Tuesday, July 31, 2012

How to use Nexus 5548 Unified or Universal Ports

Hi Guys

I found this information ridicolously difficult to find, so I thought I would post it on my blog so hopefully you don't have to go through the stress that I just did.

To make a port on a nexus 5548 (A universal port) both Ethernet and Fibre channel, enter these commands:

switch(config)# slot 1
switch(config-slot)# port 32 type fc 
Where slot is 1 when your trying to configure the main ports on the actual chassis itself, and slot is 2 when your using an expansion module. You can also specify a range of ports with port 21-32 for example.

Short and sweet but I hope it help's someone out there!


Wednesday, July 18, 2012

VTP troubles with Pruning

Hi Guys

Did i mention i hate VTP? if your stuck with VTP Pruning issues, here is a helpful command to individually disable VTP Pruning on a interface:

int gi0/1
 switchport trunk pruning vlan none

Monday, July 16, 2012

Troubleshooting the Nexus 1000v

Hi Guys

This is a very very quick blog post that I hope to expand in the future. (I apologise in advance for the disjointedness of this post.)

If like me you had huge problems getting the Nexus 1000v working at some points some troubleshooting tips would be lovely!!!

First of all, the most important troubleshooting you can do in my opinion is the vem-health command, you need to have console access to your ESXi server, here is a handy tip, you can do it via SSH, but if for some reason you only have console access, you can actually do it by pressing


this will take you to the console.

Then, issue this command:

~ # vem-health check 00:50:56:a0:42:08
VSM Control MAC address: 00:50:56:a0:42:08
Control VLAN: 20
DPA MAC: 00:02:3d:40:03:02

The VEM-VSM connectivity seems to be fine.

How do you get this MAC address? go to your nexus 1000v and issue this command

Nexus1000v# show svs neighbors

Active Domain ID: 3

AIPC Interface MAC: 0050-56a0-4208
Inband Interface MAC: 0050-56a0-420a

The highlighted section is the MAC address you need.

Pay careful attention to what it says, if it says that the control is not working between the VEM and the VSM you need to investigate why.

Top gear top tip - to make things take affect, remove the vmware port group command and put it back in, note that this WILL remove it from your VMWARE configuration so you will need to add it back in.

 Another two extremely useful commands:

~ # vemcmd show l2 20
Bridge domain    6 brtmax 4096, brtcnt 4, timeout 300
VLAN 20, swbd 20, ""
Flags:  P - PVLAN  S - Secure  D - Drop
       Type         MAC Address   LTL   timeout   Flags    PVLAN
    Dynamic   00:50:56:a0:42:08   307         1                            
     Static   00:02:3d:80:03:02     6         0                            
    Dynamic   00:0c:29:e1:61:5a   307         1                            
     Static   00:02:3d:40:03:02    10         0                            

in the example above my control VLAN is VLAN 20. This allows me to see if any MAC addresses have been learnt out here, they should be! there should be some dynamic MAC's learnt if the control is working.

OK, next useful command:

~ # vemcmd show vlan 20
VLAN 20, vdc 1, swbd 20, hwbd 6, 3 ports
     18  vmnic1

this useful command helps you make sure that your control VLAN is actually bound to one of the interfaces.

I know this is a little rushed guys but I promise i will have a more detailed blog post on this later, i just needed to capture these two commands as they totally saved my bacon at one point!

Thursday, July 12, 2012

Reason number #18361 Why i hate juniper's

If you have a juniper (i am SO sorry! Please accept my apologies for your life)

 Specifically, the SRX210H needs the following in it's config:

    alg {
        sccp disable;
        sip disable;
This will prevent it from inspecting SCCP and breaking it.