RE: [FRnOG] [TECH] Remplacement 3750G-12S

Michel Py Sat, 28 Dec 2019 09:32:32 -0800

> Sébastien 65 a écrit :
> La configuration d'un Nexus est elle similaire à un Catalyst IOS ? Est-ce 
> que je vais être "perdu" si je me branche sur un Nexus ?


Comme mes petits camarades je plussoie le Nexus 3064PQ en broke, même si c'est 
un peu overkill.

C'est différent, mais pas trop. Conf t et show inte status çà marche toujours.
Pour moi l'adaptation n'a pas été difficile. Il y a quelques détails qui 
changent, mais globalement çà reste un switch Cisco, et je suis tombé dans le 
Catalyst quand j'étais petit.

Les trucs qui sautent aux yeux : toutes les interfaces sont "e", plus de fa ou 
gi ou te.
Quand tu listes la config, c'est ctrl-c pour arrêter, pas escape.
Plus génant : pas de VTP.
Wr a disparu, mais je l'ai remis avec cli alias name wr copy running-config 
startup-config

J'ai posté un lab de c3064pq sur la liste récemment, je remets à la fin de ceci.

A faire attention au moment de l'achat : le sens des ventilos. Il y a 2 modèles 
d'alims et deux modèles de ventilos, qui doivent être les mêmes, suivant si tu 
veux le flux d'air "rentrant" ou "sortant".
forward airflow (port-side exhaust).
reversed airflow (port side intake) qui ont une marque noire.

La configuration dont je me sers, c'est reversed : les ports sont du coté 
froid, les alims et les ventilos du coté chaud.

Michel.


Bon finalement j’ai le temps de faire un lab avec çà :
[long et technique]
Le lab est toujours up, si quelqu'un veut que je fasse une bidouille 
différente, demandez.

n3k-spare# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n)  [n] y
n3k-spare# reload
This command will reboot the system. (y/n)?  [n] y
2013 Dec  4 08:56:20 n3k-spare %$ VDC-1 %$ %PLATFORM-2-PFM_SYSTEM_RESET: Manual 
system restart from Command Line Interface
Press  ctrl L to go to loader prompt in 2 secs
Booting kickstart image: bootflash:/nxos.7.0.3.I4.6.bin

[...]
switch# conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# no password strength-check
switch(config)# username admin password cisco role network-admin
switch(config)# hardware profile portmode 48x10G+4x40G
timezone PST -8 0
cWarning: This command will take effect only after saving the configuration and 
reload! Port configurations could get lost when port
mode is changed! We suggest you clean up the impacted interfaces config and 
redo them after boot up!
lock summer-time PDT 2 Sun Mar 02:00 1 Sun Nov 02:00 60
cli alias name wr copy running-config startup-config
banner motd ^
Nexus n3064PQ Spare
no IP
no VLANS
switch(config)# clock timezone PST -8 0
switch(config)# clock summer-time PDT 2 Sun Mar 02:00 1 Sun Nov 02:00 60
switch(config)# cli alias name wr copy running-config startup-config
switch(config)# banner motd ^
Enter TEXT message. End with the character '^'.
> Nexus n3064PQ Spare
> no IP
> no VLANS
> ^
switch(config)# host n3k-spare
n3k-spare# exit
n3k-spare# wr
[########################################] 100%
Copy complete, now saving to disk (please wait)...
n3k-spare# reload

[...]
n3k-spare# sh ver
  BIOS: version 4.0.0
  NXOS image file is: bootflash:///nxos.7.0.3.I4.6.bin
Hardware
  cisco Nexus3064 Chassis
  Intel(R) Celeron(R) CPU        P4505  @ 1.87GHz with 3903304 kB of memory.


Sans aucune surprise, une config par défaut relativement complète est installée 
automatiquement :

n3k-spare# sh run

!Command: show running-config
!Time: Wed Dec  4 09:14:32 2013

version 7.0(3)I4(6)
hostname n3k-spare
vdc n3k-spare id 1
  limit-resource vlan minimum 16 maximum 4094
  limit-resource vrf minimum 2 maximum 4096
  limit-resource port-channel minimum 0 maximum 104
  limit-resource u4route-mem minimum 128 maximum 128
  limit-resource u6route-mem minimum 96 maximum 96
  limit-resource m4route-mem minimum 58 maximum 58
  limit-resource m6route-mem minimum 8 maximum 8

feature lldp

no password strength-check
username admin password 5 
$5$mnxxpAh/$l7R9Ow5xXr5rSiUHIHrXNtzETSkJgQzPq8ZpBdVBulD  role network-admin

banner motd ^
Nexus c3064PQ Spare
no IP
no VLANS
^

ip domain-lookup
service unsupported-transceiver
ip access-list copp-system-acl-eigrp
  10 permit eigrp any 224.0.0.10/32
ipv6 access-list copp-system-acl-eigrp6
  10 permit eigrp any ff02::a/128
ip access-list copp-system-acl-icmp
  10 permit icmp any any
ip access-list copp-system-acl-igmp
  10 permit igmp any any
ip access-list copp-system-acl-ntp
  10 permit udp any any eq ntp
  20 permit udp any eq ntp any
ip access-list copp-system-acl-pimreg
  10 permit pim any any
ip access-list copp-system-acl-ping
  10 permit icmp any any echo
  20 permit icmp any any echo-reply
ip access-list copp-system-acl-routingproto1
  10 permit tcp any gt 1024 any eq bgp
  20 permit tcp any eq bgp any gt 1024
  30 permit udp any 224.0.0.0/24 eq rip
  40 permit tcp any gt 1024 any eq 639
  50 permit tcp any eq 639 any gt 1024
  70 permit ospf any any
  80 permit ospf any 224.0.0.5/32
  90 permit ospf any 224.0.0.6/32
ip access-list copp-system-acl-routingproto2
  10 permit udp any 224.0.0.0/24 eq 1985
  20 permit 112 any 224.0.0.0/24
ip access-list copp-system-acl-snmp
  10 permit udp any any eq snmp
  20 permit udp any any eq snmptrap
ip access-list copp-system-acl-ssh
  10 permit tcp any any eq 22
  20 permit tcp any eq 22 any
ip access-list copp-system-acl-stftp
  10 permit udp any any eq tftp
  20 permit udp any any eq 1758
  30 permit udp any eq tftp any
  40 permit udp any eq 1758 any
  50 permit tcp any any eq 115
  60 permit tcp any eq 115 any
ip access-list copp-system-acl-tacacsradius
  10 permit tcp any any eq tacacs
  20 permit tcp any eq tacacs any
  30 permit udp any any eq 1812
  40 permit udp any any eq 1813
  50 permit udp any any eq 1645
  60 permit udp any any eq 1646
  70 permit udp any eq 1812 any
  80 permit udp any eq 1813 any
  90 permit udp any eq 1645 any
  100 permit udp any eq 1646 any
ip access-list copp-system-acl-telnet
  10 permit tcp any any eq telnet
  20 permit tcp any any eq 107
  30 permit tcp any eq telnet any
  40 permit tcp any eq 107 any
ipv6 access-list copp-system-acl-v6routingProto2
  10 permit udp any ff02::66/128 eq 2029
  20 permit udp any ff02::fb/128 eq 5353
  30 permit 112 any ff02::12/128
ipv6 access-list copp-system-acl-v6routingproto1
  10 permit 89 any ff02::5/128
  20 permit 89 any ff02::6/128
  30 permit udp any ff02::9/128 eq 521
ip access-list copp-system-dhcp-relay
  10 permit udp any eq bootps any eq bootps
class-map type control-plane match-any copp-icmp
  match access-group name copp-system-acl-icmp
class-map type control-plane match-any copp-ntp
  match access-group name copp-system-acl-ntp
class-map type control-plane match-any copp-s-arp
class-map type control-plane match-any copp-s-bfd
class-map type control-plane match-any copp-s-bpdu
class-map type control-plane match-any copp-s-dai
class-map type control-plane match-any copp-s-default
class-map type control-plane match-any copp-s-dhcpreq
class-map type control-plane match-any copp-s-dhcpresp
  match access-group name copp-system-dhcp-relay
class-map type control-plane match-any copp-s-dpss
class-map type control-plane match-any copp-s-eigrp
  match access-group name copp-system-acl-eigrp
  match access-group name copp-system-acl-eigrp6
class-map type control-plane match-any copp-s-glean
class-map type control-plane match-any copp-s-igmp
  match access-group name copp-system-acl-igmp
class-map type control-plane match-any copp-s-ipmcmiss
class-map type control-plane match-any copp-s-l2switched
class-map type control-plane match-any copp-s-l3destmiss
class-map type control-plane match-any copp-s-l3mtufail
class-map type control-plane match-any copp-s-l3slowpath
class-map type control-plane match-any copp-s-mpls
class-map type control-plane match-any copp-s-pimautorp
class-map type control-plane match-any copp-s-pimreg
  match access-group name copp-system-acl-pimreg
class-map type control-plane match-any copp-s-ping
  match access-group name copp-system-acl-ping
class-map type control-plane match-any copp-s-ptp
class-map type control-plane match-any copp-s-routingProto1
  match access-group name copp-system-acl-routingproto1
  match access-group name copp-system-acl-v6routingproto1
class-map type control-plane match-any copp-s-routingProto2
  match access-group name copp-system-acl-routingproto2
class-map type control-plane match-any copp-s-selfIp
class-map type control-plane match-any copp-s-ttl1
class-map type control-plane match-any copp-s-v6routingProto2
  match access-group name copp-system-acl-v6routingProto2
class-map type control-plane match-any copp-s-vxlan
class-map type control-plane match-any copp-snmp
  match access-group name copp-system-acl-snmp
class-map type control-plane match-any copp-ssh
  match access-group name copp-system-acl-ssh
class-map type control-plane match-any copp-stftp
  match access-group name copp-system-acl-stftp
class-map type control-plane match-any copp-tacacsradius
  match access-group name copp-system-acl-tacacsradius
class-map type control-plane match-any copp-telnet
  match access-group name copp-system-acl-telnet
policy-map type control-plane copp-system-policy
  class copp-s-default
    police pps 400
  class copp-s-l2switched
    police pps 200
  class copp-s-ping
    police pps 100
  class copp-s-l3destmiss
    police pps 100
  class copp-s-glean
    police pps 500
  class copp-s-selfIp
    police pps 500
  class copp-s-l3mtufail
    police pps 100
  class copp-s-ttl1
    police pps 100
  class copp-s-ipmcmiss
    police pps 400
  class copp-s-l3slowpath
    police pps 100
  class copp-s-dhcpreq
    police pps 300
  class copp-s-dhcpresp
    police pps 300
  class copp-s-dai
    police pps 300
  class copp-s-igmp
    police pps 400
  class copp-s-routingProto2
    police pps 1300
  class copp-s-v6routingProto2
    police pps 1300
  class copp-s-eigrp
    police pps 200
  class copp-s-pimreg
    police pps 200
  class copp-s-pimautorp
    police pps 200
  class copp-s-routingProto1
    police pps 1000
  class copp-s-arp
    police pps 200
  class copp-s-ptp
    police pps 1000
  class copp-s-vxlan
    police pps 1000
  class copp-s-bfd
    police pps 350
  class copp-s-bpdu
    police pps 12000
  class copp-s-dpss
    police pps 1000
  class copp-s-mpls
    police pps 100
  class copp-icmp
    police pps 200
  class copp-telnet
    police pps 500
  class copp-ssh
    police pps 500
  class copp-snmp
    police pps 500
  class copp-ntp
    police pps 100
  class copp-tacacsradius
    police pps 400
  class copp-stftp
    police pps 400
control-plane
  service-policy input copp-system-policy
snmp-server user admin network-admin auth md5 0x769a258e8bbe8ce111d127efe28958cc
priv 0x769a258e8bbe8ce111d127efe28958cc localizedkey
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO

vlan 1
vrf context management
no system urpf disable
no port-channel load-balance resilient
hardware profile portmode 48x10G+4x40G

interface Ethernet1/1  <== 10G
interface Ethernet1/2  <== 10G
[...]
interface Ethernet1/49 <== 40G
interface Ethernet1/50 <== 40G
interface Ethernet1/51 <== 40G
interface Ethernet1/52 <== 40G

interface mgmt0
  vrf member management
clock timezone PST -8 0
clock summer-time PDT 2 Sun Mar 02:00 1 Sun Nov 02:00 60
cli alias name wr copy running-config startup-config
line console
line vty
boot nxos bootflash:/nxos.7.0.3.I4.6.bin


n3k-spare# sh inte e1/49 | inc MTU
  MTU 1500 bytes, BW 40000000 Kbit, DLY 10 usec
n3k-spare# show queuing interface ethernet 1/49 | incl MTU
HW MTU of Ethernet1/49 : 1500 bytes 
n3k-spare#

https://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/118994-config-nexus-00.html

n3k-spare# conf t
Enter configuration commands, one per line. End with CNTL/Z.
n3k-spare(config)# policy-map type network-qos jumbo
type network-qos class-default
    mtu 9216
system qos
n3k-spare(config-pmap-nqos)#   class type network-qos class-default
n3k-spare(config-pmap-nqos-c)#     mtu 9216
n3k-spare(config-pmap-nqos-c)# system qos
n3k-spare(config-sys-qos)#   service-policy type network-qos jumbo
n3k-spare(config-sys-qos)# 2013 Dec  4 09:23:23 n3k-spare %$ VDC-1 %$ 
%IPQOSMGR-2-QOSMGR_NETWORK_QOS_POLICY_CHANGE: Policy jumbo is now active
n3k-spare(config-sys-qos)# end
n3k-spare# sh inte e1/49 | inc MTU
  MTU 1500 bytes, BW 40000000 Kbit, DLY 10 usec
n3k-spare# show queuing interface ethernet 1/49 | incl MTU
HW MTU of Ethernet1/49 : 9216 bytes
n3k-spare# wr
[########################################] 100%
Copy complete, now saving to disk (please wait)...
n3k-spare# reload
This command will reboot the system. (y/n)?  [n] y
2013 Dec  4 09:25:29 n3k-spare %$ VDC-1 %$ %PLATFORM-2-PFM_SYSTEM_RESET: Manual 
system restart from Command Line Interface

[...]
n3k-spare#
n3k-spare# sh inte e1/49 | inc MTU
  MTU 1500 bytes, BW 40000000 Kbit, DLY 10 usec
n3k-spare# show queuing interface ethernet 1/49 | incl MTU
HW MTU of Ethernet1/49 : 9216 bytes
n3k-spare#

n3k-spare(config)# inte e1/49
n3k-spare(config-if)# mtu 1500
                        ^
% Invalid command at '^' marker.

Moralité : 
Pas de MTU par interface sur le mien. Ce qui est reporté par "show interface" 
çà ne vaut pas un caramel mou.


---------------------------
Liste de diffusion du FRnOG
http://www.frnog.org/

RE: [FRnOG] [TECH] Remplacement 3750G-12S

Répondre à