wr

N7K-3(config)# cli alias name wr copy run start
N7K-3(config)# exit
N7K-3# wr
[########################################] 100%
N7K-3#

vPC – vPC+ – EvPC

  • vPC+: When you’re running FabricPath, allows load-balancing to an edge pair doing downstream vPC.
  • Enhanced vPC: Dual-home N2K’s to N5K’s via vPC, and now additionally run vPC to servers attached to those N2K’s.

vPC :

vpc

vPC+ :

vPC with FabricPath.

vpcplus

EvPC :

FCoE links are still seperated.

evpc

 

 

vpccompare

vsan database : Interfaces

Port VSAN membership on the switch is assigned on a port-by-port basis. By default each port belongs to
the default VSAN.

Every FC / San-portchannel should be connected to the corret vsan :

 

MDS9124(config-vsan-db)# sh vsan mem
vsan 1 interfaces:
fc1/7 fc1/8 fc1/9 fc1/10
fc1/11 fc1/12 fc1/13 fc1/14
fc1/15 fc1/16 fc1/17 fc1/18
fc1/19 fc1/20 fc1/21 fc1/22
fc1/23 fc1/24

vsan 12 interfaces:
fc1/3 fc1/4 fc1/6 port-channel 112

vsan 4079(evfp_isolated_vsan) interfaces:
vsan 4094(isolated_vsan) interfaces:
fc1/1 fc1/2 fc1/5 port-channel 111

 

Vsan 1 cannot be deleted. Just suspend it.

 

SAN : channel group

On (default)—The member ports only operate as part of a SAN port channel or remain inactive. In this
mode, the port channel protocol is not initiated. However, if a port channel protocol frame is received
from a peer port, the software indicates its nonnegotiable status. Port channels configured in the On
mode require you to explicitly enable and disable the port channel member ports at either end if you add
or remove ports from the port channel configuration. Y ou must physically verify that the local and
remote ports are connected to each other .
Active—The member ports initiate port channel protocol negotiation with the peer port(s) regardless of
the channel group mode of the peer port. If the peer port, while configured in a channel group, does not
support the port channel protocol, or responds with a nonnegotiable status, it will default to the On mode
behavior . The Active port channel mode allows automatic recovery without explicitly enabling and
disabling the port channel member ports at either end

Configure FCoE for a Host with VPC etc.

vlan 1011
fcoe vsan 11

N5K-1(config-if)# int e 1/9

N5K-1(config-if)# channel-group 23
N5K-1(config-if)# int po 23
N5K-1(config-if)# sw mod tr
N5K-1(config-if)# sw tr all vl 131,151,111,1011
N5K-1(config-if)# no shut
N5K-1(config-if)# int vfc 23
N5K-1(config-if)# sw tr all vs 11
N5K-1(config-if)# no shut
N5K-1(config-if)# vsan data
N5K-1(config-vsan-db)# vsan 11 interfa vfc 23
N5K-1(config-vsan-db)# int e 1/19
N5K-1(config-if)# int e 1/9
N5K-1(config-if)# no shut
N5K-1(config-if)# sh int vfc 23

vfc23 is trunking
Bound interface is port-channel23
Hardware is Virtual Fibre Channel
Port WWN is 20:16:00:05:9b:7a:03:bf
Admin port mode is F, trunk mode is on
snmp link state traps are enabled
Port mode is TF
Port vsan is 11
Trunk vsans (admin allowed and active) (11)
Trunk vsans (up) (11)
Trunk vsans (isolated) ()
Trunk vsans (initializing) ()
1 minute input rate 296 bits/sec, 37 bytes/sec, 0 frames/sec
1 minute output rate 344 bits/sec, 43 bytes/sec, 0 frames/sec
68 frames input, 8312 bytes
0 discards, 0 errors
69 frames output, 8556 bytes
0 discards, 0 errors
last clearing of “show interface” counters never
Interface last changed at Sun Mar 31 01:38:29 2013

Fabricpath basic config

install feature-set fabricpath
feature-set fabricpath

vlan 31,41
mode fabricpath

interface Ethernet7/7
switchport mode fabricpath

interface Ethernet7/8
switchport mode fabricpath

interface Ethernet7/15
switchport mode fabricpath

interface Ethernet7/16
switchport mode fabricpath
fabricpath domain default
root-priority 255
fabricpath switch-id 71

Verifications :

N7K# sh fab sw
FABRICPATH SWITCH-ID TABLE
Legend: ‘*’ – this system
=========================================================================
SWITCH-ID SYSTEM-ID FLAGS STATE STATIC EMULATED
———-+—————-+————+———–+——————–
*71 0026.982f.67c1 Primary Confirmed Yes No
72 0026.982f.67c2 Primary Confirmed Yes No
73 0026.982f.67c3 Primary Confirmed Yes No
74 0026.982f.67c4 Primary Confirmed Yes No
Total Switch-ids: 4

N7K# sh fab isis topology sum
Fabricpath IS-IS domain: default FabricPath IS-IS Topology Summary
MT-0
Configured interfaces: Ethernet7/7 Ethernet7/8 Ethernet7/15 Ethernet7/16
Number of trees: 2
Tree id: 1, ftag: 1, root system: 0026.982f.67c1, 71
Tree id: 2, ftag: 2, root system: 0026.982f.67c3, 73
N7K#

N7K# sh fab route
FabricPath Unicast Route Table
‘a/b/c’ denotes ftag/switch-id/subswitch-id
‘[x/y]’ denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id

FabricPath Unicast Route Table for Topology-Default

0/71/0, number of next-hops: 0
via —- , [60/0], 0 day/s 09:38:21, local
1/72/0, number of next-hops: 2
via Eth7/15, [115/40], 0 day/s 09:37:57, isis_fabricpath-default
via Eth7/16, [115/40], 0 day/s 09:37:57, isis_fabricpath-default
1/73/0, number of next-hops: 2
via Eth7/15, [115/120], 0 day/s 09:23:03, isis_fabricpath-default
via Eth7/16, [115/120], 0 day/s 09:23:03, isis_fabricpath-default
1/74/0, number of next-hops: 2
via Eth7/15, [115/80], 0 day/s 09:38:11, isis_fabricpath-default
via Eth7/16, [115/80], 0 day/s 09:38:11, isis_fabricpath-default
N7K#

Fabricpath and MTU.

Jumbo frame MTU can be configured on the fabricports.

The 16 bytes are absorbed, so a MTU of 9216 on the interface is 9216.
N7K(config-if-range)# sh fab isis interf br
Fabricpath IS-IS domain: default
Interface Type Idx State Circuit MTU Metric Priority Adjs/AdjsUp
——————————————————————————–
Ethernet7/7 P2P 1 Up/Ready 0x01/L1 9216 40 64 1/1
Ethernet7/8 P2P 2 Up/Ready 0x01/L1 9216 40 64 1/1
Ethernet7/15 P2P 3 Up/Ready 0x01/L1 1500 40 64 1/1
Ethernet7/16 P2P 4 Up/Ready 0x01/L1 1500 40 64 1/1

 

Nexus 7000 VDC names

with

vdc combined-hostname (default) :

N7K-N7K-DC1-4(config)#

 

no vdc combined-hostname

N7K-DC1-4(config)#

NPV configuration. No channel.

On the NPV device :

feature npv (This will reboot the system.)

interface fc2/3
switchport mode NP
switchport trunk allowed vsan 200
no shutdown

vsan database

vsan 200 interface fc2/3

N5K-2# sh npv status

npiv is disabled

disruptive load balancing is disabled

External Interfaces:
====================
Interface: fc2/3, VSAN: 200, FCID: 0x340000, State: Up
Interface: fc2/4, State: Pre-Initialized
Interface: san-port-channel 112, State: Down

Number of External Interfaces: 3

Server Interfaces:
==================

Number of Server Interfaces: 0

N5K-2#

 

At the NPIV device :

MDS(config)# feature npiv

interface fc1/3
switchport rate-mode dedicated
switchport mode F
switchport trunk allowed vsan 200
switchport trunk mode auto
port-license acquire
no shutdown

vsan database

vsan 200 interface fc1/3

 

MDS(config-if)# show npiv status
NPIV is enabled
MDS(config-if)#

 

Test LDAP configuration.

The ldap configuration isn’t correct :

FI-A-A(nxos)# test aaa ser ldap 10.10.61.249 binduser 1234qwer
error authenticating to server
bind failed for CN=binduser,OU=CiscoUCS,DC=ccielab,DC=com: Invalid credentials

The ldap configuration is correct. Username is correct PW is incorrect:

FI-A-A(nxos)# test aaa ser ldap 10.10.61.249 binduser 1234qwer
user has failed authentication
Invalid credentials

Everything is working like it should be :

FI-A-A(nxos)# test aaa ser ldap 10.10.61.249 binduser 1234qwer!

user has been authenticated

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/sample_configurations/UCSM_1_4_LDAP_with_AD/b_Sample_Configuration_LDAP_with_AD.html