Cisco N5K-M1600 Troubleshooting Guide

Cisco N5K-M1600 - Expansion Module - 6 Ports Manual

Get Cisco N5K-M1600 - Expansion Module - 6 Ports PDF manuals and user guides
UPC - 882658210488
View all Cisco N5K-M1600 manuals
Add to My Manuals
Save this manual to your list of manuals

Cisco N5K-M1600 manual content summary:

  • Cisco N5K-M1600 | Troubleshooting Guide - Page 1
    Send document comments to [email protected]. Cisco Nexus 5000 Series Troubleshooting Guide December 15, 2011 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 2
    in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. Cisco Nexus 5000 Series Troubleshooting Guide © 2011 Cisco Systems, Inc. All rights reserved.
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 3
    4-1 Improper Configurations 4-2 PFC 4-8 Registers and Counters 4-10 Troubleshooting SAN Switching Issues 5-1 Overview 5-1 NPV 5-2 Zoning 5-7 SAN Port Channels 5-13 FC Services 5-16 Cisco Fabric Services 5-31 VSANs 5-40 Registers and Counters 5-48 Cisco Nexus 5000 Series Troubleshooting Guide iii
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 4
    Traps 7-4 DNS 7-4 Troubleshooting Virtual Port Channel Issues 8-1 Improper Configurations 8-1 Troubleshooting Config-Sync Issues 9-1 Commit Failure 9-1 Import Failure 9-3 Merge Failure 9-5 Switch-profile Deletion Failure 9-6 Verify Failure 9-8 Cisco Nexus 5000 Series Troubleshooting Guide iv OL
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 5
    resolve problems that can occur with QoS in the Cisco Nexus 5000 Series switch. Troubleshooting SAN Switching Issues Describes how to identify and resolve problems that can occur with SAN switching and the Cisco Nexus 5000 Series switch. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide v
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 6
    to material not covered in the manual. Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data. Tip Means the following information will help you solve a problem. Cisco Nexus 5000 Series Troubleshooting Guide vi OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 7
    Guide Cisco Nexus 5000 Series NX-OS Layer 2 Switching Configuration Guide Cisco Nexus 5000 Series NX-OS Multicast Routing Configuration Guide Cisco Nexus 5000 Series NX-OS Quality of Service Configuration Guide Cisco Nexus 5000 Series NX-OS SAN Switching Configuration Guide Cisco Nexus 5000 Series
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 8
    Licensing Guide Cisco NX-OS Licensing Guide Command References Cisco Nexus 5000 Series Command Reference Technical References Cisco Nexus 5000 Series and Cisco Nexus 2000 Series Fabric Extender MIBs Reference Error and System Messages Cisco NX-OS System Messages Reference Troubleshooting Guide Cisco
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 9
    or show system reset-reason commands to display the reason for the crash. switch# show system reset-reason Please look at Note Details 1) At 4054 usecs after Sat Nov 6 15:15:01 2010 Reason: Reset triggered due to HA policy of Reset OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 1-1
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 10
    image name: n5000-uk9.4.2.1.N2.1.bin System image reset-reason, or show cores commands. With the show logging command, review the events that happened just before the crash. switch Service "clis" (PID 4155) hasn't caught signal 11 (core will be saved). Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 11
    Protocol Priority Flow Control Enhanced Transmission Selection Link Layer Discovery Protocol Converged Enhanced Ethernet Virtual Network Tag Notification Cisco FCoE MUX ASIC Fibre Channel Protocol Fabric Shortest Path First OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 1-3
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 12
    there is no need to back out to the switch prompt. switch(config)# show run switch(config)# show interface brief Pipe command switch# show logging | egrep Egrep grep Grep head lines that match include Include lines that match Cisco Nexus 5000 Series Troubleshooting Guide 1-4 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 13
    .2.bin n5000-uk9.4.0.1a.N2.1.bin routing-sw/ Redirecting output of the show tech-support details command Use the tac-pac filename command to redirect the output of the show tech-support details command to a file and then gzip the file. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 1-5
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 14
    only lines where the match is a whole line WORD Search for the expression switch# show cli list | include debug | include interface Narrowing scope of keywords You can use Severity Information with the CLI switch(config)# show logging Cisco Nexus 5000 Series Troubleshooting Guide 1-6 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 15
    that are destined to, or originate from, the Nexus 5000 control plane. Node to switch or switch to switch traffic can be seen with this tool. SPAN is use Ethanalyzer to troubleshoot your network and analyze the control-plane traffic. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 1-7
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 16
    captures output until you press Ctrl-C. The FCID is a well-known name for switch domain controller. switch# ethanalyzer local sniff-interface inbound-hi brief limit-captured-frames 0 Capturing on eth4 :41 Cost = 0 Port = 0x8093 [snip] Cisco Nexus 5000 Series Troubleshooting Guide 1-8 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 17
    • Egress source (Tx)-Traffic exiting the switch through this source port is copied to the SPAN destination port. Note For the Cisco Nexus 5548 Switch, Fibre Channel ports cannot be configured as ingress source ports in a SPAN session. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 1-9
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 18
    Cisco Nexus 5010 switch supports a maximum of two egress SPAN source ports. This limit does not apply to the Cisco Nexus 5020 Switch and the Cisco Nexus 5548 switch. SPAN Destinations SPAN destinations refer to the interfaces that monitors source ports. The Cisco Nexus 5000 Series switch supports
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 19
    rx switch(config-monitor)# destination interface fc3/2 DS-PAA Nexus 5020 FC3/2 FC3/1 199999 Verifying the SPAN Session Example: switch# show monitor session SESSION STATE REASON 1 up The session is up DESCRIPTION OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 1-11
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 20
    to select when turning on debugs. Determine the destination of the output: • Logfile-Data file in switch memory. • Capture to direct to screen via console, Telnet, or SSH. You must have administrator to see name of the debug file. 1-12 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 21
    statistics switch# show cdp global Global CDP information: CDP enabled globally Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled Sending DeviceID TLV in Default Format OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 22
    configurable. Non-FCoE traffic Under certain failure scenarios where the access switch has lost all uplink connectivity to the aggregation layer, the CNA needs to be signaled of the loss of LAN TLVs defined in DCBX and VIC protocols. 1-14 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 23
    Chapter 1 Troubleshooting Overview Failover Send document comments to [email protected]. LAN Traffic When LAN connectivity is lost for a particular VLAN on the link without disrupting FCoE traffic from the same host. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 1-15
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 24
    Failover Chapter 1 Troubleshooting Overview Send document comments to [email protected]. 1-16 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 25
    the Cisco Nexus 5000 Series switch. This chapter includes the following sections: • Data Center Bridging • FIP • CNA • PFC • Registers and Counters Data Center Bridging VFC (FCoE) interface not online This section includes the following topics: • General troubleshooting • Nexus 5548 Troubleshooting
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 26
    LLDP TLVs. Use the show lldp interface ethernet 1/4 command. Example: switch# show lldp interface ethernet 1/4 Interface Information: Enable (tx/rx/dcbx): Y/Y/Y Port Mac address: 00:0d:ec:d5:a3:8b Peer's LLDP TLVs: Type Length Value Cisco Nexus 5000 Series Troubleshooting Guide 2-2 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 27
    peers LLDP values. Make sure that the mandatory LLDP values exist. Example: switch# show system internal dcbx info interface ethernet 1/4 LLDP Neighbors Remote Peers Information 1b 21 08 LLDP TLV type:END of LLDP PDU LLDP TLV Length: 0 OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 2-3
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 28
    the sh platform software dcbx internal info interface ethernet x/y command.) Example: switch# show system internal dcbx info interface ethernet 1/4 Feature type PFC (3) feature : 6 Total frames discarded: 6 Total TLVs unrecognized: 0 Cisco Nexus 5000 Series Troubleshooting Guide 2-4 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 29
    force PFC mode on an interface. Use the inerfacet ethernet 1/21 command and the priority-flow-control mode command to force the PFC mode. Example: switch(config)# int eth1/21 switch(config-if)# priority-flow-control mode ? OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 2-5
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 30
    2 system qos service-policy type qos input fcoe-default-in-policy service-policy type queuing input fcoe-default-in-policy service-policy type queuing output fcoe-default-out-policy service-policy type network-qos fcoe-default-nq-policy Cisco Nexus 5000 Series Troubleshooting Guide 2-6 OL-25300
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 31
    supporting adapters. VFC down due to FIP solicitation failure When the FIP solicitation fails, the VFC goes down. Possible Cause Once the first step of FIP VLAN-discovery has succeeded, the host sends FIP solicitations. The switch . OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 2-7
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 32
    active border/NP port is available. VFC down because VLAN response not received by CNA Though the switch sends out a VLAN response, the response is not received by the CNA. This indicates that , including congestion or link issues. Cisco Nexus 5000 Series Troubleshooting Guide 2-8 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 33
    scope of the spanning-tree protocol for FCoE VLANs to UF links only. • If the converged access switches (in the same SAN fabric or in the other) need to be connected to each over Ethernet links must be used for FCoE in SAN-A and SAN-B. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 2-9
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 34
    appropriate vendor support page for the CNA model and host OS. Determine if an existing driver is already installed on the host OS. Ensure that the latest driver is installed from the CNA vendor support page or the host OS support page. 2-10 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 35
    negotiated with FCOE-capable adapters (CNA). This causes packet drop to be noticed on FCoE traffic from the servers. Possible Causes The CNA may not support DCBX and the PFC TLV is not negotiated. Solution OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 2-11
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 36
    peer. Use the show system internal dcbx info int ethx/x command. Example: switch(config-if)# show system internal dcbx info interface ethernet 1/1 Interface info for : Per-priority-pause status : Rx (Inactive), Tx (Inactive) 2-12 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 37
    server pause the Nexus 5000 interface and reduces the throughput from the switch to the CNA. On the server, investigate the OS/PCI slot to ensure that they are high-speed servers. Replace the servers that the PFC frames on the wire. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 2-13
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 38
    the pause rate limit. • The error-disable recovery interval is 30. If there is a consistent port error-disable condition due to the pause rate limit, determine if the issue is that the server is too slow. Replace the slow server. 2-14 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 39
    command. This is a known bug. Registers and Counters Interface level errors To view any interface level errors, use the show interface counters errors command. Example: switch# show interface counters errors OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 2-15
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 40
    Registers and Counters Chapter 2 Troubleshooting FCoE Issues Send document comments to [email protected]. Port Align-Err FCS-Err Xmit-Err Rev-Err Undersize OutDiscards Eth1/1 0 0 0 0 0 7 112452 60461 40 19 2-16 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 41
    Input Rate (avg) Output Rate (avg) Rate Total Rate Total Rate averaging MB/s Frames MB/s Frames interval (seconds) Ethernet 1/11 0 0 0 0 30 0 0 0 0 300 OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 2-17
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 42
    Registers and Counters Chapter 2 Troubleshooting FCoE Issues Send document comments to [email protected]. 2-18 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 43
    P T E R Troubleshooting Layer 2 Switching Issues Layer 2 is the Data Link Layer of the Open Systems Interconnection model (OSI model) of computer networking. This chapter describes how to identify and resolve problems that can occur with Layer 2 switching in the Cisco Nexus 5000 Series switch. This
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 44
    Chapter 3 Troubleshooting Layer 2 Switching Issues Send document comments to [email protected]. After MAC address is not learned by the switch. This causes the MAC address not to be listed in the MAC table. Possible Cause MAC Cisco Nexus 5000 Series Troubleshooting Guide 3-2 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 45
    switches: • show spanning-tree • show spanning-tree vlan Solution • Check for a correct STP convergence and for STP port states across all switches in the topography. Also confirm that there are no disputes or incorrect port states. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 46
    following commands to confirm the details of the STP port state for the port: • show spanning-tree interface detail • show spanning-tree interface Cisco Nexus 5000 Series Troubleshooting Guide 3-4 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 47
    Chapter 3 Troubleshooting Layer 2 Switching Issues Multicast Send document comments to [email protected]. Solution Check the native VLAN configured at both ends (ports) of the link. vlan 1001 all_macgs verbose Solution OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 3-5
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 48
    Use a VLAN number that is not being reserved for internal use. Note The VLAN range of 3968 to 4047 is reserved for internal use. Example: switch(config)# vlan ? Cisco Nexus 5000 Series Troubleshooting Guide 3-6 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 49
    not suspended. Otherwise, fix the configuration mismatch on the Nexus 5000 pair: Example: switch# sh vpc consistency-parameters global Legend: Type 1 : vPC will be suspended in case of mismatch Name Type Local Value Peer Value OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 3-7
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 50
    Nexus 5000, the maximum number of active VLANs and VSANs per switch is 512 (31 reserved for VSAN; remainder reserved for VLAN). Use the show resource vlan command to determine the number of available VLANs. Example: switch(config)# show resource vlan Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 51
    -vlan switch(config)# show feature Feature Name Instance State tacacs 1 disabled lacp 1 enabled interface-vlan 1 enabled private-vlan 1 enabled udld 1 enabled vpc 1 enabled fcoe 1 disabled fex 1 enabled OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 3-9
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 52
    from where it came. This is a requirement to avoid looping Layer 2 topologies. The error counter, shown in the following example, switch# show platform fwm info gatos-errors 7 Printing non zero Gatos error registers: DROP_SRC_MASK_TO_NULL 9 3-10 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 53
    Troubleshooting Layer 2 Switching Issues Registers and Counters Send document comments to nexus5k-docfeedback@cisco with VLAN_MASK_TO_NULL. Increments for an access list matching the frame. If an ACL is Inactive), Tx (Inactive) OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 3-11
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 54
    Troubleshooting Layer 2 Switching Issues Send document comments to [email protected]. Total Multicast crossbar statistics: Mcast pkts received from the cross-bar : 0 MTU violation The Nexus 5000 is a cut-through switch end Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 55
    Chapter 3 Troubleshooting Layer 2 Switching Issues Registers and Counters Send document comments to [email protected]. MAC TX Statistics Counter with cl_im_tx_err set to 1 at EOP. Total byte count of good frames. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 3-13
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 56
    and Counters Chapter 3 Troubleshooting Layer 2 Switching Issues Send document comments to [email protected]. MAC RX Statistics are greater than CFG_xg_rx_stats_max_frame_len. N/A The value of this counter is always 0. 3-14 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 57
    Chapter 3 Troubleshooting Layer 2 Switching Issues Registers and Counters Send document comments to [email protected]. MAC RX Statistic priority flow control frames received. Total byte count of good frames. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 3-15
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 58
    Registers and Counters Chapter 3 Troubleshooting Layer 2 Switching Issues Send document comments to [email protected]. 3-16 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 59
    context for QoS called the System QoS. The policy-map applied under the System QoS context is applied to the entire switch. The following table summarizes the function and attach points for these three types of policy maps. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 4-1
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 60
    between the Nexus 5000 switch and the Nexus 2000 FEX. The MTU value for the traffic with CoS 7 is set to a fixed value. You must check that the incoming traffic is marked with CoS 7. Use any CoS value other than 7 to avoid this limitation. Cisco Nexus 5000 Series Troubleshooting Guide 4-2 OL-25300
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 61
    as Nexus 5000. Example: //class-map for global qos policy-map, which will be used to create CoS-queue mapping.// class-map type qos voice-global match cos 5 class-map type qos critical-global match cos 6 class-map type qos scavenger-global OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 62
    qos CriticalData match dscp 18 //This qos policy-map will be applied under all N5k and 2248 interfaces to classify all incoming traffic based on DSCP marking. Please note that even set cos 4 mtu 9216 class type network-qos Scavenger Cisco Nexus 5000 Series Troubleshooting Guide 4-4 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 63
    class type queuing class-default bandwidth percent 73 //The switch# sh queuing interface ethernet 100/1/1 Ethernet100/1/1 queuing information: Input buffer allocation: Qos-group: 0 2 3 4 5 (shared) frh: 2 drop-type: drop cos: 0 1 2 3 4 5 6 OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 64
    xon xon xon 7 n/a xon xon xon switch# The Nexus 2148 has two queues in both the ingress and Nexus 5000 are mapped to the no-drop queue on the Nexus 2148. The pause no-drop command is added to the Network-QoS in order for the Nexus Cisco Nexus 5000 Series Troubleshooting Guide 4-6 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 65
    output from the show queuing interface command for the Nexus 2148 with the above configuration. Example: switch# sh queuing interface ethernet 199/1/1 Ethernet199/1/1 queuing 5 xon xon xon 6 3 xon xon xon 7 n/a xon xon xon OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 4-7
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 66
    following commands under interface ethx/y to enable link pause instead of PFC on backto-back switch links. • no priority-flow-control mode on • flowcontrol receive on • flowcontrol send change your configuration and re-apply" Solution Cisco Nexus 5000 Series Troubleshooting Guide 4-8 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 67
    the remaining three Ethernet classes (including class-default), then no-drop can be enabled on two of the Ethernet classes. Changing no-drop configuration causes VPC peer-link to go down and FEX -ip-multicast • Pause no-drop pfc-cos 4 OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 4-9
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 68
    enable flowcontrol on on Nexus 5000 switch port links when connected to another Nexus 5000 interface. Possible Cause By default, the DCBX runs on the Nexus 5000 interface. If the the commands to access various registers and counters: 4-10 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 69
    internal mapping tables, such as the ext-cos to qos-group, qos-group to int-cos, and int-cos to class_id maps. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 4-11
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 70
    switch] show platform software qosctrl policy hif show platform software qosctrl global show platform software qosctrl pss show platform software qosctrl asic show platform software qosctrl default of iHIF for eth103/1/37. 4-12 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 71
    pifTable Nexus 5000 MTU programming Use the following command: show hardware internal gatos asic 0 registers match bm_port_CFG.*_max Nexus 5000 interrupt Use the following commands: debug hardware internal gatos asic 0 clear-interrupt OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 4-13
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 72
    internal ipqos port-node eth3/1 Buffer usage and packet drop debugging on N2K-C2232P FEX Use the following command: show platform software qosctrl asic 0 0 4-14 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 73
    problem (too slow, too high latency, excessively long response time) or did the problem show up recently? • What changed in the configuration or in the overall infrastructure immediately before the applications started to have problems? OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 74
    in upstream switch) Interface: fc2/2, State: Failed(NPIV is not enabled in upstream switch) Interface: san-port-channel 200, State: Down • If NPIV is disabled, then enable NPIV on the core switch. Example: switch(config)# feature npiv Cisco Nexus 5000 Series Troubleshooting Guide 5-2 OL-25300
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 75
    switches, then that would be the recommended configuration. Uneven load balancing on the NPV NP ports An examination of NP upstream ports that are members in the same VSAN reveals that uneven load balancing is occurring. Possible Cause OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 76
    NPV edge switch does not log in to the fabric. Possible Cause The server on the downstream NPV edge switch does not log in to the fabric, and/or you see a "waiting for FLOGI" message. Example: switch# show npv status npiv is enabled Cisco Nexus 5000 Series Troubleshooting Guide 5-4 OL-25300
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 77
    port that server is physically attached to NPIV switches lose visibility into the physical port that a downstream NPV-connected server is attached to. The following process can be used to identify that physical port. Possible Cause OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-5
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 78
    :a3:da:40 20:64:00:0d:ec:a3:da:41 • Identify the IP address of the NPV edge switch. Example: NPIV-Core(config-if)# sh fcns database npv VSAN 100: 20:64:00:0d:ec:a3:da: are in an initializing state and do not come online. Possible Cause Cisco Nexus 5000 Series Troubleshooting Guide 5-6 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 79
    see the trunk VSAN listed. However, this switch or on a different switch is holding the enhanced zoning configuration lock. Solution Release the zoning lock with the following: Step 1 Determine which switch (domain/ip address) has the lock. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 80
    array. Possible Cause If the host and storage are connected to two different switches, the ISL link, (the xE port connecting both switches) might be isolated. The xE port might be isolated in a specific VSAN for possible reasons: Cisco Nexus 5000 Series Troubleshooting Guide 5-8 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 81
    testzone vsan 100 switch(config-zone)# member pwwn 21:00:00:20:37:9e:02:3e switch(config-zone)# member pwwn 21:00:00:c0:dd:12:04:ce Use the show zone vsan command to verify that host and storage are now in the same zone. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-9
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 82
    The zone is not in the active zoneset. There is no active zoneset and default zone policy is set to deny. Solution If there is a zone merge failure, command on both switches to compare the zones and their respective members. 5-10 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 83
    13:13:44 UTC May 27 2010 Activated by: Merge [ Interface san-port-channel 100 ] Default zone policy: Deny Number of devices zoned in vsan: 1/9 (Unzoned: 8) Number of zone id> command to determine the zone set activation problem. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-11
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 84
    mode: basic merge-control: allow • Use the zone default-zone command to set the default zone policy and use the zone mode enhanced command to set the operation to enhanced zoning mode. Another approach is the foillowing: 5-12 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 85
    ends, or Fibre Channel at both ends. • Administrative compatibility parameters: speed, mode, rate mode, port VSAN, allowed VSAN list, and port security.. • Operational parameters: remote switch -support detail > bootflash:showtechdet OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-13
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 86
    as on. If you use the default ON mode to avoid inconsistent states across switches and to maintain consistency across switches, then the ports shut down. . Possible Cause VSAN is not listed in the allowed-active VSAN list. Solution 5-14 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 87
    Chapter 5 Troubleshooting SAN Switching Issues SAN Port Channels Send document comments to [email protected]. Add VSAN to the allowed-active list by using the switchport trunk allowed You receive the following message: OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-15
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 88
    Reserved Event Service (FC-GS-5) Multicast Server (FC-PH3) Clock Synchronization Server (FC-PH3) Security Key Distribution Service (FC-PH3) Alias Server (FC-PH2) Quality of Service Facilitator-Class4 (FC-PH2) Management Service (FC-GS-5) 5-16 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 89
    counter is increasing after the successful completion of link initialization. Example: switch# show hardware internal fc-mac 2 port 1 statistics ADDRESS STAT dropped somewhere in the data path, starting from FC-MAC to FLOGI server. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-17
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 90
    : switch# debug logfile flogi_debug switch# debug flogi all switch(config)# int fc switch(config-if)# shut switch(config-if)# no shut switch(config-if)# undebug all switch# dir NX-OS CLI, perform the following steps. 5-18 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 91
    fspf hello-interval value to match the same values on both switches. Example: switch(config)# interface san-port-channel 200 switch(config-if)# fspf hello-interval 40 vsan 200 Verify that the FSPF is in FULL state after the change. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-19
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 92
    Hello packet on interface san-port-channel N5K-2 %FSPF-3-FC2_PROC_ERR: %$VSAN %$ Error in command to view the FSPF configuration on both switches. Example: switch# show fspf vsan 200 interface san-port-channel 0 5-20 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 93
    dead timer is not set to the default (80 seconds) on the first switch. Check the neighboring switch (MDS) configuration to make sure it switch. The following example shows possible log messages from the show logging command log: Example: OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 94
    the currently configured region in a VSAN. Example (region value is 2; default region value is 0): switch# show fspf vsan 200 FSPF routing for VSAN 200 FSPF routing administration autonomous region. Example: switch# show fspf vsan 200 5-22 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 95
    core switch might be full. FC IDs: When an N port logs into a Cisco Nexus 5000 Series switch, it is assigned an FC ID. By default, the persistent FC ID feature is enabled. If this feature is disabled, the following situations can occur: OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 96
    FC Services Chapter 5 Troubleshooting SAN Switching Issues Send document comments to [email protected]. • An N port logs into a Cisco Nexus 5000 Series switch. The WWN of the FCIDs: 65104 Number reserved FCIDs: 1 5-24 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 97
    manually configure an entry in the persistency table for the WWN of the HBA as shown in the following example. An alternative is to power-cycle the device. This usually makes the HBA start with a normal FLOGI with S_ID=0x0. Example: OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-25
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 98
    in the FCNS database in a topology where Nexus 5000 Series switches are configured as NPV core (feature NPIV) and connected to legacy gateway switches. The fc4-types:fc4_features can be verified -port-wwn :20:d9:00:0d:ec:e0:0e:80 5-26 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 99
    switch and for all the blades logged in through that port. However, because of an old issue with Qlogic HBAs, the Cisco Nexus 5000 domain server assigns a separate area for each Qlogic HBA that matches a certain OUI by default :c0:2e OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-27
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 100
    message for the E port. Example: switch(config)# show int fc 2/2 fc2/2 is down (Isolation due to domain other side eport isolated) Hardware is Fibre Channel, SFP is short wave laser w/o OFC (SN) Port WWN is 20:42:00:0d:ec:d5:fe:00 5-28 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 101
    Domain ID WWN 0x2c(44) 20:03:00:0d:ec:3f:a5:81 [Local] [Principal] switch(config)# show fcdomain domain-list vsan 3 Number of domains: 1 Domain ID WWN 0x2c(44) 20:03:00:0d:ec:d5: first time elp: 0 Peer ELP Revision: 3 OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-29
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 102
    1 Step 2 Step 3 Use the show fcdomain domain-list command to determine if you have statically assigned domain IDs on the switches. If you have statically assigned domain IDs, use the 128 Configured domain ID: 0x2c(44) (preferred) 5-30 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 103
    information to all CFS-capable switches in the fabric where the applications exist. This is the normal mode of operation. To determine the state of CFS distribution on a switch, enter the show cfs status command. Example: OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-31
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 104
    To verify that an application is listed and enabled, issue the show cfs application command to all switches. Example: switch# show cfs application Application Enabled Scope VSANs when applied to a logical application. Example: 5-32 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 105
    same list of switches, the entire set of switches constitutes one Switch WWN IP Address 98 20:00:00:0d:ec:24:5b:c0 172.25.183.123 [Merge Master] 238 20:00:00:0d:ec:50:09:00 172.25.183.42 106 20:00:00:0d:ec:da:6e:00 172.25.183.124 OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 106
    , the merged database is distributed to all switches in the combined fabric and the entire new fabric remains in a consistent state. A merge failure indicates that the merged fabrics contain inconsistent data that could not be merged. 5-34 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 107
    :ec:da:6e:00 COMMIT[2] admin 34689 Thu Aug 5 11:45:20 2010 20:00:00:0d:ec:da:6e:00 LOCK_RELEASED OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-35
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 108
    command on each switch to determine who owns the CFS lock for that application. You should check with that administrator before clearing the lock. Use the CFS abort option to release the lock without distributing the data to the fabric. 5-36 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 109
    switch(config)# End with CNTL/Z. Example: An example of the abort command follows: switch# configure terminal Enter configuration commands, one per line. switch(config)# ntp abort switch(config)# End with CNTL/Z. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 110
    CFS Regions, an application on a given switch can only belong to one region at a time. • CFS Regions are only applicable to applications within the physical scope. You cannot create a CFS Region in the logical scope of an application. 5-38 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 111
    Yes : Physical-fc : Default Example (application is capable of being merged; application is in Region 1): switch# show cfs application name device-alias Enabled : Yes Timeout : 20s Merge Capable : Yes Scope : Physical-fc Region : 1 OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-39
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 112
    selected switch to another switch or to a policy file. • To compare the selected switch to another switch, select Policy Switch and then select a switch from the drop-down list of switches. • The results of the analysis are displayed. 5-40 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 113
    the VSAN. • Verify the physical connectivity for any problem ports or VSANs. • Verify that both devices are in the name server. • Verify that both end devices are in the same VSAN. • Verify that both end devices are in the same zone. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-41
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 114
    06:04 2010 version 4.2(1)N1(1) interface fc2/3 switchport mode E switchport trunk allowed vsan 1 no shutdown switch(config-if)# show run interface fc 1/1 !Command: show running-config interface fc1/1 !Time: Wed Aug 4 16:20:07 2010 5-42 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 115
    allowed and active) (1,100) Trunk vsans (up) (1,100) Trunk vsans (isolated) () Trunk vsans (initializing) () switch(config-if)# show interface brief Interface Vsan Admin Admin Status SFP Oper Oper Port Mode Trunk Mode Speed Channel Cisco Nexus 5000 Series Troubleshooting Guide 5-43
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 116
    :66] [Storage] switch(config-if)# show zoneset active vsan 100 zoneset name ZoneSet_Host_Storage vsan 100 zone name Zone_Host_Storage vsan 100 * fcid 0x640114 [pwwn 20:00:00:25:b5:00:20:0e] [Host] pwwn 50:0a:09:81:86:78:39:66 [Storage] 5-44 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 117
    :20:0e] [Host] * fcid 0x5a0000 [pwwn 50:0a:09:81:86:78:39:66] [Storage] switch(config-if)# show topology FC Topology for VSAN 100 : Interface Peer Domain Peer Interface Peer IP Address fc1/2 0x5a(90) fc2/4 172.25.183.124 OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-45
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 118
    00:00:25:b5:00:20:0e] [Host] * fcid 0x5a0000 [pwwn 50:0a:09:81:86:78:39:66] [Storage] VSAN is down between switches The VSAN is down between switches because: • VSAN is configured on both switches. • Trunk allow list allows the VSAN. 5-46 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 119
    :6e:01 [Local] [Principal] switch(config-vsan-db)# sho interface fc 2/4 | begin Trunk Trunk vsans (admin allowed and active) (1,10,50,100) Trunk vsans (up) (1,10,50,100) Trunk vsans (isolated) () Trunk vsans (initializing) () OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-47
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 120
    error rate being too high. Low Alarm for RxPower Alarms Warnings High Low High Low Temperature 35.02 C 70.00 C 0.00 C 70.00 C 0.00 C 5-48 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 121
    Current, Tx Power and R x Power Alarms Warnings problem. switch# show interface ethernet 1/4 Ethernet1/4 is up Hardware: 1000/10000 Ethernet, address: 000d.ecd5.a38b (bia 000d.ecd5.a38b) MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec, OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 122
    0 babble 2266 Tx pause 24 interface resets Detailed Version The output of the detailed layer and protocol errors. These counters should be monitored anytime there is a connectivity or performance issue. Example: switch = 918901 5-50 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 123
    5 Troubleshooting SAN Switching Issues Registers and Counters Send document comments to [email protected]. 0 63. cos2OutLost = 0 64. cos3OutLost = 0 65. cos4OutLost = 0 66. cos5OutLost = 0 67. cos6OutLost = 0 OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-51
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 124
    command is very useful when troubleshooting physical layer or performance issues with a to occur on the Nexus 5000 FC interface. Example: switch# show interface fc2/1 fc2/1 is trunking Hardware is Fibre Channel, SFP is short wave laser Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 125
    FCP_CNTR_NOS_OUT - Not Operational Sequence Sent FCP_CNTR_LRR_OUT - Link Reset Responses Sent FCP_CNTR_LINK_FAILURE Example: switch# show hardware internal fc-mac 2 port 1 0x140b14 0xdcc 0xc24 0x1d 0x4b9538 0xabc 0x2 0x5 0x2 0x7 0x2 OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-53
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 126
    discard counters are separate for vEthernet and VFC interfaces. Review the output in the second example to help correlate the reason for the drops. 5-54 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 127
    example, notice that the command helps find the cause of the drops: switch# show platform fwm info gatos-errors 0 Printing non zero Gatos error DROP_VLAN_MASK_TO_NULL: res0 = 2556 res1 = 0 DROP_SRC_MASK_TO_NULL: res0 = 522 res1 = 0 OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 5-55
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 128
    Registers and Counters Chapter 5 Troubleshooting SAN Switching Issues Send document comments to [email protected]. 5-56 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 129
    This chapter describes how to identify and resolve problems that can occur with security in the Cisco Nexus 5000 Series switch. This chapter includes the following sections: • Settings - Select the Shell and Custom attributes boxes OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 6-1
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 130
    , you would have to modify rule 15 or change the rule ID of rule 10 so that it has a greater rule ID than rule 15. Cisco Nexus 5000 Series Troubleshooting Guide 6-2 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 131
    get applied When a user account is assigned to a role and you are logged into the Nexus 5000 switch, any changes made to the role configuration does not get applied immediately. Possible Cause While a not assigned to the role properly. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 6-3
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 132
    > command. • If the test aaa command returns the error, "user has failed authentication", then the server is accessable but the credentials for the user account are incorrect. Verify that the user configuration is correct on the server. Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 133
    switch AAA.) Possible Cause Assuming that the ACS or TACACS+ and RADIUS has the Cisco av pair configured correctly, then the problem might be that the internal or local VRF assignment for the user login is not working correctly. Solution OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 134
    for TACACS+. Solution In NX-OS, ASCII authentication is equivalent to PAP authentication. By default, both TACACS+ and RADIUS use CHAP. You can switch to PAP authentication with the aaa authentication login ascii-authentication command. Cisco Nexus 5000 Series Troubleshooting Guide 6-6 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 135
    was created with REMOTE authentication cannot be used for a local (fallback) login. • Create local user accounts with the username password role command until the remote AAA servers become accessible. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 6-7
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 136
    Chapter 6 Troubleshooting Security Issues AAA Send document comments to [email protected]. Cisco Nexus 5000 Series Troubleshooting Guide 6-8 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 137
    to [email protected]. 7 C H A P T E R Troubleshooting System Management Issues SNMP The system management features of the Cisco Nexus 5000 Series switch allow you to system internal mem-stats detail • show tech snmp OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 7-1
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 138
    Troubleshooting System Management Issues Send document comments to [email protected]. SNMP not responding No response or delayed response for SNMP request. Possible Cause If the switch Group / Access context acl_filter Cisco Nexus 5000 Series Troubleshooting Guide 7-2 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 139
    not receiving messages from DUT. Possible Cause Syslog server might not be accessible or the logging level might not be appropriate. Solution OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 7-3
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 140
    The SNMP host might not be accessible. • A firewall might be blocking access. • An access list might be blocking UDP port 162. Solution Use the following commands to check whether the proper VRF is commands to configure the DNS client: Cisco Nexus 5000 Series Troubleshooting Guide 7-4 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 141
    add back the temporarily removed domains to the domain-list. • An alternative approach is to copy the startup-config and delete the desired domain with a text editor. Then you must load the edited startup-config back onto the device. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 7-5
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 142
    Chapter 7 Troubleshooting System Management Issues DNS Send document comments to [email protected]. Cisco Nexus 5000 Series Troubleshooting Guide 7-6 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 143
    Send document comments to [email protected]. 8 C H A P T E R Troubleshooting Virtual Port Channel Issues A virtual port channel (vPC) allows links that are physically connected to two different Cisco Nexus 5000 Series switches to appear as a single port channel to a third device. The
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 144
    -alive status : Suspended (Destination IP not reachable) Configuration consistency status: success vPC role : primary Number of vPCs configured : 4 Peer Gateway : Disabled Dual-active excluded VLANs : - vPC Peer-link status Cisco Nexus 5000 Series Troubleshooting Guide 8-2 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 145
    switches in this example have different vPC domain IDs. The vPC domain IDs of these Nexus switches must be changed to match. This can be done by entering configuration commands, one per line, and ending each with Cntl + Z. switch2(config)# vpc -01 Cisco Nexus 5000 Series Troubleshooting Guide 8-3
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 146
    # show run vpc !Command: show running-config vpc !Time: Tue Mar 8 03:53:57 2011 version 4.2(1)N2(1) feature vpc vpc domain 500 peer-keepalive destination 172.18.118.162 switch2# show run int mgmt 0 !Command: show running-config interface mgmt0 Cisco Nexus 5000 Series Troubleshooting Guide 8-4 OL
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 147
    - Remotely-Managed-Device, s - Supports-STP-Dispute Device-ID Local Intrfce Hldtme Capability Platform Port ID switch2(SSI1324033X)Eth1/25 switch2(SSI1324033X)Eth1/26 128 S I s 128 S I s N5K-C5020P-BF Eth1/25 N5K-C5020P-BF Eth1/26 OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 8-5
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 148
    mode trunk vpc peer-link spanning-tree port type network speed 10000 Create a port-channel 500 on switch1 and associate it to the ports connecting to e1/25 and e1/26 on switch2. switch1(config)# int po 500 switch1(config-if)# int e1/25-26 Cisco Nexus 5000 Series Troubleshooting Guide 8-6 OL-25300
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 149
    1 items match. Example: To check for a mismatch, display the consistency parameters. switch1# show vpc consistency-parameters global Legend: Type 1 : vPC will be suspended in case of mismatch Name Type Local Value Peer Value OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 8-7
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 150
    MTU values for Network QoS. The value for the peer switch is 9216 on the peer switch (switch2) and the value for the local switch is 1538 (switch1). vPC will not be operational until the Network QoS values match on both switches. Cisco Nexus 5000 Series Troubleshooting Guide 8-8 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 151
    cisco.com. 9 C H A P T E R Troubleshooting Config-Sync Issues This chapter describes how to identify and resolve problems that can occur with config-sync in the Cisco Nexus 5000 Series switch conditional feature(s) are enabled. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 9-1
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 152
    occurs if conf-t or config-sync has taken a lock. Solution Compare the vPC domain IDs of the two switches and ensure that they match. Use the show system internal csm global info command type should be set to 2 as shown in the example. Cisco Nexus 5000 Series Troubleshooting Guide 9-2 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 153
    would not release the lock on conf-t. - Use the test csm ssn-db-lock reset conf-t command to reset the lock. • If switch-profile has taken the lock, the client id is reported as 1 in the show describes import options and best practices. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 9-3
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 154
    did not complete. Solution Determine if a system resource utilization problem exists. Correct the problem and retry the operation. Command does not exist in global-db Possible Cause Command is missing from the global-db. Solution Cisco Nexus 5000 Series Troubleshooting Guide 9-4 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 155
    added to the global-db. - If the command was added switch-profile on both peers must match exactly. Merge failure has many possible causes: • First time merge failure • Merge after peers that were in sync previously • Merge after reload OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 156
    the show switch-profile status command to view which commands failed the merge. Correct the configurations and reissue the commit. Switch-profile Deletion Failure A rollback is used to delete the configurations during a switch-profile deletion. Cisco Nexus 5000 Series Troubleshooting Guide 9-6 OL
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 157
    run output. There might be out of sequence issues that occur during the deletion of the switch-profile. Solution Use the resequence-database command in the conf-sync mode to resequence the commands the commands and reissue the delete. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 9-7
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 158
    Note Use the show switch-profile status command to view messages about the failure. Note Determine if the failure is on local/peer side by looking at whether the error is listed under local error(s)/ for it to complete and run verify. Cisco Nexus 5000 Series Troubleshooting Guide 9-8 OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 159
    command to view information about when a lock was acquired or released. It can also show the mapping to the csm transactions displayed with the show switch-profile session-history command. OL-25300-01 Cisco Nexus 5000 Series Troubleshooting Guide 9-9
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 160
    Verify Failure Chapter 9 Troubleshooting Config-Sync Issues Send document comments to [email protected]. 9-10 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 161
    2-11 QoS 4-8 Policy maps 4-1 Q QoS Improper configuration 4-2 R Registers and Counters FCoE 2-15 Layer 2 switching 3-10 QoS 4-10 SAN switching 5-48 S SAN Port Channels 5-13 Security AAA 6-4 Roles 6-1 SNMP 7-1 Spanning Tree Protocol 3-3 T Traps 7-4 Cisco Nexus 5000 Series Troubleshooting Guide IN-1
  • Cisco N5K-M1600 | Troubleshooting Guide - Page 162
    Index Send document comments to [email protected]. V VLAN 3-6 vPC Improper configuration 8-1 VSAN 5-40 Z Zoning 5-7 IN-2 Cisco Nexus 5000 Series Troubleshooting Guide OL-25300-01
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
Send document comments to [email protected].
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco Nexus 5000 Series Troubleshooting
Guide
December 15, 2011
Text Part Number: OL-25300-01