2017年8月17日 星期四

Nexus 7000 IPv6 Configuration Pitfalls

https://www.tachyondynamics.com/nexus-7000-ipv6-configuration-pitfalls/

N7K-1-LAN(config)# vlan configuration 1149
N7K-1-LAN(config-vlan-config)# no ip igmp snooping optimise-multicast-flood
Warning: This command should be executed on peer VPC switch as well.
==============================================================
N7K-2-LAN(config)# vlan configuration 1149
N7K-2-LAN(config-vlan-config)# no ip igmp snooping optimise-multicast-flood
Warning: This command should be executed on peer VPC switch as well.


Guidelines and Limitations for IPv6

IPv6 has the following configuration guidelines and limitations:
  • IPv6 packets are transparent to Layer 2 LAN switches because the switches do not examine Layer 3 packet information before forwarding IPv6 frames. IPv6 hosts can be directly attached to Layer 2 LAN switches.
  • You can configure multiple IPv6 global addresses within the same prefix on an interface. However, multiple IPv6 link-local addresses on an interface are not supported.
  • Because RFC 3879 deprecates the use of site-local addresses, you should configure private IPv6 addresses according to the recommendations of unique local addressing (ULA) in RFC 4193.
  • F2 Series modules do not support IPv6 tunnels.
  • On F2 Series modules, you must disable IGMP optimized multicast flooding (OMF) on any VLANs that require any IPv6 packet forwarding (unicast or multicast). IPv6 neighbor discovery functions correctly only in a VLAN with the OMF feature disabled. To disable OMF, use the no ip igmp snooping optimised-multicast-flood command in VLAN configuration mode. With OMF disabled, unknown IPv4 multicast traffic (as well as all IPv6 multicast traffic) is flooded to all ports in the VLAN. Note that unknown multicast traffic refers to multicast packets with an active source but no receivers (and therefore no group forwarding entry in the hardware) in the ingress VLAN.
Yeah, that last one got me.  Apparently, Cisco is trying to “help” me by taking multicast snooping to an all new level – killing any IPv6 communication.  Why this is important is because IPv6 Neighbor Discovery (think ARP for IPv4) goes over multicast.  So what I imagine the snooping is doing on F2 Modules is drop all Ethernet frames with the the destination MAC of 33-33-xx-xx-xx-xx.  The “XX” map to the IPv6 multicast group the frame is trying to reach.  For example, the all-nodes multicast address is ff02::1 the Ethernet MAC maps to 33:33:00:00:00:01.
So by disabling Cisco’s “optimized” multicast flood protection, you get IPv6 to work on a layer-2 interface.  The command should be done on the VDC you are working in.  You have to make sure you think in the Queen’s English for this one:

  • no ip igmp snooping optimised-multicast-flood

2017年2月22日 星期三

Cisco 3750 Configuring GRE Tunnel





  • Cisco 3750-A's Configuration
ip routing
!
interface Tunnel0
 ip unnumbered Vlan20
 tunnel source Vlan200
 tunnel destination 192.168.200.100
!
interface GigabitEthernet1/0/1
 switchport access vlan 200
 switchport mode access
!
interface Vlan20
 ip address 192.168.20.254 255.255.255.0
!
interface Vlan200
 ip address 192.168.200.1 255.255.255.0
!
ip route 192.168.10.0 255.255.255.0 Tunnel0
  • Cisco 3750-B's Configuration
ip routing
!
interface Tunnel0
 ip unnumbered Vlan10
 tunnel source Vlan200
 tunnel destination 192.168.200.1
!
interface GigabitEthernet1/0/1
 switchport access vlan 200
 switchport mode access
!
interface Vlan10
 ip address 192.168.10.254 255.255.255.0
!
interface Vlan200
 ip address 192.168.200.100 255.255.255.0
!
ip route 192.168.20.0 255.255.255.0 Tunnel0

Cisco 3750 Configuring IP SLA






  • Cisco 3750-A's Configuration
interface vlan 200
 ip address 192.168.200.1
interface gi 1/0/1
switchport
switchport mode access
switchport access vlan 200
ip sla 200
 udp-jitter 192.168.200.100 50000 source-ip 192.168.200.1 codec g711ulaw
 frequency 30
ip sla schedule 200 life forever start-time now
  • Cisco 3750-B's Configuration
interface vlan 200
 ip address 192.168.200.100
interface gi 1/0/1
switchport
switchport mode access
switchport access vlan 200
ip sla responder

2017年1月13日 星期五

Cisco Nexus 7000 Configuring OTV

  • N7K-A's Configuration

switch# sh running-config vdc-all
!Running config for default vdc: switch


!Command: show running-config
!Time: Thu Jan 12 09:18:45 2017

version 6.2(16)
power redundancy-mode ps-redundant

hostname switch
no system admin-vdc
install feature-set fabricpath
vdc switch id 1
  limit-resource module-type m2xl
  allow feature-set fabricpath
  allocate interface Ethernet7/1-6
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 2 maximum 4096
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 96 maximum 96
  limit-resource u6route-mem minimum 24 maximum 24
  limit-resource m4route-mem minimum 58 maximum 58
  limit-resource m6route-mem minimum 8 maximum 8
  limit-resource monitor-session-inband-src minimum 0 maximum 1
  limit-resource anycast_bundleid minimum 0 maximum 16
  limit-resource monitor-session-mx-exception-src minimum 0 maximum 1
  limit-resource monitor-session-extended minimum 0 maximum 12
vdc aggregate id 2
  limit-resource module-type f2
  allow feature-set fabricpath
  allocate interface Ethernet5/45-48
  boot-order 1
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 2 maximum 4096
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 8 maximum 8
  limit-resource u6route-mem minimum 4 maximum 4
  limit-resource m4route-mem minimum 8 maximum 8
  limit-resource m6route-mem minimum 5 maximum 5
  limit-resource monitor-session-inband-src minimum 0 maximum 1
  limit-resource anycast_bundleid minimum 0 maximum 16
  limit-resource monitor-session-mx-exception-src minimum 0 maximum 1
  limit-resource monitor-session-extended minimum 0 maximum 12

feature telnet
feature otv

username admin password 5 $1$TBG5xbl5$AUcXk/oLNwiXGyMmfFxLv1  role network-admin
ip domain-lookup
interface breakout module 7 port 1 map 10g-4x
interface breakout module 7 port 4 map 10g-4x
copp profile strict
snmp-server user admin network-admin auth md5 0xfea84b14dbd76d5d6ae7c0d6099801ae
 priv 0xfea84b14dbd76d5d6ae7c0d6099801ae localizedkey
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
snmp-server community nchc group network-operator

ip route 10.10.10.0/24 172.16.1.2
ip route 140.110.60.0/24 172.16.1.2
vlan 1,10,20

otv site-vlan 1
vrf context management
  ip route 0.0.0.0/0 140.110.23.254


interface mgmt0
  vrf member management
  ip address 140.110.23.5/24

interface Overlay1
  otv join-interface Ethernet7/1/1
  otv control-group 239.1.1.1
  otv data-group 239.1.1.0/28
  otv extend-vlan 10, 20
  no shutdown

interface Ethernet7/1/1
  description otv-join-interface
  mtu 9216
  ip address 172.16.1.1/24
  ip igmp version 3
  no shutdown

interface Ethernet7/1/2

interface Ethernet7/1/3

interface Ethernet7/1/4

interface Ethernet7/2

interface Ethernet7/3

interface Ethernet7/4/1
  switchport
  switchport mode trunk
  mtu 9216
  no shutdown

interface Ethernet7/4/2

interface Ethernet7/4/3

interface Ethernet7/4/4

interface Ethernet7/5

interface Ethernet7/6
line console
line vty
boot kickstart bootflash:/n7000-s1-kickstart.6.2.16.bin sup-1
boot system bootflash:/n7000-s1-dk9.6.2.16.bin sup-1
boot kickstart bootflash:/n7000-s1-kickstart.6.2.16.bin sup-2
boot system bootflash:/n7000-s1-dk9.6.2.16.bin sup-2
otv site-identifier 0002.0002.0002
no system auto-upgrade epld


!Running config for vdc: aggregate


switchto vdc aggregate

!Command: show running-config
!Time: Thu Jan 12 09:18:45 2017

version 6.2(16)
hostname aggregate

feature pim
feature interface-vlan

username admin password 5 $1$7UBqx32s$96cWAyLMKJdpYVGScH0vV.  role vdc-admin
ip domain-lookup
snmp-server user admin vdc-admin auth md5 0x63e7532c2ee8a994c16fe1547350d8e7 pri
v 0x63e7532c2ee8a994c16fe1547350d8e7 localizedkey
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO

ip route 140.110.60.0/24 10.10.10.2
ip pim rp-address 10.10.10.1 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
vlan 1,10,20,249

vrf context management

interface Vlan1

interface Vlan10
  no shutdown
  ip address 192.168.10.254/24

interface Vlan20
  no shutdown
  ip address 192.168.20.254/24

interface Vlan249
  no shutdown
  mtu 9216
  ip address 10.10.10.1/24
  ip pim sparse-mode
  ip igmp version 3

interface Ethernet5/45
  switchport
  switchport mode trunk
  mtu 9216
  no shutdown

interface Ethernet5/46
  switchport
  switchport access vlan 249
  mtu 9216
  no shutdown

interface Ethernet5/47
  description otv-internal-interface
  switchport
  switchport mode trunk
  mtu 9216
  no shutdown

interface Ethernet5/48
  mtu 9216
  ip address 172.16.1.2/24
  ip pim sparse-mode
  ip igmp version 3
  no shutdown
line vty

switchback

  • N7K-B's Configuration

switch# sh running-config vdc-all
!Running config for default vdc: switch


!Command: show running-config
!Time: Thu Jan 12 09:19:48 2017

version 6.2(16)
power redundancy-mode combined force

hostname switch
no system admin-vdc
vdc switch id 1
  limit-resource module-type m2xl
  allocate interface Ethernet7/1-6
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 2 maximum 4096
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 96 maximum 96
  limit-resource u6route-mem minimum 24 maximum 24
  limit-resource m4route-mem minimum 58 maximum 58
  limit-resource m6route-mem minimum 8 maximum 8
  limit-resource monitor-session-inband-src minimum 0 maximum 1
  limit-resource anycast_bundleid minimum 0 maximum 16
  limit-resource monitor-session-mx-exception-src minimum 0 maximum 1
  limit-resource monitor-session-extended minimum 0 maximum 12
vdc aggregate id 2
  limit-resource module-type f2
  allocate interface Ethernet5/45-48
  boot-order 1
  limit-resource vlan minimum 16 maximum 4094
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource monitor-session-erspan-dst minimum 0 maximum 23
  limit-resource vrf minimum 2 maximum 4096
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 8 maximum 8
  limit-resource u6route-mem minimum 4 maximum 4
  limit-resource m4route-mem minimum 8 maximum 8
  limit-resource m6route-mem minimum 5 maximum 5
  limit-resource monitor-session-inband-src minimum 0 maximum 1
  limit-resource anycast_bundleid minimum 0 maximum 16
  limit-resource monitor-session-mx-exception-src minimum 0 maximum 1
  limit-resource monitor-session-extended minimum 0 maximum 12

feature telnet
feature otv

logging level pixm 2
username admin password 5 $1$aTneXgbF$Y.nCesQfRi4PIaTn270zm/  role network-admin
ip domain-lookup
interface breakout module 7 port 1 map 10g-4x
interface breakout module 7 port 4 map 10g-4x
copp profile strict
snmp-server user admin network-admin auth md5 0x3387245e0db351b3d4c02b8d28252f70
 priv 0x3387245e0db351b3d4c02b8d28252f70 localizedkey
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
snmp-server community nchc group network-operator

ip route 10.10.10.0/24 140.110.60.2
ip route 172.16.1.0/24 140.110.60.2
vlan 1,10,20

otv site-vlan 1
vrf context management
  ip route 0.0.0.0/0 140.110.23.254


interface mgmt0
  vrf member management
  ip address 140.110.23.6/24

interface Overlay1
  otv join-interface Ethernet7/1/1
  otv control-group 239.1.1.1
  otv data-group 239.1.1.0/28
  otv extend-vlan 10, 20
  no shutdown

interface Ethernet7/1/1
  description otv-join-interface
  mtu 9216
  ip address 140.110.60.1/24
  ip igmp version 3
  no shutdown

interface Ethernet7/1/2

interface Ethernet7/1/3

interface Ethernet7/1/4

interface Ethernet7/2

interface Ethernet7/3

interface Ethernet7/4/1
  switchport
  switchport mode trunk
  mtu 9216
  no shutdown

interface Ethernet7/4/2

interface Ethernet7/4/3

interface Ethernet7/4/4

interface Ethernet7/5

interface Ethernet7/6
line console
line vty
boot kickstart bootflash:/n7000-s1-kickstart.6.2.16.bin sup-1
boot system bootflash:/n7000-s1-dk9.6.2.16.bin sup-1
boot kickstart bootflash:/n7000-s1-kickstart.6.2.16.bin sup-2
boot system bootflash:/n7000-s1-dk9.6.2.16.bin sup-2
otv site-identifier 0001.0001.0001
no system auto-upgrade epld


!Running config for vdc: aggregate


switchto vdc aggregate

!Command: show running-config
!Time: Thu Jan 12 09:19:48 2017

version 6.2(16)
hostname aggregate

feature pim
feature interface-vlan

username admin password 5 $1$dZMpvYxs$QkBDyVytpLTD44eWBN8Gf0  role vdc-admin
ip domain-lookup
snmp-server user admin vdc-admin auth md5 0x3e6ef3490edc48c6d93c7acf6ff4ffba pri
v 0x3e6ef3490edc48c6d93c7acf6ff4ffba localizedkey
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO

ip route 172.16.1.0/24 10.10.10.1
ip pim rp-address 10.10.10.1 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
vlan 1,10,20,249

vrf context management

interface Vlan1

interface Vlan10
  no shutdown
  ip address 192.168.10.254/24

interface Vlan20
  no shutdown
  ip address 192.168.20.254/24

interface Vlan249
  no shutdown
  mtu 9216
  ip address 10.10.10.2/24
  ip pim sparse-mode
  ip igmp version 3

interface Ethernet5/45
  switchport
  switchport mode trunk
  mtu 9216
  no shutdown

interface Ethernet5/46
  switchport
  switchport access vlan 249
  mtu 9216
  no shutdown

interface Ethernet5/47
  description otv-internal-interface
  switchport
  switchport mode trunk
  mtu 9216
  no shutdown

interface Ethernet5/48
  mtu 9216
  ip address 140.110.60.2/24
  ip pim sparse-mode
  ip igmp version 3
  no shutdown
line vty

switchback

reference :
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/DCI/whitepaper/DCI3_OTV_Intro/DCI_1.html

2017年1月6日 星期五

Cisco Nexus 7000 Configuring VDC

#vdc RED

#allocate interface ethernet 2/1 - 8

#limit-resource vlan minimum 32 maximum 4094

#ha-policy dual-sup switchover single-sup restart

#boot-order 1

#no vdc RED

#switchto vdc RED

#switchback

#show vdc

#show vdc detail

#show vdc membership

#show vdc resource

#show vdc resource detail

#copy running-config startup-config vdc-all