DELL Sonic Firewall and Cisco layer 3 switches

DELL Sonic Firewall and Cisco layer 3 switches Configuration

It is sometimes difficult for the Sonic firewall to communicate with TRUNK settings of Cisco Switches.

The switch has multiple VLANs configured and there will be a single cable connecting to the DELL Sonic  firewall.

 Firewall need to learn all the Subnets configured in the switch network.

Please configure port to the firewall on the switch side

Enable interface VLAN 1 in switch—VLAN 1 is default VLAN

 conf t

interface Vlan1

 ip address 192.168.1.6 255.255.255.0

exit

 

ip default-gateway  192.168.1.1  (ip of firewall interface)

ip route 0.0.0.0 0.0.0.0 192.168.1.1

SONIC  Firewall port Configuration

interface FastEthernet1/0/1

 description Uplink to SonicWall

 switchport access vlan 1

 switchport mode access

 spanning-tree portfast

end

                                                           SONIC FIREWALL SIDE

Assign an IP address to the inside interface like 192.168.1.1

Create static route – do not summarize the routes pointing all the internal subnets to the Cisco switch example 192.168.1.6

For example

ip route 10.20.2.0 255.255.255.0 192.168.1.6

ip route 10.30.2.0 255.255.255.0 192.168.1.6

ip route 10.40.2.0 255.255.255.0 192.168.1.6

 Firewall will start to communicate with Switch side subnets.

Cisco Nexus 5000 software Upgrade

Cisco NEXUS 5000 Upgrade

Save the current config files into local memory using command copy run startup.

Also copy all the files the memory to a remote server using ftp or TFTP

The vrf for management is vrf management

Download both kickstart file and image files both have extension .bin

Copy the files from the local tftp server to Nexus switch using following command

copy tftp://10.0.1.1/n5000-uk9-kickstart.5.1.x.N1.1.bin bootflash:n5000-uk9-kickstart.5.1.x.N1.1.bin

vrf :management

Install Operation

Run the following command

install all kickstart bootflash:n5000-uk9-kickstart.5.1.x.N1.1.bin system bootflash:n5000-uk9.5.1.x.N1.1.bin

Switch will be reloaded once the upgrade is successful

Once reloaded, check the running version, it will update the new image.

Software
  BIOS:      version 3.5.0
  loader:    version N/A
  kickstart: version 5.1(3)N1(1)
  system:    version 5.1(3)N1(1)

 

Check the status of all PVCs, communication to FEXs, if all looks good- save the running config to memory.

NEXUS 5K FEX CHEAT SHEET

Nexus Switches-Nexus Cheat Sheet

Nexus is one of the dominant switches in data centers, most companies already rolled out Nexus Switches like 7k,5k and Fabric Extender 2k. Nexus 1k series is for low latency applications.

The following commands are normally used for Configuring/monitoring Nexus Switches.

Feature- add a feature in switch   feature ssh

Interface

Interface designation   - int eth slot#/port#

Channel-group # mode active/passive

Int po# ( port-channel)

Example

Channel-group 10 mode active
Int portchannel10
Switchport mode access

CAM table

To find the port of a host using mac address

show mac-address-table address [mac address]

FCOE

Enable fcoe mode

Int x/y

Fcoe mode on/auto

VFC

Interface vfc10

Bind interface e1/10

QOS For FCOE

Class-map class-fcoe

Match cos #

ZONING

VSAN- Virtual Storage Network

Zone name name vasn #

Member pwwn#,fcalias

Zoneset name

To activate

Zoneset activate name [zonename] vsan #

Example

int fc1/24

vsan database

vsan 102 interface fc1/24

vsan 202 wwn 10:00:00:00:c9:62:ab:a7 fcid 0x010027 dynamic

fcalias name SQL31_hba1_p0 vsan 102  

fcalias name SQL31_hba1_p0 vsan 102

    member pwwn 10:00:00:00:c9:62:ab:a7

zone name disql31_hba1_p0_4634_10f0 vsan 102

zoneset name Zoneset_B_01242012 vsan 102

zone sql31_hba1_p0_4634_10f0 to zoneset Zoneset_B_01242012 on VSAN 102

zoneset activate name Zoneset_B_01242012 vsan 102

FEX 

For example 2148T has 48x 1ge server ports and 4x10GE uplinks

It is managed by 5k or 7k

There is not PORT CHANNEL config from FEX to server ports

It appears as a line card of Nexus 5k

FEX config managed by 5k and local memory storage for the config

FEX is discovered by SDP protocol

Define number of uplinks

Conf t

Fex 100

Pinning max-links 4

Attach a FEX to interface

Conf t

Int e3/1

Switchport mode fex-fabric

fex associate 100

exit

verify FEX

show fex 100

or show fex 100 detail

other commands are

show inventory fex 100

show version fex 100

show environment fex 100

show diagnostic result fex 100

show logging onboard fex 100

reload fex 100

show tech-support fex 100

Attach fex

Attach fex 100

reset module in nexus switch

(config)# slot #

	(config-slot)# port 9-16 type fc (config-slot)# port 1-8 type ethernet (config-slot)# copy running-config startup-config (config-slot)# poweroff module 3 (config)# no poweroff module 3