/G Ethernet1/H

Ethernet10P/1/1 Ethernet10P/1/2 Ethernet10P/1/3


Ethernet10P/1/4 Ethernet10P/1/5 Ethernet10P/1/6
Ethernet10P/1/7 Ethernet10P/1/8 Ethernet10P/1/9
Ethernet10P/1/10 Ethernet10P/1/11 Ethernet10P/1/12
Ethernet10P/1/13 Ethernet10P/1/14 Ethernet10P/1/15
Ethernet10P/1/16 Ethernet10P/1/17 Ethernet10P/1/18
Ethernet10P/1/19 Ethernet10P/1/20 Ethernet10P/1/21
Ethernet10P/1/22 Ethernet10P/1/23 Ethernet10P/1/24
Ethernet10P/1/25 Ethernet10P/1/26 Ethernet10P/1/27
Ethernet10P/1/28 Ethernet10P/1/29 Ethernet10P/1/30
Ethernet10P/1/31 Ethernet10P/1/32 Ethernet10P/1/33
Ethernet10P/1/34 Ethernet10P/1/35 Ethernet10P/1/36
Ethernet10P/1/37 Ethernet10P/1/38 Ethernet10P/1/39
Ethernet10P/1/40 Ethernet10P/1/41 Ethernet10P/1/42
Ethernet10P/1/43 Ethernet10P/1/44 Ethernet10P/1/45
Ethernet10P/1/46 Ethernet10P/1/47 Ethernet10P/1/48

]]>
</aml-block:Data>
</aml-block:Attachment>
</aml-block:Attachments>
</aml-block:Block>

126 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
</soap-env:Body>
</soap-env:Envelope>
Step 16 Save the configuration on your Cisco Nexus 7000 VDC.

Activity Verification
You have completed this task when you attain these results:
You have configured and tested Smart Call Home on your Cisco Nexus 7000 VDC.

2011 Cisco Systems, Inc. Lab Guide 127


Lab 4-2: Implementing Cisco DCNM
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will configure Cisco DCNM to perform network discovery and network
management of the Cisco Nexus product range. After completing this activity, you will be able
to meet these objectives:
Use Cisco DCNM to perform a network discovery of the network infrastructure
Use Cisco DCNM to perform a platform inventory of the Cisco Nexus product range
Use Cisco DCNM to monitor and manage the discovered network
Use Cisco DCNM to troubleshoot issues on the Cisco Nexus switches

Visual Objective
The figure illustrates what you will accomplish in this activity.

Lab 4-2: Implementing Cisco DCNM

N7010-C1 N7010-C2

Nexus 5010 Nexus 5010

Nexus 2248TP Nexus 2248TP

DCNM UCS C-series DCNM

2011 Cisco Systems, Inc. All rights reserved. DCUFI v4.0LG-10

Required Resources
These are the resources and equipment that are required to complete this activity:
Two Cisco Nexus 7000 VDCs
Two Cisco Nexus 5000 Switches
Two Windows 2003 servers

128 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Command List
The table describes the commands that are used in this activity.

Command Description

no feature otv Disables the Overlay Transport Virtualization (OTV)


feature.

switchport Configures an interface as a Layer 2 switched port.

switchport mode trunk Configures an interface to be an 802.1Q trunk.

spanning-tree port type Configures the port as a spanning-tree edge port.


network
show cdp neighbors Displays the list of Cisco Discovery Protocol neighbors.

show diff rollback-patch Displays the differences between the running configuration
startup-config running- and startup configuration.
config
show vlan id <vlan-id> Displays the properties of a specific VLAN.

show running-config Displays the running configuration for a specific interface.


interface <intf>
show startup-config vlan Displays the startup configuration for a specific VLAN.

show logging last <nr> Displays the last number of lines in the system log file.

show running-config vlan Displays the running configuration for a specific VLAN.
<vlan-id>
copy bootflash:<filename> Merges the configuration in a file in bootflash with the
running-config current running configuration.

checkpoint <name> Creates a configuration checkpoint.

Job Aids
These job aids are available to help you complete the lab activity.
Lab topology diagram
Lab connections
Lab IP address plan

2011 Cisco Systems, Inc. Lab Guide 129


Task 1: Network Discovery
During this task, you will discover the network in your pod and peer pod using Cisco DCNM.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 Disable the OTV feature that was configured in a previous lab exercise.
N7K-X-podP(config)# no feature otv
Step 3 Configure the interface that connects your Cisco Nexus 7000 VDC to the peer pod
Cisco Nexus 7000 VDC as a trunk and enable bridge assurance on the port. Refer to
the Lab Connections job aid to determine the correct interface.
N7K-X-podP(config)# interface ethernet 1/E
N7K-X-podP(config-if)# switchport
N7K-X-podP(config-if)# switchport mode trunk
N7K-X-podP(config-if)# spanning-tree port type network
Step 4 Ensure that the interfaces that connect your Cisco Nexus 7000 VDC to your Cisco
Nexus 5000 Switch and to your peer pod Cisco Nexus 5000 Switch are enabled.
Refer to the Lab Connections job aid to determine the correct interfaces.
N7K-X-podP(config)# interface ethernet 1/A, ethernet 1/B
N7K-X-podP(config-if-range)# no shutdown
Step 5 Use Cisco Discovery Protocol to verify that the links between the devices in your
pod and peer pod are operational.
N7K-X-podP# show cdp neighbors
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute

Device-ID Local Intrfce Hldtme Capability Platform Port ID


N5K-P(SSI143207FZ) Eth1/A 159 S I s N5K-C5548P-BF Eth1/19

N5K-Q(SSI14310363) Eth1/B 146 S I s N5K-C5548P-BF Eth1/20

N7K-Y-podQ(JAF1448AADT)
Eth1/E 146 R S I s N7K-C7010 Eth1/17

Note You should see three devices in the output of this command: Your Cisco Nexus 5000
Switch, your peer pod Cisco Nexus 5000 Switch, and your peer pod Cisco Nexus 7000
VDC. If this is not the case, troubleshoot with your lab partners in the peer pod until all three
connections are operational.

Step 6 Connect to your assigned Windows server.


Step 7 Open the Cisco DCNM client application, which should be available on the desktop
of the server.

130 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 8 Use the client application to log in to your assigned Cisco DCNM LAN server. The
IP address for the server is 192.168.0.P1, where P is your pod number. Use admin
as the username and 1234QWer as the password.

Step 9 The application should open on the device discovery screen. In this screen, fill in the
management IP address of your Cisco Nexus 7000 VDC as the seed device. Refer to
the Lab IP Address Plan job aid to find the correct IP address. Provide the user name
admin and password 1234QWer of your Cisco Nexus 7000 VDC as the credentials
to be used for device discovery. Set the number of hops to discover to 1.

Step 10 Click Start Discovery and wait for the device discovery to finish.

2011 Cisco Systems, Inc. Lab Guide 131


Step 11 Stay in the DCNM Server Administration tab and select the Devices and
Credentials item.

Step 12 Verify that you see four devices listed: Your Cisco Nexus 7000 VDC, your Cisco
Nexus 5000 Switch, your peer pod Cisco Nexus 7000 VDC, and your peer pod
Cisco Nexus 5000 Switch. All four devices should be listed as managed.

132 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 13 On the left of your screen, select the Topology tab and examine the Topology View
of your pod and peer pod. Rearrange the topology to your liking. When you are
happy with the result save the topology layout using the Save Layout button.

Step 14 Move some devices in the layout and then return to the saved layout using the
Reload Layout button.
Step 15 Use the Export as JPG button to save the visible area of your topology to the
desktop as a JPG picture named Topology Diagram.jpg.
Step 16 What is the significance of the puppet icon that is displayed on your Cisco Nexus
7000 Switch?

Tip Use the Legend button to find out the meaning of the different types of icons in the topology
view.

2011 Cisco Systems, Inc. Lab Guide 133


Step 17 Connect to your Cisco Nexus 7000 VDC.
Step 18 Examine the differences between the running configuration and the startup
configuration that you saved in the previous lab.
N7K-X-podP# show diff rollback-patch startup-config running-config
Collecting Running-Config
Collecting Startup-Config
#Generating Rollback Patch

!!
!
logging level aaa 5
logging level cdp 6
logging level otm 5
logging level radius 5
logging level monitor 6
logging level port-security 5
logging level spanning-tree 6
!
interface Ethernet1/C
no cdp enable
!
radius commit
Step 19 Do you see significant differences?

Note During device discovery, if Cisco DCNM finds that a logging level on a discovered device is
below the minimum logging-level requirement for that logging facility, Cisco DCNM raises
the logging level to meet the minimum requirement. If logging levels meet or exceed the
requirements, Cisco DCNM does not change the logging levels during discovery.

Step 20 Save the configurations on your Cisco Nexus 7000 VDC and Cisco Nexus 5000
Switch.
Step 21 Go back to your Cisco DCNM client and spend some time examining the various
options in the topology view of Cisco DCNM before moving on to the next task.

Activity Verification
You have completed this task when you attain these results:
You have logged into your assigned Cisco DCNM server using the Cisco DCNM client.
You have performed a device discovery using your Cisco Nexus 7000 VDC as the seed
device.
You have discovered the Cisco Nexus 7000 VDCs, the Cisco Nexus 5000 Switches, and
the Cisco Nexus 2000 Fabric Extenders in your pod and peer pod.
You have examined the network map in the topology view of Cisco DCNM.

Task 2: Platform Inventory


During this task, you will perform a platform inventory for the devices in your pod.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Windows server and open the Cisco DCNM client for your
Cisco DCNM server.

134 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 2 On the left of your screen select the Inventory tab.

Step 3 Open the inventory of your Cisco Nexus 7000 Switch and your Cisco Nexus 5000
Switch and examine the components.
Step 4 How many fabric modules are installed in your assigned Cisco Nexus 7000 Switch?

Step 5 How many power supplies are present in your Cisco Nexus 7000 Switch? What is
the capacity of the power supplies? How much is the actual power draw of the
switch?

Step 6 Where can you find the Cisco Nexus 2000 Fabric Extender in the inventory view?
Why is it displayed in this particular position?

Step 7 What is the product ID of the Fibre Channel module in your Cisco Nexus 5000
Switch in case you need to order a replacement?

2011 Cisco Systems, Inc. Lab Guide 135


Step 8 Go to the Environmental Status section of your assigned Cisco Nexus 7000
Switch.

Step 9 What are the administrative and operational power supply redundancy modes for the
switch?

Step 10 Try to change the administrative power supply redundancy setting for the switch by
selecting a different power supply redundancy mode and then selecting Deploy in
the File menu.
Step 11 Did you succeed in changing the power supply redundancy mode? Why could you
or could you not change this setting?

136 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 12 Go to the Memory Utilization tab of your assigned Cisco Nexus 7000 Switch. Click
New Charts in the toolbar and create a chart that graphs the memory utilization on
the switch. Set the frequency to 30 seconds and start the data collection for the chart.
Wait for a few minutes to allow the chart to collect some data.

Step 13 Spend some time examining the various options in the inventory view of Cisco
DCNM before moving on to the next task.

Activity Verification
You have completed this task when you attain these results:
You have reviewed the hardware inventory of the devices in your pod and peer pod.
You have created a chart of the memory usage on your Cisco Nexus 7000 Switch.

Task 3: Monitoring
During this task, you will monitor and manage the devices in your pod.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Windows server and open the Cisco DCNM client for your
Cisco DCNM server.
Step 2 On the left of your screen, select the Interfaces tab. Select the item for the physical
Ethernet interfaces within the tab.

2011 Cisco Systems, Inc. Lab Guide 137


Step 3 Select your Cisco Nexus 7000 VDC and select the interface that connects your Cisco
Nexus 7000 VDC to your Cisco Nexus 5000 Switch. Refer to the Lab Connections
job aid to find the correct interface.

Step 4 Examine the port details and status. Which type of transceiver is plugged into this
port?

Step 5 Go to the port mode settings. Create a new VLAN 999 and assign it as the native
VLAN for the trunk. Do not leave the Interfaces tab to accomplish this task.

138 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 6 Connect to your Cisco Nexus 7000 VDC.
Step 7 Verify that the new VLAN 999 exists and that the configuration for the port was
changed.
N7K-X-podP# show vlan id 999

VLAN Name Status Ports


---- -------------------------------- --------- ------------------------------
-
999 VLAN0999 active Eth1/A, Eth1/B, Eth1/E

VLAN Type Vlan-mode


---- ----- ----------
999 enet CE

Remote SPAN VLAN


----------------
Disabled

Primary Secondary Type Ports


------- --------- --------------- -----------------------------------------
--

N7K-X-podP# show running-config interface ethernet 1/A or B

!Command: show running-config interface Ethernet1/A or B


!Time: Tue Feb 22 14:42:10 2011

version 5.1(2)

interface Ethernet1/A or B
description To N5K-P
switchport
switchport mode trunk
switchport trunk native vlan 999
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
service-policy type qos input MARKING
no shutdown
Step 8 Was the changed configuration saved to the startup configuration automatically?

N7K-X-podP# show startup-config vlan

!Command: show startup-config vlan


!Time: Tue Feb 22 14:52:41 2011
!Startup config saved at: Tue Feb 22 01:40:26 2011

version 5.1(3)
vlan configuration 1,10-13
vlan 1
vlan 10
name TEST
vlan 11-13

2011 Cisco Systems, Inc. Lab Guide 139


Step 9 Return to the Cisco DCNM client and use the option Copy Run to Start from the
View menu to save the configuration.

Step 10 Return to your Cisco Nexus 7000 VDC to verify that the configuration was saved.
Did it work?

Step 11 Try again, but make sure that you have selected your Cisco Nexus 7000 VDC in the
view instead of the interface. Was the configuration saved now?

N7K-X-podP# show startup-config vlan

!Command: show startup-config vlan


!Time: Tue Feb 22 15:08:49 2011
!Startup config saved at: Tue Feb 22 15:07:48 2011

version 5.1(3)
vlan 1,10-13,999
vlan 1
vlan 10
name TEST
vlan 11-13,999

140 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 12 Return to the Cisco DCNM client and select the interface that connects your VDC to
your Cisco Nexus 5000 Switch again. Select the Events tab for the interface and
review the events.

Step 13 Do you see any problems with the port?

Step 14 Return to your Cisco Nexus 7000 VDC and examine the log file.
N7K-X-podP# show logging last 10
2011 Feb 22 15:08:48 N7K-1-pod1 %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN
mismatch discovered on Ethernet1/1(999), with Ethernet1/19(1)
2011 Feb 22 15:10:48 N7K-1-pod1 last message repeated 2 times
2011 Feb 22 15:12:48 N7K-1-pod1 last message repeated 2 times
2011 Feb 22 15:14:48 N7K-1-pod1 last message repeated 2 times
2011 Feb 22 15:16:48 N7K-1-pod1 last message repeated 2 times
2011 Feb 22 15:18:48 N7K-1-pod1 last message repeated 2 times
2011 Feb 22 15:20:48 N7K-1-pod1 last message repeated 2 times
2011 Feb 22 15:22:48 N7K-1-pod1 last message repeated 2 times
2011 Feb 22 15:24:48 N7K-1-pod1 last message repeated 2 times
2011 Feb 22 15:26:48 N7K-1-pod1 last message repeated 2 times
Step 15 Do you see a problem here?

2011 Cisco Systems, Inc. Lab Guide 141


Step 16 Return to the Cisco DCNM client and change the native VLAN on your Cisco
Nexus 5000 Switch to match the value on the Cisco Nexus 7000 VDC for the link
that connects the two devices.

Step 17 Save the running configuration to the startup configuration for your Cisco Nexus
5000 Switch using DCNM.
Step 18 Connect to your Cisco Nexus 5000 Switch.
Step 19 Verify that the changes were made and that the configuration was saved.
N5K-P# show running-config vlan 999

!Command: show running-config vlan 999


!Time: Tue Feb 22 10:40:05 2011

version 5.0(2)N2(1)
vlan 999

N5K-P# show running-config interface ethernet 1/19 or 20

!Command: show running-config interface Ethernet1/19 or 20


!Time: Tue Feb 22 10:40:22 2011

version 5.0(3)N2(1)

interface Ethernet1/19 or 20
description To N7K-X-podP
switchport mode trunk
switchport trunk native vlan 999
spanning-tree port type network

N5K-P# show startup-config | include vlan


feature interface-vlan
logging level interface-vlan 5
vlan 1
vlan 10
vlan 11-13,999
instance 1 vlan 11,13
instance 2 vlan 10,12
switchport access vlan 10

142 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
switchport trunk native vlan 999
Step 20 Return to the Cisco DCNM client and select the interface on your Cisco Nexus 7000
VDC that connects to your Cisco 5000 Switch. Go to the Statistics tab for the
interface and create a chart that graphs unicast, multicast, and broadcast ingress and
egress traffic.

Step 21 What is the maximum number of parameters that can be graphed in a single chart?

Step 22 Configure the chart to collect data every 30 seconds and let it run for a couple of
minutes to collect some statistics.
Step 23 Spend some time examining the various options in the interface view of Cisco
DCNM before moving on to the next task.

Activity Verification
You have completed this task when you attain these results:
You have examined the interface status and parameters of the devices in your pod.
You have changed the native VLAN for a trunk port using the Cisco DCNM client.
You have created a chart of the unicast, multicast and broadcast interface utilization for an
interface on your Cisco Nexus 7000 Switch.

2011 Cisco Systems, Inc. Lab Guide 143


Task 4: Troubleshooting
During this task, you will diagnose a problem on the devices in your pod using Cisco DCNM.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 Create a checkpoint named TROUBLESHOOTING.
N7K-X-podP# checkpoint TROUBLESHOOTING
Done
Step 3 Load the trouble ticket for this exercise using the copy bootflash:DCUFI/DCNM-
TT running-config command.
N7K-X-podP# copy bootflash:DCUFI/DCNM-TT running-config
Copy complete, now saving to disk (please wait)...

Note This is the last Cisco NX-OS command that you should type on the VDC during this
exercise. The objective is to troubleshoot the problem using Cisco DCNM only, without using
the command-line interface (CLI) on any of the devices.

Step 4 Connect to your assigned Cisco Nexus 5000 Switch.


Step 5 Create a checkpoint named TROUBLESHOOTING.
N5K-P# checkpoint TROUBLESHOOTING
.....Done
Step 6 Load the trouble ticket for this exercise using the copy bootflash:DCUFI/DCNM-
TT running-config command.
N5K-P# copy bootflash:DCUFI/DCNM-TT running-config

Note This is the last Cisco NX-OS command that you should type on the VDC during this
exercise. The objective is to troubleshoot the problem using Cisco DCNM only, without using
the CLI on any of the devices.

Step 7 Connect to your assigned Windows server and open the Cisco DCNM client for your
Cisco DCNM server.
Step 8 You have received the following problem description:

One of your colleagues was performing some routine changes yesterday evening,
when he got called away for an emergency. You have not been able to get in touch
with him. This morning, reports started coming in that the server that is connected to
interface Ethernet 1/3 of the Cisco Nexus 5000 Switch can no longer communicate
on VLAN 10. This server has a backdoor connection on VLAN 11, which is
connected to the Cisco Nexus Fabric Extender, which still works fine. You have just
been transferred to this team and you have not been given admin rights on the
switches yet, but you have been given the username and password for the Cisco
DCNM server. Your task is to use Cisco DCNM to attempt to diagnose and, if
possible, resolve the problem. Ensure that you have a log of your troubleshooting
process, so you can report your findings to your colleague when he returns.
Step 9 Diagnose the problem using Cisco DCNM only. Do not fix the problem until the
team in your peer pod has also diagnosed the problem.

144 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 10 Once both you and your peer pod partners have diagnosed the problem and verified
that you identified the same issue as the cause of the problem, you can resolve the
issue. Again, use Cisco DCNM to fix the problem. Do not use the CLI on the
switches at any point during this lab.
Step 11 The objective of this exercise is to discover the capabilities of Cisco DCNM that can
be used during troubleshooting. It is important that you log your actions in the
troubleshooting log below, so you can discuss your findings with your lab partners
in the peer pod and the other students in the class.

Cisco DCNM Tab or Tool Actions and results

2011 Cisco Systems, Inc. Lab Guide 145


Cisco DCNM Tab or Tool Actions and results

Activity Verification
You have completed this task when you attain these results:
You have diagnosed the connectivity problem in VLAN 10 using Cisco DCNM.
You can ping between the server in your pod and the server in your peer pod using the
VLAN 10 IP address.
You have logged your actions and findings in the troubleshooting log.

146 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 5-1: Configuring Cisco FabricPath
Complete this lab activity to practice what you learned in the related module.

Activity Objective
In this activity, you will implement Cisco FabricPath and compare the FabricPath multipathing
and load balancing capabilities to the Spanning Tree Protocol. After completing this activity,
you will be able to meet these objectives:
Analyze the multipathing and load balancing capabilities of STP
Implement Cisco FabricPath between Cisco Nexus 7000 Switches
Compare the multipathing and load balancing capabilities of Cisco FabricPath to STP.

Visual Objective
The figure illustrates what you will accomplish in this activity.

Lab 5-1: Configuring Cisco FabricPath

FabricPath

N7010-C1 N7010-C2

Nexus 5010 Nexus 5010

2011 Cisco Systems, Inc. All rights reserved. DCUFI v4.0LG-11

Required Resources
These are the resources and equipment that are required to complete this activity:
Two Cisco Nexus 7000 VDCs
Two Cisco Nexus 5000 Switches
Two Cisco Nexus 2000 Fabric Extenders
Two Windows 2003 servers

2011 Cisco Systems, Inc. Lab Guide 147


Command List
The table describes the commands that are used in this activity.

Command Description

show license usage Displays the license usage in a VDC.

feature-set fabricpath Enables the fabricpath feature set.

show fabricpath switch-id Lists the switch IDs of all switches in the Cisco FabricPath
network.

fabricpath switch-id <id> Changes the Cisco FabricPath switch ID of a switch.

switchport mode fabricpath Configures an interface as a Cisco FabricPath port.

show fabricpath isis Displays the list of Cisco FabricPath IS-IS neighbors.
adjacency
show fabricpath route Displays the Cisco FabricPath routing table.

mode fabricpath Changes a VLAN to a Cisco FabricPath VLAN.

show mac address-table Displays the MAC address table for a VLAN.
vlan <vlan>
show spanning-tree vlan Displays the spanning-tree topology for a VLAN.
<vlan>
show mac address-table Displays the MAC address table entry for a specific MAC
address <mac-address> address.

show fabricpath load- Displays the interface that will be selected by the Cisco
balance unicast FabricPath load-balancing algorithm to forward packets for
forwarding-path <flow> a specific flow.

spanning-tree mst Changes the spanning-tree priority for the selected MST
<instance-list> priority instances.
<priority>
show spanning-tree Displays the ports that are in spanning-tree inconsistent
inconsistentports state.

Job Aids
These job aids are available to help you complete the lab activity.
Lab topology diagram
Lab connections
Lab IP address plan

148 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Task 1: Analyze Spanning Tree Load Balancing
During this task, you will analyze the load balancing capabilities of the STP.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 Remove the OTV configuration from the previous lab.
N7K-X-podP(config)# no feature otv
2011 Apr 7 12:43:48 N7K-X-podP %FEATURE-MGR-2-FM_AUTOCKPT_IN_PROGRESS:
AutoCheckpoint system-fm-otv's creation in progress...
2011 Apr 7 12:43:48 N7K-X-podP %FEATURE-MGR-2-FM_AUTOCKPT_SUCCEEDED:
AutoCheckpoint created successfully
Step 3 Ensure that the interface on your Cisco Nexus 7000 VDC that leads to your peer pod
Cisco Nexus 5000 Switch is shut down. Use the Lab Connections job aid to find the
correct interface.
N7K-X-podP(config)# interface ethernet 1/B or A
N7K-X-podP(config-if)# shutdown
Step 4 Disable the interface on module 1 that connects your Cisco Nexus 7000 VDC to
your peer pod Cisco Nexus 7000 VDC. Use the Lab Connections job aid to find the
correct interface.
N7K-X-podP(config)# interface ethernet 1/E
N7K-X-podP(config-if)# shutdown
Step 5 Examine module 3 on your assigned Cisco Nexus 7000 Switch. Which type of
module is inserted in slot 3?

Step 6 Examine the state of the two interfaces on your Cisco Nexus 7000 VDC. Use the
Lab Connections job aid to find the correct interfaces.
N7K-X-podP# show interface ethernet 3/I-J brief

------------------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch#
------------------------------------------------------------------------------
Eth3/I 1 eth access down Administratively down auto(D) --
Eth3/J 1 eth access down Administratively down auto(D) --
Step 7 Attempt to configure the interfaces on module 3 as routed ports. Are you allowed to
make this change? Why or why not?

N7K-X-podP(config)# interface ethernet 3/I-J


N7K-X-podP(config-if-range)# no switchport
ERROR: Ethernet3/I-J: requested config change not allowed
Step 8 Configure the interfaces on module 3 as trunks and enable the interfaces.
N7K-X-podP(config)# interface ethernet 3/I-J
N7K-X-podP(config-if-range)# switchport mode trunk
N7K-X-podP(config-if-range)# no shutdown
Step 9 Examine the spanning-tree topology for VLAN 10.
N7K-X-podP# show spanning-tree vlan 10

MST0002
Spanning tree enabled protocol mstp
Root ID Priority 8194

2011 Cisco Systems, Inc. Lab Guide 149


Address 0026.9804.a944
Cost 2000
Port 389 (Ethernet3/I)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8194 (priority 8192 sys-id-ext 2)


Address a8b1.d455.6fc4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------
Eth1/A or B Desg FWD 2000 128.137 Network P2p
Eth3/I Root FWD 2000 128.389 P2p
Eth3/J Altn BLK 2000 128.390 P2p
Step 10 Which of the two Cisco Nexus 7000 VDCs is the root of the spanning tree for
VLAN 10?

Step 11 Which of the links between your Cisco Nexus 7000 VDC and your peer pod VDC is
used to carry the traffic for VLAN 10?

Step 12 Connect to your assigned Cisco Nexus 5000 Switch.


Step 13 Ping the IP address of your peer pod Cisco Nexus 5000 Switch, 172.16.10.5Q,
where Q is your peer pod number, to confirm IP connectivity between the two pods.
N5K-P# ping 172.16.10.5Q
PING 172.16.10.5Q (172.16.10.5Q): 56 data bytes
64 bytes from 172.16.10.5Q: icmp_seq=0 ttl=254 time=1.377 ms
64 bytes from 172.16.10.5Q: icmp_seq=1 ttl=254 time=0.789 ms
64 bytes from 172.16.10.5Q: icmp_seq=2 ttl=254 time=0.746 ms
64 bytes from 172.16.10.5Q: icmp_seq=3 ttl=254 time=0.715 ms
64 bytes from 172.16.10.5Q: icmp_seq=4 ttl=254 time=0.718 ms

--- 172.16.10.5Q ping statistics ---


5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.715/0.868/1.377 ms

Note Do not proceed to the next task until you succeed in pinging the peer pod Cisco Nexus 5000
Switch VLAN 10 IP address. Troubleshoot together with your peer pod as necessary.

Activity Verification
You have completed this task when you attain these results:
You have configured the ports on the F1-series I/O module in your pod as trunks.
You have examined spanning-tree load balancing for VLAN 10.
You have verified IP connectivity between you Cisco Nexus 5000 Switch and your peer
pod Cisco Nexus 5000 Switch in VLAN 10.

150 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Task 2: Implement Cisco FabricPath
During this task, you will implement Cisco FabricPath between your Cisco Nexus 7000 VDC
and your peer pod Cisco Nexus 7000 VDC.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 7000 VDC.
Step 2 Examine the license usage on your Cisco Nexus 7000 VDC.
N7K-X-podP# show license usage
Feature Ins Lic Status Expiry Date Comments
Count
------------------------------------------------------------------------------
ENHANCED_LAYER2_PKG Yes - Unused Never -
SCALABLE_SERVICES_PKG No - Unused -
TRANSPORT_SERVICES_PKG Yes - Unused Never -
LAN_ADVANCED_SERVICES_PKG Yes - Unused Never -
LAN_ENTERPRISE_SERVICES_PKG Yes - Unused Never -
------------------------------------------------------------------------------
Step 3 Which license is required to enable Cisco FabricPath?

Step 4 Enable the FabricPath feature set.


N7K-X-podP(config)# feature-set fabricpath
Step 5 Examine the FabricPath switch ID of your Cisco Nexus 7000 VDC.
N7K-X-podP# show fabricpath switch-id
FABRICPATH SWITCH-ID TABLE
Legend: '*' - this system
=========================================================================
SWITCH-ID SYSTEM-ID FLAGS STATE STATIC EMULATED
----------+----------------+------------+-----------+--------------------
*3869 a8b1.d455.6fc4 Primary Confirmed No No
Total Switch-ids: 1
Step 6 How was the switch ID for your VDC selected?

Step 7 Configure the switch ID of your VDC to be PQ, where P is your pod number and Q
is your peer pod number.
N7K-X-podP(config)# fabricpath switch-id PQ
Step 8 Verify the configured FabricPath switch ID.
N7K-X-podP# show fabricpath switch-id
FABRICPATH SWITCH-ID TABLE
Legend: '*' - this system
=========================================================================
SWITCH-ID SYSTEM-ID FLAGS STATE STATIC EMULATED
----------+----------------+------------+-----------+--------------------
*PQ a8b1.d455.6fc4 Primary Confirmed Yes No
Total Switch-ids: 1
Step 9 Configure the two interfaces on the F1 series I/O module that connect your VDC
and your peer pod VDC as FabricPath interfaces. Use the Lab Connections job aid to
find the correct interfaces.
N7K-X-podP(config)# interface ethernet 3/I-J
N7K-X-podP(config-if-range)# switchport mode fabricpath
Step 10 Reexamine the FabricPath switch IDs.

2011 Cisco Systems, Inc. Lab Guide 151


N7K-X-podP# show fabricpath switch-id
FABRICPATH SWITCH-ID TABLE
Legend: '*' - this system
=========================================================================
SWITCH-ID SYSTEM-ID FLAGS STATE STATIC EMULATED
----------+----------------+------------+-----------+--------------------
*PQ a8b1.d455.6fc4 Primary Confirmed Yes No
QP 0026.9804.a944 Primary Confirmed Yes No
Total Switch-ids: 2

Note Do not continue to the next step until you see your peer pod switch ID listed in the output of
the show fabricpath switch-id command.

Step 11 Use the show fabricpath isis adjacency command to verify that FabricPath IS-IS
adjacencies have been formed on both the F1 interfaces between your VDC and your
peer pod VDC.
N7K-X-podP# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID SNPA Level State Hold Time Interface
N7K-Y-podQ N/A 1 UP 00:00:29 Ethernet3/I
N7K-Y-podQ N/A 1 UP 00:00:26 Ethernet3/J
Step 12 Examine the FabricPath routing table.
N7K-X-podP# show fabricpath route
FabricPath Unicast Route Table
'a/b/c' denotes ftag/switch-id/subswitch-id
'[x/y]' denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id

FabricPath Unicast Route Table for Topology-Default

0/PQ/0, number of next-hops: 0


via ---- , [60/0], 0 day/s 00:30:55, local

Note The FabricPath routing table does not list any remote switches until at least one FabricPath
VLAN has been configured.

Step 13 Convert VLAN 10 to a FabricPath VLAN.


N7K-X-podP(config)# vlan 10
N7K-X-podP(config-vlan)# mode fabricpath
N7K-X-podP(config-vlan)# exit
Step 14 Reexamine the FabricPath routing table.
N7K-X-podP# show fabricpath route
FabricPath Unicast Route Table
'a/b/c' denotes ftag/switch-id/subswitch-id
'[x/y]' denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id

FabricPath Unicast Route Table for Topology-Default

0/PQ/0, number of next-hops: 0


via ---- , [60/0], 0 day/s 00:40:06, local
1/QP/0, number of next-hops: 2
via Eth3/I, [115/40], 0 day/s 00:05:41, isis_fabricpath-default
via Eth3/J, [115/40], 0 day/s 00:05:41, isis_fabricpath-default

152 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 15 Examine the MAC address table for VLAN 10. Were any MAC addresses learned
for VLAN 10?
N7K-X-podP# show mac address-table vlan 10
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
Step 16 Connect to your assigned Cisco Nexus 5000 Switch.
Step 17 Ping the IP address of your peer pod Cisco Nexus 5000 Switch, 172.16.10.5Q,
where Q is your peer pod number, to confirm IP connectivity between the two pods.
Was the ping successful?

N5K-P# ping 172.16.10.5Q


PING 172.16.10.5Q (172.16.10.5Q): 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out

--- 172.16.10.5Q ping statistics ---


5 packets transmitted, 0 packets received, 100.00% packet loss
Step 18 Reexamine the MAC address table for VLAN 10 on your assigned Cisco Nexus
7000 VDC. Was the local MAC address of your Cisco Nexus 5000 Switch learned
in VLAN 10?

N7K-X-podP# show mac address-table vlan 10


Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
Step 19 Examine the spanning tree topology for VLAN 10.
N7K-X-podP# show spanning-tree vlan 10

MST0002
Spanning tree enabled protocol mstp
Root ID Priority 8194
Address c84c.75fa.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8194 (priority 8192 sys-id-ext 2)


Address c84c.75fa.6000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type


---------------- ---- --- --------- -------- --------------------------------

Note The interface that connects your Cisco Nexus 7000 VDC to your Cisco Nexus 7000 Switch
is no longer listed in the spanning tree for VLAN 10, because this interface is a port on an
M1-series I/O module and VLAN 10 has been configured as a FabricPath VLAN. Ports on
M1 modules cannot be used as the ingress port for FabricPath VLANs, even if the port is
running as a Classical Ethernet (CE) port.

2011 Cisco Systems, Inc. Lab Guide 153


Step 20 Configure the interface on the F1 series that connects your Cisco Nexus 7000 VDC
to your Cisco Nexus 5000 Switch as a trunk and enable the interface. Use the Lab
Connections job aid to find the correct interface.
N7K-X-podP(config)# interface ethernet 3/K
N7K-X-podP(config-if)# switchport mode trunk
N7K-X-podP(config-if)# no shutdown
Step 21 Switch to your Cisco Nexus 5000 Switch.
Step 22 Disable the interface on your Cisco Nexus 5000 Switch that connects to the interface
on the M1 series I/O module on your Cisco Nexus 7000 VDC. This interface is
Ethernet 1/19 for odd pod numbers and Ethernet 1/20 for even pod numbers.
N5K-P(config)# interface ethernet 1/19 or 20
N5K-P(config-if)# shutdown
Step 23 Configure the corresponding interface Ethernet 1/15 on your Cisco Nexus 5000
Switch as a trunk.
N5K-P(config)# interface ethernet 1/15
N5K-P(config-if)# switchport mode trunk
N5K-P(config-if)# no shutdown

Step 24 Use Cisco Discovery Protocol to verify that the only interface that connects your
Cisco Nexus 5000 Switch to your Cisco Nexus 7000 VDC is the interface that
connects to F1 series module 3 on your Cisco Nexus 7000 Switch.
N5K-P# show cdp neighbors
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute

Device-ID Local Intrfce Hldtme Capability Platform Port ID

N7K-X-podP(JAF1424AHSA)Eth1/15 159 R S I s N7K-C7010 Eth3/K


Step 25 Ping the IP address of your peer pod Cisco Nexus 5000 Switch, 172.16.10.5Q,
where Q is your peer pod number, to confirm IP connectivity between the two pods.
Was the ping successful this time?

N5K-P# ping 172.16.10.5Q


PING 172.16.10.5Q (172.16.10.5Q): 56 data bytes
Request 0 timed out
64 bytes from 172.16.10.5Q: icmp_seq=1 ttl=254 time=1.104 ms
64 bytes from 172.16.10.5Q: icmp_seq=2 ttl=254 time=0.744 ms
64 bytes from 172.16.10.5Q: icmp_seq=3 ttl=254 time=0.701 ms
64 bytes from 172.16.10.5Q: icmp_seq=4 ttl=254 time=0.666 ms

--- 172.16.10.5Q ping statistics ---


5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 0.666/0.803/1.104 ms

Note Do not proceed to the next task until you succeed in pinging the peer pod Cisco Nexus 5000
Switch VLAN 10 IP address. Troubleshoot together with your peer pod as necessary.

Activity Verification
You have completed this task when you attain these results:
You have implemented Cisco FabricPath on your Cisco Nexus 7000 VDC for VLAN 10.

154 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
You have verified IP connectivity between you Cisco Nexus 5000 Switch and your peer
pod Cisco Nexus 5000 Switch in VLAN 10 across the Cisco FabricPath network.

2011 Cisco Systems, Inc. Lab Guide 155


Task 3: Analyze Cisco FabricPath Load Balancing
During this task, you will analyze the load balancing capabilities of Cisco FabricPath.

Activity Procedure
Complete these steps:
Step 1 Connect to your assigned Cisco Nexus 5000 Switch.
Step 2 Use the table below to record the MAC addresses of the VLAN 10 interface of your
Cisco Nexus 5000 Switch and your peer pod Cisco Nexus 5000 Switch.

Device MAC address

N5K-P (your pod)

N5K-Q (peer pod)

Tip You can use the show ip arp command to obtain the MAC address of the peer pod switch.

Step 3 Connect to your assigned Cisco Nexus 7000 VDC.


Step 4 Examine the MAC address table for VLAN 10 on your Cisco Nexus 7000 Switch.
N7K-X-podP# show mac address-table vlan 10
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
10 0005.9b1f.7c7c dynamic 90 F F QP.0.14
* 10 0005.9b1f.89fc dynamic 90 F F Eth3/K
Step 5 Examine the entry for the MAC address of your peer pod Cisco Nexus 5000 Switch.
N7K-X-podP# show mac address-table address 0005.9b1f.7c7c
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
10 0005.9b1f.7c7c dynamic 245 F F QP.0.14
Step 6 How will frames to this MAC address be forwarded?

Step 7 Examine the FabricPath routing table.


N7K-X-podP# show fabricpath route
FabricPath Unicast Route Table
'a/b/c' denotes ftag/switch-id/subswitch-id
'[x/y]' denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id

FabricPath Unicast Route Table for Topology-Default

0/PQ/0, number of next-hops: 0


via ---- , [60/0], 0 day/s 15:56:03, local
1/QP/0, number of next-hops: 2
via Eth3/I, [115/40], 0 day/s 15:21:38, isis_fabricpath-default
via Eth3/J, [115/40], 0 day/s 15:21:38, isis_fabricpath-default

156 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 8 Which of the interfaces will be used to forward frames to your peer pod Cisco Nexus
7000 VDC?

Step 9 Use the show fabricpath load-balance unicast forwarding-path command to find
out which of the two available paths will be used to forward ping traffic from your
Cisco Nexus 5000 Switch to your peer pod Cisco Nexus 5000 Switch.
N7K-X-podP# show fabricpath load-balance unicast forwarding-path ftag 1
switchid QP flow-type l3 src-ip 172.16.10.5P dst-ip 172.16.10.5Q vlan 10
module 3
128b Hash Key generated : 00000ac100a38ac100a3700a00000000
This flow selects interface Eth3/I

Note Replace the IP addresses in the command with the IP addresses that match the IP
addresses of your pod and peer pod Cisco Nexus 5000 Switches.

Step 10 Vary the IP addresses in the show fabricpath load-balance command to confirm
that traffic is load balanced across the two paths.
Step 11 How does the load-balancing behavior of Cisco FabricPath compare to the load-
balancing behavior of the STP?

Step 12 Switch to your assigned Cisco Nexus 5000 Switch.


Step 13 Change the spanning tree priority for all MST instances to 4096.
N5K-P(config)# spanning-tree mst 0-2 priority 4096
Step 14 Again, ping the IP address of your peer pod Cisco Nexus 5000 Switch,
172.16.10.5Q, where Q is your peer pod number, to confirm IP connectivity
between the two pods. Was the ping successful?

N5K-P# ping 172.16.10.5Q


PING 172.16.10.5Q (172.16.10.5Q): 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out

--- 172.16.10.5Q ping statistics ---


5 packets transmitted, 0 packets received, 100.00% packet loss
Step 15 Switch back to your assigned Cisco Nexus 7000 VDC.
Step 16 Examine the spanning-tree topology for VLAN 10.
N7K-X-podP# show spanning-tree vlan 10

MST0002
Spanning tree enabled protocol mstp
Root ID Priority 8194
Address c84c.75fa.6000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8194 (priority 8192 sys-id-ext 2)


Address c84c.75fa.6000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type

2011 Cisco Systems, Inc. Lab Guide 157


---------------- ---- --- --------- -------- --------------------------------
Eth3/K Desg BKN*2000 128.399 P2p *L2GW_Inc
Step 17 Examine the spanning-tree inconsistency. Why is the port leading to your Cisco
Nexus 5000 Switch in inconsistent state?

N7K-X-podP# show spanning-tree inconsistentports

Name Interface Inconsistency


-------------------- ------------------- ------------------
MST0002 Eth3/K L2 Gateway Backbone Port Inconsistent

Number of inconsistent ports (segments) in the system : 1

Note The Cisco FabricPath Layer 2 gateways must be configured with the lowest priority in the
spanning-tree domain in order to ensure that the Layer 2 gateway becomes the root of the
spanning tree. If superior BPDUs are received on a CE port by a FabricPath Layer 2
gateway, the CE port is blocked.

Step 18 Switch to your Cisco Nexus 5000 Switch.


Step 19 Reset the spanning-tree priority on your Cisco Nexus 5000 Switch to the default
value for all MST instances.
N5K-P(config)# no spanning-tree mst 0-2 priority
Step 20 Switch back to your Cisco Nexus 7000 VDC.
Step 21 Verify that the spanning-tree inconsistency has disappeared.
N7K-X-podP# show spanning-tree inconsistentports
Step 22 Examine the bridge ID of the root bridge for VLAN 10.
N7K-X-podP# show spanning-tree vlan 10 root id

MST0002 2002.c84c.75fa.6000
Step 23 Compare this to the bridge ID of the root bridge in your peer pod. Is it different? Or
is it the same?

Note The Cisco FabricPath network presents itself as a single root bridge using the same bridge
ID for each spanning tree domain on all the FabricPath Layer 2 gateways.

Step 24 Save the configurations on the switches in your pod.

Activity Verification
You have completed this task when you attain these results:
You have examined the Cisco FabricPath forwarding and load balancing behavior between
your pod and your peer pod.
You have examined the interaction between Cisco FabricPath and STP.

158 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 7-1: Configuring FCoE
Complete this lab activity to practice what you learned in the related lesson.

Activity Objective
In this activity, you will become familiar with the Cisco Nexus 5000 hardware platform. After
completing this activity, you will be able to meet these objectives:
Become familiar with and configure the Cisco Nexus 2000 Fabric Extender using the CLI
of the Cisco Nexus 5000 Switch
Create server interface pinnings between the Cisco Nexus 2000 front panel interfaces and
the Cisco Nexus 5000 uplinks
Validate connectivity and configuration parameters between the Cisco Nexus 2000 Fabric
Extender and the Cisco Nexus 5000 Switch

Visual Objective

Lab 7-1: Configuring FCoE


JBOD JBOD

EMC2 EMC2

MDS9124-1 MDS9124-2

Nexus 5010 Nexus 5010

Nexus 2248TP Nexus 2248TP

2011 Cisco Systems, Inc. All rights reserved. DCUFI v4.0LG-12

Required Resources
These are the resources and equipment that are required to complete this activity:
Two Cisco Nexus 5000 Switches
Two Fibre Channel expansion modules
Cisco NX-OS Storage Service License for the Cisco Nexus 5000 Switch
Two Cisco Nexus 2000 Fabric Extenders
Two Windows 2003 servers
Two Cisco MDS 9124 Switches

2011 Cisco Systems, Inc. Lab Guide 159


Two Just a Bunch of Disks (JBODs)

Command List
Command Description

write erase Erases the switch startup configuration.

bind interface ethernet Bind the virtual Fibre Channel interface to an Ethernet
<x/y> interface.

channel-group <x> Create a channel group.

description <description> Apply a description to a channel group.

feature fcoe Enable FCoE.

feature fex Enable the use of fabric extenders.

Associate the fabric extender with one or more Ethernet


fex associate <x> interfaces.

fex <x> Create a fabric extender configuration.

interface ethernet <x/y> Enter interface mode.

interface vfc <x> Enter virtual interface mode.

interface port-channel <x> Enter port channel interface mode.

no fex associate Remove a fabric extender association.

no shut Enable an interface.

Configure the number of links connecting the fabric


pinning max-links <x> extender to the Cisco Nexus 5000 Switch.

reload fex <x> Reload the fabric extender.

show fcoe Display the FCoE global details.

show fex detail Display the fabric extender details.

show interface brief Display interface details in brief.

show interface ethernet Display the fabric extender interfaces associated with an
<x/y> fex-intf Ethernet interface.

show interface vfc <x> Display the virtual Fibre Channel interface.

show version Display the software version running on the switch.

show vlan fcoe Display the VLAN-to-VSAN mapping and status.

show vsan membership Display the VSAN interface membership details.

spanning-tree port type Configure an interface as a spanning-tree trunk port at the


edge trunk edge.

switchport mode trunk Configure trunk mode on an interface.

vlan <id> Configure a VLAN.

vsan database Enter VSAN database configuration mode.

vsan <id> Configure a VSAN.

vsan <id> interface vfc <x> Associate a VSAN with a Fibre Channel interface.

160 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Job Aids
These job aids are available to help you complete the lab activity.
Lab topology diagram
Lab connections
Lab IP address plan

2011 Cisco Systems, Inc. Lab Guide 161


Task 1: Initial Configuration on the Cisco Nexus 5000 Switch
Activity Procedure
During this exercise, you will perform the initial configuration on the Cisco Nexus 5000
Switch. You will also remove the Fabric Extender related configutation from your Nexus 7000
VDC and validate that the correct software is running to support the Cisco Nexus 2000 Fabric
Extender. Complete these steps:
Step 25 Connect to your assigned Cisco Nexus 7000 VDC.
Step 26 Remove the fex configuration along with the designated Port-Channel from your
Cisco Nexus 7000 VDC.
N7K-X-podP# configure
N7K-X-podP(config)# no interface port-channel 10P
N7K-X-podP(config)# default interface ethernet 1/C
N7K-X-podP(config)# interface ethernet 1/C
N7K-X-podP (config-if)# shutdown
N7K-X-podP(config)# no fex 10P
N7K-X-podP(config)# end
N7K-X-podP# copy run start
Step 1 Connect to your Cisco Nexus 5000 Switch.
Step 2 Erase the current configuration on the switch by performing a write erase followed
by a reload.
N5K-P# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
N5K-P# reload
Step 3 Answer Y (yes) to any questions asked.
Step 4 After the switch has reloaded, configure the administrative username and password:
---- System Admin Account Setup ----
Do you want to enforce secure password standard (yes/no): y
Enter the password for "admin": 1234QWer
Confirm the password for "admin": 1234QWer
Step 5 When asked if you wish to enter the basic configuration dialog, type Y for yes.
---- Basic System Configuration Dialog ----

This setup utility will guide you through the basic


configuration of the system. Setup configures only enough
connectivity for management of the system.

Please register Cisco Nexus 5000 Family devices promptly with


your supplier. Failure to register may affect response times
for initial service calls. Nexus devices must be registered to
receive entitled support services.

Press Enter at anytime to skip a dialog. Use ctrl-c at anytime

162 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
to skip the remaining dialogs.

Would you like to enter the basic configuration dialog


(yes/no):y
Step 6 Complete the initial configuration as follows:
Create another login account (yes/no) [n]: n
Configure read-only SNMP community string (yes/no) [n]: n
Configure read-write SNMP community string (yes/no) [n]: n
Enter the switch name : N5K-P (where P is your pod number)
Continue with Out-of-band (mgmt0) management configuration?
(yes/no) [y]: y
Mgmt0 IPv4 address : 192.168.0.P8 (where P is your pod number)
Mgmt0 IPv4 netmask : 255.255.255.0
Configure the default gateway? (yes/no) [y]: y
IPv4 address of the default gateway : 192.168.0.254
Enable the telnet service? (yes/no) [n]: y
Enable the ssh service? (yes/no) [y]: <enter>
Type of ssh key you would like to generate (dsa/rsa) : rsa
Number of key bits <768-2048> : 2048
Configure the ntp server? (yes/no) [n]: <enter>
Enter basic FC configurations (yes/no) [n]: <enter>

The following configuration will be applied:


interface mgmt0
ip address 192.168.0.P8 255.255.255.0
no shutdown
exit
vrf context management
ip route 0.0.0.0/0 192.168.0.254
exit
telnet server enable
feature http-server
ssh key rsa 2048 force
ssh server enable

Would you like to edit the configuration? (yes/no) [n]: n

Use this configuration and save it? (yes/no) [y]: y

[########################################] 100%

N5K-P#
Step 7 In order to configure the Cisco Nexus 2000 Fabric Extender, the Cisco Nexus 5000
Switch requires at least Cisco NX-OS Release 4.0(1a)N2(1). Confirm that the Cisco
Nexus 5000 is currently running this version of software at minimum.
N5K-P# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2011, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under

2011 Cisco Systems, Inc. Lab Guide 163


the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
N5K-1# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2011, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Software
BIOS: version 3.5.0
loader: version N/A
kickstart: version 5.0(3)N2(1)
system: version 5.0(3)N2(1)
power-seq: Module 1: version v1.0
Module 3: version v2.0
uC: version v1.2.0.1
SFP uC: Module 1: v1.0.0.0
BIOS compile time: 02/03/2011
kickstart image file is: bootflash:/n5000-uk9-
kickstart.5.0.3.N2.1.bin
kickstart compile time: 6/13/2011 6:00:00 [06/13/2011 13:43:33]
system image file is: bootflash:/n5000-uk9.5.0.3.N2.1.bin
system compile time: 6/13/2011 6:00:00 [06/13/2011 15:33:42]

Hardware
cisco Nexus5548 Chassis ("O2 32X10GE/Modular Universal Platform
Supervisor")
Intel(R) Xeon(R) CPU with 8299528 kB of memory.
Processor Board ID JAF1522AFPG

Device name: N5K-1


bootflash: 1908736 kB

Kernel uptime is 0 day(s), 0 hour(s), 5 minute(s), 41 second(s)

Last reset at 233070 usecs after Tue Aug 30 04:08:57 2011

Reason: Reset Requested by CLI command reload


System version: 5.0(3)N2(1)
Service:

plugin
Core Plugin, Ethernet Plugin
N5K-P#

164 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 8 Is the Cisco Nexus 5000 running the correct or later version of the Cisco NX-OS
software? ___________________________________________________________

Activity Verification
You have completed this task when you attain these results:
Completed the initial configuration of the Cisco Nexus 5000 Switch.
Confirmed that the Cisco Nexus 5000 Switch is running the right version of Cisco NX-OS
software to support the Cisco Nexus 2000 Fabric Extender.

Task 2: Configure the Cisco Nexus 2000 Fabric Extender


Activity Procedure
During this exercise, you will configure the Cisco Nexus 2000 uplinks and server interface
pinnings. You will also validate connectivity between the Cisco Nexus 2000 Fabric Extender
and the Cisco Nexus 5000 Switch. Complete these steps:
Step 1 On your Cisco Nexus 7000 pod VDC, shut down any interfaces connected to the
FEX.

Note The FEX cannot be actively attached to the Cisco Nexus 5000 and 7000 simultaneously, so
for this lab the interfaces between the Cisco Nexus 7000 and the FEX need to be in a
shutdown state.

Step 2 Configure the Cisco fabric extender for FEX ID 10P (where P is your Pod#) using
two links.
N5K-P# configure
Enter configuration commands, one per line. End with CNTL/Z.
N5K-P(config)# feature ?
adapter-fex Enable/Disable adapter-fex feature
bgp Enable/Disable Border Gateway Protocol (BGP)
dhcp Enable/Disable DHCP Snooping
eigrp Enable/Disable Enhanced Interior Gateway
Routing Protocol (EIGRP)
fcoe Enable/Disable FCoE/FC feature
fcoe-npv Enable/Disable FCoE NPV feature
fex Enable/Disable FEX
flexlink Enable/Disable Flexlink
hsrp Enable/Disable Hot Standby Router Protocol
(HSRP)
interface-vlan Enable/Disable interface vlan
lacp Enable/Disable LACP
msdp Enable/Disable Multicast Source Discovery
Protocol (MSDP)
ospf Enable/Disable Open Shortest Path First
Protocol (OSPF)
pim Enable/Disable Protocol Independent
Multicast (PIM)
poe Enable/Disable PoE
private-vlan Enable/Disable private-vlan

2011 Cisco Systems, Inc. Lab Guide 165


privilege Enable/Disable IOS type privilege level
support
rip Enable/Disable Routing Information Protocol
(RIP)
ssh Enable/Disable ssh
tacacs+ Enable/Disable tacacs+
telnet Enable/Disable telnet
udld Enable/Disable UDLD
vpc Enable/Disable VPC (Virtual Port Channel)
vrrp Enable/Disable Virtual Router Redundancy
Protocol (VRRP)
vtp Enable/Disable Vlan Trunking Protocol (VTP)

N5K-P(config)# feature fex


N5K-P(config)# fex ?
<100-199> FEX number

N5K-P(config)# fex 10P


N5K-P(config-fex)# description PodP-FEX
N5K-P(config-fex)# pinning ?
max-links Number of Fabric links

N5K-P(config-fex)# pinning max-links ?


<1-8> Number of fabric links

N5K-P(config-fex)# pinning max-links 2


Change in Max-links will cause traffic disruption.
N5K-P(config-fex)#
Step 3 Ensure that interfaces ethernet 1/1112 are shut down.
N5K-P(config-fex)# interface ethernet 1/11-12
N5K-P(config-if-range)# shut
N5K-P(config-if-range)# exit
N5K-P(config)#
Step 4 Enable interfaces 1/910 and set them to FEX-FABRIC mode.
N5K-P(config)# interface ethernet 1/9-10
N5K-P(config-if-range)# no shut
N5K-P(config-if-range)# switchport mode fex-fabric
N5K-P(config-if-range)#
Step 5 Associate Ethernet 1/910 with your FEX 10P (P is your Pod#).
N5K-P(config-if-range)# fex associate 10P
N5K-P(config-if-range)#
Step 6 View the FEX(es).
N5K-P(config-if-range)# show fex
FEX FEX FEX FEX
Number Description State Model Serial
---------------------------------------------------------------------
10P PodP-FEX Online N2K-C2248TP-1GE JAF1420AHPE
N5K-P(config-if-range)#

166 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Note Ignore the second FEX if you see it. It belongs to your peer pod.

Step 7 Ensure that the FEX is online. If it is discovered, then wait a few minutes before
reissuing the command to ensure it is online.
Step 8 View the fabric extender parameters.
N5K-P(config-if-range)# show fex detail
FEX: 10P Description: PodP-FEX state: Online
FEX version: 5.0(3)N2(1) [Switch version: 5.0(3)N2(1)]
FEX Interim version: 5.0(3)N2(1)
Switch Interim version: 5.0(3)N2(1)
Extender Model: N2K-C2248TP-1GE, Extender Serial: JAF1420AHDG
Part No: 73-12748-05
Card Id: 99, Mac Addr: 54:75:d0:ed:72:c2, Num Macs: 64
Module Sw Gen: 12594 [Switch Sw Gen: 21]
post level: complete
pinning-mode: static Max-links: 2
Fabric port for control traffic: Eth1/9
Fabric interface state:
Eth1/9 - Interface Up. State: Active
Eth1/10 - Interface Up. State: Active
Fex Port State Fabric Port
Eth10P/1/1 Down Eth1/9
Eth10P/1/2 Up Eth1/9
Eth10P/1/3 Down Eth1/9
Eth10P/1/4 Down Eth1/9
Eth10P/1/5 Down Eth1/9
Eth10P/1/6 Down Eth1/9
Eth10P/1/7 Down Eth1/9
Eth10P/1/8 Down Eth1/9
Eth10P/1/9 Down Eth1/9
Eth10P/1/10 Down Eth1/9
Eth10P/1/11 Down Eth1/9
Eth10P/1/12 Down Eth1/9
Eth10P/1/13 Down Eth1/9
Eth10P/1/14 Down Eth1/9
Eth10P/1/15 Down Eth1/9
Eth10P/1/16 Down Eth1/9
Eth10P/1/17 Down Eth1/9
Eth10P/1/18 Down Eth1/9
Eth10P/1/19 Down Eth1/9
Eth10P/1/20 Down Eth1/9
Eth10P/1/21 Down Eth1/9
Eth10P/1/22 Down Eth1/9
Eth10P/1/23 Down Eth1/9
Eth10P/1/24 Down Eth1/9
Eth10P/1/25 Down Eth1/10
Eth10P/1/26 Down Eth1/10
Eth10P/1/27 Down Eth1/10
Eth10P/1/28 Down Eth1/10
Eth10P/1/29 Down Eth1/10
Eth10P/1/30 Down Eth1/10

2011 Cisco Systems, Inc. Lab Guide 167


Eth10P/1/31 Down Eth1/10
Eth10P/1/32 Down Eth1/10
Eth10P/1/33 Down Eth1/10
Eth10P/1/34 Down Eth1/10
Eth10P/1/35 Down Eth1/10
Eth10P/1/36 Down Eth1/10
Eth10P/1/37 Down Eth1/10
Eth10P/1/38 Down Eth1/10
Eth10P/1/39 Down Eth1/10
Eth10P/1/40 Down Eth1/10
Eth10P/1/41 Down Eth1/10
Eth10P/1/42 Down Eth1/10
Eth10P/1/43 Down Eth1/10
Eth10P/1/44 Down Eth1/10
Eth10P/1/45 Down Eth1/10
Eth10P/1/46 Down Eth1/10
Eth10P/1/47 Down Eth1/10
Eth10P/1/48 Down Eth1/10
Logs:
08/30/2011 04:21:00.491802: Module register received
08/30/2011 04:21:00.492616: Image Version Mismatch
08/30/2011 04:21:00.492884: Registration response sent
08/30/2011 04:21:00.493152: Requesting satellite to download image
08/30/2011 04:28:45.970680: Image preload successful.
08/30/2011 04:28:47.204917: Deleting route to FEX
08/30/2011 04:28:47.210490: Module disconnected
08/30/2011 04:28:47.211664: Module Offline
08/30/2011 04:30:04.630775: Module register received
08/30/2011 04:30:04.631878: Registration response sent
08/30/2011 04:30:05.50519: Module Online Sequence
08/30/2011 04:30:10.518931: Module Online

N5K-P(config-if-range)#
Step 9 Which port is used for control traffic? _____________________________________
Step 10 View the FEX-FABRIC ports.
N5K-P(config-if-range)# show interface fex-fabric
Fabric Fabric Fex FEX
Fex Port Port State Uplink Model Serial
---------------------------------------------------------------
10P Eth1/9 Active 1 N2K-C2248TP-1GE JAF1420AHPE
10P Eth1/10 Active 2 N2K-C2248TP-1GE JAF1420AHPE
N5K-P(config-if-range)#
Step 11 Display the association between the Cisco fabric extender interfaces and the Cisco
Nexus 5000 Ethernet interfaces 1/910.
N5K-P(config-if-range)# show interface ethernet 1/9-10 fex-int
Fabric FEX
Interface Interfaces
---------------------------------------------------
Eth1/9 Eth10P/1/1 Eth10P/1/2 Eth10P/1/3 Eth10P/1/4
Eth10P/1/5 Eth10P/1/6 Eth10P/1/7 Eth10P/1/8

168 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Eth10P/1/9 Eth10P/1/10 Eth10P/1/11 Eth10P/1/12
Eth10P/1/13 Eth10P/1/14 Eth10P/1/15 Eth10P/1/16
Eth10P/1/17 Eth10P/1/18 Eth10P/1/19 Eth10P/1/20
Eth10P/1/21 Eth10P/1/22 Eth10P/1/23 Eth10P/1/24

Eth1/10 Eth10P/1/25 Eth10P/1/26 Eth10P/1/27 Eth10P/1/28


Eth10P/1/29 Eth10P/1/30 Eth10P/1/31 Eth10P/1/32
Eth10P/1/33 Eth10P/1/34 Eth10P/1/35 Eth10P/1/36
Eth10P/1/37 Eth10P/1/38 Eth10P/1/39 Eth10P/1/40
Eth10P/1/41 Eth10P/1/42 Eth10P/1/43 Eth10P/1/44
Eth10P/1/45 Eth10P/1/46 Eth10P/1/47 Eth10P/1/48

N5K-P(config-if-range)#
Step 12 Shut down interface ethernet 1/10 and view the FEX details. Compare this to the
output from Steps 9 and 10. Are there any changes?
____________________________________________________________________
N5K-P(config-if-range)# interface ethernet 1/10
N5K-P(config-if)# shut

N5K-P(config-if)# show interface fex-fabric


Fabric Fabric Fex FEX
Fex Port Port State Uplink Model Serial
---------------------------------------------------------------
10P Eth1/9 Active 1 N2K-C2248TP-1GE JAF1420AHPE
10P Eth1/10 Configured 2 N2K-C2248TP-1GE JAF1420AHPE

N5K-P(config-if)# show fex detail


FEX: 10P Description: PodP-FEX state: Online
FEX version: 5.0(3)N2(1) [Switch version: 5.0(3)N2(1)]
FEX Interim version: 5.0(3)N2(1)
Switch Interim version: 5.0(3)N2(1)
Extender Model: N2K-C2248TP-1GE, Extender Serial: JAF1420AHDG
Part No: 73-12748-05
Card Id: 99, Mac Addr: 54:75:d0:ed:72:c2, Num Macs: 64
Module Sw Gen: 12594 [Switch Sw Gen: 21]
post level: complete
pinning-mode: static Max-links: 2
Fabric port for control traffic: Eth1/9
Fabric interface state:
Eth1/9 - Interface Up. State: Active
Eth1/10 - Interface Down. State: Configured
Fex Port State Fabric Port
Eth10P/1/1 Down Eth1/9
Eth10P/1/2 Up Eth1/9
Eth10P/1/3 Down Eth1/9
Eth10P/1/4 Down Eth1/9
Eth10P/1/5 Down Eth1/9
Eth10P/1/6 Down Eth1/9
Eth10P/1/7 Down Eth1/9
Eth10P/1/8 Down Eth1/9
Eth10P/1/9 Down Eth1/9

2011 Cisco Systems, Inc. Lab Guide 169


Eth10P/1/10 Down Eth1/9
Eth10P/1/11 Down Eth1/9
Eth10P/1/12 Down Eth1/9
Eth10P/1/13 Down Eth1/9
Eth10P/1/14 Down Eth1/9
Eth10P/1/15 Down Eth1/9
Eth10P/1/16 Down Eth1/9
Eth10P/1/17 Down Eth1/9
Eth10P/1/18 Down Eth1/9
Eth10P/1/19 Down Eth1/9
Eth10P/1/20 Down Eth1/9
Eth10P/1/21 Down Eth1/9
Eth10P/1/22 Down Eth1/9
Eth10P/1/23 Down Eth1/9
Eth10P/1/24 Down Eth1/9
Eth10P/1/25 Down Eth1/10
Eth10P/1/26 Down Eth1/10
Eth10P/1/27 Down Eth1/10
Eth10P/1/28 Down Eth1/10
Eth10P/1/29 Down Eth1/10
Eth10P/1/30 Down Eth1/10
Eth10P/1/31 Down Eth1/10
Eth10P/1/32 Down Eth1/10
Eth10P/1/33 Down Eth1/10
Eth10P/1/34 Down Eth1/10
Eth10P/1/35 Down Eth1/10
Eth10P/1/36 Down Eth1/10
Eth10P/1/37 Down Eth1/10
Eth10P/1/38 Down Eth1/10
Eth10P/1/39 Down Eth1/10
Eth10P/1/40 Down Eth1/10
Eth10P/1/41 Down Eth1/10
Eth10P/1/42 Down Eth1/10
Eth10P/1/43 Down Eth1/10
Eth10P/1/44 Down Eth1/10
Eth10P/1/45 Down Eth1/10
Eth10P/1/46 Down Eth1/10
Eth10P/1/47 Down Eth1/10
Eth10P/1/48 Down Eth1/10
Logs:
08/30/2011 04:21:00.491802: Module register received
08/30/2011 04:21:00.492616: Image Version Mismatch
08/30/2011 04:21:00.492884: Registration response sent
08/30/2011 04:21:00.493152: Requesting satellite to download image
08/30/2011 04:28:45.970680: Image preload successful.
08/30/2011 04:28:47.204917: Deleting route to FEX
08/30/2011 04:28:47.210490: Module disconnected
08/30/2011 04:28:47.211664: Module Offline
08/30/2011 04:30:04.630775: Module register received
08/30/2011 04:30:04.631878: Registration response sent
08/30/2011 04:30:05.50519: Module Online Sequence
08/30/2011 04:30:10.518931: Module Online

170 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
N5K-P(config-if)#
Step 13 What happened when you shut down the interface? __________________________
____________________________________________________________________
Step 14 No shut interface ethernet 1/10.
N5K-P(config-if)# interface ethernet 1/10
N5K-P(config-if)# no shutdown

N5K-P(config-if)# show fex detail


FEX: 10P Description: PodP-FEX state: Online
FEX version: 5.0(3)N2(1) [Switch version: 5.0(3)N2(1)]
FEX Interim version: 5.0(3)N2(1)
Switch Interim version: 5.0(3)N2(1)
Extender Model: N2K-C2248TP-1GE, Extender Serial: JAF1420AHDG
Part No: 73-12748-05
Card Id: 99, Mac Addr: 54:75:d0:ed:72:c2, Num Macs: 64
Module Sw Gen: 12594 [Switch Sw Gen: 21]
post level: complete
pinning-mode: static Max-links: 2
Fabric port for control traffic: Eth1/9
Fabric interface state:
Eth1/9 - Interface Up. State: Active
Eth1/10 - Interface Down. State: Active
Fex Port State Fabric Port
Eth10P/1/1 Down Eth1/9
Eth10P/1/2 Up Eth1/9
Eth10P/1/3 Down Eth1/9
Eth10P/1/4 Down Eth1/9
Eth10P/1/5 Down Eth1/9
Eth10P/1/6 Down Eth1/9
Eth10P/1/7 Down Eth1/9
Eth10P/1/8 Down Eth1/9
Eth10P/1/9 Down Eth1/9
Eth10P/1/10 Down Eth1/9
Eth10P/1/11 Down Eth1/9
Eth10P/1/12 Down Eth1/9
Eth10P/1/13 Down Eth1/9
Eth10P/1/14 Down Eth1/9
Eth10P/1/15 Down Eth1/9
Eth10P/1/16 Down Eth1/9
Eth10P/1/17 Down Eth1/9
Eth10P/1/18 Down Eth1/9
Eth10P/1/19 Down Eth1/9
Eth10P/1/20 Down Eth1/9
Eth10P/1/21 Down Eth1/9
Eth10P/1/22 Down Eth1/9
Eth10P/1/23 Down Eth1/9
Eth10P/1/24 Down Eth1/9
Eth10P/1/25 Down Eth1/10
Eth10P/1/26 Down Eth1/10
Eth10P/1/27 Down Eth1/10
Eth10P/1/28 Down Eth1/10

2011 Cisco Systems, Inc. Lab Guide 171


Eth10P/1/29 Down Eth1/10
Eth10P/1/30 Down Eth1/10
Eth10P/1/31 Down Eth1/10
Eth10P/1/32 Down Eth1/10
Eth10P/1/33 Down Eth1/10
Eth10P/1/34 Down Eth1/10
Eth10P/1/35 Down Eth1/10
Eth10P/1/36 Down Eth1/10
Eth10P/1/37 Down Eth1/10
Eth10P/1/38 Down Eth1/10
Eth10P/1/39 Down Eth1/10
Eth10P/1/40 Down Eth1/10
Eth10P/1/41 Down Eth1/10
Eth10P/1/42 Down Eth1/10
Eth10P/1/43 Down Eth1/10
Eth10P/1/44 Down Eth1/10
Eth10P/1/45 Down Eth1/10
Eth10P/1/46 Down Eth1/10
Eth10P/1/47 Down Eth1/10
Eth10P/1/48 Down Eth1/10
Logs:
08/30/2011 04:21:00.491802: Module register received
08/30/2011 04:21:00.492616: Image Version Mismatch
08/30/2011 04:21:00.492884: Registration response sent
08/30/2011 04:21:00.493152: Requesting satellite to download image
08/30/2011 04:28:45.970680: Image preload successful.
08/30/2011 04:28:47.204917: Deleting route to FEX
08/30/2011 04:28:47.210490: Module disconnected
08/30/2011 04:28:47.211664: Module Offline
08/30/2011 04:30:04.630775: Module register received
08/30/2011 04:30:04.631878: Registration response sent
08/30/2011 04:30:05.50519: Module Online Sequence
08/30/2011 04:30:10.518931: Module Online

N5K-P(config-if)#

Note It may take a couple of seconds for the server ports to come up.

Step 15 Reload the Cisco fabric extender and validate the FEX-FABRIC interfaces.
N5K-P(config-if)# reload fex 10P
WARNING: This command will reboot FEX 10P
Do you want to continue? (y/n) [n] y
N5K-P(config-if)# 2011 Jan 24 05:53:28 N5K-P %$ VDC-1 %$ %NOHMS-2-
NOHMS_ENV_FEX_OFFLINE: FEX-10P Off-line (Serial Number JAF1420AHPE)
2011 Jan 24 05:53:28 N5K-P %$ VDC-1 %$ %PFMA-2-FEX_STATUS: Fex 10P is
offline
2011 Jan 24 05:54:31 N5K-P %$ VDC-1 %$ %SATCTRL-FEX10P-2-SATCTRL:
FEX-10P Module 1: Cold boot
2011 Jan 24 05:54:47 N5K-P %$ VDC-1 %$ %PFMA-2-FEX_STATUS: Fex 10P is
online
2011 Jan 24 05:54:47 N5K-P %$ VDC-1 %$ %NOHMS-2-NOHMS_ENV_FEX_ONLINE:
FEX-10P On-line

172 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
2011 Jan 24 05:54:47 N5K-P %$ VDC-1 %$ %PFMA-2-FEX_STATUS: Fex 10P is
online

N5K-P(config-if)# show interface fex-fabric


Fabric Fabric Fex FEX
Fex Port Port State Uplink Model Serial
---------------------------------------------------------------
10P Eth1/9 Active 1 N2K-C2248TP-1GE JAF1420AHPE
10P Eth1/10 Active 2 N2K-C2248TP-1GE JAF1420AHPE
N5K-P(config-if)#
Step 16 Has the port state changed on the Cisco Nexus 5000 Ethernet interfaces? _________
Step 17 How long does it take to complete the reload process on the Cisco fabric extender?
____________________________________________________________________
Step 18 Create a port channel 10P (where P is your Pod#), change the switchport to fex-
fabric, and associate your FEX.
N5K-P(config-if)# interface port-channel 10P
N5K-P(config-if)# switchport mode fex-fabric
N5K-P(config-if)# fex associate 10P
ERROR: FEX max-links not configured to be one
N5K-P(config-if)#
Step 19 Change the pinning to one and retry Step 17.
N5K-P(config-if)# fex 10P
N5K-P(config-fex)# pinning max-links 1
Change in Max-links will cause traffic disruption.

N5K-P(config-fex)# interface port-channel 10P


N5K-P(config-if)# fex associate 10P
N5K-P(config-if)#
Step 20 Place interface Ethernet 1/910 into the port channel 10P (where P is your Pod#).
N5K-P(config-if)# interface ethernet 1/9-10
N5K-P(config-if-range)# channel-group 10P
2011 Jan 24 06:02:07 N5K-P %$ VDC-1 %$ %PFMA-2-FEX_STATUS: Fex 10P is
offline
2011 Jan 24 06:02:07 N5K-P %$ VDC-1 %$ %NOHMS-2-
NOHMS_ENV_FEX_OFFLINE: FEX-10P Off-line (Serial Number JAF1420AHPE)
Step 21 Wait for the FEX to come online.
N5K-P(config-if-range)# 2011 Jan 24 06:02:41 N5K-P %$ VDC-1 %$ %PFMA-
2-FEX_STATUS: Fex 10P is online
2011 Jan 24 06:02:41 N5K-P %$ VDC-1 %$ %NOHMS-2-NOHMS_ENV_FEX_ONLINE:
FEX-10P On-line
2011 Jan 24 06:02:42 N5K-P %$ VDC-1 %$ %PFMA-2-FEX_STATUS: Fex 10P is
online

N5K-P(config-if-range)#
Step 22 Display the new association between the newly-created Cisco Nexus 5000 port
channel and the Cisco fabric extender interfaces.
N5K-P(config-if-range)# show interface port-channel 10P fex-int
Fabric FEX
Interface Interfaces
---------------------------------------------------

2011 Cisco Systems, Inc. Lab Guide 173


Po10P Eth10P/1/1 Eth10P/1/2 Eth10P/1/3 Eth10P/1/4
Eth10P/1/5 Eth10P/1/6 Eth10P/1/7 Eth10P/1/8
Eth10P/1/9 Eth10P/1/10 Eth10P/1/11 Eth10P/1/12
Eth10P/1/13 Eth10P/1/14 Eth10P/1/15 Eth10P/1/16
Eth10P/1/17 Eth10P/1/18 Eth10P/1/19 Eth10P/1/20
Eth10P/1/21 Eth10P/1/22 Eth10P/1/23 Eth10P/1/24
Eth10P/1/25 Eth10P/1/26 Eth10P/1/27 Eth10P/1/28
Eth10P/1/29 Eth10P/1/30 Eth10P/1/31 Eth10P/1/32
Eth10P/1/33 Eth10P/1/34 Eth10P/1/35 Eth10P/1/36
Eth10P/1/37 Eth10P/1/38 Eth10P/1/39 Eth10P/1/40
Eth10P/1/41 Eth10P/1/42 Eth10P/1/43 Eth10P/1/44
Eth10P/1/45 Eth10P/1/46 Eth10P/1/47 Eth10P/1/48

N5K-P(config-if-range)#
Step 23 View the Cisco Nexus 5000 Ethernet interfaces.
N5K-P(config-if-range)# show fex 10P
FEX: 10P Description: PodP-FEX state: Online
FEX version: 5.0(3)N2(1) [Switch version: 5.0(3)N2(1)]
Extender Model: N2K-C2248TP-1GE, Extender Serial: JAF1420AHDG
Part No: 73-12748-05
pinning-mode: static Max-links: 1
Fabric port for control traffic: Eth1/9
Fabric interface state:
Po10P - Interface Up. State: Active
Eth1/9 - Interface Up. State: Active
Eth1/10 - Interface Up. State: Active
N5K-P(config-if-range)#
Step 24 View the FEX details.
N5K-P(config-if-range)# show fex detail
FEX: 10P Description: PodP-FEX state: Online
FEX version: 5.0(3)N2(1) [Switch version: 5.0(3)N2(1)]
FEX Interim version: 5.0(3)N2(1)
Switch Interim version: 5.0(3)N2(1)
Extender Model: N2K-C2248TP-1GE, Extender Serial: JAF1420AHDG
Part No: 73-12748-05
Card Id: 99, Mac Addr: 54:75:d0:ed:72:c2, Num Macs: 64
Module Sw Gen: 12594 [Switch Sw Gen: 21]
post level: complete
pinning-mode: static Max-links: 1
Fabric port for control traffic: Eth1/9
Fabric interface state:
Po10P - Interface Up. State: Active
Eth1/9 - Interface Up. State: Active
Eth1/10 - Interface Up. State: Active
Fex Port State Fabric Port
Eth10P/1/1 Down Po10P
Eth10P/1/2 Up Po10P
Eth10P/1/3 Down Po10P
Eth10P/1/4 Down Po10P
Eth10P/1/5 Down Po10P
Eth10P/1/6 Down Po10P

174 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Eth10P/1/7 Down Po10P
Eth10P/1/8 Down Po10P
Eth10P/1/9 Down Po10P
Eth10P/1/10 Down Po10P
Eth10P/1/11 Down Po10P
Eth10P/1/12 Down Po10P
Eth10P/1/13 Down Po10P
Eth10P/1/14 Down Po10P
Eth10P/1/15 Down Po10P
Eth10P/1/16 Down Po10P
Eth10P/1/17 Down Po10P
Eth10P/1/18 Down Po10P
Eth10P/1/19 Down Po10P
Eth10P/1/20 Down Po10P
Eth10P/1/21 Down Po10P
Eth10P/1/22 Down Po10P
Eth10P/1/23 Down Po10P
Eth10P/1/24 Down Po10P
Eth10P/1/25 Down Po10P
Eth10P/1/26 Down Po10P
Eth10P/1/27 Down Po10P
Eth10P/1/28 Down Po10P
Eth10P/1/29 Down Po10P
Eth10P/1/30 Down Po10P
Eth10P/1/31 Down Po10P
Eth10P/1/32 Down Po10P
Eth10P/1/33 Down Po10P
Eth10P/1/34 Down Po10P
Eth10P/1/35 Down Po10P
Eth10P/1/36 Down Po10P
Eth10P/1/37 Down Po10P
Eth10P/1/38 Down Po10P
Eth10P/1/39 Down Po10P
Eth10P/1/40 Down Po10P
Eth10P/1/41 Down Po10P
Eth10P/1/42 Down Po10P
Eth10P/1/43 Down Po10P
Eth10P/1/44 Down Po10P
Eth10P/1/45 Down Po10P
Eth10P/1/46 Down Po10P
Eth10P/1/47 Down Po10P
Eth10P/1/48 Down Po10P
Logs:
--- output omitted ---

N5K-P(config-if-range)#
Step 25 View the Cisco fabric extender interfaces.
N5K-P(config-if-range)# show interface brief

---------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #

2011 Cisco Systems, Inc. Lab Guide 175


---------------------------------------------------------------------
Eth1/1 1 eth access down SFP validation failed 10G(D) --
Eth1/2 1 eth access down SFP not inserted 10G(D) --
Eth1/3 1 eth access up none 10G(D) --
Eth1/4 1 eth access up none 10G(D) --
Eth1/5 1 eth access down SFP not inserted 10G(D) --
Eth1/6 1 eth access down SFP not inserted 10G(D) --
Eth1/7 1 eth access down SFP not inserted 10G(D) --
Eth1/8 1 eth access down SFP not inserted 10G(D) --
Eth1/9 1 eth fabric up none 10G(D) 10P
Eth1/10 1 eth fabric up none 10G(D) 10P
Eth1/11 1 eth access down Administratively down 10G(D) --
Eth1/12 1 eth access down SFP not inserted 10G(D) --
Eth1/13 1 eth access down SFP not inserted 10G(D) --
Eth1/14 1 eth access down SFP not inserted 10G(D) --
Eth1/15 1 eth access up none 10G(D) --
Eth1/16 1 eth access down SFP not inserted 10G(D) --
Eth1/17 1 eth access up none 10G(D) --
Eth1/18 1 eth access up none 10G(D) --
Eth1/19 1 eth access up none 10G(D) --
Eth1/20 1 eth access down Link not connected 10G(D) --
Eth1/21 1 eth access down SFP validation failed 10G(D) --
Eth1/22 1 eth access down SFP validation failed 10G(D) --
Eth1/23 1 eth access down SFP not inserted 10G(D) --
Eth1/24 1 eth access down SFP not inserted 10G(D) --
Eth1/25 1 eth access down SFP not inserted 10G(D) --
Eth1/26 1 eth access down SFP not inserted 10G(D) --
Eth1/27 1 eth access down SFP not inserted 10G(D) --
Eth1/28 1 eth access down SFP not inserted 10G(D) --
Eth1/29 1 eth access down SFP not inserted 10G(D) --
Eth1/30 1 eth access down SFP not inserted 10G(D) --
Eth1/31 1 eth access down SFP not inserted 10G(D) --
Eth1/32 1 eth access down SFP not inserted 10G(D) --

---------------------------------------------------------------------
Port-channel VLAN Type Mode Status Reason Speed Protocol
Interface
---------------------------------------------------------------------
Po10P 1 eth fabric up none a-10G(D) none

---------------------------------------------------------------------
Port VRF Status IP Address Speed MTU
---------------------------------------------------------------------
mgmt0 -- up 192.168.0.P8 100 1500

---------------------------------------------------------------------
Ethernet VLAN Type Mode Status Reason Speed Port
Interface Ch #
---------------------------------------------------------------------
Eth10P/1/1 1 eth access down Link not connected auto(D) --
Eth10P/1/2 1 eth access up none 1000(D) --
Eth10P/1/3 1 eth access down Link not connected auto(D) --
Eth10P/1/4 1 eth access down Link not connected auto(D) --

176 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Eth10P/1/5 1 eth access down Link not connected auto(D) --
Eth10P/1/6 1 eth access down Link not connected auto(D) --
Eth10P/1/7 1 eth access down Link not connected auto(D) --
Eth10P/1/8 1 eth access down Link not connected auto(D) --
Eth10P/1/9 1 eth access down Link not connected auto(D) --
Eth10P/1/10 1 eth access down Link not connected auto(D) --
Eth10P/1/11 1 eth access down Link not connected auto(D) --
Eth10P/1/12 1 eth access down Link not connected auto(D) --
Eth10P/1/13 1 eth access down Link not connected auto(D) --
Eth10P/1/14 1 eth access down Link not connected auto(D) --
Eth10P/1/15 1 eth access down Link not connected auto(D) --
Eth10P/1/16 1 eth access down Link not connected auto(D) --
Eth10P/1/17 1 eth access down Link not connected auto(D) --
Eth10P/1/18 1 eth access down Link not connected auto(D) --
Eth10P/1/19 1 eth access down Link not connected auto(D) --
Eth10P/1/20 1 eth access down Link not connected auto(D) --
Eth10P/1/21 1 eth access down Link not connected auto(D) --
Eth10P/1/22 1 eth access down Link not connected auto(D) --
Eth10P/1/23 1 eth access down Link not connected auto(D) --
Eth10P/1/24 1 eth access down Link not connected auto(D) --
Eth10P/1/25 1 eth access down Link not connected auto(D) --
Eth10P/1/26 1 eth access down Link not connected auto(D) --
Eth10P/1/27 1 eth access down Link not connected auto(D) --
Eth10P/1/28 1 eth access down Link not connected auto(D) --
Eth10P/1/29 1 eth access down Link not connected auto(D) --
Eth10P/1/30 1 eth access down Link not connected auto(D) --
Eth10P/1/31 1 eth access down Link not connected auto(D) --
Eth10P/1/32 1 eth access down Link not connected auto(D) --
Eth10P/1/33 1 eth access down Link not connected auto(D) --
Eth10P/1/34 1 eth access down Link not connected auto(D) --
Eth10P/1/35 1 eth access down Link not connected auto(D) --
Eth10P/1/36 1 eth access down Link not connected auto(D) --
Eth10P/1/37 1 eth access down Link not connected auto(D) --
Eth10P/1/38 1 eth access down Link not connected auto(D) --
Eth10P/1/39 1 eth access down Link not connected auto(D) --
Eth10P/1/40 1 eth access down Link not connected auto(D) --
Eth10P/1/41 1 eth access down Link not connected auto(D) --
Eth10P/1/42 1 eth access down Link not connected auto(D) --
Eth10P/1/43 1 eth access down Link not connected auto(D) --
Eth10P/1/44 1 eth access down Link not connected auto(D) --
Eth10P/1/45 1 eth access down Link not connected auto(D) --
Eth10P/1/46 1 eth access down Link not connected auto(D) --
Eth10P/1/47 1 eth access down Link not connected auto(D) --
Eth10P/1/48 1 eth access down Link not connected auto(D) --

N5K-P(config-if-range)#

Step 26 Which Cisco fabric extender interfaces are active? ___________________________


Step 27 What is the port speed of the Cisco fabric extender interfaces? _________________
Step 28 What is the mode of operation of the Cisco fabric extender interfaces? ___________
Step 29 Shut down interface Ethernet 1/10.

2011 Cisco Systems, Inc. Lab Guide 177


N5K-P(config-if-range)# interface ethernet 1/10
N5K-P(config-if)# shutdown

N5K-P(config-if)# show fex


FEX FEX FEX FEX
Number Description State Model Serial
---------------------------------------------------------------------
10P PodP-FEX Online N2K-C2248TP-1GE JAF1420AHPE

N5K-P(config-if)# show fex detail


FEX: 10P Description: PodP-FEX state: Online
FEX version: 5.0(3)N2(1) [Switch version: 5.0(3)N2(1)]
FEX Interim version: 5.0(3)N2(1)
Switch Interim version: 5.0(3)N2(1)
Extender Model: N2K-C2248TP-1GE, Extender Serial: JAF1420AHDG
Part No: 73-12748-05
Card Id: 99, Mac Addr: 54:75:d0:ed:72:c2, Num Macs: 64
Module Sw Gen: 12594 [Switch Sw Gen: 21]
post level: complete
pinning-mode: static Max-links: 1
Fabric port for control traffic: Eth1/9
Fabric interface state:
Po10P - Interface Up. State: Active
Eth1/9 - Interface Up. State: Active
Eth1/10 - Interface Down. State: Configured
Fex Port State Fabric Port
Eth10P/1/1 Down Po10P
Eth10P/1/2 Up Po10P
Eth10P/1/3 Down Po10P
Eth10P/1/4 Down Po10P
Eth10P/1/5 Down Po10P
Eth10P/1/6 Down Po10P
Eth10P/1/7 Down Po10P
Eth10P/1/8 Down Po10P
Eth10P/1/9 Down Po10P
Eth10P/1/10 Down Po10P
Eth10P/1/11 Down Po10P
Eth10P/1/12 Down Po10P
Eth10P/1/13 Down Po10P
Eth10P/1/14 Down Po10P
Eth10P/1/15 Down Po10P
Eth10P/1/16 Down Po10P
Eth10P/1/17 Down Po10P
Eth10P/1/18 Down Po10P
Eth10P/1/19 Down Po10P
Eth10P/1/20 Down Po10P
Eth10P/1/21 Down Po10P
Eth10P/1/22 Down Po10P
Eth10P/1/23 Down Po10P
Eth10P/1/24 Down Po10P
Eth10P/1/25 Down Po10P
Eth10P/1/26 Down Po10P

178 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Eth10P/1/27 Down Po10P
Eth10P/1/28 Down Po10P
Eth10P/1/29 Down Po10P
Eth10P/1/30 Down Po10P
Eth10P/1/31 Down Po10P
Eth10P/1/32 Down Po10P
Eth10P/1/33 Down Po10P
Eth10P/1/34 Down Po10P
Eth10P/1/35 Down Po10P
Eth10P/1/36 Down Po10P
Eth10P/1/37 Down Po10P
Eth10P/1/38 Down Po10P
Eth10P/1/39 Down Po10P
Eth10P/1/40 Down Po10P
Eth10P/1/41 Down Po10P
Eth10P/1/42 Down Po10P
Eth10P/1/43 Down Po10P
Eth10P/1/44 Down Po10P
Eth10P/1/45 Down Po10P
Eth10P/1/46 Down Po10P
Eth10P/1/47 Down Po10P
Eth10P/1/48 Down Po10P
--- output omitted ---

N5K-P(config-if)#
N5K-P(config-if)# show interface fex-fabric
Fabric Fabric Fex FEX
Fex Port Port State Uplink Model Serial
---------------------------------------------------------------
10P Eth1/9 Active 1 N2K-C2248TP-1GE JAF1420AHPE
10P Eth1/10 Configured 2 N2K-C2248TP-1GE JAF1420AHPE

N5K-P(config-if)# show port-channel summary


Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
---------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
---------------------------------------------------------------------
10P Po10P(SU) Eth NONE Eth1/9(P) Eth1/10(D)
N5K-P(config-if)#
Step 30 Re-enble interface Ethernet 1/10.
N5K-P(config-if)# interface ethernet 1/10
N5K-P(config-if)# no shut

N5K-P(config-if)# show port-channel summary


Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)

2011 Cisco Systems, Inc. Lab Guide 179


s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
---------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
---------------------------------------------------------------------
10P Po10P(SU) Eth NONE Eth1/9(P) Eth1/10(P)

N5K-P(config-if)# show interface fex-fabric


Fabric Fabric Fex FEX
Fex Port Port State Uplink Model Serial
---------------------------------------------------------------
10P Eth1/9 Active 1 N2K-C2248TP-1GE JAF1420AHPE
10P Eth1/10 Active 2 N2K-C2248TP-1GE JAF1420AHPE
N5K-P(config-if)#
Step 31 View the hardware inventory for the Cisco fabric extender.
N5K-P# show inventory fex 10P
NAME: "FEX 10P CHASSIS", DESCR: "N2K-C2248TP-1GE CHASSIS"
PID: N2K-C2248TP-1GE , VID: V02 , SN: SSI141804J9

NAME: "FEX 10P Module 1", DESCR: "Fabric Extender Module: 48x1GE,
4x10GE Supervisor"
PID: N2K-C2248TP-1GE , VID: V02 , SN: JAF1420AHPE

NAME: "FEX 10P Fan 1", DESCR: "Fabric Extender Fan module"
PID: N2K-C2248-FAN , VID: N/A , SN: N/A

NAME: "FEX 10P Power Supply 1", DESCR: "Fabric Extender AC power
supply"
PID: N2200-PAC-400W , VID: V01 , SN: LIT141704B1

NAME: "FEX 10P Power Supply 2", DESCR: "Fabric Extender AC power
supply"
PID: N2200-PAC-400W , VID: V01 , SN: LIT141704BF

N5K-P#
Step 32 View the Cisco fabric extender modules.
N5K-P# show module fex 10P
FEX Mod Ports Card Type Model Status.
--- -- -- ----------------------------- -------------- --------
10P 1 48 Fabric Extender 48x1GE + 4x10G Mod N2K-C2248TP-1GE present

FEX Mod Sw Hw World-Wide-Name(s) (WWN)


--- --- -------------- ------ -------------------------------------
10P 1 5.0(3)N2(1) 3.5 --

FEX Mod MAC-Address(es) Serial-Num


--- --- -------------------------------------- ----------
10P 1 5475.d0ed.7340 to 5475.d0ed.736f JAF1420AHPE
N5K-P#

180 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Activity Verification
You have completed this task when you attain these results:
Enabled the FEX feature.
Configured the links between the Cisco Nexus 5000 Switch and the Cisco Nexus 2000
Fabric Extender.
Configured a port channel between the Cisco Nexus 5000 Switch and the Cisco Nexus
2000 Fabric Extender.
Used the show commands to verify the connectivity between the Cisco Nexus 5000 Switch
and the Cisco Nexus 2000 Fabric Extender.
Use the show commands to verify that the Cisco Nexus 5000 Switch can see the interfaces
on the Cisco Nexus 2000 Fabric Extender.

Task 3: Configuring FCoE on the Cisco Nexus 5000 Switch


Activity Procedure
During this exercise, you will configure FCoE on your Cisco Nexus 5000 Switch. Complete
these steps:
Step 1 From the lab topology diagram for your pod, determine which 10 Gbp/s interfaces
on your assigned Cisco Nexus 5000 Switch connect to your assigned servers.
Step 2 In preparation to configure FCoE the Unified Ports 21-32 have to be modified to
work as FC interfaces and default FCoE QoS classes have to be added.
N5K-P# configure
Enter configuration commands, one per line. End with CNTL/Z.
N5K-P(config)# Slot 1
N5K-P(config-slot)# port 21-32 type FC
N5K-P(config-slot)# exit

Step 3 A reload will be necessary for the Unified Ports to accept the change.
N5K-P(config)# copy run start
[########################################] 100%
N5K-P(config)# reload
WARNING: This command will reboot the system
Do you want to continue? (y/n) [n] y

Step 4 In order to configure FCoE, you must first enable the feature.
N5K-P# configure
Enter configuration commands, one per line. End with CNTL/Z.
N5K-P(config)# feature fcoe
FC license checked out successfully
fc_plugin extracted successfully
FC plugin loaded successfully
FCoE manager enabled successfully
FC enabled on all modules successfully
Warning: Ensure class-fcoe is included in qos policy-maps of
all types
N5K-P(config)#

2011 Cisco Systems, Inc. Lab Guide 181


Step 5 As per the warning, default QoS classes have to be manually added to enable packet
forwarding on the Nexus 5500UP series switches.
N5K-P(config)# class-map type qos class-fcoe
N5K-P(config-cmap-qos)# class-map type queuing class-fcoe
N5K-P(config-cmap-que)# match qos-group 1
N5K-P(config-cmap-que)# class-map type queuing class-all-flood
N5K-P(config-cmap-que)# match qos-group 2
N5K-P(config-cmap-que)# class-map type queuing class-ip-
multicast
N5K-P(config-cmap-que)# match qos-group 2
N5K-P(config-cmap-que)# class-map type network-qos class-fcoe
t-out-policy
N5K-P(config-cmap-nq)# match qos-group 1ault-nq-policy
N5K-P(config-cmap-nq)# class-map type network-qos class-all-
flood
N5K-P(config-cmap-nq)# match qos-group 2
N5K-P(config-cmap-nq)# class-map type network-qos class-ip-
multicast
N5K-P(config-cmap-nq)# match qos-group 2
N5K-P(config-cmap-nq)# system qos
N5K-P(config-sys-qos)# service-policy type qos input fcoe-
default-in-policy
N5K-P(config-sys-qos)# service-policy type queuing input fcoe-
default-in-policy
N5K-P(config-sys-qos)# service-policy type queuing output
fcoe-default-out-policy
N5K-P(config-sys-qos)# service-policy type network-qos fcoe-
default-nq-policy

Step 6 Check the license on your Cisco Nexus 5000 Switch.


N5K-P(config-sys-qos)# show license usage
Feature Lic Ins
Status Expiry Date Comments
Count
---------------------------------------------------------------------
FCOE_NPV_PKG No - Unused -
FM_SERVER_PKG No - Unused -
ENTERPRISE_PKG Yes - Unused Never -
FC_FEATURES_PKG Yes - In use Never -
LAN_BASE_SERVICES_PKG No - Unused -
LAN_ENTERPRISE_SERVICES_PKG No - Unused -
---------------------------------------------------------------------
N5K-P(config-sys-qos)#
Step 7 Check the Fibre Channel ports.
N5K-P(config-sys-qos)# show interface brief |incl fc
fc1/21 1 auto on down swl -- --
fc1/22 1 auto on down swl -- --
fc1/23 1 auto on sfpAbsent -- -- --
fc1/24 1 auto on sfpAbsent -- -- --
fc1/25 1 auto on sfpAbsent -- -- --
fc1/26 1 auto on sfpAbsent -- -- --
fc1/27 1 auto on sfpAbsent -- -- --

182 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
fc1/28 1 auto on sfpAbsent -- -- --
fc1/29 1 auto on sfpAbsent -- -- --
fc1/30 1 auto on sfpAbsent -- -- --
fc1/31 1 auto on sfpAbsent -- -- --
fc1/32 1 auto on sfpAbsent -- -- --
N5K-P(config-sys-qos)#
Step 8 Use interface Ethernet 1/3 for FCoE.
N5K-P(config-sys-qos)# interface ethernet 1/3
N5K-P(config-if)# switchport mode trunk
N5K-P(config-if)# spanning-tree port type edge trunk
Warning: Edge port type (portfast) should only be enabled on ports
connected to a single host. Connecting hubs, concentrators, switches,
bridges, etc... to this interface when edge port type (portfast) is
enabled, can cause temporary bridging loops.
Use with CAUTION

N5K-P(config-if)# no shut
N5K-P(config-if)#
Step 9 Create a virtual Fibre Channel interface and bind it to Interface Ethernet 1/3.
N5K-P(config-if)# interface vfc 1
N5K-P(config-if)# bind interface ethernet 1/3
N5K-P(config-if)# no shut
N5K-P(config-if)# exit

N5K-P(config)# show interface vfc 1


vfc1 is trunking (Not all VSANs UP on the trunk)
Bound interface is Ethernet1/3
Hardware is Virtual Fibre Channel
Port WWN is 20:00:00:05:73:f6:7c:bf
Admin port mode is F, trunk mode is on
snmp link state traps are enabled
Port mode is TF
Port vsan is 1
Trunk vsans (admin allowed and active) (1)
Trunk vsans (up) ()
Trunk vsans (isolated) ()
Trunk vsans (initializing) (1)
1 minute input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
1 minute output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
0 frames input, 0 bytes
0 discards, 0 errors
0 frames output, 0 bytes
0 discards, 0 errors
last clearing of "show interface" counters never
Interface last changed at Wed Aug 31 02:44:55 2011
N5K-P(config)#
Step 10 Check for an FCoE VLAN.
N5K-P(config)# show vlan fcoe
N5K-P(config)#

2011 Cisco Systems, Inc. Lab Guide 183


Step 11 Create VLAN 200 and enable FCoE.
N5K-P(config)# vlan 200
N5K-P(config-vlan)# fcoe
N5K-P(config-vlan)# exit

N5K-P(config)# show vlan fcoe


Original VLAN ID Translated VSAN ID Association State
---------------- ------------------ -----------------

200 200 Non-Operational


N5K-P(config)#
Step 12 Create VSAN 200 and assign vfc1.
N5K-5(config)# vsan database
N5K-5(config-vsan-db)# vsan 200
N5K-5(config-vsan-db)# vsan 200 ?
<CR>
- Range separator
interface Add interfaces to vsan
interop Interoperability mode value
loadbalancing Configure loadbalancing scheme
name Assign a name to vsan
suspend Suspend vsan

N5K-P(config-vsan-db)# vsan 200 interface vfc 1


N5K-P(config-vsan-db)#
Step 13 Display the VSAN details and membership.
N5K-P(config-vsan-db)# show vsan
vsan 1 information
name:VSAN0001 state:active
interoperability mode:default
loadbalancing:src-id/dst-id/oxid
operational state:down

vsan 200 information


name:VSAN0200 state:active
interoperability mode:default
loadbalancing:src-id/dst-id/oxid
operational state:up

vsan 4079:evfp_isolated_vsan

vsan 4094:isolated_vsan

N5K-P(config-vsan-db)# show vsan membership


vsan 1 interfaces:
fc1/21 fc1/22 fc1/23 fc1/24
fc1/25 fc1/26 fc1/27 fc1/28

184 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
fc1/29 fc1/30 fc1/31 fc1/32

vsan 200 interfaces:


vfc1

vsan 4079(evfp_isolated_vsan) interfaces:

vsan 4094(isolated_vsan) interfaces:

N5K-P(config-vsan-db)#
Step 14 Confirm the VLAN-to-VSAN FCoE assignment.
N5K-P(config-vsan-db)# show vlan fcoe
Original VLAN ID Translated VSAN ID Association State
---------------- ------------------ -----------------

200 200 Operational

N5K-P(config-vsan-db)#
Step 15 Check the FCoE database.
N5K-P(config-vsan-db)# show fcoe database

--------------------------------------------------------------------
INTERFACE FCID PORT NAME MAC ADDRESS
--------------------------------------------------------------------
vfc1 0x6d0000 21:00:00:c0:dd:12:b6:ad 00:c0:dd:12:b6:ad

Total number of flogi count from FCoE devices = 1.


N5K-P(config-vsan-db)#
Step 16 Check the Fibre Channel login database.
N5K-P(config-if)# show flogi database
---------------------------------------------------------------------
INTF. VSAN FCID PORT NAME NODE NAME
---------------------------------------------------------------------
vfc1 200 0x6d0000 21:00:00:c0:dd:12:b6:ad 20:00:00:c0:dd:12:b6:ad

Total number of flogi = 1.

N5K-P(config-if)#
Step 17 Enable the Fibre Channel ports 1/21 and 1/22.
N5K-P(config)# interface fc 1/21-22
N5K-P(config-if)# no shut
N5K-P(config-if)#

Activity Verification
You have completed this task when you attain these results:
Enabled the FCoE feature.

2011 Cisco Systems, Inc. Lab Guide 185


Configured the relevant Ethernet interface as a trunk edge port.
Created the virtual Fibre Channel interface.
Associated the virtual Fibre Channel interface to the physical Ethernet interface.
Created the FCoE VLAN and associated this VLAN with a VSAN.
Associated the correct interfaces with a VSAN.
Enabled the Fibre Channel interfaces to the upstream Cisco MDS switch.
Used the show commands to verify that the host has been able to successfully perform a
FLOGI into the switch.

Task 4: Basic Configuration on the Cisco MDS Switch


Activity Procedure
During this exercise, you will perform the initial configuration on the Cisco MDS 9000 Switch.
Complete these steps:
Step 1 In the remote lab GUI, click on the blue Cisco MDS 9124 Switch.
Step 2 Log in with the user admin and the password 1234QWer.
User Access Verification
192.168.0.P9 login: admin
Password:
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
MDS-P#
Step 3 Erase the startup configuration and reboot the switch.
MDS-P# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
MDS-P# reload
INIT: version 2.85 bootinghe system. (y/n)? [n] y
2011 Jan 24 15:08:00 switch last message repeated 2 times
2011 Jan 24 15:08:00 switch %PLATFORM-2-PFM_SYSTEM_RESET:
Manual system restart from Command Line Interface
Step 4 When the switch has reloaded, configure the admin password as 1234QWer and
select N to enter setup.

---- System Admin Account Setup ----

186 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Do you want to enforce secure password standard (yes/no) [y]: 2011
Jan 24 15:09:34 switch %PLATFORM-2-PS_OK: Power supply 2 ok (Serial
number PAC102800V9)
2011 Jan 24 15:09:34 switch %PLATFORM-2-PS_FANOK: Fan in Power supply
2 ok
2011 Jan 24 15:09:34 switch %PLATFORM-2-FAN_OK: Fan module ok

Enter the password for "admin":


Confirm the password for "admin":

---- Basic System Configuration Dialog ----

This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.

Please register Cisco MDS 9000 Family devices promptly with your
supplier. Failure to register may affect response times for initial
service calls. MDS devices must be registered to receive entitled
support services.

Press Enter at anytime to skip a dialog. Use ctrl-c at anytime


to skip the remaining dialogs.

Would you like to enter the basic configuration dialog (yes/no): n


Step 5 Log in to the switch with admin and 1234QWer.
User Access Verification
192.168.0.P9 login: admin
Password: 1234QWer
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
switch#
Step 6 Check available interfaces.
switch# show interface brief

---------------------------------------------------------------------
Interface Vsan Admin Admin Status SFP Oper Oper Port
Mode Trunk Mode Speed Channel
Mode (Gbps)
---------------------------------------------------------------------
fc1/1 1 auto on down swl -- --
fc1/2 1 auto on down swl -- --

2011 Cisco Systems, Inc. Lab Guide 187


fc1/3 1 auto on down swl -- --
fc1/4 1 auto on sfpAbsent -- -- --
fc1/5 1 auto on sfpAbsent -- -- --
fc1/6 1 auto on sfpAbsent -- -- --
fc1/7 1 auto on sfpAbsent -- -- --
fc1/8 1 auto on sfpAbsent -- -- --
fc1/9 1 auto on sfpAbsent -- -- --
fc1/10 1 auto on sfpAbsent -- -- --
fc1/11 1 auto on sfpAbsent -- -- --
fc1/12 1 auto on sfpAbsent -- -- --
fc1/13 1 auto on sfpAbsent -- -- --
fc1/14 1 auto on sfpAbsent -- -- --
fc1/15 1 auto on sfpAbsent -- -- --
fc1/16 1 auto on sfpAbsent -- -- --
fc1/17 1 auto on sfpAbsent -- -- --
fc1/18 1 auto on sfpAbsent -- -- --
fc1/19 1 auto on sfpAbsent -- -- --
fc1/20 1 auto on sfpAbsent -- -- --
fc1/21 1 auto on sfpAbsent -- -- --
fc1/22 1 auto on sfpAbsent -- -- --
fc1/23 1 auto on sfpAbsent -- -- --
fc1/24 1 auto on sfpAbsent -- -- --

---------------------------------------------------------------------
Interface Status Speed
(Gbps)
---------------------------------------------------------------------
sup-fc0 up 1

---------------------------------------------------------------------
Interface Status IP Address Speed MTU
---------------------------------------------------------------------
mgmt0 up 192.168.0.P9/24 100 Mbps 1500
switch#
Step 7 Check the software version running on the Cisco MDS 9124 Switch.
switch# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Software
BIOS: version 1.0.16
loader: version N/A
kickstart: version 4.2(3)
system: version 4.2(3)
BIOS compile time: 10/23/08

188 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
kickstart image file is: bootflash:/m9100-s2ek9-kickstart-
mz.4.2.3.bin
kickstart compile time: 10/26/2009 0:00:00 [12/05/2009 05:47:54]
system image file is: bootflash:/m9100-s2ek9-mz.4.2.3.bin
system compile time: 10/26/2009 0:00:00 [12/05/2009 07:07:26]

Hardware
cisco MDS 9124 (1 Slot) Chassis ("1/2/4 Gbps FC/Supervisor-2")
Motorola, e500 with 516136 kB of memory.
Processor Board ID JAE11097F78

Device name: MDS-P


bootflash: 250368 kB
Kernel uptime is 0 day(s), 0 hour(s), 21 minute(s), 40 second(s)

Last reset at 103021 usecs after Mon Jan 24 15:08:07 2011

Reason: Reset Requested by CLI command reload


System version: 4.2(3)
Service:
switch#
Step 8 Enter config mode and place interface FC 1/3 into VSAN 200.
switch# configure
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# switchname MDS-P
MDS-P(config)# vsan database
MDS-P(config-vsan-db)# vsan 200
MDS-P(config-vsan-db)# vsan 200 interface fc 1/3
MDS-P(config-vsan-db)#
Step 9 Enable interfaces FC 1/13.
MDS-P(config-vsan-db)# int fc 1/1-3
MDS-P(config-if)# no shut
MDS-P(config-if)#
Step 10 Verify that the links have come up.
MDS-P(config-if)# show interface brief

---------------------------------------------------------------------
Interface Vsan Admin Admin Status SFP Oper Oper Port
Mode Trunk Mode Speed Channel
Mode (Gbps)
---------------------------------------------------------------------
fc1/1 1 auto on trunking swl TE 4 --
fc1/2 1 auto on trunking swl TE 4 --
fc1/3 200 auto on up swl FL 1 --
fc1/4 1 auto on sfpAbsent -- -- --
fc1/5 1 auto on sfpAbsent -- -- --
fc1/6 1 auto on sfpAbsent -- -- --
fc1/7 1 auto on sfpAbsent -- -- --
fc1/8 1 auto on sfpAbsent -- -- --

2011 Cisco Systems, Inc. Lab Guide 189


--- output omitted ---
Step 11 Check the Fibre Channel login database.
MDS-P(config-if)# show flogi database
---------------------------------------------------------------------
INTF VSAN FCID PORT NAME NODE NAME
---------------------------------------------------------------------
fc1/3 200 0xb8009b 21:00:00:00:87:6d:a5:a8 20:00:00:00:87:6d:a5:a8
fc1/3 200 0xb800b3 21:00:00:00:87:6f:13:21 20:00:00:00:87:6f:13:21

Total number of flogi = 2.

MDS-P(config-if)#

Note The FLOGI database shows local devices only.

Step 12 Check the Fibre Channel name server database.


MDS-P(config-if)# show fcns database

VSAN 200:
--------------------------------------------------------------
FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
--------------------------------------------------------------
0x6d0000 N 21:00:00:c0:dd:12:b6:ad (Qlogic) scsi-fcp:init
0xb8009b NL 21:00:00:00:87:6d:a5:a8 scsi-fcp
0xb800b3 NL 21:00:00:00:87:6f:13:21 scsi-fcp

Total number of entries = 3


MDS-P(config-if)#

Note The FCNS database shows all devices in the VSAN.

Step 13 Switch to your Cisco Nexus 5000 Switch.


Step 14 Verify connectivity to attached JBOD harddisk with the help of the fcping.
N5K-P # fcping fcid 0x6d0000 vsan 200
28 bytes from 0x6d0000 time = 141 usec
28 bytes from 0x6d0000 time = 122 usec
28 bytes from 0x6d0000 time = 116 usec
28 bytes from 0x6d0000 time = 134 usec
28 bytes from 0x6d0000 time = 121 usec

5 frames sent, 5 frames received, 0 timeouts


Round-trip min/avg/max = 116/126/141 usec

Activity Verification
You have completed this task when you attain these results:

190 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Performed an initial configuration on the Cisco MDS switch.
Created a VSAN and associated it with the correct Fibre Channel interfaces.
Verified that the interfaces between the Cisco MDS switch and the Cisco Nexus 5000
Switch are enabled.
Enabled the interface to the JBOD.
Used the show commands to verify that the JBOD has been able to perform an FLOGI into
the switch.
Used the show commands to verify successful registration in the fabric of the host and
JBOD.
Used the fcping command to verify connectivity between the Cisco Nexus 5000 Switch
and the JBOD.

2011 Cisco Systems, Inc. Lab Guide 191


Lab 7-2: Configuring NPV
Complete this lab activity to practice what you learned in the related lesson.

Activity Objective
In this activity, you will configure NPV on the Cisco Nexus 5000 Switch. After completing this
activity you will be able to meet these objectives:
Configure the Cisco Nexus 5000 Switch to enable the NPV mode globally
Configure the server-facing and fabric switch-facing interfaces for NPV mode
Configure the Cisco MDS 9124 Switch to support NPIV
Validate NPV performance and Fibre Channel operation using various show commands

Visual Objective

Lab 7-2: Configuring NPV


JBOD JBOD

EMC2 EMC2

MDS9124-1 MDS9124-2

Nexus 5010 Nexus 5010

2011 Cisco Systems, Inc. All rights reserved. DCUFI v4.0LG-13

Required Resources
These are the resources and equipment that are required to complete this activity:
Two Cisco Nexus 5000 Switches
Two Fibre Channel expansion modules
Cisco NX-OS Storage Service License for the Cisco Nexus 5000 Switch
Two Windows 2003 servers
Two Cisco MDS 9124 Switches
Two JBODs

192 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Command List
Command Description

bind interface ethernet <x/y> Bind the virtual Fibre Channel interface to an Ethernet
interface.

copy bootflash:temp running- Copy a saved configuration from bootflash to the


config running configuration.

copy running-config Copy the running configuration to a file in bootflash.


bootflash:temp

dir bootflash: Display the contents of bootflash.

feature fcoe Enable the FCoE feature.

interface ethernet <x/y> Enter configuration mode for an Ethernet interface.

interface fc<x/y> Enter configuration mode for a Fibre Channel interface.

interface vfc<x> Enter configuration mode for a virtual Fibre Channel


interface.

no shutdown Enable an interface.

npiv enable Enable NPIV.

npv auto-load-balance Enable NPV load-balancing.


disruptive

npv enable Enable NPV.

npv traffic-map server- Configure traffic mapping for a server interface to an


interface vfc<x> external- external interface.
interface fc<x/y>

show fcns database Display the FCNS database.

show fcoe Display the FCoE global details.

show flogi database Display the FLOGI database.

show interface fc<x/y> Display the Fibre Channel interface details.

show interface vfc <x> Display the virtual Fibre Channel interface details.

show npv flogi-table Display the FLOGI table on the NPV-enabled switch.

show npv status Display the NPV status.

Show npv traffic-map Display the traffic mappings that have been configured.

.show vlan fcoe Display the VLAN-to-VSAN mapping and status.

show vsan membership Display the VSAN membership details.

spanning-tree port type edge Configure an interface as a spanning-tree trunk port at


trunk the edge.

switchport mode F Configure an interface in F_Port mode.

2011 Cisco Systems, Inc. Lab Guide 193


switchport mode NP Configure an interface in NP_Port mode.

switchport mode trunk Configure an interface for trunking.

vlan <id> Configure a VLAN.

vsan <id> Configure a VSAN.

vsan <id> interface fc<x/y> Associate a VSAN with a Fibre Channel interface.

vsan <id> interface vfc <x> Associate a VSAN with a virtual Fibre Channel
interface.

vsan database Enter VSAN database configuration mode.

Job Aids
These job aids are available to help you complete the lab activity.
Lab topology diagram
Lab connections
Lab IP address plan

Note Depending on which pod you are allocated, your output from the show commands could be
slightly different. The outputs in this lab were captured from switches in Pod 5.

194 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Task 1: Configure NPV Mode on the Cisco Nexus 5000 Switch
Activity Procedure
During this exercise, you will configure your Cisco Nexus 5000 Switch to operate in NPV
mode and configure the server- and fabric-facing interfaces. Complete these steps:
Step 1 Configuring the N_Port Virtualization feature will initiate a write erase and a system
reboot. Save your running configuration to the bootflash memory before proceeding.
Once the reboot is complete, you may retrieve your running configuration to
complete the lab exercise.
N5K-P# copy running-config bootflash:temp
N5K-P# dir bootflash:
4096 Aug 31 03:31:13 2011 DCNX5K/
4096 Aug 31 03:30:50 2011 DCNX7K/
4096 Aug 31 03:26:47 2011 DCUFI/
503 Jul 19 05:36:24 2011 license_SSI1517023X_12.lic
49152 Jul 19 05:38:36 2011 lost+found/
4079 Aug 31 02:37:15 2011 mts.log
25140224 Jul 19 05:30:00 2011 n5000-uk9-
kickstart.5.0.3.N2.1.bin
147256572 Jul 19 05:30:44 2011 n5000-uk9.5.0.3.N2.1.bin
4231 Aug 31 03:31:57 2011 temp
4096 Jan 01 05:33:35 2009 vdc_2/
4096 Jan 01 05:33:35 2009 vdc_3/
4096 Jan 01 05:33:35 2009 vdc_4/

Usage for bootflash://sup-local


285065216 bytes used
1264971776 bytes free
1550036992 bytes total
N5K-P#
Step 2 Enable the N_Port Virtualization feature.
N5K-P# configure
N5K-P(config)# npv enable
Verify that boot variables are set and the changes are saved.
Changing to npv mode erases the current configuration and reboots the
switch in npv mode. Do you want to continue? (y/n):y
Shutdown Ports..
writing reset reason 90,
INIT: Sending processes the TERM signal
2011 Jan 25 03:40:53 N5K-5 %$ VDC-1 %$ %KERN-0-SYSTEM_MSG: writing
reset reason 90, - kernel
--- output omitted ---
Step 3 Once the switch has reloaded, log in to your Cisco Nexus 5000 Switch using the
username admin and password 1234QWer.
Step 4 The Unified Ports 21-32 have to be modified to work as FC interfaces again.
N5K-P# configure
Enter configuration commands, one per line. End with CNTL/Z.
N5K-P(config)# Slot 1
N5K-P(config-slot)# port 21-32 type FC
N5K-P(config-slot)# exit

2011 Cisco Systems, Inc. Lab Guide 195


Step 5 A reload will be necessary for the Unified Ports to accept the change.
N5K-P(config)# copy run start
[########################################] 100%
N5K-P(config)# reload
WARNING: This command will reboot the system
Do you want to continue? (y/n) [n] y
Step 6

Step 7 Enable the FCoE feature, add the necessary QoS classes and activate the interfaces
that connect the Cisco Nexus 5000 to the servers.
N5K-P# configure
N5K-P(config)# feature fcoe
FC license checked out successfully
FCoE manager enabled successfully
N5K-P(config)# class-map type qos class-fcoe
N5K-P(config-cmap-qos)# class-map type queuing class-fcoe
N5K-P(config-cmap-que)# match qos-group 1
N5K-P(config-cmap-que)# class-map type queuing class-all-flood
N5K-P(config-cmap-que)# match qos-group 2
N5K-P(config-cmap-que)# class-map type queuing class-ip-
multicast
N5K-P(config-cmap-que)# match qos-group 2
N5K-P(config-cmap-que)# class-map type network-qos class-fcoe
t-out-policy
N5K-P(config-cmap-nq)# match qos-group 1ault-nq-policy
N5K-P(config-cmap-nq)# class-map type network-qos class-all-
flood
N5K-P(config-cmap-nq)# match qos-group 2
N5K-P(config-cmap-nq)# class-map type network-qos class-ip-
multicast
N5K-P(config-cmap-nq)# match qos-group 2
N5K-P(config-cmap-nq)# system qos
N5K-P(config-sys-qos)# service-policy type qos input fcoe-
default-in-policy
N5K-P(config-sys-qos)# service-policy type queuing input fcoe-
default-in-policy
N5K-P(config-sys-qos)# service-policy type queuing output
fcoe-default-out-policy
N5K-P(config-sys-qos)# service-policy type network-qos fcoe-
default-nq-policy
N5K-P(config-sys-qos)# interface ethernet 1/3-4
N5K-P(config-if-range)# switchport mode trunk
N5K-P(config-if-range)# spanning-tree port type edge trunk
Warning: Edge port type (portfast) should only be enabled on ports
connected to a single host. Connecting hubs, concentrators, switches,
bridges, etc... to this interface when edge port type (portfast) is
enabled, can cause temporary bridging loops.
Use with CAUTION

N5K-P(config-if-range)# no shut

196 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
N5K-P(config-if-range)#
Step 8 Create the virtual Fibre Channel interfaces and bind them to the Ethernet interfaces.
N5K-P(config-if-range)# interface vfc 1
N5K-P(config-if)# bind interface ethernet 1/3
N5K-P(config-if)# no shut
N5K-P(config-if)# interface vfc 2
N5K-P(config-if)# bind interface ethernet 1/4
N5K-P(config-if)# no shut
N5K-P(config-if)#
Step 9 Verify that the virtual Fibre Channel interfaces are bound correctly to the Ethernet
interfaces.
N5K-P(config-if)# show interface vfc 1-2
vfc1 is down (NPV upstream port not available)
Bound interface is Ethernet1/3
Hardware is Virtual Fibre Channel
Port WWN is 20:00:00:05:73:f6:7c:bf
Admin port mode is F, trunk mode is on
snmp link state traps are enabled
Port vsan is 1
1 minute input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
1 minute output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
0 frames input, 0 bytes
0 discards, 0 errors
0 frames output, 0 bytes
0 discards, 0 errors
last clearing of "show interface" counters never

vfc2 is down (NPV upstream port not available)


Bound interface is Ethernet1/4
Hardware is Virtual Fibre Channel
Port WWN is 20:01:00:05:73:f6:7c:bf
Admin port mode is F, trunk mode is on
snmp link state traps are enabled
Port vsan is 1
1 minute input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
1 minute output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
0 frames input, 0 bytes
0 discards, 0 errors
0 frames output, 0 bytes
0 discards, 0 errors
last clearing of "show interface" counters never

N5K-P(config-if)#
Step 10 Create a VLAN-to-VSAN assignment and bind the virtual Fibre Channel interface to
the VSAN.
N5K-P(config-if)# vlan 200
N5K-P(config-vlan)# fcoe vsan 2
N5K-P(config-vlan)# exit
N5K-P(config)# vsan database
N5K-P(config-vsan-db)# vsan 2

2011 Cisco Systems, Inc. Lab Guide 197


N5K-P(config-vsan-db)# vsan 2 interface vfc 1-2
N5K-P(config-vsan-db)# exit
N5K-P(config)#
Step 11 Display the interface membership for all VSANs.
N5K-5(config)# show vsan membership
vsan 1 interfaces:
fc1/21 fc1/22 fc1/23 fc1/24
fc1/25 fc1/26 fc1/27 fc1/28
fc1/29 fc1/30 fc1/31 fc1/32
vsan 2 interfaces:
vfc1 vfc2

vsan 4079(evfp_isolated_vsan) interfaces:

vsan 4094(isolated_vsan) interfaces:

N5K-P(config)#
Step 12 Confirm the VLAN-to-VSAN FCoE assignment.
N5K-5(config)# show vlan fcoe
Original VLAN ID Translated VSAN ID Association State
---------------- ------------------ -----------------

200 2 Operational

N5K-P(config)#
Step 13 Confirm the association of Ethernet to virtual Fibre Channel interfaces.
N5K-P(config)# show interface vfc 1-2
vfc1 is down (Error disabled)
Bound interface is Ethernet1/3
Hardware is Virtual Fibre Channel
Port WWN is 20:00:00:05:73:f6:7c:bf
Admin port mode is F, trunk mode is on
snmp link state traps are enabled
Port vsan is 2
1 minute input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
1 minute output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
0 frames input, 0 bytes
0 discards, 0 errors
0 frames output, 0 bytes
0 discards, 0 errors
last clearing of "show interface" counters never

vfc2 is down (Error disabled)


Bound interface is Ethernet1/4
Hardware is Virtual Fibre Channel
Port WWN is 20:01:00:05:73:f6:7c:bf
Admin port mode is F, trunk mode is on
snmp link state traps are enabled

198 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Port vsan is 2
1 minute input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
1 minute output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
0 frames input, 0 bytes
0 discards, 0 errors
0 frames output, 0 bytes
0 discards, 0 errors
last clearing of "show interface" counters never

N5K-P(config)#
Step 14 Assign the Fibre Channel interface that connects the Cisco Nexus 5000 Switch to the
Cisco MDS 9124 fabric switch to VSAN 2.
N5K-P(config)# vsan database
N5K-P(config-vsan-db)# vsan 2 interface fc 1/21-22
N5K-P(config-vsan-db)# show vsan membership
vsan 1 interfaces:
fc1/23 fc1/24 fc1/25 fc1/26
fc1/27 fc1/28 fc1/29 fc1/30
fc1/31 fc1/32

vsan 2 interfaces:
fc1/21 fc1/22 vfc1 vfc2
vsan 4079(evfp_isolated_vsan) interfaces:

vsan 4094(isolated_vsan) interfaces:

N5K-P(config-vsan-db)#
Step 15 Configure the interfaces on your Cisco Nexus 5000 Switch for the proper Fibre
Channel port types.
N5K-P(config-vsan-db)# interface fc1/21-22
N5K-P(config-if)# switchport mode NP
N5K-P(config-if)# no shut
N5K-P(config-if)# exit
N5K-P(config)# interface vfc 1-2
N5K-P(config-if)# switchport mode F
N5K-P(config-if)# no shut
N5K-P(config-if)# exit
N5K-P(config)#
Step 16 Configure a mapping between the server and the NPV uplink interface. Enable
disruptive load balancing.
N5K-P(config)# npv traffic-map server-interface vfc 1 external-
interface fc1/21
N5K-P(config)# npv traffic-map server-interface vfc 2 external-
interface fc1/22
N5K-P(config)# npv auto-load-balance disruptive
Enabling this feature may flap the server interfaces whenever load is
not in a balanced state. This process may result in traffic
disruption. Do you want to proceed? (y/n): y
N5K-P(config)# show npv traffic-map

2011 Cisco Systems, Inc. Lab Guide 199


NPV Traffic Map Information:
----------------------------------------
Server-If External-If(s)

----------------------------------------
vfc1 fc1/21
vfc2 fc1/22
----------------------------------------
N5K-P(config)#
Step 17 View NPV configuration details.
N5K-P(config)# show npv status

npiv is disabled

disruptive load balancing is enabled

External Interfaces:
====================
Interface: fc1/21, State: Failed(NPIV is not enabled in upstream
switch)
Interface: fc1/22, State: Failed(NPIV is not enabled in upstream
switch)

Number of External Interfaces: 2

Server Interfaces:
==================
Interface: vfc1, VSAN: 2, State: Waiting for External Interface
Interface: vfc2, VSAN: 2, State: Waiting for External Interface

Number of Server Interfaces: 2

N5K-P(config)#

Activity Verification
You have completed this task when you attain these results:
Enabled NPV mode on the Cisco Nexus 5000 Switch.
Enabled FCoE and configured the server-facing interface as a trunk edge port.
Created a VSAN.
Created an FCoE VLAN and configured the VLAN-to-VSAN mapping.
Configured the uplinks to the Cisco MDS switch as NP_Ports.
Enabled the uplinks to the Cisco MDS switch.

Task 2: Configure NPIV Mode on the Cisco MDS 9124 Switch


Activity Procedure
During this exercise you will configure the Cisco MDS 9124 Switch to operate in NPIV mode.
Complete these steps:

200 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Step 1 Log in to your assigned Cisco MDS 9124 Switch for your pod using the username
admin and the password 1234QWer.
Step 2 Enable the NPIV feature on the Cisco MDS 9124 Switch.
MDS-P(config)# npiv enable
MDS-P(config)#
Step 3 Configure the interfaces on the core switch to operate in fabric (F) mode.
MDS-P(config)# interface fc 1/1-2
MDS-P(config-if)# switchport mode F
MDS-P(config-if)# no shut
MDS-P(config-if)#
Step 4 Configure VSAN 2 and assign the interfaces that connect the Cisco MDS 9124
Switch to the Cisco Nexus 5000 to VSAN 2.
MDS-P(config-if)# vsan database
MDS-P(config-vsan-db)# vsan 2
MDS-P(config-vsan-db)# vsan 2 interface fc 1/1-2
Traffic on fc1/1 may be impacted. Do you want to continue? (y/n)[n] y
Traffic on fc1/2 may be impacted. Do you want to continue? (y/n)[n] y
MDS-P(config-vsan-db)#
Step 5 Assign interface fc 1/3 to VSAN 2 and verify the VSAN membership.
MDS-P(config-vsan-db)# vsan database
MDS-P(config-vsan-db)# vsan 2 interface fc 1/3
Traffic on fc1/3 may be impacted. Do you want to continue? (y/n)[n] y
MDS-P(config-vsan-db)# show vsan membership
vsan 1 interfaces:
fc1/4 fc1/5 fc1/6 fc1/7
fc1/8 fc1/9 fc1/10 fc1/11
fc1/12 fc1/13 fc1/14 fc1/15
fc1/16 fc1/17 fc1/18 fc1/19
fc1/20 fc1/21 fc1/22 fc1/23
fc1/24

vsan 2 interfaces:
fc1/1 fc1/2 fc1/3

vsan 200 interfaces:

vsan 4079(evfp_isolated_vsan) interfaces:

vsan 4094(isolated_vsan) interfaces:

MDS-P(config-vsan-db)#
Step 6 Display the FCNS tables and the FLOGI database.
MDS-P(config-vsan-db)# show fcns database

VSAN 2:
---------------------------------------------------------------------

2011 Cisco Systems, Inc. Lab Guide 201


FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE
---------------------------------------------------------------------
0xe30000 N 20:41:00:05:9b:1f:89:c0 (Cisco) npv
0xe30001 N 21:00:00:c0:dd:12:b6:ad (Qlogic) scsi-fcp:init
0xe30100 N 20:42:00:05:9b:1f:89:c0 (Cisco) npv
0xe30101 N 21:00:00:c0:dd:12:b6:af (Qlogic) scsi-fcp:init
0xe3029b NL 21:00:00:00:87:6d:a5:a8 scsi-fcp
0xe302b3 NL 21:00:00:00:87:6f:13:21 scsi-fcp

Total number of entries = 6


MDS-P(config-vsan-db)# show flogi database
---------------------------------------------------------------------
INTERFACE VSAN FCID PORT NAME NODE NAME
---------------------------------------------------------------------
fc1/1 2 0xe30000 20:41:00:05:9b:1f:89:c0 20:02:00:05:9b:1f:89:c1
fc1/1 2 0xe30001 21:00:00:c0:dd:12:b6:ad 20:00:00:c0:dd:12:b6:ad
fc1/2 2 0xe30100 20:42:00:05:9b:1f:89:c0 20:02:00:05:9b:1f:89:c1
fc1/2 2 0xe30101 21:00:00:c0:dd:12:b6:af 20:00:00:c0:dd:12:b6:af
fc1/3 2 0xe3029b 21:00:00:00:87:6d:a5:a8 20:00:00:00:87:6d:a5:a8
fc1/3 2 0xe302b3 21:00:00:00:87:6f:13:21 20:00:00:00:87:6f:13:21

Total number of flogi = 6.

MDS-P(config-vsan-db)#
Step 7 Reconnect to your assigned Cisco Nexus 5000 Switch and view the FLOGI table.
N5K-P(config)# show npv flogi-table
-----------------------------------------------------------------------------
SERVER EXTERNAL
INTERFACE VSAN FCID PORT NAME NODE NAME INTERFACE
-----------------------------------------------------------------------------
vfc1 2 0xc20001 21:00:00:c0:dd:12:2d:05 20:00:00:c0:dd:12:2d:05 fc1/21
vfc2 2 0xc20101 21:00:00:c0:dd:12:b6:6f 20:00:00:c0:dd:12:b6:6f fc1/22

Total number of flogi = 2..

N5K-P(config)#
Step 8 Verify the NPV status.
N5K-P(config)# show npv status

npiv is disabled

disruptive load balancing is enabled

External Interfaces:
====================
Interface: fc1/21, VSAN: 2, FCID: 0xc20000, State: Up
Interface: fc1/22, VSAN: 2, FCID: 0xc20100, State: Up

Number of External Interfaces: 2

Server Interfaces:
==================

202 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Interface: vfc1, VSAN: 2, State: Up
Interface: vfc2, VSAN: 2, State: Up

Number of Server Interfaces: 2

N5K-P(config)#

Activity Verification
You have completed this task when you attain these results:
Enabled NPIV on the Cisco MDS switch.
Configured the interfaces between the Cisco MDS switch and the Cisco Nexus 5000
Switch as F_Ports.
Associated the correct VSAN with the relevant interfaces.
Confirmed that the hosts have successfully performed an FLOGI to the Cisco MDS switch.
Confirmed that the hosts and JBOD have successfully registered in the fabric.

2011 Cisco Systems, Inc. Lab Guide 203


Answer Key
The correct answers and expected solutions for the activities that are described in this guide
appear here.

Lab 2-1 Answer Key: Configuring Layer 2 Switching


When you complete this activity, your Cisco Nexus 5000 Switch configuration and Cisco
Nexus 7000 VDC configuration will be similar to the results here, with differences that are
specific to your device or workgroup:

N7K-1-pod1

version 5.1(3)
hostname pod1

feature telnet
feature udld

username admin password 5 $1$peBH9iff$DRrtP2avD/lsrov3ZHh1n. role


vdc-admin
ip domain-lookup
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
snmp-server user admin vdc-admin auth md5
0x5c63cf7da976d28033ba83ab10a3bff4 priv
0x5c63cf7da976d28033ba83ab10a3bff4 localizedkey
callhome
vrf context management
vlan 1
vlan 10
name TEST
vlan 11
vlan 12
vlan 13
spanning-tree mode mst

204 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
spanning-tree mst 1 priority 24576
spanning-tree mst 2 priority 28672
spanning-tree vlan 10,12 priority 28672
spanning-tree vlan 11,13 priority 24576
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface Ethernet1/1
switchport
switchport mode trunk
spanning-tree port type network
no shutdown
interface Ethernet1/3
switchport
switchport mode trunk
spanning-tree port type network
no shutdown
interface Ethernet1/5
shutdown
no switchport
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
switchport
switchport mode trunk
spanning-tree port type network
rate-mode dedicated force
no shutdown
interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/2
shutdown

2011 Cisco Systems, Inc. Lab Guide 205


switchport
priority-flow-control mode auto
interface Ethernet3/11
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.201/24
line vty

N7K-2-pod2

version 5.1(3)
hostname pod2

feature telnet
feature udld

username admin password 5 $1$4gBDmJfK$fxJb9.tVx1ZZPBGc6iW5P. role


vdc-admin
ip domain-lookup
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
snmp-server user admin vdc-admin auth md5
0x4e5eab12d68fd7120d2223159a3fcfb7 priv
0x4e5eab12d68fd7120d2223159a3fcfb7 localizedkey
callhome

vrf context management


vlan 1
vlan 10

206 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
name TEST
vlan 11
vlan 12
vlan 13
spanning-tree mode mst
spanning-tree mst 1 priority 28672
spanning-tree mst 2 priority 24576
spanning-tree vlan 10,12 priority 24576
spanning-tree vlan 11,13 priority 28672
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface Ethernet1/1
switchport
switchport mode trunk
spanning-tree port type network
no shutdown
interface Ethernet1/3
switchport
switchport mode trunk
spanning-tree port type network
no shutdown
interface Ethernet1/5
shutdown
no switchport
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
switchport
switchport mode trunk
spanning-tree port type network
rate-mode dedicated force
no shutdown
interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport

2011 Cisco Systems, Inc. Lab Guide 207


interface Ethernet3/1
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/2
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/11
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.202/24
line vty

N5K-1

version 5.0(3)N2(1)
feature telnet
feature udld
feature lldp

username admin password 5 $1$is.yw7Tg$8DV6hkFaELOzRmVXQH3jg. role


network-admin
ip domain-lookup
hostname N5K-1
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
system qos
service-policy type qos input fcoe-default-in-policy
service-policy type queuing input fcoe-default-in-policy
service-policy type queuing output fcoe-default-out-policy

208 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
service-policy type network-qos fcoe-default-nq-policy
slot 1
port 21-32 type fc
snmp-server user admin network-admin auth md5
0x22871f636597c4497461738cf59884c3 priv
0x22871f636597c4497461738cf59884c3 localizedkey
snmp-server enable traps entity fru
callhome

vrf context management


ip route 0.0.0.0/0 192.168.0.254
vlan 1
vlan 10
name TEST
vlan 11-13
spanning-tree mode mst
spanning-tree mst 1-2 priority 61440
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
description To Windows-CNA-1
spanning-tree port type edge
interface Ethernet1/4
description To Windows-CNA-2
spanning-tree port type edge
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
description To N2K-1
interface Ethernet1/10
description To N2K-1
interface Ethernet1/11
description To N2K-2
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17

2011 Cisco Systems, Inc. Lab Guide 209


description To N5K-2
shutdown
interface Ethernet1/18
description To N5K-2
shutdown
interface Ethernet1/19
description To N7K-1
switchport mode trunk
spanning-tree port type network
interface Ethernet1/20
description To N7K-2
switchport mode trunk
spanning-tree port type network
interface mgmt0
ip address 192.168.0.18/24
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.3.N2.1.bin

N5K-2

version 5.0(3)N2(1)
feature telnet
feature udld
feature lldp

username admin password 5 $1$pKTdjbMs$bFn1w7LJ3mDO9rdHEUkD2/ role


network-admin
ip domain-lookup
hostname N5K-2
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
system qos
service-policy type qos input fcoe-default-in-policy
service-policy type queuing input fcoe-default-in-policy
service-policy type queuing output fcoe-default-out-policy

210 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
service-policy type network-qos fcoe-default-nq-policy
slot 1
port 21-32 type fc
snmp-server user admin network-admin auth md5
0x7de850b332ac835cb267655504a3e62f priv
0x7de850b332ac835cb267655504a3e62f localizedkey
snmp-server enable traps entity fru
callhome

vrf context management


vlan 1
vlan 10
name TEST
vlan 11-13
spanning-tree mode mst
spanning-tree mst 1-2 priority 61440
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
description To Windows-CNA-2
spanning-tree port type edge
interface Ethernet1/4
description To Windows-CNA-1
spanning-tree port type edge
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
description To N2K-2
interface Ethernet1/10
description To N2K-2
interface Ethernet1/11
description To N2K-1
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
description To N5K-1

2011 Cisco Systems, Inc. Lab Guide 211


shutdown
interface Ethernet1/18
description To N5K-1
shutdown
interface Ethernet1/19
description To N7K-2
switchport mode trunk
spanning-tree port type network
interface Ethernet1/20
description To N7K-1
switchport mode trunk
spanning-tree port type network
interface mgmt0
ip address 192.168.0.28/24
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.3.N2.1.bin

212 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 2-2 Answer Key: Configuring VPCs
When you complete this activity, your Cisco Nexus 5000 Switch configuration and Cisco
Nexus 7000 VDC configuration will be similar to the results here, with differences that are
specific to your device or workgroup:

Note The sections of the configuration that are most relevant for this lab exercise have been
highlighted in bold.

N7K-1-pod1

version 5.1(3)
feature-set fex
hostname pod1

feature telnet
cfs eth distribute
feature udld
feature lacp
feature vpc

username admin password 5 $1$peBH9iff$DRrtP2avD/lsrov3ZHh1n. role


vdc-admin
ip domain-lookup
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 101
pinning max-links 1
description "FEX0101"
snmp-server user admin vdc-admin auth md5
0x5c63cf7da976d28033ba83ab10a3bff4 priv
0x5c63cf7da976d28033ba83ab10a3bff4 localizedkey
callhome
vrf context management
vlan 1

2011 Cisco Systems, Inc. Lab Guide 213


vlan 10
name TEST
vlan 11
vlan 12
vlan 13
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 28672
spanning-tree vlan 11,13 priority 24576
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive
vpc domain 12
peer-switch
peer-keepalive destination 192.168.0.202

interface port-channel7
switchport
switchport mode trunk
priority-flow-control mode auto
spanning-tree port type network
no shutdown
vpc peer-link
interface port-channel51
switchport
switchport mode trunk
priority-flow-control mode auto
no shutdown
vpc 51

interface port-channel52
switchport
switchport mode trunk
priority-flow-control mode auto
no shutdown
vpc 52

interface port-channel101
switchport
switchport mode fex-fabric
priority-flow-control mode auto
fex associate 101
no shutdown

interface Ethernet1/1

214 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
switchport
switchport mode trunk
spanning-tree port type network
channel-group 51 mode active
no shutdown
interface Ethernet1/3
switchport
switchport mode trunk
spanning-tree port type network
channel-group 52 mode active
no shutdown
interface Ethernet1/5
no cdp enable
switchport
switchport mode fex-fabric
fex associate 101
channel-group 101
no shutdown
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-2-pod2
switchport
switchport mode trunk
spanning-tree port type network
rate-mode dedicated force
channel-group 7
no shutdown
interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/2
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/11
shutdown

2011 Cisco Systems, Inc. Lab Guide 215


switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.201/24

interface Ethernet101/1/1
shutdown
switchport
interface Ethernet101/1/2
switchport
switchport access vlan 10
no shutdown

interface Ethernet101/1/3
shutdown
switchport
interface Ethernet101/1/4
shutdown
switchport
interface Ethernet101/1/5
shutdown
switchport
interface Ethernet101/1/6
shutdown
switchport
interface Ethernet101/1/7
shutdown
switchport
interface Ethernet101/1/8
shutdown
switchport
interface Ethernet101/1/9
shutdown
switchport
interface Ethernet101/1/10
shutdown
switchport
interface Ethernet101/1/11
shutdown
switchport
interface Ethernet101/1/12
shutdown
switchport
interface Ethernet101/1/13

216 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet101/1/14
shutdown
switchport
interface Ethernet101/1/15
shutdown
switchport
interface Ethernet101/1/16
shutdown
switchport
interface Ethernet101/1/17
shutdown
switchport
interface Ethernet101/1/18
shutdown
switchport
interface Ethernet101/1/19
shutdown
switchport
interface Ethernet101/1/20
shutdown
switchport
interface Ethernet101/1/21
shutdown
switchport
interface Ethernet101/1/22
shutdown
switchport
interface Ethernet101/1/23
shutdown
switchport
interface Ethernet101/1/24
shutdown
switchport
interface Ethernet101/1/25
shutdown
switchport
interface Ethernet101/1/26
shutdown
switchport
interface Ethernet101/1/27
shutdown
switchport
interface Ethernet101/1/28
shutdown
switchport
interface Ethernet101/1/29

2011 Cisco Systems, Inc. Lab Guide 217


shutdown
switchport
interface Ethernet101/1/30
shutdown
switchport
interface Ethernet101/1/31
shutdown
switchport
interface Ethernet101/1/32
shutdown
switchport
interface Ethernet101/1/33
shutdown
switchport
interface Ethernet101/1/34
shutdown
switchport
interface Ethernet101/1/35
shutdown
switchport
interface Ethernet101/1/36
shutdown
switchport
interface Ethernet101/1/37
shutdown
switchport
interface Ethernet101/1/38
shutdown
switchport
interface Ethernet101/1/39
shutdown
switchport
interface Ethernet101/1/40
shutdown
switchport
interface Ethernet101/1/41
shutdown
switchport
interface Ethernet101/1/42
shutdown
switchport
interface Ethernet101/1/43
shutdown
switchport
interface Ethernet101/1/44
shutdown
switchport
interface Ethernet101/1/45

218 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet101/1/46
shutdown
switchport
interface Ethernet101/1/47
shutdown
switchport
interface Ethernet101/1/48
shutdown
switchport
line vty

N7K-2-pod6

version 5.1(3)
feature-set fex
hostname pod2

feature telnet
cfs eth distribute
feature udld
feature lacp
feature vpc

username admin password 5 $1$4gBDmJfK$fxJb9.tVx1ZZPBGc6iW5P. role


vdc-admin
ip domain-lookup
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 102
pinning max-links 1
description "FEX0102"
snmp-server user admin vdc-admin auth md5
0x4e5eab12d68fd7120d2223159a3fcfb7 priv
0x4e5eab12d68fd7120d2223159a3fcfb7 localizedkey

2011 Cisco Systems, Inc. Lab Guide 219


callhome
vrf context management
vlan 1
vlan 10
name TEST
vlan 11
vlan 12
vlan 13
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 24576
spanning-tree vlan 11,13 priority 28672
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive
vpc domain 12
peer-switch
peer-keepalive destination 192.168.0.201

interface port-channel7
switchport
switchport mode trunk
priority-flow-control mode auto
spanning-tree port type network
no shutdown
vpc peer-link
interface port-channel51
switchport
switchport mode trunk
priority-flow-control mode auto
no shutdown
vpc 51
interface port-channel52
switchport
switchport mode trunk
priority-flow-control mode auto
no shutdown
vpc 52
interface port-channel102
switchport
switchport mode fex-fabric
priority-flow-control mode auto
fex associate 102
no shutdown

220 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
interface Ethernet1/1
switchport
switchport mode trunk
spanning-tree port type network
channel-group 51 mode active
no shutdown
interface Ethernet1/3
switchport
switchport mode trunk
spanning-tree port type network
channel-group 52 mode active
no shutdown
interface Ethernet1/5
no cdp enable
switchport
switchport mode fex-fabric
fex associate 102
channel-group 102
no shutdown
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-1-pod1
switchport
switchport mode trunk
spanning-tree port type network
rate-mode dedicated force
channel-group 7
no shutdown
interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/2
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/11

2011 Cisco Systems, Inc. Lab Guide 221


shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.202/24
interface Ethernet102/1/1
shutdown
switchport
interface Ethernet102/1/2
switchport
switchport access vlan 10
no shutdown
interface Ethernet102/1/3
shutdown
switchport
interface Ethernet102/1/4
shutdown
switchport
interface Ethernet102/1/5
shutdown
switchport
interface Ethernet102/1/6
shutdown
switchport
interface Ethernet102/1/7
shutdown
switchport
interface Ethernet102/1/8
shutdown
switchport
interface Ethernet102/1/9
shutdown
switchport
interface Ethernet102/1/10
shutdown
switchport
interface Ethernet102/1/11
shutdown
switchport
interface Ethernet102/1/12
shutdown
switchport
interface Ethernet102/1/13
shutdown

222 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
switchport
interface Ethernet102/1/14
shutdown
switchport
interface Ethernet102/1/15
shutdown
switchport
interface Ethernet102/1/16
shutdown
switchport
interface Ethernet102/1/17
shutdown
switchport
interface Ethernet102/1/18
shutdown
switchport
interface Ethernet102/1/19
shutdown
switchport
interface Ethernet102/1/20
shutdown
switchport
interface Ethernet102/1/21
shutdown
switchport
interface Ethernet102/1/22
shutdown
switchport
interface Ethernet102/1/23
shutdown
switchport
interface Ethernet102/1/24
shutdown
switchport
interface Ethernet102/1/25
shutdown
switchport
interface Ethernet102/1/26
shutdown
switchport
interface Ethernet102/1/27
shutdown
switchport
interface Ethernet102/1/28
shutdown
switchport
interface Ethernet102/1/29
shutdown

2011 Cisco Systems, Inc. Lab Guide 223


switchport
interface Ethernet102/1/30
shutdown
switchport
interface Ethernet102/1/31
shutdown
switchport
interface Ethernet102/1/32
shutdown
switchport
interface Ethernet102/1/33
shutdown
switchport
interface Ethernet102/1/34
shutdown
switchport
interface Ethernet102/1/35
shutdown
switchport
interface Ethernet102/1/36
shutdown
switchport
interface Ethernet102/1/37
shutdown
switchport
interface Ethernet102/1/38
shutdown
switchport
interface Ethernet102/1/39
shutdown
switchport
interface Ethernet102/1/40
shutdown
switchport
interface Ethernet102/1/41
shutdown
switchport
interface Ethernet102/1/42
shutdown
switchport
interface Ethernet102/1/43
shutdown
switchport
interface Ethernet102/1/44
shutdown
switchport
interface Ethernet102/1/45
shutdown

224 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
switchport
interface Ethernet102/1/46
shutdown
switchport
interface Ethernet102/1/47
shutdown
switchport
interface Ethernet102/1/48
shutdown
switchport
line vty

N5K-1

version 5.0(3)N2(1)
feature telnet
feature udld
feature lacp
feature lldp

username admin password 5 $1$is.yw7Tg$8DV6hkFaELOzRmVXQH3jg. role


network-admin
ip domain-lookup
hostname N5K-1
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
system qos
service-policy type qos input fcoe-default-in-policy
service-policy type queuing input fcoe-default-in-policy
service-policy type queuing output fcoe-default-out-policy
service-policy type network-qos fcoe-default-nq-policy
slot 1
port 21-32 type fc
snmp-server user admin network-admin auth md5
0x22871f636597c4497461738cf59884c3 priv
0x22871f636597c4497461738cf59884c3 localizedkey
snmp-server enable traps entity fru
callhome
vrf context management

2011 Cisco Systems, Inc. Lab Guide 225


ip route 0.0.0.0/0 192.168.0.254
vlan 1
vlan 10
name TEST
vlan 11-13
spanning-tree mode mst
spanning-tree mst 1-2 priority 61440
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface port-channel77
switchport mode trunk
interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
description To Windows-CNA-1
spanning-tree port type edge
interface Ethernet1/4
description To Windows-CNA-2
spanning-tree port type edge
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
description To N2K-1
interface Ethernet1/10
description To N2K-1
interface Ethernet1/11
description To N2K-2
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
description To N5K-2
shutdown
interface Ethernet1/18
description To N5K-2
shutdown
interface Ethernet1/19
description To N7K-1

226 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
switchport mode trunk
spanning-tree port type network
channel-group 77 mode active
interface Ethernet1/20
description To N7K-2
switchport mode trunk
spanning-tree port type network
channel-group 77 mode active
interface mgmt0
ip address 192.168.0.18/24
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.3.N2.1.bin

N5K-2

version 5.0(3)N2(1)
feature telnet
feature udld
feature lacp
feature lldp

username admin password 5 $1$pKTdjbMs$bFn1w7LJ3mDO9rdHEUkD2/ role


network-admin
ip domain-lookup
hostname N5K-2
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
system qos
service-policy type qos input fcoe-default-in-policy
service-policy type queuing input fcoe-default-in-policy
service-policy type queuing output fcoe-default-out-policy
service-policy type network-qos fcoe-default-nq-policy
slot 1
port 21-32 type fc
snmp-server user admin network-admin auth md5
0x7de850b332ac835cb267655504a3e62f priv
0x7de850b332ac835cb267655504a3e62f localizedkey

2011 Cisco Systems, Inc. Lab Guide 227


snmp-server enable traps entity fru
callhome

vrf context management


ip route 0.0.0.0/0 192.168.0.254
vlan 1
vlan 10
name TEST
vlan 11-13
spanning-tree mode mst
spanning-tree mst 1-2 priority 61440
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface port-channel77
switchport mode trunk
interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
description To Windows-CNA-2
spanning-tree port type edge
interface Ethernet1/4
description To Windows-CNA-1
spanning-tree port type edge
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
description To N2K-2
interface Ethernet1/10
description To N2K-2
interface Ethernet1/11
description To N2K-1
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
description To N5K-1
shutdown
interface Ethernet1/18

228 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
description To N5K-1
shutdown
interface Ethernet1/19
description To N7K-2
switchport mode trunk
spanning-tree port type network
channel-group 77 mode active
interface Ethernet1/20
description To N7K-1
switchport mode trunk
spanning-tree port type network
channel-group 77 mode active
interface mgmt0
ip address 192.168.0.28/24
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.3.N2.1.bin

2011 Cisco Systems, Inc. Lab Guide 229


Lab 2-3 Answer Key: Configuring Layer 3 Switching
When you complete this activity, your Cisco Nexus 5000 Switch configuration and Cisco
Nexus 7000 VDC configuration will be similar to the results here, with differences that are
specific to your device or workgroup:

Note The sections of the configuration that are most relevant for this lab exercise have been
highlighted in bold.

N7K-1-pod1

version 5.1(3)
feature-set fex
hostname pod1

feature telnet
cfs eth distribute
feature ospf
feature eigrp
feature rip
feature udld
feature interface-vlan
feature lacp

username admin password 5 $1$peBH9iff$DRrtP2avD/lsrov3ZHh1n. role


vdc-admin
ip domain-lookup
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 101
pinning max-links 1
description "FEX0101"
snmp-server user admin vdc-admin auth md5
0x5c63cf7da976d28033ba83ab10a3bff4 priv
0x5c63cf7da976d28033ba83ab10a3bff4 localizedkey

230 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
callhome

vrf context OSPF-VRF


vrf context EIGRP-VRF
vrf context STATIC-VRF
ip route 192.168.11.72/32 172.16.11.72
vrf context management
vlan 1
vlan 10
name TEST
vlan 11
vlan 12
vlan 13
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 28672
spanning-tree vlan 11,13 priority 24576
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface Vlan1

interface Vlan10
no shutdown
ip address 172.16.10.71/24
ip router rip MYRIP

interface Vlan11
no shutdown
vrf member STATIC-VRF
ip address 172.16.11.71/24

interface Vlan12
no shutdown
vrf member OSPF-VRF
ip address 172.16.12.71/24
ip router ospf MYOSPF area 0.0.0.0

interface Vlan13
no shutdown
vrf member EIGRP-VRF
ip address 172.16.13.71/24
ip router eigrp MYEIGRP

2011 Cisco Systems, Inc. Lab Guide 231


interface port-channel7
switchport
switchport mode trunk
priority-flow-control mode auto
spanning-tree port type network
no shutdown

interface port-channel101
switchport
switchport mode fex-fabric
priority-flow-control mode auto
fex associate 101
no shutdown

interface Ethernet1/1
switchport
switchport mode trunk
spanning-tree port type network
no shutdown
interface Ethernet1/3
switchport
switchport mode trunk
spanning-tree port type network
no shutdown
interface Ethernet1/5
no cdp enable
switchport
switchport mode fex-fabric
fex associate 101
channel-group 101
no shutdown
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-2-pod2
switchport
switchport mode trunk
spanning-tree port type network
rate-mode dedicated force
channel-group 7
no shutdown
interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown

232 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/2
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/11
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.201/24
interface loopback10
no shutdown
ip address 192.168.10.71/32
ip router rip MYRIP
interface loopback11
no shutdown
vrf member STATIC-VRF
ip address 192.168.11.71/32
interface loopback12
no shutdown
vrf member OSPF-VRF
ip address 192.168.12.71/32
ip router ospf MYOSPF area 0.0.0.1
interface loopback13
no shutdown
vrf member EIGRP-VRF
ip address 192.168.13.71/32
ip router eigrp MYEIGRP
interface Ethernet101/1/1
shutdown
switchport
interface Ethernet101/1/2
switchport
switchport access vlan 10
no shutdown
interface Ethernet101/1/3

2011 Cisco Systems, Inc. Lab Guide 233


shutdown
switchport
interface Ethernet101/1/4
shutdown
switchport
interface Ethernet101/1/5
shutdown
switchport
interface Ethernet101/1/6
shutdown
switchport
interface Ethernet101/1/7
shutdown
switchport
interface Ethernet101/1/8
shutdown
switchport
interface Ethernet101/1/9
shutdown
switchport
interface Ethernet101/1/10
shutdown
switchport
interface Ethernet101/1/11
shutdown
switchport
interface Ethernet101/1/12
shutdown
switchport
interface Ethernet101/1/13
shutdown
switchport
interface Ethernet101/1/14
shutdown
switchport
interface Ethernet101/1/15
shutdown
switchport
interface Ethernet101/1/16
shutdown
switchport
interface Ethernet101/1/17
shutdown
switchport
interface Ethernet101/1/18
shutdown
switchport
interface Ethernet101/1/19

234 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet101/1/20
shutdown
switchport
interface Ethernet101/1/21
shutdown
switchport
interface Ethernet101/1/22
shutdown
switchport
interface Ethernet101/1/23
shutdown
switchport
interface Ethernet101/1/24
shutdown
switchport
interface Ethernet101/1/25
shutdown
switchport
interface Ethernet101/1/26
shutdown
switchport
interface Ethernet101/1/27
shutdown
switchport
interface Ethernet101/1/28
shutdown
switchport
interface Ethernet101/1/29
shutdown
switchport
interface Ethernet101/1/30
shutdown
switchport
interface Ethernet101/1/31
shutdown
switchport
interface Ethernet101/1/32
shutdown
switchport
interface Ethernet101/1/33
shutdown
switchport
interface Ethernet101/1/34
shutdown
switchport
interface Ethernet101/1/35

2011 Cisco Systems, Inc. Lab Guide 235


shutdown
switchport
interface Ethernet101/1/36
shutdown
switchport
interface Ethernet101/1/37
shutdown
switchport
interface Ethernet101/1/38
shutdown
switchport
interface Ethernet101/1/39
shutdown
switchport
interface Ethernet101/1/40
shutdown
switchport
interface Ethernet101/1/41
shutdown
switchport
interface Ethernet101/1/42
shutdown
switchport
interface Ethernet101/1/43
shutdown
switchport
interface Ethernet101/1/44
shutdown
switchport
interface Ethernet101/1/45
shutdown
switchport
interface Ethernet101/1/46
shutdown
switchport
interface Ethernet101/1/47
shutdown
switchport
interface Ethernet101/1/48
shutdown
switchport
line vty
router eigrp MYEIGRP
vrf EIGRP-VRF
autonomous-system 42
router ospf MYOSPF
router-id 1.1.1.1
vrf OSPF-VRF

236 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
router-id 1.1.1.1
log-adjacency-changes
auto-cost reference-bandwidth 100 Mbps
router rip MYRIP

N7K-2-pod2

version 5.1(3)
feature-set fex
hostname pod2

feature telnet
cfs eth distribute
feature ospf
feature eigrp
feature rip
feature udld
feature interface-vlan
feature lacp

username admin password 5 $1$4gBDmJfK$fxJb9.tVx1ZZPBGc6iW5P. role


vdc-admin
ip domain-lookup
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 102
pinning max-links 1
description "FEX0102"
snmp-server user admin vdc-admin auth md5
0x4e5eab12d68fd7120d2223159a3fcfb7 priv
0x4e5eab12d68fd7120d2223159a3fcfb7 localizedkey
callhome
vrf context OSPF-VRF
vrf context EIGRP-VRF

2011 Cisco Systems, Inc. Lab Guide 237


vrf context STATIC-VRF
ip route 192.168.11.71/32 172.16.11.71
vrf context management
vlan 1
vlan 10
name TEST
vlan 11
vlan 12
vlan 13
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 24576
spanning-tree vlan 11,13 priority 28672
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface Vlan1
interface Vlan10
no shutdown
ip address 172.16.10.72/24
ip router rip MYRIP
interface Vlan11
no shutdown
vrf member STATIC-VRF
ip address 172.16.11.72/24
interface Vlan12
no shutdown
vrf member OSPF-VRF
ip address 172.16.12.72/24
ip router ospf MYOSPF area 0.0.0.0
interface Vlan13
no shutdown
vrf member EIGRP-VRF
ip address 172.16.13.72/24
ip router eigrp MYEIGRP
interface port-channel7
switchport
switchport mode trunk
priority-flow-control mode auto
spanning-tree port type network
no shutdown
interface port-channel102
switchport
switchport mode fex-fabric

238 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
priority-flow-control mode auto
fex associate 102
no shutdown
interface Ethernet1/1
switchport
switchport mode trunk
spanning-tree port type network
no shutdown
interface Ethernet1/3
switchport
switchport mode trunk
spanning-tree port type network
no shutdown
interface Ethernet1/5
no cdp enable
switchport
switchport mode fex-fabric
fex associate 102
channel-group 102
no shutdown
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-1-pod1
switchport
switchport mode trunk
spanning-tree port type network
rate-mode dedicated force
channel-group 7
no shutdown
interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/2
shutdown
switchport
priority-flow-control mode auto

2011 Cisco Systems, Inc. Lab Guide 239


interface Ethernet3/11
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.202/24
interface loopback10
no shutdown
ip address 192.168.10.72/32
ip router rip MYRIP
interface loopback11
no shutdown
vrf member STATIC-VRF
ip address 192.168.11.72/32
interface loopback12
no shutdown
vrf member OSPF-VRF
ip address 192.168.12.72/32
ip router ospf MYOSPF area 0.0.0.2
interface loopback13
no shutdown
vrf member EIGRP-VRF
ip address 192.168.13.72/32
ip router eigrp MYEIGRP
interface Ethernet102/1/1
shutdown
switchport
interface Ethernet102/1/2
switchport
switchport access vlan 10
no shutdown
interface Ethernet102/1/3
shutdown
switchport
interface Ethernet102/1/4
shutdown
switchport
interface Ethernet102/1/5
shutdown
switchport
interface Ethernet102/1/6
shutdown
switchport
interface Ethernet102/1/7

240 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet102/1/8
shutdown
switchport
interface Ethernet102/1/9
shutdown
switchport
interface Ethernet102/1/10
shutdown
switchport
interface Ethernet102/1/11
shutdown
switchport
interface Ethernet102/1/12
shutdown
switchport
interface Ethernet102/1/13
shutdown
switchport
interface Ethernet102/1/14
shutdown
switchport
interface Ethernet102/1/15
shutdown
switchport
interface Ethernet102/1/16
shutdown
switchport
interface Ethernet102/1/17
shutdown
switchport
interface Ethernet102/1/18
shutdown
switchport
interface Ethernet102/1/19
shutdown
switchport
interface Ethernet102/1/20
shutdown
switchport
interface Ethernet102/1/21
shutdown
switchport
interface Ethernet102/1/22
shutdown
switchport
interface Ethernet102/1/23

2011 Cisco Systems, Inc. Lab Guide 241


shutdown
switchport
interface Ethernet102/1/24
shutdown
switchport
interface Ethernet102/1/25
shutdown
switchport
interface Ethernet102/1/26
shutdown
switchport
interface Ethernet102/1/27
shutdown
switchport
interface Ethernet102/1/28
shutdown
switchport
interface Ethernet102/1/29
shutdown
switchport
interface Ethernet102/1/30
shutdown
switchport
interface Ethernet102/1/31
shutdown
switchport
interface Ethernet102/1/32
shutdown
switchport
interface Ethernet102/1/33
shutdown
switchport
interface Ethernet102/1/34
shutdown
switchport
interface Ethernet102/1/35
shutdown
switchport
interface Ethernet102/1/36
shutdown
switchport
interface Ethernet102/1/37
shutdown
switchport
interface Ethernet102/1/38
shutdown
switchport
interface Ethernet102/1/39

242 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet102/1/40
shutdown
switchport
interface Ethernet102/1/41
shutdown
switchport
interface Ethernet102/1/42
shutdown
switchport
interface Ethernet102/1/43
shutdown
switchport
interface Ethernet102/1/44
shutdown
switchport
interface Ethernet102/1/45
shutdown
switchport
interface Ethernet102/1/46
shutdown
switchport
interface Ethernet102/1/47
shutdown
switchport
interface Ethernet102/1/48
shutdown
switchport
line vty
router eigrp MYEIGRP
vrf EIGRP-VRF
autonomous-system 42
router ospf MYOSPF
router-id 2.2.2.2
vrf OSPF-VRF
router-id 2.2.2.2
log-adjacency-changes
auto-cost reference-bandwidth 100 Mbps
router rip MYRIP

2011 Cisco Systems, Inc. Lab Guide 243


Lab 3-1 Answer Key: Configuring Security Features
When you complete this activity, your Cisco Nexus 7000 VDC configuration will be similar to
the results here, with differences that are specific to your device or workgroup:

Note The sections of the configuration that are most relevant for this lab exercise have been
highlighted in bold.

N7K-1-pod1

version 5.1(3)
feature-set fex
hostname pod1

feature telnet
cfs eth distribute
feature ospf
feature eigrp
feature rip
feature port-security
feature udld
feature interface-vlan
feature lacp

username admin password 5 $1$peBH9iff$DRrtP2avD/lsrov3ZHh1n. role


vdc-admin
ip domain-lookup
object-group ip address MGMT-LANS
10 172.16.10.0/24
20 172.16.11.0/24
30 172.16.12.0/24
object-group ip port VIRTUAL-TERMINAL
10 range 22 23
20 eq 513
ip access-list REMOTE-LOGIN-ONLY
statistics per-entry
10 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
20 deny ip any any
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2

244 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 101
pinning max-links 1
description "FEX0101"
snmp-server user admin vdc-admin auth md5
0x5c63cf7da976d28033ba83ab10a3bff4 priv
0x5c63cf7da976d28033ba83ab10a3bff4 localizedkey
callhome

vrf context OSPF-VRF


vrf context EIGRP-VRF
vrf context STATIC-VRF
ip route 192.168.11.72/32 172.16.11.72
vrf context management
vlan 1
vlan 10
name TEST
vlan 11
vlan 12
vlan 13
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 28672
spanning-tree vlan 11,13 priority 24576
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface Vlan1

interface Vlan10
no shutdown
ip address 172.16.10.71/24
ip router rip MYRIP

interface Vlan11
no shutdown
vrf member STATIC-VRF
ip address 172.16.11.71/24

interface Vlan12

2011 Cisco Systems, Inc. Lab Guide 245


no shutdown
vrf member OSPF-VRF
ip address 172.16.12.71/24
ip router ospf MYOSPF area 0.0.0.0

interface Vlan13
no shutdown
vrf member EIGRP-VRF
ip address 172.16.13.71/24
ip router eigrp MYEIGRP

interface port-channel7
switchport
switchport mode trunk
priority-flow-control mode auto
spanning-tree port type network
no shutdown

interface port-channel101
switchport
switchport mode fex-fabric
priority-flow-control mode auto
fex associate 101
no shutdown

interface Ethernet1/1
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
no shutdown
interface Ethernet1/3
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
no shutdown
interface Ethernet1/5
no cdp enable
switchport
switchport mode fex-fabric
fex associate 101
channel-group 101
no shutdown

246 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-2-pod2
switchport
switchport mode trunk
spanning-tree port type network
rate-mode dedicated force
channel-group 7
no shutdown

interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/2
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/11
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.201/24

interface loopback10
no shutdown
ip address 192.168.10.71/32
ip router rip MYRIP

interface loopback11
no shutdown

2011 Cisco Systems, Inc. Lab Guide 247


vrf member STATIC-VRF
ip address 192.168.11.71/32

interface loopback12
no shutdown
vrf member OSPF-VRF
ip address 192.168.12.71/32
ip router ospf MYOSPF area 0.0.0.1

interface loopback13
no shutdown
vrf member EIGRP-VRF
ip address 192.168.13.71/32
ip router eigrp MYEIGRP

interface Ethernet101/1/1
shutdown
switchport
interface Ethernet101/1/2
switchport
switchport port-security
switchport access vlan 11
no shutdown
interface Ethernet101/1/3
shutdown
switchport
interface Ethernet101/1/4
shutdown
switchport
interface Ethernet101/1/5
shutdown
switchport
interface Ethernet101/1/6
shutdown
switchport
interface Ethernet101/1/7
shutdown
switchport
interface Ethernet101/1/8
shutdown
switchport
interface Ethernet101/1/9
shutdown
switchport
interface Ethernet101/1/10
shutdown
switchport
interface Ethernet101/1/11

248 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet101/1/12
shutdown
switchport
interface Ethernet101/1/13
shutdown
switchport
interface Ethernet101/1/14
shutdown
switchport
interface Ethernet101/1/15
shutdown
switchport
interface Ethernet101/1/16
shutdown
switchport
interface Ethernet101/1/17
shutdown
switchport
interface Ethernet101/1/18
shutdown
switchport
interface Ethernet101/1/19
shutdown
switchport
interface Ethernet101/1/20
shutdown
switchport
interface Ethernet101/1/21
shutdown
switchport
interface Ethernet101/1/22
shutdown
switchport
interface Ethernet101/1/23
shutdown
switchport
interface Ethernet101/1/24
shutdown
switchport
interface Ethernet101/1/25
shutdown
switchport
interface Ethernet101/1/26
shutdown
switchport
interface Ethernet101/1/27

2011 Cisco Systems, Inc. Lab Guide 249


shutdown
switchport
interface Ethernet101/1/28
shutdown
switchport
interface Ethernet101/1/29
shutdown
switchport
interface Ethernet101/1/30
shutdown
switchport
interface Ethernet101/1/31
shutdown
switchport
interface Ethernet101/1/32
shutdown
switchport
interface Ethernet101/1/33
shutdown
switchport
interface Ethernet101/1/34
shutdown
switchport
interface Ethernet101/1/35
shutdown
switchport
interface Ethernet101/1/36
shutdown
switchport
interface Ethernet101/1/37
shutdown
switchport
interface Ethernet101/1/38
shutdown
switchport
interface Ethernet101/1/39
shutdown
switchport
interface Ethernet101/1/40
shutdown
switchport
interface Ethernet101/1/41
shutdown
switchport
interface Ethernet101/1/42
shutdown
switchport
interface Ethernet101/1/43

250 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet101/1/44
shutdown
switchport
interface Ethernet101/1/45
shutdown
switchport
interface Ethernet101/1/46
shutdown
switchport
interface Ethernet101/1/47
shutdown
switchport
interface Ethernet101/1/48
shutdown
switchport
line vty
router eigrp MYEIGRP
vrf EIGRP-VRF
autonomous-system 42
router ospf MYOSPF
router-id 1.1.1.1
vrf OSPF-VRF
router-id 1.1.1.1
log-adjacency-changes
auto-cost reference-bandwidth 100 Mbps
router rip MYRIP

N7K-2-pod2

version 5.1(3)
feature-set fex
hostname pod2

feature telnet
cfs eth distribute
feature ospf
feature eigrp
feature rip
feature port-security
feature udld
feature interface-vlan
feature lacp

username admin password 5 $1$4gBDmJfK$fxJb9.tVx1ZZPBGc6iW5P. role


vdc-admin
ip domain-lookup

2011 Cisco Systems, Inc. Lab Guide 251


object-group ip address MGMT-LANS
10 172.16.10.0/24
20 172.16.11.0/24
30 172.16.12.0/24
object-group ip port VIRTUAL-TERMINAL
10 range 22 23
20 eq 513
ip access-list REMOTE-LOGIN-ONLY
statistics per-entry
10 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
20 deny ip any any
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 102
pinning max-links 1
description "FEX0102"
snmp-server user admin vdc-admin auth md5
0x4e5eab12d68fd7120d2223159a3fcfb7 priv
0x4e5eab12d68fd7120d2223159a3fcfb7 localizedkey
callhome
vrf context OSPF-VRF
vrf context EIGRP-VRF
vrf context STATIC-VRF
ip route 192.168.11.71/32 172.16.11.71
vrf context management
vlan 1
vlan 10
name TEST
vlan 11
vlan 12
vlan 13
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 24576
spanning-tree vlan 11,13 priority 28672

252 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface Vlan1

interface Vlan10
no shutdown
ip address 172.16.10.72/24
ip router rip MYRIP

interface Vlan11
no shutdown
vrf member STATIC-VRF
ip address 172.16.11.72/24

interface Vlan12
no shutdown
vrf member OSPF-VRF
ip address 172.16.12.72/24
ip router ospf MYOSPF area 0.0.0.0

interface Vlan13
no shutdown
vrf member EIGRP-VRF
ip address 172.16.13.72/24
ip router eigrp MYEIGRP

interface port-channel7
switchport
switchport mode trunk
priority-flow-control mode auto
spanning-tree port type network
no shutdown

interface port-channel102
switchport
switchport mode fex-fabric
priority-flow-control mode auto
fex associate 102
no shutdown

interface Ethernet1/1
switchport

2011 Cisco Systems, Inc. Lab Guide 253


switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
no shutdown

interface Ethernet1/3
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
no shutdown

interface Ethernet1/5
no cdp enable
switchport
switchport mode fex-fabric
fex associate 102
channel-group 102
no shutdown

interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-1-pod1
switchport
switchport mode trunk
spanning-tree port type network
rate-mode dedicated force
channel-group 7
no shutdown

interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
shutdown
switchport

254 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
priority-flow-control mode auto
interface Ethernet3/2
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/11
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.202/24
interface loopback10
no shutdown
ip address 192.168.10.72/32
ip router rip MYRIP
interface loopback11
no shutdown
vrf member STATIC-VRF
ip address 192.168.11.72/32
interface loopback12
no shutdown
vrf member OSPF-VRF
ip address 192.168.12.72/32
ip router ospf MYOSPF area 0.0.0.2
interface loopback13
no shutdown
vrf member EIGRP-VRF
ip address 192.168.13.72/32
ip router eigrp MYEIGRP
interface Ethernet102/1/1
shutdown
switchport
interface Ethernet102/1/2
switchport
switchport port-security
switchport access vlan 11
no shutdown
interface Ethernet102/1/3
shutdown
switchport
interface Ethernet102/1/4
shutdown
switchport
interface Ethernet102/1/5

2011 Cisco Systems, Inc. Lab Guide 255


shutdown
switchport
interface Ethernet102/1/6
shutdown
switchport
interface Ethernet102/1/7
shutdown
switchport
interface Ethernet102/1/8
shutdown
switchport
interface Ethernet102/1/9
shutdown
switchport
interface Ethernet102/1/10
shutdown
switchport
interface Ethernet102/1/11
shutdown
switchport
interface Ethernet102/1/12
shutdown
switchport
interface Ethernet102/1/13
shutdown
switchport
interface Ethernet102/1/14
shutdown
switchport
interface Ethernet102/1/15
shutdown
switchport
interface Ethernet102/1/16
shutdown
switchport
interface Ethernet102/1/17
shutdown
switchport
interface Ethernet102/1/18
shutdown
switchport
interface Ethernet102/1/19
shutdown
switchport
interface Ethernet102/1/20
shutdown
switchport
interface Ethernet102/1/21

256 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet102/1/22
shutdown
switchport
interface Ethernet102/1/23
shutdown
switchport
interface Ethernet102/1/24
shutdown
switchport
interface Ethernet102/1/25
shutdown
switchport
interface Ethernet102/1/26
shutdown
switchport
interface Ethernet102/1/27
shutdown
switchport
interface Ethernet102/1/28
shutdown
switchport
interface Ethernet102/1/29
shutdown
switchport
interface Ethernet102/1/30
shutdown
switchport
interface Ethernet102/1/31
shutdown
switchport
interface Ethernet102/1/32
shutdown
switchport
interface Ethernet102/1/33
shutdown
switchport
interface Ethernet102/1/34
shutdown
switchport
interface Ethernet102/1/35
shutdown
switchport
interface Ethernet102/1/36
shutdown
switchport
interface Ethernet102/1/37

2011 Cisco Systems, Inc. Lab Guide 257


shutdown
switchport
interface Ethernet102/1/38
shutdown
switchport
interface Ethernet102/1/39
shutdown
switchport
interface Ethernet102/1/40
shutdown
switchport
interface Ethernet102/1/41
shutdown
switchport
interface Ethernet102/1/42
shutdown
switchport
interface Ethernet102/1/43
shutdown
switchport
interface Ethernet102/1/44
shutdown
switchport
interface Ethernet102/1/45
shutdown
switchport
interface Ethernet102/1/46
shutdown
switchport
interface Ethernet102/1/47
shutdown
switchport
interface Ethernet102/1/48
shutdown
switchport
line vty
router eigrp MYEIGRP
vrf EIGRP-VRF
autonomous-system 42
router ospf MYOSPF
router-id 2.2.2.2
vrf OSPF-VRF
router-id 2.2.2.2
log-adjacency-changes
auto-cost reference-bandwidth 100 Mbps
router rip MYRIP

258 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 3-2 Answer Key: Configuring OTV
When you complete this activity, your Cisco Nexus 7000 VDC configuration will be similar to
the results here, with differences that are specific to your device or workgroup:

Note The sections of the configuration that are most relevant for this lab exercise have been
highlighted in bold.

N7K-1-pod1

version 5.1(3)
feature-set fex
hostname pod1

feature telnet
cfs eth distribute
feature otv
feature port-security
feature udld
feature lacp

username admin password 5 $1$peBH9iff$DRrtP2avD/lsrov3ZHh1n. role


vdc-admin
ip domain-lookup
object-group ip address MGMT-LANS
10 172.16.10.0/24
20 172.16.11.0/24
30 172.16.12.0/24
object-group ip port VIRTUAL-TERMINAL
10 range 22 23
20 eq 513
ip access-list REMOTE-LOGIN-ONLY
statistics per-entry
10 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
20 deny ip any any
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33

2011 Cisco Systems, Inc. Lab Guide 259


class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 101
pinning max-links 1
description "FEX0101"
snmp-server user admin vdc-admin auth md5
0x5c63cf7da976d28033ba83ab10a3bff4 priv
0x5c63cf7da976d28033ba83ab10a3bff4 localizedkey
callhome

vrf context OSPF-VRF


vrf context EIGRP-VRF
vrf context STATIC-VRF
ip route 192.168.11.72/32 172.16.11.72
vrf context management
vlan 1
vlan 10
name TEST
vlan 11
vlan 12
vlan 13
otv site-vlan 13
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 28672
spanning-tree vlan 11,13 priority 24576
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface port-channel101
switchport
switchport mode fex-fabric
priority-flow-control mode auto
fex associate 101
no shutdown

interface Overlay1
otv join-interface Ethernet1/17
otv control-group 239.7.7.7
otv data-group 232.7.7.0/24
otv extend-vlan 10-12
no shutdown

interface Ethernet1/1

260 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
no shutdown
interface Ethernet1/3
shutdown
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
interface Ethernet1/5
no cdp enable
switchport
switchport mode fex-fabric
fex associate 101
channel-group 101
no shutdown
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-2-pod2
no switchport
rate-mode dedicated force
mtu 9216
ip address 10.7.7.1/24
ip igmp version 3
no shutdown
interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/2
shutdown

2011 Cisco Systems, Inc. Lab Guide 261


switchport
priority-flow-control mode auto
interface Ethernet3/11
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.201/24
interface loopback10
no shutdown
ip address 192.168.10.71/32
interface loopback11
no shutdown
vrf member STATIC-VRF
ip address 192.168.11.71/32
interface loopback12
no shutdown
vrf member OSPF-VRF
ip address 192.168.12.71/32
interface loopback13
no shutdown
vrf member EIGRP-VRF
ip address 192.168.13.71/32
interface Ethernet101/1/1
shutdown
switchport
interface Ethernet101/1/2
switchport
switchport port-security
switchport access vlan 11
no shutdown
interface Ethernet101/1/3
shutdown
switchport
interface Ethernet101/1/4
shutdown
switchport
interface Ethernet101/1/5
shutdown
switchport
interface Ethernet101/1/6
shutdown
switchport
interface Ethernet101/1/7

262 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet101/1/8
shutdown
switchport
interface Ethernet101/1/9
shutdown
switchport
interface Ethernet101/1/10
shutdown
switchport
interface Ethernet101/1/11
shutdown
switchport
interface Ethernet101/1/12
shutdown
switchport
interface Ethernet101/1/13
shutdown
switchport
interface Ethernet101/1/14
shutdown
switchport
interface Ethernet101/1/15
shutdown
switchport
interface Ethernet101/1/16
shutdown
switchport
interface Ethernet101/1/17
shutdown
switchport
interface Ethernet101/1/18
shutdown
switchport
interface Ethernet101/1/19
shutdown
switchport
interface Ethernet101/1/20
shutdown
switchport
interface Ethernet101/1/21
shutdown
switchport
interface Ethernet101/1/22
shutdown
switchport
interface Ethernet101/1/23

2011 Cisco Systems, Inc. Lab Guide 263


shutdown
switchport
interface Ethernet101/1/24
shutdown
switchport
interface Ethernet101/1/25
shutdown
switchport
interface Ethernet101/1/26
shutdown
switchport
interface Ethernet101/1/27
shutdown
switchport
interface Ethernet101/1/28
shutdown
switchport
interface Ethernet101/1/29
shutdown
switchport
interface Ethernet101/1/30
shutdown
switchport
interface Ethernet101/1/31
shutdown
switchport
interface Ethernet101/1/32
shutdown
switchport
interface Ethernet101/1/33
shutdown
switchport
interface Ethernet101/1/34
shutdown
switchport
interface Ethernet101/1/35
shutdown
switchport
interface Ethernet101/1/36
shutdown
switchport
interface Ethernet101/1/37
shutdown
switchport
interface Ethernet101/1/38
shutdown
switchport
interface Ethernet101/1/39

264 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet101/1/40
shutdown
switchport
interface Ethernet101/1/41
shutdown
switchport
interface Ethernet101/1/42
shutdown
switchport
interface Ethernet101/1/43
shutdown
switchport
interface Ethernet101/1/44
shutdown
switchport
interface Ethernet101/1/45
shutdown
switchport
interface Ethernet101/1/46
shutdown
switchport
interface Ethernet101/1/47
shutdown
switchport
interface Ethernet101/1/48
shutdown
switchport
line vty

N7K-2-pod2

version 5.1(3)
feature-set fex
hostname pod2

feature telnet
cfs eth distribute
feature otv
feature port-security
feature udld
feature lacp

username admin password 5 $1$4gBDmJfK$fxJb9.tVx1ZZPBGc6iW5P. role


vdc-admin
ip domain-lookup
object-group ip address MGMT-LANS

2011 Cisco Systems, Inc. Lab Guide 265


10 172.16.10.0/24
20 172.16.11.0/24
30 172.16.12.0/24
object-group ip port VIRTUAL-TERMINAL
10 range 22 23
20 eq 513
ip access-list REMOTE-LOGIN-ONLY
statistics per-entry
10 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
20 deny ip any any
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 102
pinning max-links 1
description "FEX0102"
snmp-server user admin vdc-admin auth md5
0x4e5eab12d68fd7120d2223159a3fcfb7 priv
0x4e5eab12d68fd7120d2223159a3fcfb7 localizedkey
callhome
vrf context OSPF-VRF
vrf context EIGRP-VRF
vrf context STATIC-VRF
ip route 192.168.11.71/32 172.16.11.71
vrf context management
vlan 1
vlan 10
name TEST
vlan 11
vlan 12
vlan 13
otv site-vlan 13
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 24576
spanning-tree vlan 11,13 priority 28672

266 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface port-channel102
switchport
switchport mode fex-fabric
priority-flow-control mode auto
fex associate 102
no shutdown
interface Overlay1
otv join-interface Ethernet1/17
otv control-group 239.7.7.7
otv data-group 232.7.7.0/24
otv extend-vlan 10-12
no shutdown
interface Ethernet1/1
shutdown
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
interface Ethernet1/3
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
no shutdown
interface Ethernet1/5
no cdp enable
switchport
switchport mode fex-fabric
fex associate 102
channel-group 102
no shutdown

interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-1-pod1

2011 Cisco Systems, Inc. Lab Guide 267


no switchport
rate-mode dedicated force
mtu 9216
ip address 10.7.7.2/24
ip igmp version 3
no shutdown
interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/2
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/11
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.202/24

interface loopback10
no shutdown
ip address 192.168.10.72/32

interface loopback11
no shutdown
vrf member STATIC-VRF
ip address 192.168.11.72/32

interface loopback12
no shutdown
vrf member OSPF-VRF
ip address 192.168.12.72/32

268 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
interface loopback13
no shutdown
vrf member EIGRP-VRF
ip address 192.168.13.72/32

interface Ethernet102/1/1
shutdown
switchport
interface Ethernet102/1/2
switchport
switchport port-security
switchport access vlan 11
no shutdown

interface Ethernet102/1/3
shutdown
switchport
interface Ethernet102/1/4
shutdown
switchport
interface Ethernet102/1/5
shutdown
switchport
interface Ethernet102/1/6
shutdown
switchport
interface Ethernet102/1/7
shutdown
switchport
interface Ethernet102/1/8
shutdown
switchport
interface Ethernet102/1/9
shutdown
switchport
interface Ethernet102/1/10
shutdown
switchport
interface Ethernet102/1/11
shutdown
switchport
interface Ethernet102/1/12
shutdown
switchport
interface Ethernet102/1/13
shutdown
switchport
interface Ethernet102/1/14

2011 Cisco Systems, Inc. Lab Guide 269


shutdown
switchport
interface Ethernet102/1/15
shutdown
switchport
interface Ethernet102/1/16
shutdown
switchport
interface Ethernet102/1/17
shutdown
switchport
interface Ethernet102/1/18
shutdown
switchport
interface Ethernet102/1/19
shutdown
switchport
interface Ethernet102/1/20
shutdown
switchport
interface Ethernet102/1/21
shutdown
switchport
interface Ethernet102/1/22
shutdown
switchport
interface Ethernet102/1/23
shutdown
switchport
interface Ethernet102/1/24
shutdown
switchport
interface Ethernet102/1/25
shutdown
switchport
interface Ethernet102/1/26
shutdown
switchport
interface Ethernet102/1/27
shutdown
switchport
interface Ethernet102/1/28
shutdown
switchport
interface Ethernet102/1/29
shutdown
switchport
interface Ethernet102/1/30

270 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet102/1/31
shutdown
switchport
interface Ethernet102/1/32
shutdown
switchport
interface Ethernet102/1/33
shutdown
switchport
interface Ethernet102/1/34
shutdown
switchport
interface Ethernet102/1/35
shutdown
switchport
interface Ethernet102/1/36
shutdown
switchport
interface Ethernet102/1/37
shutdown
switchport
interface Ethernet102/1/38
shutdown
switchport
interface Ethernet102/1/39
shutdown
switchport
interface Ethernet102/1/40
shutdown
switchport
interface Ethernet102/1/41
shutdown
switchport
interface Ethernet102/1/42
shutdown
switchport
interface Ethernet102/1/43
shutdown
switchport
interface Ethernet102/1/44
shutdown
switchport
interface Ethernet102/1/45
shutdown
switchport
interface Ethernet102/1/46

2011 Cisco Systems, Inc. Lab Guide 271


shutdown
switchport
interface Ethernet102/1/47
shutdown
switchport
interface Ethernet102/1/48
shutdown
switchport
line vty

272 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 3-3 Answer Key: Configuring QoS
When you complete this activity, your Cisco Nexus 5000 Switch configuration and Cisco
Nexus 7000 VDC configuration will be similar to the results here, with differences that are
specific to your device or workgroup:

Note The sections of the configuration that are most relevant for this lab exercise have been
highlighted in bold.

N7K-1-pod1

version 5.1(3)
feature-set fex
hostname pod1

feature telnet
cfs eth distribute
feature otv
feature port-security
feature udld
feature lacp

username admin password 5 $1$peBH9iff$DRrtP2avD/lsrov3ZHh1n. role


vdc-admin
ip domain-lookup
object-group ip address MGMT-LANS
10 172.16.10.0/24
20 172.16.11.0/24
30 172.16.12.0/24
object-group ip port VIRTUAL-TERMINAL
10 range 22 23
20 eq 513
ip access-list REMOTE-LOGIN-ONLY
statistics per-entry
10 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
20 deny ip any any
class-map type qos match-all STORAGE
match cos 4
class-map type qos match-all NET-MGMT
match cos 2
policy-map type qos MARKING
class STORAGE
set dscp 34
class NET-MGMT
set dscp 16
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50

2011 Cisco Systems, Inc. Lab Guide 273


class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 101
pinning max-links 1
description "FEX0101"
snmp-server user admin vdc-admin auth md5
0x5c63cf7da976d28033ba83ab10a3bff4 priv
0x5c63cf7da976d28033ba83ab10a3bff4 localizedkey
callhome
vrf context OSPF-VRF
vrf context EIGRP-VRF
vrf context STATIC-VRF
ip route 192.168.11.72/32 172.16.11.72
vrf context management
vlan 1
vlan 10
name TEST
vlan 11
vlan 12
vlan 13
otv site-vlan 13
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 28672
spanning-tree vlan 11,13 priority 24576
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface port-channel101
switchport
switchport mode fex-fabric
priority-flow-control mode auto
fex associate 101
no shutdown

274 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
interface Overlay1
otv join-interface Ethernet1/17
otv control-group 239.7.7.7
otv data-group 232.7.7.0/24
otv extend-vlan 10-12
no shutdown

interface Ethernet1/1
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
service-policy type qos input MARKING
no shutdown
interface Ethernet1/3
shutdown
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
interface Ethernet1/5
no cdp enable
switchport
switchport mode fex-fabric
fex associate 101
channel-group 101
no shutdown
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-2-pod2
no switchport
rate-mode dedicated force
mtu 9216
ip address 10.7.7.1/24
ip igmp version 3
no shutdown
interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown

2011 Cisco Systems, Inc. Lab Guide 275


no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/2
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/11
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.201/24
interface loopback10
ip address 192.168.10.71/32
no shutdown
interface loopback11
vrf member STATIC-VRF
ip address 192.168.11.71/32
no shutdown
interface loopback12
vrf member OSPF-VRF
ip address 192.168.12.71/32
no shutdown
interface loopback13
vrf member EIGRP-VRF
ip address 192.168.13.71/32
no shutdown
interface Ethernet101/1/1
shutdown
switchport
interface Ethernet101/1/2
switchport
switchport port-security
switchport access vlan 11
no shutdown
interface Ethernet101/1/3
shutdown
switchport

276 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
interface Ethernet101/1/4
shutdown
switchport
interface Ethernet101/1/5
shutdown
switchport
interface Ethernet101/1/6
shutdown
switchport
interface Ethernet101/1/7
shutdown
switchport
interface Ethernet101/1/8
shutdown
switchport
interface Ethernet101/1/9
shutdown
switchport
interface Ethernet101/1/10
shutdown
switchport
interface Ethernet101/1/11
shutdown
switchport
interface Ethernet101/1/12
shutdown
switchport
interface Ethernet101/1/13
shutdown
switchport
interface Ethernet101/1/14
shutdown
switchport
interface Ethernet101/1/15
shutdown
switchport
interface Ethernet101/1/16
shutdown
switchport
interface Ethernet101/1/17
shutdown
switchport
interface Ethernet101/1/18
shutdown
switchport
interface Ethernet101/1/19
shutdown
switchport

2011 Cisco Systems, Inc. Lab Guide 277


interface Ethernet101/1/20
shutdown
switchport
interface Ethernet101/1/21
shutdown
switchport
interface Ethernet101/1/22
shutdown
switchport
interface Ethernet101/1/23
shutdown
switchport
interface Ethernet101/1/24
shutdown
switchport
interface Ethernet101/1/25
shutdown
switchport
interface Ethernet101/1/26
shutdown
switchport
interface Ethernet101/1/27
shutdown
switchport
interface Ethernet101/1/28
shutdown
switchport
interface Ethernet101/1/29
shutdown
switchport
interface Ethernet101/1/30
shutdown
switchport
interface Ethernet101/1/31
shutdown
switchport
interface Ethernet101/1/32
shutdown
switchport
interface Ethernet101/1/33
shutdown
switchport
interface Ethernet101/1/34
shutdown
switchport
interface Ethernet101/1/35
shutdown
switchport

278 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
interface Ethernet101/1/36
shutdown
switchport
interface Ethernet101/1/37
shutdown
switchport
interface Ethernet101/1/38
shutdown
switchport
interface Ethernet101/1/39
shutdown
switchport
interface Ethernet101/1/40
shutdown
switchport
interface Ethernet101/1/41
shutdown
switchport
interface Ethernet101/1/42
shutdown
switchport
interface Ethernet101/1/43
shutdown
switchport
interface Ethernet101/1/44
shutdown
switchport
interface Ethernet101/1/45
shutdown
switchport
interface Ethernet101/1/46
shutdown
switchport
interface Ethernet101/1/47
shutdown
switchport
interface Ethernet101/1/48
shutdown
switchport
line vty

N7K-2-pod2

version 5.1(3)
feature-set fex
hostname pod2

feature telnet

2011 Cisco Systems, Inc. Lab Guide 279


cfs eth distribute
feature otv
feature port-security
feature udld
feature lacp

username admin password 5 $1$4gBDmJfK$fxJb9.tVx1ZZPBGc6iW5P. role


vdc-admin
ip domain-lookup
object-group ip address MGMT-LANS
10 172.16.10.0/24
20 172.16.11.0/24
30 172.16.12.0/24
object-group ip port VIRTUAL-TERMINAL
10 range 22 23
20 eq 513
ip access-list REMOTE-LOGIN-ONLY
statistics per-entry
10 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
20 deny ip any any
class-map type qos match-all STORAGE
match cos 4
class-map type qos match-all NET-MGMT
match cos 2
policy-map type qos MARKING
class STORAGE
set dscp 34
class NET-MGMT
set dscp 16
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 102
pinning max-links 1
description "FEX0102"

280 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
snmp-server user admin vdc-admin auth md5
0x4e5eab12d68fd7120d2223159a3fcfb7 priv
0x4e5eab12d68fd7120d2223159a3fcfb7 localizedkey
callhome
vrf context OSPF-VRF
vrf context EIGRP-VRF
vrf context STATIC-VRF
ip route 192.168.11.71/32 172.16.11.71
vrf context management
vlan 1
vlan 10
name TEST
vlan 11
vlan 12
vlan 13
otv site-vlan 13
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 24576
spanning-tree vlan 11,13 priority 28672
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface port-channel102
switchport
switchport mode fex-fabric
priority-flow-control mode auto
fex associate 102
no shutdown

interface Overlay1
otv join-interface Ethernet1/17
otv control-group 239.7.7.7
otv data-group 232.7.7.0/24
otv extend-vlan 10-12
no shutdown

interface Ethernet1/1
shutdown
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40

2011 Cisco Systems, Inc. Lab Guide 281


storm-control unicast level 40
interface Ethernet1/3
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
service-policy type qos input MARKING
no shutdown
interface Ethernet1/5
no cdp enable
switchport
switchport mode fex-fabric
fex associate 102
channel-group 102
no shutdown
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-1-pod1
no switchport
rate-mode dedicated force
mtu 9216
ip address 10.7.7.2/24
ip igmp version 3
no shutdown

interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/2
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/11
shutdown

282 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.202/24
interface loopback10
ip address 192.168.10.72/32
no shutdown
interface loopback11
vrf member STATIC-VRF
ip address 192.168.11.72/32
no shutdown
interface loopback12
vrf member OSPF-VRF
ip address 192.168.12.72/32
no shutdown
interface loopback13
vrf member EIGRP-VRF
ip address 192.168.13.72/32
no shutdown
interface Ethernet102/1/1
shutdown
switchport
interface Ethernet102/1/2
switchport
switchport port-security
switchport access vlan 11
no shutdown
interface Ethernet102/1/3
shutdown
switchport
interface Ethernet102/1/4
shutdown
switchport
interface Ethernet102/1/5
shutdown
switchport
interface Ethernet102/1/6
shutdown
switchport
interface Ethernet102/1/7
shutdown
switchport
interface Ethernet102/1/8
shutdown

2011 Cisco Systems, Inc. Lab Guide 283


interface Ethernet102/1/9
shutdown
switchport
interface Ethernet102/1/10
shutdown
switchport
interface Ethernet102/1/11
shutdown
switchport
interface Ethernet102/1/12
shutdown
switchport
interface Ethernet102/1/13
shutdown
switchport
interface Ethernet102/1/14
shutdown
switchport
interface Ethernet102/1/15
shutdown
switchport
interface Ethernet102/1/16
shutdown
switchport
interface Ethernet102/1/17
shutdown
switchport
interface Ethernet102/1/18
shutdown
switchport
interface Ethernet102/1/19
shutdown
switchport
interface Ethernet102/1/20
shutdown
switchport
interface Ethernet102/1/21
shutdown
switchport
interface Ethernet102/1/22
shutdown
switchport
interface Ethernet102/1/23
shutdown
switchport
interface Ethernet102/1/24
shutdown
switchport

284 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
interface Ethernet102/1/25
shutdown
switchport
interface Ethernet102/1/26
shutdown
switchport
interface Ethernet102/1/27
shutdown
switchport
interface Ethernet102/1/28
shutdown
switchport
interface Ethernet102/1/29
shutdown
switchport
interface Ethernet102/1/30
shutdown
switchport
interface Ethernet102/1/31
shutdown
switchport
interface Ethernet102/1/32
shutdown
switchport
interface Ethernet102/1/33
shutdown
switchport
interface Ethernet102/1/34
shutdown
switchport
interface Ethernet102/1/35
shutdown
switchport
interface Ethernet102/1/36
shutdown
switchport
interface Ethernet102/1/37
shutdown
switchport
interface Ethernet102/1/38
shutdown
switchport
interface Ethernet102/1/39
shutdown
switchport
interface Ethernet102/1/40
shutdown
switchport

2011 Cisco Systems, Inc. Lab Guide 285


interface Ethernet102/1/41
shutdown
switchport
interface Ethernet102/1/42
shutdown
switchport
interface Ethernet102/1/43
shutdown
switchport
interface Ethernet102/1/44
shutdown
switchport
interface Ethernet102/1/45
shutdown
switchport
interface Ethernet102/1/46
shutdown
switchport
interface Ethernet102/1/47
shutdown
switchport
interface Ethernet102/1/48
shutdown
switchport
line vty

N5K-1

version 5.0(3)N2(1)
feature telnet
feature udld
feature interface-vlan
feature lacp
feature lldp

username admin password 5 $1$is.yw7Tg$8DV6hkFaELOzRmVXQH3jg. role


network-admin
ip domain-lookup
hostname N5K-1
ip access-list ISCSI-TRAFFIC
statistics per-entry
10 permit tcp any any eq 3260
20 permit tcp any eq 3260 any
ip access-list MGMT-TRAFFIC
statistics per-entry
10 permit tcp any any eq 22
20 permit tcp any eq 22 any
30 permit tcp any any eq telnet

286 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
40 permit tcp any eq telnet any
class-map type qos class-fcoe
class-map type qos match-all STORAGE
match access-group name ISCSI-TRAFFIC
class-map type qos match-all NET-MGMT
match access-group name MGMT-TRAFFIC
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
policy-map type qos CLASSIFICATION
class STORAGE
set qos-group 4
class NET-MGMT
set qos-group 2
class class-fcoe
set qos-group 1
class-map type network-qos STORAGE
match qos-group 4
class-map type network-qos NET-MGMT
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
policy-map type network-qos MARKING
class type network-qos STORAGE
set cos 4
class type network-qos NET-MGMT
set cos 2
class type network-qos class-fcoe
pause no-drop
mtu 2158
class type network-qos class-default
multicast-optimize
system qos
service-policy type queuing input fcoe-default-in-policy
service-policy type queuing output fcoe-default-out-policy
service-policy type qos input CLASSIFICATION
service-policy type network-qos MARKING
slot 1
port 21-32 type fc
snmp-server user admin network-admin auth md5
0x22871f636597c4497461738cf59884c3 priv
0x22871f636597c4497461738cf59884c3 localizedkey

2011 Cisco Systems, Inc. Lab Guide 287


snmp-server enable traps entity fru
callhome

vrf context management


ip route 0.0.0.0/0 192.168.0.254
vlan 1
vlan 10
name TEST
vlan 11-13
spanning-tree mode mst
spanning-tree mst 1-2 priority 61440
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface Vlan1

interface Vlan10
no shutdown
ip address 172.16.10.51/24
interface port-channel77
switchport mode trunk
interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
description To Windows-CNA-1
switchport access vlan 10
spanning-tree port type edge
interface Ethernet1/4
description To Windows-CNA-2
spanning-tree port type edge
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
description To N2K-1
interface Ethernet1/10
description To N2K-1
interface Ethernet1/11
description To N2K-2
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14

288 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
description To N5K-2
shutdown
interface Ethernet1/18
description To N5K-2
shutdown
interface Ethernet1/19
description To N7K-1
switchport mode trunk
spanning-tree port type network
channel-group 77 mode active
interface Ethernet1/20
description To N7K-2
switchport mode trunk
spanning-tree port type network
channel-group 77 mode active
interface mgmt0
ip address 192.168.0.18/24
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.3.N2.1.bin

N5K-2

version 5.0(3)N2(1)
feature telnet
feature udld
feature interface-vlan
feature lacp
feature lldp

username admin password 5 $1$pKTdjbMs$bFn1w7LJ3mDO9rdHEUkD2/ role


network-admin
ip domain-lookup
hostname N5K-2
ip access-list ISCSI-TRAFFIC
statistics per-entry
10 permit tcp any any eq 3260
20 permit tcp any eq 3260 any
ip access-list MGMT-TRAFFIC
statistics per-entry
10 permit tcp any any eq 22
20 permit tcp any eq 22 any
30 permit tcp any any eq telnet
40 permit tcp any eq telnet any
class-map type qos class-fcoe

2011 Cisco Systems, Inc. Lab Guide 289


class-map type qos match-all STORAGE
match access-group name ISCSI-TRAFFIC
class-map type qos match-all NET-MGMT
match access-group name MGMT-TRAFFIC
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
policy-map type qos CLASSIFICATION
class STORAGE
set qos-group 4
class NET-MGMT
set qos-group 2
class class-fcoe
set qos-group 1
class-map type network-qos STORAGE
match qos-group 4
class-map type network-qos NET-MGMT
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
policy-map type network-qos MARKING
class type network-qos STORAGE
set cos 4
class type network-qos NET-MGMT
set cos 2
class type network-qos class-fcoe
pause no-drop
mtu 2158
class type network-qos class-default
multicast-optimize
system qos
service-policy type queuing input fcoe-default-in-policy
service-policy type queuing output fcoe-default-out-policy
service-policy type qos input CLASSIFICATION
service-policy type network-qos MARKING
slot 1
port 21-32 type fc
snmp-server user admin network-admin auth md5
0x7de850b332ac835cb267655504a3e62f priv
0x7de850b332ac835cb267655504a3e62f localizedkey
snmp-server enable traps entity fru
callhome

290 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
vrf context management
ip route 0.0.0.0/0 192.168.0.254
vlan 1
vlan 10
name TEST
vlan 11-13
spanning-tree mode mst
spanning-tree mst 1-2 priority 61440
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface Vlan1
interface Vlan10
no shutdown
ip address 172.16.10.52/24
interface port-channel77
switchport mode trunk
interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
description To Windows-CNA-2
switchport access vlan 10
spanning-tree port type edge
interface Ethernet1/4
description To Windows-CNA-1
spanning-tree port type edge
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
description To N2K-2
interface Ethernet1/10
description To N2K-2
interface Ethernet1/11
description To N2K-1
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
description To N5K-1

2011 Cisco Systems, Inc. Lab Guide 291


shutdown
interface Ethernet1/18
description To N5K-1
shutdown
interface Ethernet1/19
description To N7K-2
switchport mode trunk
spanning-tree port type network
channel-group 77 mode active
interface Ethernet1/20
description To N7K-1
switchport mode trunk
spanning-tree port type network
channel-group 77 mode active
interface mgmt0
ip address 192.168.0.28/24
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.3.N2.1.bin

292 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 4-1 Answer Key: Configuring System Management
When you complete this activity, your Cisco Nexus 7000 VDC configuration will be similar to
the results here, with differences that are specific to your device or workgroup:

Note The sections of the configuration that are most relevant for this lab exercise have been
highlighted in bold.

N7K-1-pod1

version 5.1(3)
feature-set fex
hostname pod1

feature telnet
cfs ipv4 mcast-address 239.255.12.12
cfs ipv4 distribute
cfs region 12
role
radius
exit
cfs eth distribute
feature scheduler
feature otv
feature port-security
feature udld
feature lacp

role distribute
role name TIER-2-OPS
rule 4 permit read-write feature vlan
rule 3 permit read-write feature ping
rule 2 permit read-write feature diagnostics
rule 1 permit read
role commit
username admin password 5 $1$peBH9iff$DRrtP2avD/lsrov3ZHh1n. role
vdc-admin
ip domain-lookup
radius distribute
radius-server host 192.168.0.11 key 7 "V3gw3t-P3b" authentication
accounting
radius-server host 192.168.0.21 key 7 "V3gw3t-P3b" authentication
accounting
radius commit
object-group ip address MGMT-LANS
10 172.16.10.0/24
20 172.16.11.0/24
30 172.16.12.0/24
object-group ip port VIRTUAL-TERMINAL

2011 Cisco Systems, Inc. Lab Guide 293


10 range 22 23
20 eq 513
ip access-list REMOTE-LOGIN-ONLY
statistics per-entry
10 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
20 deny ip any any
class-map type qos match-all STORAGE
match cos 4
class-map type qos match-all NET-MGMT
match cos 2
policy-map type qos MARKING
class STORAGE
set dscp 34
class NET-MGMT
set dscp 16
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 101
pinning max-links 1
description "FEX0101"
snmp-server contact Pod 1 Administrator
snmp-server user admin vdc-admin auth md5
0x5c63cf7da976d28033ba83ab10a3bff4 priv
0x5c63cf7da976d28033ba83ab10a3bff4 localizedkey
callhome
email-contact pod1-admin@example.net
phone-contact +1-555-012-3456
streetaddress 123 Main Street, Sometown, USA
destination-profile NEXUS-OPS
destination-profile NEXUS-OPS format full-txt
destination-profile NEXUS-OPS message-level 2
destination-profile SMS
destination-profile SMS format short-txt
destination-profile SMS message-size 160
destination-profile SMS message-level 6

294 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
destination-profile TICKETING-SYSTEM
destination-profile TICKETING-SYSTEM format XML
destination-profile TICKETING-SYSTEM message-level 1
destination-profile NEXUS-OPS email-addr pod1@cisco.com
destination-profile SMS email-addr pod1@cisco.com
destination-profile TICKETING-SYSTEM email-addr pod1@cisco.com
destination-profile NEXUS-OPS alert-group all
destination-profile SMS alert-group all
destination-profile TICKETING-SYSTEM alert-group all
transport email from callhome@example.net
transport email reply-to pod1-admin@example.net
transport email smtp-server 192.168.0.10 port 25 use-vrf management
enable

vrf context OSPF-VRF


vrf context EIGRP-VRF
vrf context STATIC-VRF
ip route 192.168.11.72/32 172.16.11.72
vrf context management
vlan 1
vlan 10
name TEST
vlan 11
vlan 12
vlan 13
otv site-vlan 13
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 28672
spanning-tree vlan 11,13 priority 24576
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface port-channel101
switchport
switchport mode fex-fabric
priority-flow-control mode auto
fex associate 101
no shutdown

interface Overlay1
otv join-interface Ethernet1/17
otv control-group 239.7.7.7

2011 Cisco Systems, Inc. Lab Guide 295


otv data-group 232.7.7.0/24
otv extend-vlan 10-12
no shutdown

interface Ethernet1/1
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
service-policy type qos input MARKING
no shutdown
interface Ethernet1/3
shutdown
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
interface Ethernet1/5
no cdp enable
switchport
switchport mode fex-fabric
fex associate 101
channel-group 101
no shutdown
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-2-pod2
no switchport
rate-mode dedicated force
mtu 9216
ip address 10.7.7.1/24
ip igmp version 3
no shutdown
interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport

296 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
interface Ethernet3/1
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/2
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/11
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.201/24
interface loopback10
ip address 192.168.10.71/32
no shutdown
interface loopback11
vrf member STATIC-VRF
ip address 192.168.11.71/32
no shutdown
interface loopback12
vrf member OSPF-VRF
ip address 192.168.12.71/32
no shutdown
interface loopback13
vrf member EIGRP-VRF
ip address 192.168.13.71/32
no shutdown
interface Ethernet101/1/1
shutdown
switchport
interface Ethernet101/1/2
switchport
switchport port-security
switchport access vlan 11
no shutdown
interface Ethernet101/1/3
shutdown
switchport
interface Ethernet101/1/4
shutdown
switchport
interface Ethernet101/1/5

2011 Cisco Systems, Inc. Lab Guide 297


shutdown
switchport
interface Ethernet101/1/6
shutdown
switchport
interface Ethernet101/1/7
shutdown
switchport
interface Ethernet101/1/8
shutdown
switchport
interface Ethernet101/1/9
shutdown
switchport
interface Ethernet101/1/10
shutdown
switchport
interface Ethernet101/1/11
shutdown
switchport
interface Ethernet101/1/12
shutdown
switchport
interface Ethernet101/1/13
shutdown
switchport
interface Ethernet101/1/14
shutdown
switchport
interface Ethernet101/1/15
shutdown
switchport
interface Ethernet101/1/16
shutdown
switchport
interface Ethernet101/1/17
shutdown
switchport
interface Ethernet101/1/18
shutdown
switchport
interface Ethernet101/1/19
shutdown
switchport
interface Ethernet101/1/20
shutdown
switchport
interface Ethernet101/1/21

298 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet101/1/22
shutdown
switchport
interface Ethernet101/1/23
shutdown
switchport
interface Ethernet101/1/24
shutdown
switchport
interface Ethernet101/1/25
shutdown
switchport
interface Ethernet101/1/26
shutdown
switchport
interface Ethernet101/1/27
shutdown
switchport
interface Ethernet101/1/28
shutdown
switchport
interface Ethernet101/1/29
shutdown
switchport
interface Ethernet101/1/30
shutdown
switchport
interface Ethernet101/1/31
shutdown
switchport
interface Ethernet101/1/32
shutdown
switchport
interface Ethernet101/1/33
shutdown
switchport
interface Ethernet101/1/34
shutdown
switchport
interface Ethernet101/1/35
shutdown
switchport
interface Ethernet101/1/36
shutdown
switchport
interface Ethernet101/1/37

2011 Cisco Systems, Inc. Lab Guide 299


shutdown
switchport
interface Ethernet101/1/38
shutdown
switchport
interface Ethernet101/1/39
shutdown
switchport
interface Ethernet101/1/40
shutdown
switchport
interface Ethernet101/1/41
shutdown
switchport
interface Ethernet101/1/42
shutdown
switchport
interface Ethernet101/1/43
shutdown
switchport
interface Ethernet101/1/44
shutdown
switchport
interface Ethernet101/1/45
shutdown
switchport
interface Ethernet101/1/46
shutdown
switchport
interface Ethernet101/1/47
shutdown
switchport
interface Ethernet101/1/48
shutdown
switchport
line vty
scheduler job name BACKUP-CONFIG
copy running-config bootflash:/$(SWITCHNAME)-$(TIMESTAMP).cfg
copy running-config tftp://192.168.0.11/$(SWITCHNAME)-
$(TIMESTAMP).cfg vrf management

end-job

scheduler schedule name WEEKLY-BACKUP


job name BACKUP-CONFIG
time weekly 01:22:00

300 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
N7K-2-pod2

version 5.1(3)
feature-set fex
hostname pod2

feature telnet
cfs ipv4 mcast-address 239.255.12.12
cfs ipv4 distribute
cfs region 12
role
radius
exit
cfs eth distribute
feature scheduler
feature otv
feature port-security
feature udld
feature lacp

role distribute
role name TIER-2-OPS
rule 4 permit read-write feature vlan
rule 3 permit read-write feature ping
rule 2 permit read-write feature diagnostics
rule 1 permit read
role commit
username admin password 5 $1$4gBDmJfK$fxJb9.tVx1ZZPBGc6iW5P. role
vdc-admin
ip domain-lookup
radius distribute
radius-server host 192.168.0.11 authentication accounting
radius-server host 192.168.0.21 authentication accounting
radius commit
object-group ip address MGMT-LANS
10 172.16.10.0/24
20 172.16.11.0/24
30 172.16.12.0/24
object-group ip port VIRTUAL-TERMINAL
10 range 22 23
20 eq 513
ip access-list REMOTE-LOGIN-ONLY
statistics per-entry
10 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
20 deny ip any any
class-map type qos match-all STORAGE
match cos 4
class-map type qos match-all NET-MGMT
match cos 2

2011 Cisco Systems, Inc. Lab Guide 301


policy-map type qos MARKING
class STORAGE
set dscp 34
class NET-MGMT
set dscp 16
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 102
pinning max-links 1
description "FEX0102"
snmp-server contact Pod 2 Administrator
snmp-server user admin vdc-admin auth md5
0x4e5eab12d68fd7120d2223159a3fcfb7 priv
0x4e5eab12d68fd7120d2223159a3fcfb7 localizedkey
callhome
email-contact pod2-admin@example.net
phone-contact +1-555-012-3456
streetaddress 123 Main Street, Sometown, USA
destination-profile NEXUS-OPS
destination-profile NEXUS-OPS format full-txt
destination-profile NEXUS-OPS message-level 2
destination-profile SMS
destination-profile SMS format short-txt
destination-profile SMS message-size 160
destination-profile SMS message-level 6
destination-profile TICKETING-SYSTEM
destination-profile TICKETING-SYSTEM format XML
destination-profile TICKETING-SYSTEM message-level 1
destination-profile NEXUS-OPS email-addr pod2@cisco.com
destination-profile SMS email-addr pod2@cisco.com
destination-profile TICKETING-SYSTEM email-addr pod2@cisco.com
destination-profile NEXUS-OPS alert-group all
destination-profile SMS alert-group all
destination-profile TICKETING-SYSTEM alert-group all
transport email from callhome@example.net

302 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
transport email reply-to pod2-admin@example.net
transport email smtp-server 192.168.0.10 port 25 use-vrf management
enable

vrf context OSPF-VRF


vrf context EIGRP-VRF
vrf context STATIC-VRF
ip route 192.168.11.71/32 172.16.11.71
vrf context management
vlan 1
vlan 10
name TEST
vlan 11
vlan 12
vlan 13
otv site-vlan 13
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 24576
spanning-tree vlan 11,13 priority 28672
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface port-channel102
switchport
switchport mode fex-fabric
priority-flow-control mode auto
fex associate 102
no shutdown

interface Overlay1
otv join-interface Ethernet1/17
otv control-group 239.7.7.7
otv data-group 232.7.7.0/24
otv extend-vlan 10-12
no shutdown

interface Ethernet1/1
shutdown
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40

2011 Cisco Systems, Inc. Lab Guide 303


storm-control multicast level 40
storm-control unicast level 40
interface Ethernet1/3
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
service-policy type qos input MARKING
no shutdown
interface Ethernet1/5
no cdp enable
switchport
switchport mode fex-fabric
fex associate 102
channel-group 102
no shutdown
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-1-pod1
no switchport
rate-mode dedicated force
mtu 9216
ip address 10.7.7.2/24
ip igmp version 3
no shutdown

interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/2
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/11

304 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
priority-flow-control mode auto
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.202/24
interface loopback10
ip address 192.168.10.72/32
no shutdown
interface loopback11
vrf member STATIC-VRF
ip address 192.168.11.72/32
no shutdown
interface loopback12
vrf member OSPF-VRF
ip address 192.168.12.72/32
no shutdown
interface loopback13
vrf member EIGRP-VRF
ip address 192.168.13.72/32
no shutdown
interface Ethernet102/1/1
shutdown
switchport
interface Ethernet102/1/2
switchport
switchport port-security
switchport access vlan 11
no shutdown
interface Ethernet102/1/3
shutdown
switchport
interface Ethernet102/1/4
shutdown
switchport
interface Ethernet102/1/5
shutdown
switchport
interface Ethernet102/1/6
shutdown
switchport
interface Ethernet102/1/7
shutdown
switchport
interface Ethernet102/1/8

2011 Cisco Systems, Inc. Lab Guide 305


shutdown
switchport
interface Ethernet102/1/9
shutdown
switchport
interface Ethernet102/1/10
shutdown
switchport
interface Ethernet102/1/11
shutdown
switchport
interface Ethernet102/1/12
shutdown
switchport
interface Ethernet102/1/13
shutdown
switchport
interface Ethernet102/1/14
shutdown
switchport
interface Ethernet102/1/15
shutdown
switchport
interface Ethernet102/1/16
shutdown
switchport
interface Ethernet102/1/17
shutdown
switchport
interface Ethernet102/1/18
shutdown
switchport
interface Ethernet102/1/19
shutdown
switchport
interface Ethernet102/1/20
shutdown
switchport
interface Ethernet102/1/21
shutdown
switchport
interface Ethernet102/1/22
shutdown
switchport
interface Ethernet102/1/23
shutdown
switchport
interface Ethernet102/1/24

306 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet102/1/25
shutdown
switchport
interface Ethernet102/1/26
shutdown
switchport
interface Ethernet102/1/27
shutdown
switchport
interface Ethernet102/1/28
shutdown
switchport
interface Ethernet102/1/29
shutdown
switchport
interface Ethernet102/1/30
shutdown
switchport
interface Ethernet102/1/31
shutdown
switchport
interface Ethernet102/1/32
shutdown
switchport
interface Ethernet102/1/33
shutdown
switchport
interface Ethernet102/1/34
shutdown
switchport
interface Ethernet102/1/35
shutdown
switchport
interface Ethernet102/1/36
shutdown
switchport
interface Ethernet102/1/37
shutdown
switchport
interface Ethernet102/1/38
shutdown
switchport
interface Ethernet102/1/39
shutdown
switchport
interface Ethernet102/1/40

2011 Cisco Systems, Inc. Lab Guide 307


shutdown
switchport
interface Ethernet102/1/41
shutdown
switchport
interface Ethernet102/1/42
shutdown
switchport
interface Ethernet102/1/43
shutdown
switchport
interface Ethernet102/1/44
shutdown
switchport
interface Ethernet102/1/45
shutdown
switchport
interface Ethernet102/1/46
shutdown
switchport
interface Ethernet102/1/47
shutdown
switchport
interface Ethernet102/1/48
shutdown
switchport
line vty

scheduler job name BACKUP-CONFIG


copy running-config bootflash:/$(SWITCHNAME)-$(TIMESTAMP).cfg
copy running-config tftp://192.168.0.11/$(SWITCHNAME)-
$(TIMESTAMP).cfg vrf management

end-job

scheduler schedule name WEEKLY-BACKUP


job name BACKUP-CONFIG
time weekly 01:22:00

308 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 4-2 Answer Key: Implementing Cisco DCNM
The problem in Task 4 was caused by the removal of VLAN 10 on the Cisco Nexus 7000 VDC
in your pod and peer pod. To resolve the problem you should have recreated VLAN 10 on your
Cisco Nexus 7000 VDC using Cisco DCNM.

Note The problem and solution in this task are relatively simple. Solving the problem is not the
most important task in this exercise. The value of the troubleshooting task is in the discovery
of the troubleshooting capabilities of Cisco DCNM.

The following are some key screenshots that could help to identify the missing VLAN on the
Cisco Nexus 7000 Switches.

In this screen, you can see that VLAN 10 is only present on the Cisco Nexus 5000 Switches,
while VLAN 11 is present on all four switches.

2011 Cisco Systems, Inc. Lab Guide 309


Here is another screen that shows that VLAN 10 is missing on the Cisco Nexus 7000 Switches
in the Layer 2 topology view for VLAN 10. None of the lines in the diagram are green to show
the presence of the VLAN and only the Cisco Nexus 5000 Switches have the tree icon next to
them to indicate that they are running the Spanning Tree Protocol (STP) for the VLAN.

After VLAN 10 has been restored, the Layer 2 view for VLAN 10 should be similar to this
figure.
When you complete this activity, your Cisco Nexus 5000 Switch configuration and Cisco
Nexus 7000 VDC configuration will be similar to the results here, with differences that are
specific to your device or workgroup:

310 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 5-1 Answer Key: Configuring Cisco FabricPath
When you complete this activity, your Cisco Nexus 5000 Switch configuration and Cisco
Nexus 7000 VDC configuration will be similar to the results here, with differences that are
specific to your device or workgroup:

N7K-1-pod1

version 5.1(3)
feature-set fabricpath
feature-set fex
hostname pod1

feature telnet
cfs ipv4 distribute
cfs region 12
role
radius
exit
cfs eth distribute
feature scheduler
feature port-security
feature udld
feature lacp

logging level aaa 5


logging level cdp 6
logging level otm 5
logging level radius 5
logging level monitor 6
logging level port-security 5
logging level spanning-tree 6
role distribute
role name TIER-2-OPS
rule 4 permit read-write feature vlan
rule 3 permit read-write feature ping
rule 2 permit read-write feature diagnostics
rule 1 permit read
role commit
username admin password 5 $1$peBH9iff$DRrtP2avD/lsrov3ZHh1n. role
vdc-admin
ip domain-lookup
radius-server host 192.168.0.11 key 7 "V3gw3t-P3b" authentication
accounting
radius-server host 192.168.0.21 key 7 "V3gw3t-P3b" authentication
accounting
object-group ip address MGMT-LANS
10 172.16.10.0/24
20 172.16.11.0/24
30 172.16.12.0/24

2011 Cisco Systems, Inc. Lab Guide 311


object-group ip port VIRTUAL-TERMINAL
10 range 22 23
20 eq 513
ip access-list REMOTE-LOGIN-ONLY
statistics per-entry
10 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
20 deny ip any any
class-map type qos match-all STORAGE
match cos 4
class-map type qos match-all NET-MGMT
match cos 2
policy-map type qos MARKING
class STORAGE
set dscp 34
class NET-MGMT
set dscp 16
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 101
pinning max-links 1
description "FEX0101"
snmp-server contact Pod 1 Administrator
snmp-server user admin vdc-admin auth md5
0x5c63cf7da976d28033ba83ab10a3bff4 priv
0x5c63cf7da976d28033ba83ab10a3bff4 localizedkey
callhome
email-contact pod1-admin@example.net
phone-contact +1-555-012-3456
streetaddress 123 Main Street, Sometown, USA
destination-profile NEXUS-OPS
destination-profile NEXUS-OPS format full-txt
destination-profile NEXUS-OPS message-level 2
destination-profile SMS
destination-profile SMS format short-txt
destination-profile SMS message-size 160

312 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
destination-profile SMS message-level 6
destination-profile TICKETING-SYSTEM
destination-profile TICKETING-SYSTEM format XML
destination-profile TICKETING-SYSTEM message-level 1
destination-profile NEXUS-OPS email-addr pod1@cisco.com
destination-profile SMS email-addr pod1@cisco.com
destination-profile TICKETING-SYSTEM email-addr pod1@cisco.com
destination-profile NEXUS-OPS alert-group all
destination-profile SMS alert-group all
destination-profile TICKETING-SYSTEM alert-group all
transport email from callhome@example.net
transport email reply-to pod1-admin@example.net
transport email smtp-server 192.168.0.10 port 25 use-vrf management
enable

vrf context OSPF-VRF


vrf context EIGRP-VRF
vrf context STATIC-VRF
ip route 192.168.11.72/32 172.16.11.72
vrf context management
vlan 1
vlan 10
mode fabricpath
name TEST
vlan 11
vlan 12
vlan 13
vlan 999
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 28672
spanning-tree vlan 11,13 priority 24576
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface port-channel101
switchport
switchport mode fex-fabric
priority-flow-control mode auto
fex associate 101
no shutdown

interface Ethernet1/1

2011 Cisco Systems, Inc. Lab Guide 313


description To N5K-1
switchport
switchport mode trunk
switchport trunk native vlan 999
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
service-policy type qos input MARKING
shutdown
interface Ethernet1/3
description To N5K-2
shutdown
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
interface Ethernet1/5
description To N2K-1
no cdp enable
switchport
switchport mode fex-fabric
fex associate 101
channel-group 101
no shutdown
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-2-pod2
shutdown
switchport
switchport mode trunk
spanning-tree port type network
rate-mode dedicated force
interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
switchport

314 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
switchport mode fabricpath
priority-flow-control mode auto
no shutdown
interface Ethernet3/2
switchport
switchport mode fabricpath
priority-flow-control mode auto
no shutdown
interface Ethernet3/11
switchport
switchport mode trunk
priority-flow-control mode auto
no shutdown
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto
interface mgmt0
ip address 192.168.0.201/24
interface loopback10
ip address 192.168.10.71/32
no shutdown
interface loopback11
vrf member STATIC-VRF
ip address 192.168.11.71/32
no shutdown
interface loopback12
vrf member OSPF-VRF
ip address 192.168.12.71/32
no shutdown
interface loopback13
vrf member EIGRP-VRF
ip address 192.168.13.71/32
no shutdown
interface Ethernet101/1/1
shutdown
switchport
interface Ethernet101/1/2
shutdown
switchport
interface Ethernet101/1/3
shutdown
switchport
interface Ethernet101/1/4
shutdown
switchport
interface Ethernet101/1/5
shutdown

2011 Cisco Systems, Inc. Lab Guide 315


switchport
interface Ethernet101/1/6
shutdown
switchport
interface Ethernet101/1/7
shutdown
switchport
interface Ethernet101/1/8
shutdown
switchport
interface Ethernet101/1/9
shutdown
switchport
interface Ethernet101/1/10
shutdown
switchport
interface Ethernet101/1/11
shutdown
switchport
interface Ethernet101/1/12
shutdown
switchport
interface Ethernet101/1/13
shutdown
switchport
interface Ethernet101/1/14
shutdown
switchport
interface Ethernet101/1/15
shutdown
switchport
interface Ethernet101/1/16
shutdown
switchport
interface Ethernet101/1/17
shutdown
switchport
interface Ethernet101/1/18
shutdown
switchport
interface Ethernet101/1/19
shutdown
switchport
interface Ethernet101/1/20
shutdown
switchport
interface Ethernet101/1/21
shutdown

316 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
switchport
interface Ethernet101/1/22
shutdown
switchport
interface Ethernet101/1/23
shutdown
switchport
interface Ethernet101/1/24
shutdown
switchport
interface Ethernet101/1/25
shutdown
switchport
interface Ethernet101/1/26
shutdown
switchport
interface Ethernet101/1/27
shutdown
switchport
interface Ethernet101/1/28
shutdown
switchport
interface Ethernet101/1/29
shutdown
switchport
interface Ethernet101/1/30
shutdown
switchport
interface Ethernet101/1/31
shutdown
switchport
interface Ethernet101/1/32
shutdown
switchport
interface Ethernet101/1/33
shutdown
switchport
interface Ethernet101/1/34
shutdown
switchport
interface Ethernet101/1/35
shutdown
switchport
interface Ethernet101/1/36
shutdown
switchport
interface Ethernet101/1/37
shutdown

2011 Cisco Systems, Inc. Lab Guide 317


switchport
interface Ethernet101/1/38
shutdown
switchport
interface Ethernet101/1/39
shutdown
switchport
interface Ethernet101/1/40
shutdown
switchport
interface Ethernet101/1/41
shutdown
switchport
interface Ethernet101/1/42
shutdown
switchport
interface Ethernet101/1/43
shutdown
switchport
interface Ethernet101/1/44
shutdown
switchport
interface Ethernet101/1/45
shutdown
switchport
interface Ethernet101/1/46
shutdown
switchport
interface Ethernet101/1/47
shutdown
switchport
interface Ethernet101/1/48
shutdown
switchport
line vty
fabricpath domain default
fabricpath switch-id 12

scheduler job name BACKUP-CONFIG


end-job

N7K-2-pod2

version 5.1(3)
feature-set fabricpath
feature-set fex
hostname pod2

318 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
feature telnet
cfs ipv4 distribute
cfs region 12
role
radius
exit
cfs eth distribute
feature scheduler
feature port-security
feature udld
feature lacp

logging level aaa 5


logging level cdp 6
logging level otm 5
logging level radius 5
logging level monitor 6
logging level port-security 5
logging level spanning-tree 6
role distribute
role name TIER-2-OPS
rule 4 permit read-write feature vlan
rule 3 permit read-write feature ping
rule 2 permit read-write feature diagnostics
rule 1 permit read
role commit
username admin password 5 $1$4gBDmJfK$fxJb9.tVx1ZZPBGc6iW5P. role
vdc-admin
ip domain-lookup
radius-server host 192.168.0.11 authentication accounting
radius-server host 192.168.0.21 authentication accounting
object-group ip address MGMT-LANS
10 172.16.10.0/24
20 172.16.11.0/24
30 172.16.12.0/24
object-group ip port VIRTUAL-TERMINAL
10 range 22 23
20 eq 513
ip access-list REMOTE-LOGIN-ONLY
statistics per-entry
10 permit tcp addrgroup MGMT-LANS any portgroup VIRTUAL-TERMINAL
20 deny ip any any
class-map type qos match-all STORAGE
match cos 4
class-map type qos match-all NET-MGMT
match cos 2
policy-map type qos MARKING
class STORAGE

2011 Cisco Systems, Inc. Lab Guide 319


set dscp 34
class NET-MGMT
set dscp 16
policy-map type queuing default-4q-8e-in-policy
class type queuing 2q4t-8e-in-q1
queue-limit percent 10
bandwidth percent 50
class type queuing 2q4t-8e-in-q-default
queue-limit percent 90
bandwidth percent 50
policy-map type queuing default-4q-8e-out-policy
class type queuing 1p3q1t-8e-out-pq1
priority level 1
class type queuing 1p3q1t-8e-out-q2
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q3
bandwidth remaining percent 33
class type queuing 1p3q1t-8e-out-q-default
bandwidth remaining percent 33
fex 102
pinning max-links 1
description "FEX0102"
snmp-server contact Pod 2 Administrator
snmp-server user admin vdc-admin auth md5
0x4e5eab12d68fd7120d2223159a3fcfb7 priv
0x4e5eab12d68fd7120d2223159a3fcfb7 localizedkey
callhome
email-contact pod2-admin@example.net
phone-contact +1-555-012-3456
streetaddress 123 Main Street, Sometown, USA
destination-profile NEXUS-OPS
destination-profile NEXUS-OPS format full-txt
destination-profile NEXUS-OPS message-level 2
destination-profile SMS
destination-profile SMS format short-txt
destination-profile SMS message-size 160
destination-profile SMS message-level 6
destination-profile TICKETING-SYSTEM
destination-profile TICKETING-SYSTEM format XML
destination-profile TICKETING-SYSTEM message-level 1
destination-profile NEXUS-OPS email-addr pod2@cisco.com
destination-profile SMS email-addr pod2@cisco.com
destination-profile TICKETING-SYSTEM email-addr pod2@cisco.com
destination-profile NEXUS-OPS alert-group all
destination-profile SMS alert-group all
destination-profile TICKETING-SYSTEM alert-group all
transport email from callhome@example.net
transport email reply-to pod2-admin@example.net
transport email smtp-server 192.168.0.10 port 25 use-vrf management

320 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
enable

vrf context OSPF-VRF


vrf context EIGRP-VRF
vrf context STATIC-VRF
ip route 192.168.11.71/32 172.16.11.71
vrf context management
vlan 1
vlan 10
mode fabricpath
name TEST
vlan 11
vlan 12
vlan 13
vlan 999
spanning-tree mode mst
spanning-tree mst 0-4094 priority 8192
spanning-tree vlan 10,12 priority 24576
spanning-tree vlan 11,13 priority 28672
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12
udld aggressive

interface port-channel102
switchport
switchport mode fex-fabric
priority-flow-control mode auto
fex associate 102
no shutdown
interface Ethernet1/1
shutdown
switchport
switchport mode trunk
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40
storm-control unicast level 40
interface Ethernet1/3
switchport
switchport mode trunk
switchport trunk native vlan 999
spanning-tree port type network
storm-control broadcast level 40
storm-control multicast level 40

2011 Cisco Systems, Inc. Lab Guide 321


storm-control unicast level 40
service-policy type qos input MARKING
no shutdown
interface Ethernet1/5
no cdp enable
switchport
switchport mode fex-fabric
fex associate 102
channel-group 102
no shutdown
interface Ethernet1/7
shutdown
no switchport
interface Ethernet1/17
description To N7K-1-pod1
shutdown
switchport
switchport mode trunk
spanning-tree port type network
rate-mode dedicated force
interface Ethernet1/19
shutdown
no switchport
interface Ethernet1/21
shutdown
no switchport
interface Ethernet1/23
shutdown
no switchport
interface Ethernet3/1
switchport
switchport mode fabricpath
priority-flow-control mode auto
no shutdown
interface Ethernet3/2
switchport
switchport mode fabricpath
priority-flow-control mode auto
no shutdown
interface Ethernet3/11
switchport
switchport mode trunk
priority-flow-control mode auto
no shutdown
interface Ethernet3/12
shutdown
switchport
priority-flow-control mode auto

322 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
interface mgmt0
ip address 192.168.0.202/24
interface loopback10
ip address 192.168.10.72/32
no shutdown
interface loopback11
vrf member STATIC-VRF
ip address 192.168.11.72/32
no shutdown
interface loopback12
vrf member OSPF-VRF
ip address 192.168.12.72/32
no shutdown
interface loopback13
vrf member EIGRP-VRF
ip address 192.168.13.72/32
no shutdown
interface Ethernet102/1/1
shutdown
switchport
interface Ethernet102/1/2
shutdown
switchport
interface Ethernet102/1/3
shutdown
switchport
interface Ethernet102/1/4
shutdown
switchport
interface Ethernet102/1/5
shutdown
switchport
interface Ethernet102/1/6
shutdown
switchport
interface Ethernet102/1/7
shutdown
switchport
interface Ethernet102/1/8
shutdown
switchport
interface Ethernet102/1/9
shutdown
switchport
interface Ethernet102/1/10
shutdown
switchport
interface Ethernet102/1/11

2011 Cisco Systems, Inc. Lab Guide 323


shutdown
switchport
interface Ethernet102/1/12
shutdown
switchport
interface Ethernet102/1/13
shutdown
switchport
interface Ethernet102/1/14
shutdown
switchport
interface Ethernet102/1/15
shutdown
switchport
interface Ethernet102/1/16
shutdown
switchport
interface Ethernet102/1/17
shutdown
switchport
interface Ethernet102/1/18
shutdown
switchport
interface Ethernet102/1/19
shutdown
switchport
interface Ethernet102/1/20
shutdown
switchport
interface Ethernet102/1/21
shutdown
switchport
interface Ethernet102/1/22
shutdown
switchport
interface Ethernet102/1/23
shutdown
switchport
interface Ethernet102/1/24
shutdown
switchport
interface Ethernet102/1/25
shutdown
switchport
interface Ethernet102/1/26
shutdown
switchport
interface Ethernet102/1/27

324 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
shutdown
switchport
interface Ethernet102/1/28
shutdown
switchport
interface Ethernet102/1/29
shutdown
switchport
interface Ethernet102/1/30
shutdown
switchport
interface Ethernet102/1/31
shutdown
switchport
interface Ethernet102/1/32
shutdown
switchport
interface Ethernet102/1/33
shutdown
switchport
interface Ethernet102/1/34
shutdown
switchport
interface Ethernet102/1/35
shutdown
switchport
interface Ethernet102/1/36
shutdown
switchport
interface Ethernet102/1/37
shutdown
switchport
interface Ethernet102/1/38
shutdown
switchport
interface Ethernet102/1/39
shutdown
switchport
interface Ethernet102/1/40
shutdown
switchport
interface Ethernet102/1/41
shutdown
switchport
interface Ethernet102/1/42
shutdown
switchport
interface Ethernet102/1/43

2011 Cisco Systems, Inc. Lab Guide 325


shutdown
switchport
interface Ethernet102/1/44
shutdown
switchport
interface Ethernet102/1/45
shutdown
switchport
interface Ethernet102/1/46
shutdown
switchport
interface Ethernet102/1/47
shutdown
switchport
interface Ethernet102/1/48
shutdown
switchport
line vty
fabricpath domain default
fabricpath switch-id 21

scheduler job name BACKUP-CONFIG


end-job

N5K-1

version 5.0(3)N2(1)
feature telnet
feature udld
feature interface-vlan
feature lacp
feature lldp

logging level aaa 5


logging level cdp 6
logging level lldp 5
logging level radius 5
logging level monitor 6
logging level session-mgr 6
logging level spanning-tree 6
logging level interface-vlan 5
username admin password 5 $1$is.yw7Tg$8DV6hkFaELOzRmVXQH3jg. role
network-admin
ip domain-lookup
hostname N5K-1
ip access-list ISCSI-TRAFFIC
statistics per-entry

326 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
10 permit tcp any any eq 3260
20 permit tcp any eq 3260 any
ip access-list MGMT-TRAFFIC
statistics per-entry
10 permit tcp any any eq 22
20 permit tcp any eq 22 any
30 permit tcp any any eq telnet
40 permit tcp any eq telnet any
class-map type qos class-fcoe
class-map type qos match-all STORAGE
match access-group name ISCSI-TRAFFIC
class-map type qos match-all NET-MGMT
match access-group name MGMT-TRAFFIC
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
policy-map type qos CLASSIFICATION
class STORAGE
set qos-group 4
class NET-MGMT
set qos-group 2
class class-fcoe
set qos-group 1
class-map type network-qos STORAGE
match qos-group 4
class-map type network-qos NET-MGMT
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
policy-map type network-qos MARKING
class type network-qos STORAGE
set cos 4
class type network-qos NET-MGMT
set cos 2
class type network-qos class-fcoe
pause no-drop
mtu 2158
class type network-qos class-default
multicast-optimize
system qos
service-policy type queuing input fcoe-default-in-policy

2011 Cisco Systems, Inc. Lab Guide 327


service-policy type queuing output fcoe-default-out-policy
service-policy type qos input fcoe-default-in-policy
service-policy type network-qos fcoe-default-nq-policy
slot 1
port 21-32 type fc
snmp-server user admin network-admin auth md5
0x22871f636597c4497461738cf59884c3 priv
0x22871f636597c4497461738cf59884c3 localizedkey
snmp-server enable traps entity fru
callhome

vrf context management


ip route 0.0.0.0/0 192.168.0.254
vlan 1
vlan 10
name TEST
vlan 11-13,999
spanning-tree mode mst
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12

interface Vlan1

interface Vlan10
no shutdown
ip address 172.16.10.51/24

interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
description To Windows-CNA-1
switchport access vlan 10
spanning-tree port type edge
interface Ethernet1/4
description To Windows-CNA-2
spanning-tree port type edge
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
description To N2K-1
interface Ethernet1/10
description To N2K-1
interface Ethernet1/11

328 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
description To N2K-2
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
switchport mode trunk
interface Ethernet1/16
interface Ethernet1/17
description To N5K-2
shutdown
interface Ethernet1/18
description To N5K-2
shutdown
interface Ethernet1/19
description To N7K-1
shutdown
switchport mode trunk
switchport trunk native vlan 999
spanning-tree port type network
interface Ethernet1/20
description To N7K-2
shutdown
switchport mode trunk
switchport trunk native vlan 999
spanning-tree port type network
interface mgmt0
ip address 192.168.0.18/24
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.3.N2.1.bin

N5K-2

version 5.0(3)N2(1)
feature telnet
feature udld
feature interface-vlan
feature lacp
feature lldp

logging level aaa 5


logging level cdp 6
logging level lldp 5
logging level radius 5
logging level monitor 6
logging level session-mgr 6
logging level spanning-tree 6

2011 Cisco Systems, Inc. Lab Guide 329


logging level interface-vlan 5
username admin password 5 $1$pKTdjbMs$bFn1w7LJ3mDO9rdHEUkD2/ role
network-admin
ip domain-lookup
hostname N5K-2
ip access-list ISCSI-TRAFFIC
statistics per-entry
10 permit tcp any any eq 3260
20 permit tcp any eq 3260 any
ip access-list MGMT-TRAFFIC
statistics per-entry
10 permit tcp any any eq 22
20 permit tcp any eq 22 any
30 permit tcp any any eq telnet
40 permit tcp any eq telnet any
class-map type qos class-fcoe
class-map type qos match-all STORAGE
match access-group name ISCSI-TRAFFIC
class-map type qos match-all NET-MGMT
match access-group name MGMT-TRAFFIC
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
policy-map type qos CLASSIFICATION
class STORAGE
set qos-group 4
class NET-MGMT
set qos-group 2
class class-fcoe
set qos-group 1
class-map type network-qos STORAGE
match qos-group 4
class-map type network-qos NET-MGMT
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
policy-map type network-qos MARKING
class type network-qos STORAGE
set cos 4
class type network-qos NET-MGMT
set cos 2
class type network-qos class-fcoe

330 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
pause no-drop
mtu 2158
class type network-qos class-default
multicast-optimize
system qos
service-policy type queuing input fcoe-default-in-policy
service-policy type queuing output fcoe-default-out-policy
service-policy type qos input fcoe-default-in-policy
service-policy type network-qos fcoe-default-nq-policy
slot 1
port 21-32 type fc
snmp-server user admin network-admin auth md5
0x7de850b332ac835cb267655504a3e62f priv
0x7de850b332ac835cb267655504a3e62f localizedkey
snmp-server enable traps entity fru
callhome
vrf context management
ip route 0.0.0.0/0 192.168.0.254
vlan 1
vlan 10
name TEST
vlan 11-13,999
spanning-tree mode mst
spanning-tree mst configuration
name Pod1and2
revision 12
instance 1 vlan 11,13
instance 2 vlan 10,12

interface Vlan1

interface Vlan10
no shutdown
ip address 172.16.10.52/24

interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
description To Windows-CNA-2
switchport access vlan 10
spanning-tree port type edge
interface Ethernet1/4
description To Windows-CNA-1
spanning-tree port type edge
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8

2011 Cisco Systems, Inc. Lab Guide 331


interface Ethernet1/9
description To N2K-2
interface Ethernet1/10
description To N2K-2
interface Ethernet1/11
description To N2K-1
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
switchport mode trunk
interface Ethernet1/16
interface Ethernet1/17
description To N5K-1
shutdown
interface Ethernet1/18
description To N5K-1
shutdown
interface Ethernet1/19
description To N7K-2
shutdown
switchport mode trunk
switchport trunk native vlan 999
spanning-tree port type network
interface Ethernet1/20
description To N7K-1
shutdown
switchport mode trunk
switchport trunk native vlan 999
spanning-tree port type network
interface mgmt0
ip address 192.168.0.28/24
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.3.N2.1.bin

332 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 7-1 Answer Key: Configuring FCoE
When you complete this activity, your Cisco Nexus 5000 Switch configuration and Cisco MDS
9124 configuration will be similar to the results here, with differences that are specific to your
device or workgroup:

Note The sections of the configuration that are most relevant for this lab exercise have been
highlighted in bold.

N5K-1

version 5.0(3)N2(1)
feature fcoe

feature telnet
feature lldp
feature fex

username admin password 5 $1$Bxp139Ef$zJXGvwYNYgPrz9r0YTnho0 role


network-admin
ssh key rsa 2048
ip domain-lookup
hostname N5K-1
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
system qos
service-policy type qos input fcoe-default-in-policy
service-policy type queuing input fcoe-default-in-policy
service-policy type queuing output fcoe-default-out-policy
service-policy type network-qos fcoe-default-nq-policy
fex 101
pinning max-links 1
description "Pod1-FEX"
slot 1
port 21-32 type fc

2011 Cisco Systems, Inc. Lab Guide 333


snmp-server user admin network-admin auth md5
0x52eea44abae6a696c96997eea3112076 priv
0x52eea44abae6a696c96997eea3112076 localizedkey
snmp-server enable traps entity fru

vrf context management


ip route 0.0.0.0/0 192.168.0.254
vlan 1
vlan 200
fcoe vsan 200
vsan database
vsan 200
fcdomain fcid database
vsan 200 wwn 21:00:00:c0:dd:12:2d:05 fcid 0x220000 dynamic

interface port-channel101
switchport mode fex-fabric
fex associate 101

interface vfc1
bind interface Ethernet1/3
no shutdown
vsan database
vsan 200 interface vfc1

interface fc1/21
no shutdown
interface fc1/22
no shutdown
interface fc1/23
interface fc1/24
interface fc1/25
interface fc1/26
interface fc1/27
interface fc1/28
interface fc1/29
interface fc1/30
interface fc1/31
interface fc1/32
interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
switchport mode trunk
spanning-tree port type edge trunk
interface Ethernet1/4
interface Ethernet1/5
interface Ethernet1/6

334 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
switchport mode fex-fabric
fex associate 101
channel-group 101
interface Ethernet1/10
switchport mode fex-fabric
fex associate 101
channel-group 101
interface Ethernet1/11
shutdown
interface Ethernet1/12
shutdown
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface mgmt0
ip address 192.168.0.18/24
interface Ethernet101/1/1
interface Ethernet101/1/2
interface Ethernet101/1/3
interface Ethernet101/1/4
interface Ethernet101/1/5
interface Ethernet101/1/6
interface Ethernet101/1/7
interface Ethernet101/1/8
interface Ethernet101/1/9
interface Ethernet101/1/10
interface Ethernet101/1/11
interface Ethernet101/1/12
interface Ethernet101/1/13
interface Ethernet101/1/14
interface Ethernet101/1/15
interface Ethernet101/1/16
interface Ethernet101/1/17
interface Ethernet101/1/18
interface Ethernet101/1/19
interface Ethernet101/1/20
interface Ethernet101/1/21
interface Ethernet101/1/22
interface Ethernet101/1/23
interface Ethernet101/1/24

2011 Cisco Systems, Inc. Lab Guide 335


interface Ethernet101/1/25
interface Ethernet101/1/26
interface Ethernet101/1/27
interface Ethernet101/1/28
interface Ethernet101/1/29
interface Ethernet101/1/30
interface Ethernet101/1/31
interface Ethernet101/1/32
interface Ethernet101/1/33
interface Ethernet101/1/34
interface Ethernet101/1/35
interface Ethernet101/1/36
interface Ethernet101/1/37
interface Ethernet101/1/38
interface Ethernet101/1/39
interface Ethernet101/1/40
interface Ethernet101/1/41
interface Ethernet101/1/42
interface Ethernet101/1/43
interface Ethernet101/1/44
interface Ethernet101/1/45
interface Ethernet101/1/46
interface Ethernet101/1/47
interface Ethernet101/1/48
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.3.N2.1.bin
interface fc1/21
interface fc1/22
interface fc1/23
interface fc1/24
interface fc1/25
interface fc1/26
interface fc1/27
interface fc1/28
interface fc1/29
interface fc1/30
interface fc1/31
interface fc1/32
zoneset activate name storage vsan 200

N5K-2

version 5.0(3)N2(1)
feature fcoe

feature telnet
feature lldp

336 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
feature fex

username admin password 5 $1$QtnoYoB/$QfR2wMTzUK0D2owrx1FGe0 role


network-admin
ssh key rsa 2048
ip domain-lookup
hostname N5K-2
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
system qos
service-policy type qos input fcoe-default-in-policy
service-policy type queuing input fcoe-default-in-policy
service-policy type queuing output fcoe-default-out-policy
service-policy type network-qos fcoe-default-nq-policy
fex 102
pinning max-links 1
description "Pod2-FEX"
slot 1
port 21-32 type fc
snmp-server user admin network-admin auth md5
0x54c34e7b6ed09d745fd18a2156971360 priv
0x54c34e7b6ed09d745fd18a2156971360 localizedkey
snmp-server enable traps entity fru

vrf context management


ip route 0.0.0.0/0 192.168.0.254
vlan 1
vlan 200
fcoe vsan 200
vsan database
vsan 200
fcdomain fcid database
vsan 200 wwn 21:00:00:c0:dd:12:b6:6d fcid 0x620000 dynamic

interface port-channel102
switchport mode fex-fabric
fex associate 102

2011 Cisco Systems, Inc. Lab Guide 337


interface vfc1
bind interface Ethernet1/3
no shutdown
vsan database
vsan 200 interface vfc1

interface fc1/21
no shutdown
interface fc1/22
no shutdown
interface fc1/23
interface fc1/24
interface fc1/25
interface fc1/26
interface fc1/27
interface fc1/28
interface fc1/29
interface fc1/30
interface fc1/31
interface fc1/32
interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
switchport mode trunk
spanning-tree port type edge trunk
interface Ethernet1/4
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
switchport mode fex-fabric
fex associate 102
channel-group 102
interface Ethernet1/10
switchport mode fex-fabric
fex associate 102
channel-group 102
interface Ethernet1/11
shutdown
interface Ethernet1/12
shutdown
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16

338 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface mgmt0
ip address 192.168.0.28/24
interface Ethernet102/1/1
interface Ethernet102/1/2
interface Ethernet102/1/3
interface Ethernet102/1/4
interface Ethernet102/1/5
interface Ethernet102/1/6
interface Ethernet102/1/7
interface Ethernet102/1/8
interface Ethernet102/1/9
interface Ethernet102/1/10
interface Ethernet102/1/11
interface Ethernet102/1/12
interface Ethernet102/1/13
interface Ethernet102/1/14
interface Ethernet102/1/15
interface Ethernet102/1/16
interface Ethernet102/1/17
interface Ethernet102/1/18
interface Ethernet102/1/19
interface Ethernet102/1/20
interface Ethernet102/1/21
interface Ethernet102/1/22
interface Ethernet102/1/23
interface Ethernet102/1/24
interface Ethernet102/1/25
interface Ethernet102/1/26
interface Ethernet102/1/27
interface Ethernet102/1/28
interface Ethernet102/1/29
interface Ethernet102/1/30
interface Ethernet102/1/31
interface Ethernet102/1/32
interface Ethernet102/1/33
interface Ethernet102/1/34
interface Ethernet102/1/35
interface Ethernet102/1/36
interface Ethernet102/1/37
interface Ethernet102/1/38
interface Ethernet102/1/39
interface Ethernet102/1/40
interface Ethernet102/1/41
interface Ethernet102/1/42

2011 Cisco Systems, Inc. Lab Guide 339


interface Ethernet102/1/43
interface Ethernet102/1/44
interface Ethernet102/1/45
interface Ethernet102/1/46
interface Ethernet102/1/47
interface Ethernet102/1/48
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.3.N2.1.bin
interface fc1/21
interface fc1/22
interface fc1/23
interface fc1/24
interface fc1/25
interface fc1/26
interface fc1/27
interface fc1/28
interface fc1/29
interface fc1/30
interface fc1/31
interface fc1/32
zoneset activate name storage vsan 200

MDS-1

version 4.2(3)
role name default-role
description This is a system defined role and applies to all users.
rule 5 permit show feature environment
rule 4 permit show feature hardware
rule 3 permit show feature module
rule 2 permit show feature snmp
rule 1 permit show feature system
username admin password 5 $1$svwmXHKE$J8RB/94MpvkFRGkXWOcQG0 role
network-admin
ip domain-lookup
ip host MDS-1 192.168.0.19
aaa group server radius radius
snmp-server user admin network-admin auth md5
0xb451ee4c3e6944fe322dff0fdc00419a priv
0xb451ee4c3e6944fe322dff0fdc00419a localizedkey
vsan database
vsan 200
fcdomain fcid database
vsan 1 wwn 20:42:00:05:9b:1f:71:c0 fcid 0x7f0000 dynamic
vsan 1 wwn 20:41:00:05:9b:1f:71:c0 fcid 0x7f0100 dynamic
vsan 1 wwn 20:03:00:0d:ec:bc:a9:00 fcid 0x7f0200 area dynamic
vsan 200 wwn 20:03:00:0d:ec:bc:a9:00 fcid 0x0e0000 area dynamic
vsan database

340 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
vsan 200 interface fc1/3
ip default-gateway 192.168.0.254
switchname MDS-1
line console
boot kickstart bootflash:/m9100-s2ek9-kickstart-mz.4.2.3.bin
boot system bootflash:/m9100-s2ek9-mz.4.2.3.bin
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/19
interface fc1/20
interface fc1/21
interface fc1/22
interface fc1/23
interface fc1/24
zoneset activate name storage vsan 200

interface fc1/1
port-license acquire
no shutdown
interface fc1/2
port-license acquire
no shutdown
interface fc1/3
port-license acquire
no shutdown
interface fc1/4
port-license acquire
interface fc1/5
port-license acquire
interface fc1/6
port-license acquire
interface fc1/7

2011 Cisco Systems, Inc. Lab Guide 341


port-license acquire
interface fc1/8
port-license acquire
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/19
interface fc1/20
interface fc1/21
interface fc1/22
interface fc1/23
interface fc1/24
interface mgmt0
ip address 192.168.0.19 255.255.255.0
switchport speed 100

MDS-2

version 4.2(3)
role name default-role
description This is a system defined role and applies to all users.
rule 5 permit show feature environment
rule 4 permit show feature hardware
rule 3 permit show feature module
rule 2 permit show feature snmp
rule 1 permit show feature system
username admin password 5 $1$EZWjxp.1$Tev2LE.XXrRTo.rt5fYPg1 role
network-admin
ip domain-lookup
ip host MDS-2 192.168.0.29
aaa group server radius radius
snmp-server user admin network-admin auth md5
0x3360823e8137174895534befc1b3afde priv
0x3360823e8137174895534befc1b3afde localizedkey
vsan database
vsan 200
fcdomain fcid database
vsan 1 wwn 10:00:00:06:2b:08:f2:1c fcid 0x8d0000 dynamic
vsan 1 wwn 20:03:00:0d:ec:3d:b2:00 fcid 0x8d0100 area dynamic
vsan 1 wwn 20:42:00:05:9b:1f:7c:00 fcid 0x8d0200 dynamic
vsan 1 wwn 20:41:00:05:9b:1f:7c:00 fcid 0x8d0300 dynamic
vsan 1 wwn 21:00:00:c0:dd:12:b6:6d fcid 0x8d0301 dynamic
vsan 200 wwn 20:03:00:0d:ec:3d:b2:00 fcid 0xb40000 area dynamic

342 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
vsan database
vsan 200 interface fc1/3
ip default-gateway 192.168.0.254
switchname MDS-2
line console
boot kickstart bootflash:/m9100-s2ek9-kickstart-mz.4.2.3.bin
boot system bootflash:/m9100-s2ek9-mz.4.2.3.bin
interface fc1/1
interface fc1/2
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/19
interface fc1/20
interface fc1/21
interface fc1/22
interface fc1/23
interface fc1/24
zoneset activate name storage vsan 200

interface fc1/1
port-license acquire
no shutdown
interface fc1/2
port-license acquire
no shutdown
interface fc1/3
port-license acquire
no shutdown
interface fc1/4
port-license acquire
interface fc1/5
port-license acquire
interface fc1/6

2011 Cisco Systems, Inc. Lab Guide 343


port-license acquire
interface fc1/7
port-license acquire
interface fc1/8
port-license acquire
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/19
interface fc1/20
interface fc1/21
interface fc1/22
interface fc1/23
interface fc1/24
interface mgmt0
ip address 192.168.0.29 255.255.255.0
switchport speed 100

344 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
Lab 7-2 Answer Key: Configuring NPV
When you complete this activity, your Cisco Nexus 5000 Switch configuration and Cisco MDS
9124 configuration will be similar to the results here, with differences that are specific to your
device or workgroup:

Note The sections of the configuration that are most relevant for this lab exercise have been
highlighted in bold.

N5K-1

version 5.0(3)N2(1)
feature fcoe

feature telnet
cfs ipv4 distribute
feature lldp

username admin password 5 $1$Bxp139Ef$zJXGvwYNYgPrz9r0YTnho0 role


network-admin
ip domain-lookup
hostname N5K-1
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
system qos
service-policy type qos input fcoe-default-in-policy
service-policy type queuing input fcoe-default-in-policy
service-policy type queuing output fcoe-default-out-policy
service-policy type network-qos fcoe-default-nq-policy
slot 1
port 21-32 type fc
snmp-server user admin network-admin auth md5
0x52eea44abae6a696c96997eea3112076 priv
0x52eea44abae6a696c96997eea3112076 localizedkey
snmp-server enable traps entity fru

vrf context management

2011 Cisco Systems, Inc. Lab Guide 345


ip route 0.0.0.0/0 192.168.0.254
vlan 1
vlan 200
fcoe vsan 2
vsan database
vsan 2

interface vfc1
bind interface Ethernet1/3
no shutdown

interface vfc2
bind interface Ethernet1/4
no shutdown
vsan database
vsan 2 interface vfc1
vsan 2 interface vfc2
vsan 2 interface fc1/21
vsan 2 interface fc1/22

feature npv
npv traffic-map server-interface vfc1 external-interface fc1/21
npv traffic-map server-interface vfc2 external-interface fc1/22
npv auto-load-balance disruptive

interface fc1/21
no shutdown
interface fc1/22
no shutdown
interface fc1/23
interface fc1/24
interface fc1/25
interface fc1/26
interface fc1/27
interface fc1/28
interface fc1/29
interface fc1/30
interface fc1/31
interface fc1/32
interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
switchport mode trunk
spanning-tree port type edge trunk
interface Ethernet1/4
switchport mode trunk

346 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
spanning-tree port type edge trunk
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet1/10
interface Ethernet1/11
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface mgmt0
ip address 192.168.0.18/24
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.3.N2.1.bin
interface fc1/21
switchport mode NP
interface fc1/22
switchport mode NP
interface fc1/23
switchport mode NP
interface fc1/24
switchport mode NP
interface fc1/25
switchport mode NP
interface fc1/26
switchport mode NP
interface fc1/27
switchport mode NP
interface fc1/28
switchport mode NP
interface fc1/29
switchport mode NP
interface fc1/30
switchport mode NP
interface fc1/31
switchport mode NP
interface fc1/32
switchport mode NP

2011 Cisco Systems, Inc. Lab Guide 347


N5K-2

version 5.0(3)N2(1)
feature fcoe

feature telnet
cfs ipv4 distribute
feature lldp

username admin password 5 $1$QtnoYoB/$QfR2wMTzUK0D2owrx1FGe0 role


network-admin
ip domain-lookup
hostname N5K-2
class-map type qos class-fcoe
class-map type queuing class-fcoe
match qos-group 1
class-map type queuing class-all-flood
match qos-group 2
class-map type queuing class-ip-multicast
match qos-group 2
class-map type network-qos class-fcoe
match qos-group 1
class-map type network-qos class-all-flood
match qos-group 2
class-map type network-qos class-ip-multicast
match qos-group 2
system qos
service-policy type qos input fcoe-default-in-policy
service-policy type queuing input fcoe-default-in-policy
service-policy type queuing output fcoe-default-out-policy
service-policy type network-qos fcoe-default-nq-policy
slot 1
port 21-32 type fc
snmp-server user admin network-admin auth md5
0x54c34e7b6ed09d745fd18a2156971360 priv
0x54c34e7b6ed09d745fd18a2156971360 localizedkey
snmp-server enable traps entity fru

vrf context management


ip route 0.0.0.0/0 192.168.0.254
vlan 1
vlan 200
fcoe vsan 2
vsan database
vsan 2

interface vfc1
bind interface Ethernet1/3

348 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
no shutdown

interface vfc2
bind interface Ethernet1/4
no shutdown
vsan database
vsan 2 interface vfc1
vsan 2 interface vfc2
vsan 2 interface fc1/21
vsan 2 interface fc1/22

feature npv
npv traffic-map server-interface vfc1 external-interface fc1/21
npv traffic-map server-interface vfc2 external-interface fc1/22
npv auto-load-balance disruptive

interface fc1/21
no shutdown
interface fc1/22
no shutdown
interface fc1/23
interface fc1/24
interface fc1/25
interface fc1/26
interface fc1/27
interface fc1/28
interface fc1/29
interface fc1/30
interface fc1/31
interface fc1/32
interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
switchport mode trunk
spanning-tree port type edge trunk
interface Ethernet1/4
switchport mode trunk
spanning-tree port type edge trunk
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet1/10
interface Ethernet1/11
interface Ethernet1/12
interface Ethernet1/13

2011 Cisco Systems, Inc. Lab Guide 349


interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface mgmt0
ip address 192.168.0.28/24
line console
line vty
boot kickstart bootflash:/n5000-uk9-kickstart.5.0.3.N2.1.bin
boot system bootflash:/n5000-uk9.5.0.3.N2.1.bin
interface fc1/21
switchport mode NP
interface fc1/22
switchport mode NP
interface fc1/23
switchport mode NP
interface fc1/24
switchport mode NP
interface fc1/25
switchport mode NP
interface fc1/26
switchport mode NP
interface fc1/27
switchport mode NP
interface fc1/28
switchport mode NP
interface fc1/29
switchport mode NP
interface fc1/30
switchport mode NP
interface fc1/31
switchport mode NP
interface fc1/32
switchport mode NP

MDS-1

version 4.2(3)
feature npiv

role name default-role


description This is a system defined role and applies to all users.
rule 5 permit show feature environment
rule 4 permit show feature hardware
rule 3 permit show feature module
rule 2 permit show feature snmp

350 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
rule 1 permit show feature system
username admin password 5 $1$svwmXHKE$J8RB/94MpvkFRGkXWOcQG0 role
network-admin
ip domain-lookup
ip host MDS-1 192.168.0.19
aaa group server radius radius
snmp-server user admin network-admin auth md5
0xb451ee4c3e6944fe322dff0fdc00419a priv
0xb451ee4c3e6944fe322dff0fdc00419a localizedkey

vsan database
vsan 2
vsan 200
fcdomain fcid database
vsan 200 wwn 20:03:00:0d:ec:bc:a9:00 fcid 0x0e0000 area dynamic

vsan database
vsan 2 interface fc1/1
vsan 2 interface fc1/2
vsan 2 interface fc1/3

ip default-gateway 192.168.0.254
switchname MDS-1
line console
boot kickstart bootflash:/m9100-s2ek9-kickstart-mz.4.2.3.bin
boot system bootflash:/m9100-s2ek9-mz.4.2.3.bin
interface fc1/1
switchport mode F
interface fc1/2
switchport mode F
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/19
interface fc1/20
interface fc1/21

2011 Cisco Systems, Inc. Lab Guide 351


interface fc1/22
interface fc1/23
interface fc1/24
zoneset activate name storage vsan 200

interface fc1/1
port-license acquire
no shutdown
interface fc1/2
port-license acquire
no shutdown
interface fc1/3
port-license acquire
no shutdown
interface fc1/4
port-license acquire
interface fc1/5
port-license acquire
interface fc1/6
port-license acquire
interface fc1/7
port-license acquire
interface fc1/8
port-license acquire
interface fc1/9
interface fc1/10
interface fc1/11
interface fc1/12
interface fc1/13
interface fc1/14
interface fc1/15
interface fc1/16
interface fc1/17
interface fc1/18
interface fc1/19
interface fc1/20
interface fc1/21
interface fc1/22
interface fc1/23
interface fc1/24
interface mgmt0
ip address 192.168.0.19 255.255.255.0
switchport speed 100

MDS-2

352 Implementing Cisco Data Center Unified Fabric (DCUFI) v4.0 2011 Cisco Systems, Inc.
version 4.2(3)
feature npiv

role name default-role


description This is a system defined role and applies to all users.
rule 5 permit show feature environment
rule 4 permit show feature hardware
rule 3 permit show feature module
rule 2 permit show feature snmp
rule 1 permit show feature system
username admin password 5 $1$EZWjxp.1$Tev2LE.XXrRTo.rt5fYPg1 role
network-admin
ip domain-lookup
ip host MDS-2 192.168.0.29
aaa group server radius radius
snmp-server user admin network-admin auth md5
0x3360823e8137174895534befc1b3afde priv
0x3360823e8137174895534befc1b3afde localizedkey

vsan database
vsan 2
vsan 200
fcdomain fcid database
vsan 200 wwn 20:03:00:0d:ec:3d:b2:00 fcid 0xb40000 area dynamic

vsan database
vsan 2 interface fc1/1
vsan 2 interface fc1/2
vsan 2 interface fc1/3

ip default-gateway 192.168.0.254
switchname MDS-2
line console
boot kickstart bootflash:/m9100-s2ek9-kickstart-mz.4.2.3.bin
boot system bootflash:/m9100-s2ek9-mz.4.2.3.bin
interface fc1/1
switchport mode F
interface fc1/2
switchport mode F
interface fc1/3
interface fc1/4
interface fc1/5
interface fc1/6
interface fc1/7
interface fc1/8
interface fc1/9
interface fc1/10