NEXUS 5k Cheat Sheet

Nexus Switches-Nexus Cheat Sheet

Nexus one of the dominant switches in data center, most already rolled out Nexus Switches like 7k,5k and Fabric Extender 2k. Nexus 1k series is for low latency applications.

The following commands are normally used for Configuring/monitoring Nexus Switches.

Feature- add a feature in switch   feature ssh

Interface

Interface designation   - int eth slot#/port#

Channel-group # mode active/passive

Int po# ( port-channel)

Example

Channel-group 10 mode active
Int portchannel10
Switchport mode access

CAM table

To find the port of a host using mac address

show mac-address-table address [mac address]

FCOE

Enable fcoe mode

Int x/y

Fcoe mode on/auto

VFC

Interface vfc10

Bind interface e1/10

QOS For FCOE

Class-map class-fcoe

Match cos #

ZONING

VSAN- Virtual Storage Network

Zone name name vasn #

Member pwwn#,fcalias

Zoneset name

To activate

Zoneset activate name [zonename] vsan #

Example

int fc1/24

vsan database

vsan 102 interface fc1/24

vsan 202 wwn 10:00:00:00:c9:62:ab:a7 fcid 0x010027 dynamic

fcalias name SQL31_hba1_p0 vsan 102  

fcalias name SQL31_hba1_p0 vsan 102

    member pwwn 10:00:00:00:c9:62:ab:a7

zone name disql31_hba1_p0_4634_10f0 vsan 102

zoneset name Zoneset_B_01242012 vsan 102

zone sql31_hba1_p0_4634_10f0 to zoneset Zoneset_B_01242012 on VSAN 102

zoneset activate name Zoneset_B_01242012 vsan 102

FEX

For example 2148T has 48x 1ge server ports and 4x10GE uplinks

It is managed by 5k or 7k

There is not PORT CHANNEL config from FEX to server ports

It appears as a line card of Nexus 5k

FEX config managed by 5k and local memory storage for the config

FEX is discovered by SDP protocol

Define number of uplinks

Conf t

Fex 100

Pinning max-links 4

Attach a FEX to interface

Conf t

Int e3/1

Switchport mode fex-fabric

fex associate 100

exit

verify FEX

show fex 100

or show fex 100 detail

other commands are

show inventory fex 100

show version fex 100

show environment fex 100

show diagnostic result fex 100

show logging onboard fex 100

reload fex 100

show tech-support fex 100

Attach fex

Attach fex 100

SIP phone Registration error: 403 - Forbidden (Bad auth)

Registration error: 403 - Forbidden (Bad auth)

Registration error: 408 - Forbidden (Bad auth)

These errors are caused by the firewall, the sip server accepts the registration and return traffic

traffic is blocked at the firewall. Please do the following changes at the firewall.

For example, Netgear, under advanced, WAN setup, put a check mark on disable SIP ALG

Port forwarding 5060

You need to enable ports tcp/udp 5060 to all networks.

I Rule for F5 LTM

I- Rule is a power full  code which modify the http header and redirect the http request to any way you want.
One of the common use is to transfer a http request to https based connection for security or www.x.com to https://x.com. I am attaching the sample code for http transfers.

rule 1

rule redirect_HTTPS

when HTTP_REQUEST {

  if { [TCP::local_port] == 80 }{

    HTTP::redirect https://[getfield [HTTP::host] ":" 1][string tolower [HTTP::uri]]

  }

}

rule 2

when HTTP_REQUEST {

            if { [HTTP::host] contains "www.x.com"} {

            HTTP::redirect https://x.com[HTTP::uri] }

}

Update for PHONE POWER Bria SIP phone configuration

Please correct the previous post as
 domain:208.64.8.6
proxy:208.64.8.6:5060

disable:SIP ALG on the router

Bria SIP phone (Phone Power) configuration for IPAD2

Steps for configuring the BRIA -Counterpath sip phone IPAD2 version  1.0 are given below. This steps are for phone power customers only

Go to User account settings

select
user name: your phone number
password: provided by the voip provider
domain:208.64.8.6:5060
proxy:208.64.8.6

once you entered the credentials, reboot the voip phone adapter and later restart the IPAD2. After an hour try to register the phone. It will show the message as REGISTERED. Once the sip phone is registered, you are ready to go.

Install SSL Certificate in F5 Load Balancer

The installation procedure to upload a SSL certificate from Verisign into F5 load balancer is given below

STEP I: Export Certificate and Private Key from the first IIS 6.0 server

Create an MMC Snap-in for Managing Certificates:

1. Start > run > MMC

2. Go into the Console Tab > File > Add/Remove Snap-in

3. Click on Add > Click Certificates > Add

4. Choose Computer Account

5. Choose Local Computer

6. Close the Add Standalone Snap-in window.

7. Click OK at the Add/Remove Snap-in window.

Export the Certificate with Private Key attached:

8. Expand Certificates in the Console Tree

9. Look for a folder called Personal > Certificates

10. Select the Certificate that you wish to back up.

11. Right-click on the file and choose > ALL TASKS > Export

12. The Certificate Export Wizard will start up. Click Next

13. Choose Yes, export the private key

14. Select Include all certificates in the certification path and click Next

15. Set a password to protect the export of the Private key file with the Certificate. Click Next

16. Choose to save the file to a set location.

Type the file name in the 'File Name' box, and click Save

Click Next

The file is given a *.pfx file-name extension

Login into F5 and change the directory to var/tmp

start the ftp prompt

Bin

get .pfx file

exit ftp

convert the .pfx file into .pem file by

openssl pkcs12 -in sap.ltg.info.pfx -out sap.ltg.info.pem –nodes

export the .pem file into your workstation.

open the pem file using wordpad

copy the key to notepad and save all ALL files .key

copy cert to not a notepad and save ALL file .crt

Load the key into F5 and then CRT file. Once the certificate is loaded, the certificate details will be displayed under SSL certificates tab.

Voice VLAN Configuration

•Before you enable voice VLAN, we recommend that you enable QoS on the switch by entering the mls qos global configuration command and configure the port trust state to trust by entering the mls qos trust cos interface configuration command.

• The Port Fast feature is automatically enabled when voice VLAN is configured. When you disable voice VLAN, the Port Fast feature is not automatically disabled.

• When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.

• If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.

• You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.
Configuring a Port to Connect to a Cisco 7960 IP Phone

VOICE VLAN CONFIGURATION:

Because a Cisco 7960 IP Phone also supports a connection to a PC or other device, a port connecting the switch to a Cisco 7960 IP Phone can carry mixed traffic.

You can configure the port to carry voice traffic in one of these ways:

• Configuring Ports to Carry Voice Traffic in 802.1Q Frames

• Configuring Ports to Carry Voice Traffic in 802.1P Priority-Tagged Frames
You can configure the IP phone to carry data traffic in one of these ways:

• Overriding the CoS Priority of Incoming Data Frames

• Configuring the IP Phone to Trust the CoS Priority of Incoming Data Frames
switchport voice vlan dot1p :

Instruct the switch port to use IEEE 802.1p priority tagging for voice traffic and to use the default native VLAN (VLAN 0) to carry all traffic. By default, the Cisco IP phone forwards the voice traffic with an IEEE 802.1p priority of 5.
switchport voice vlan vlan-id

Instruct the Cisco IP Phone to forward all voice traffic through the specified VLAN. By default, the Cisco IP Phone forwards the voice traffic with an 802.1Q priority of 5. Valid VLAN IDs are from 1 to 4094.
switchport priority extend cos value :

Set the IP phone access port to override the priority received from the PC or the attached device.
The CoS value is a number from 0 to 7. Seven is the highest priority. The default is 0.

switchport priority extend trust
Set the IP phone access port to trust the priority received from the PC or the attached device.