Search this Blog

Friday, January 27, 2012

Does the F2 linecard (N7k-F248XP-25) on Nexus 7010 support Layer 3?

We are sure that F1 linecards on Nexus weren’t able to support L3 functionality, so my query is does the F2 linecard (N7k-F248XP-25) on Nexus 7010 support Layer 3?

Yes F2 does support both L2 and L3 (plus some other additional functions). One restriction - F2 can't work with M1 or F1 line cards in same VDC, so F2 line cards should be set in separate VDC.

Please click here for information on the Cisco Nexus 7000 48-Port 1 and 10 Gigabit
Ethernet F2-Series Module.

You can also check specifications here (Cisco login required).


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, January 26, 2012

What is the correct IOS for Sup720?

In our new 6513E chassis we plan to run Sup720 cards. This will be replacing our existing 6509 Sup2 setup in production. My questions are

What current IOS version should I run on the Sup720 ? I would like to support SSH. The chassis will be populated with a couple of
6724 SFP cards, 2 6704 10 gig cards and a few 6748 line cards.

Is there a good config guide ?


The IOS you should be using will depend on the features you are configured on the box. If you are unsure on the feature support you can choose the advance enterprise service images such as the one below which is certified as safe harbor release by Cisco.

s72033-adventerprisek9_wan-mz.122-33.SXI7.bin

Regarding your query for IOS feature set, this is very well explained in the document below - Cisco IOS Packaging. Please click here.

Also the please click here for more information (feature Navigator) that may come in handy if you want to verify the list of features supported by an image-

You may download the images at here (requires Cisco credentials).


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, January 25, 2012

ASR 1K Error - %PLATFORM-3-ELEMENT_CRITICAL: R0/0: smand: RP/0: Committed Memory value 98% exceeds critical level 95%

Approximately every month the ASR 1K freezes and the traffic stops to pass and some logs appear. Logs below are presenting in console:

Dec 21 22:47:07 COL: %PLATFORM-3-ELEMENT_CRITICAL: R0/0: smand: RP/0: Committed Memory value 98% exceeds critical level 95%

.Dec 21 22:48:15 COL: %ASR1000_RP_SPA-4-IFCFG_CMD_TIMEOUT: Interface configuration command (0xF) to slot 0/0 timed out

-Traceback= 1#a97a59dd5e49e95772aee50db0dd88fc :400000+6BF203 :400000+2BD45BC :

400000+2BD4E04 :400000+43ED561 :400000+43EC76D :400000+43E884C :400000+43F1BCC :

400000+43F1ADF


.Dec 21 22:49:15 COL: %ASR1000_RP_SPA-4-IFCFG_CMD_TIMEOUT: Interface configuration command (0xF) to slot 0/0 timed out

-Traceback= 1#a97a59dd5e49e95772aee50db0dd88fc :400000+6BF203 :400000+2BD45BC :

400000+2BD4E04 :400000+43ED561 :400000+43EC76D :400000+43E884C :400000+43F1BCC :

400000+43F1ADF

Do you have any idea of a workaround for this case ?

The ASR version is 12.2(33)XNE1.


This seems to be this DDTS : CSCtc21042 cman_fp crashes on ASR RP2. Please click here for more information.

Symptom:
Chassis-manager process on RP2 gets stuck and router becomes unresponsive to
user commands. All the FPs and CCs keep rebooting, with console logs showing
repeated FP code downloads.
This problem is specific to RP2.

Conditions:
No particular scenario is known. Problem is caused by OBFL logging of messages
on RP2.
Workaround:
Following workaround greatly reduces the probability of this
issue occurring again, but does not completely eliminate it.

Disable onboard logging of messages on RPs as follows:
"hw-module slot r0/r1 logging onbaord disable"

Router#hw-module slot r0 logging onboard disable

To verify that onboard logging has been disabled:
Router#sh logging onboard slot r0 status
Status: Disabled

Note that this command is not saved in the config so is not preserved
across router reloads.

Please consider the workaround above and also upgrade in future as DDTS not fixed in your OS. It is fixed in 12.2(33)XNF 12.2(33)XNE02 12.2(33)XND03


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Tuesday, January 24, 2012

QOS on GRE over IPSec Tunnel

On the remote routers we would like to prioritize (priority or bandwidth) the traffic going to the 192.168.0.10 server.The configuration we have made so far is :

class-map match-any QOS
match access-group 160
!
!
policy-map output
class QOS
bandwidth 2000 class-map match-any QOS
match access-group 160
!
!
policy-map output
class QOS
bandwidth 2000

We have created the folowing ACL
access-list 160 permit ip any host 192.168.0.10
(i have the route in my routing table via OSPF that goes to reache the server via Tunnel 0)

When i try to apply the policy map to the tunnel interface in the output direction i get the following error.

Weighted Fair Queueing feature is not supported in user defined class of parent level policy

When I try applying the policy map to the fizical interface it works but i don`t get any matches.
How would you do QOS in our scenario?


When an interface becomes congested and packets start to queue, you can apply a queueing method to packets that are waiting to be transmitted. Cisco IOS logical interfaces—tunnel interfaces in this example—do not inherently support a state of congestion and do not support the direct application of a service policy that applies a queueing method. Instead, you need to apply a hierarchical policy. Create a "child" or lower-level policy that configures a queueing mechanism, such as low latency queueing with the priority command and class-based weighted fair queueing (CBWFQ) with the bandwidth command.

policy-map child
class voice
priority 512


Create a "parent" or top-level policy that applies class-based shaping. Apply the child policy as a command under the parent policy because admission control for the child class is done according to the shaping rate for the parent class.

policy-map tunnel
class class-default
shape average 2000000
service-policy child


Apply the parent policy to the tunnel interface.

interface tunnel0
service-policy tunnel

Click here for documentation on how to configure QoS options on tunnel interfaces.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, January 23, 2012

How does preemption works in HSRP ?

An HSRP-enabled router with preempt configured attempts to assume control as the active router when its Hot Standby priority is higher than the current active router. The standby preempt command is needed in situations when you want an occurring state change of a tracked interface to cause a standby router to take over from the active router. For example, an active router tracks another interface and decrements its priority when that interface goes down. The standby router priority is now higher and it sees the state change in the hello packet priority field. If preempt is not configured, it cannot take over and failover does not occur. You can use HSRP to achieve load-balancing across two serial links.

Please click here for documentation on HSRP FAQ.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Tuesday, January 17, 2012

Troubleshooting %STANDBY-3-DUPADDR in a big L2 network

We are trying to find what is root cause of %STANDBY-3-DUPADDR.

The network is as following:

Access layer: 100 switches (mix of 3560,2950,2960,3534XL,3548XL,2970,3550,3512XL) connected to each core switch.10 swith have singe connection to one of the core switch
Distribution core: 2 WS-C6509-E running 12.2(18)SXF11 with 3 modules WS-X6748-SFP and SUP: WS-SUP720-3B
Spanning-tree: PVSTP+
VLAN are filtered manual with Trunk allowed
Number of VLANs: 75

Issue: %STANDBY-3-DUPADDR in log of both core reported from several VLANs at diferent time of the day and it is not the same time from day to day.

We think this is a STP issue so we made a complete drawing of the network to get an overview of which VLANs where allowed on with switch.

Our goal is to to filter the VLANs to a minimum on each trunk to reduce the number of STP instance as we guess some of these access switches cannot support that much.

We know a C3560 with 412 instances of STP and MAX is 128. What would be the consequence of going over the MAX allowed? Actually it looks like the switch is declaring itself root for all the VLANS apart from 2 or 3. Can it be a consequence of exceeding the number of STP instance?

You are most likely correct that it is a STP issue. I think the switch will run out of memory- or CPU resources.

A 3560 has 48 access ports at maximum so why would one need more than this number of vlans? I would say that 128 is more than enough. If not, you probably have a design problem. From what I read about your network, this is even more likely. Examples: running an old IOS on the core, many different models of switches, no uniform redundancy model, just to name the first three I noticed.

You should determine where you want the root of all vlans to reside; probably this is on the 6500 core. Then check on all switches to see if they agree on the root and correct those who have a different one.
Please note that you can also introduce STP problems by configuring which vlans are allowed on a trunk. Not allowing a vlan will also prevent bpdu's being sent over that link. In this way you can break the STP topology.

Please click here for more information on "Spanning Tree Protocol Problems and Related Design Considerations".


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, January 16, 2012

ME-3800X-24FS-M platform assert failure

We got on ME-3800X-24FS-M some strange messages and can't find any documents what is mean:

May 2 2011 17:18:27.552 EET: platform assert failure: 0: ../src-nile/src-asic-nile/nile_adjmgr.c: 6573: adjmgr_l3_switch_nh_to_ucast
May 2 2011 17:18:27.552 EET: -Traceback= 422970 53D924 D93EBC B402A0 B36C60 41E524 420794 B33F14 B35804 DC8EA4 DBF92C
May 2 2011 22:07:11.352 EET: platform assert failure: 0: ../src-nile/src-asic-nile/nile_adjmgr.c: 6509: adjmgr_l3_switch_nh_to_flood
May 2 2011 22:07:11.352 EET: -Traceback= 422970 53DE3C D93F58 B40910 B3745C 421C40 4222E0 DC8EA4 DBF92C

Installed software:
Cisco IOS Software, ME380x Software (ME380x-UNIVERSAL-M), Version 12.2(52)EY1, RELEASE SOFTWARE (fc1)
ROM: Bootstrap program is WHALES boot loader
BOOTLDR: ME380x Boot Loader (ME380X-HBOOT-M) Version 12.2(52r)EY2, RELEASE SOFTWARE (fc1)

As of 1/16/2012 this is being investigated in a Cisco internal bug:

CSCtj22513 platform assert failure trace back seen on modifying interface

This is fixed through:

CSCtk56241 crash noticed after nile assert error messages

This issue is fixed in IOS version 12.2(52)EY2 which should be available on Cisco.com soon. You will be able to download the image by clicking here.

The issue itself should not cause any issue (the crash will not occur in your version). To prevent this upgrade to the mentioned version when it's available.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Sunday, January 8, 2012

Top 5 Tech Support questions on Cisco System's products - Weekly Update Jan 2nd

The most actively discussed Tech Support questions on the web for Cisco System's products (Week of Jan 2nd 2012)
  1. %C4K_EBM-4-HOSTFLAPPING: Host 86:AA:C0:79:AA:6A in vlan 60 is flapping between port Gi5/9 and port Gi5/23
  2. Please explain the password recovery enable procedures for 3560
  3. How to use the clear ip bgp *soft command
  4. VTP Pruning issues on CATOS 8.x
  5. SNMP on Nexus 5548 Failing

SNMP on Nexus 5548 Failing

The version on nexus is 5.0(3)N2(1)
It looks to me that snmp had been hanged for a while
dcassw202# sh processes cpu sort
PID Runtime(ms) Invoked uSecs 1Sec Process
----- ----------- -------- ----- ------ -----------
4565 1308 3838622539 0 46.5% snmpd
4681 184 90 2045 5.0% netstack
4476 1054 14064363 0 1.0% pfma

Any suggestions will be greatly appreciated.

This is a known bug and here is the workaround:
Unload the BRIDGE-MIB from the switch by using snmp server commands. If the switch is reloaded you will have to redo step 1 as this command is not persistent. For detailed information on the workaround please contact Cisco TAC.

Please click here for (Cisco login required) to get more details on the bug.

Also remember disabling SNMP will not fix this problem, you have to unload the BRIDGE-MIB to free up the memory. However, per the bug's release note, this information needs to come from TAC only.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, January 5, 2012

How many EIGRP prefixes can a single 3560/3750 layer3 switch store?

There is a design question in front of us and customer has a pretty tight budget.
This EIGRP domain has about around 1000 prefixes, no VRF, no BGP. can a single 3560 with Advanced IP ios easily support and store those 1000prefixes without bringing up a high CPU process or do we need to think about a 3750?

The 3560 is capable of configuring up to 11000 unicast routes. So your 1,000 prefixes should be fine. Please click here for the datasheet on Cisco Catalyst 3560 Series Switches that contains the summary of all the product features.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, January 2, 2012

How to use the clear ip bgp *soft command

The command "clear ip bgp *soft command" performs soft reset of bgp neighbors relationship in both direction i.e in and out. Since this command also performs Soft reset for " in" direction so does it not require command " neighbor soft-reconfiguration inbound" as well ? Is this correct?

clear ip bgp * soft
neighbor soft-reconfiguration inbound.

Let say we have a router that support refresh capability and so does its neighbor R2. Also assume" neighbor soft-reconfiguration inbound" is configured. Now router has two options to achieve the same goal. The question is which method router will prefer, will it send refresh message? will it just use the database of unfiltered packets?


You have to distinguish between the Soft Reconfiguration and the Dynamic Inbound Soft Reset.

The Soft Reconfiguration is the older method that had to be configured manually on a per-neighbor basis using the soft-reconfiguration inbound whose point was to store a separate unfiltered database of all advertisements sent by the particular neighbor. Using the clear ip bgp * soft [ in ] command simply caused this unfiltered database to be re-filtered anew depending on the actual inbound routing policies. This approach, obviously, was very memory-intensive.

The Dynamic Inbound Soft Reset is the Cisco name for the Route Refresh capability defined by the RFC 2918. This capability is negotiated dynamically with the neighbor and there are no configuration commands related to it. This capability will be negotiated automatically on a per-neighbor basis during the BGP neighborship establishement. After using the clear ip bgp * soft [ in ], the router will automatically send the ROUTE-REFRESH message to all neighbors supporting this feature, requesting them to resend their routing advertisements for the particular address family.

In other words, the clear ip bgp * soft command has the same effect, whether the Soft Reconfiguration or the Route Refresh is used. Obviously, the means to achieve the same effect are very different.

We see a lot of BGP configurations even here on CSC to have the neighbor soft-reconfiguration inbound command configured for various neighbors. I would like to highlight the fact that this is absolutely useless, ineffective and missing the point. It seems that people are confusing the Soft Reconfig with the Route Refresh capability. Every solid BGP implementation nowadays supports the Route Refresh without needing to configure anything and without consuming those inordinate amounts of RAM. The RFC 2918 was published in September 2000, so it's nearly 12 years old and its support is nearly ubiquitous. I cannot stress this enough - configuring the neighbor soft-reconfiguration inbound is neither necessary nor called for.

If both neighbors support the Route Refresh and at the same time, they are configured with neighbor soft-reconfiguration inbound then the Soft Reconfiguration is used instead of the Route Refresh. In other words, the Route Refresh capability dynamically negotiated during the peering establishment will be ignored, the ROUTE-REFRESH messaging will not be used, and instead, both routers will store both the unfiltered and the filtered databases.

Please click here to find more documentation on "BGP Soft Reset Enhancement".


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */