Nexus 7000 FAQ

Document ID: 113010

Contents
Introduction

What is the command is used to verify the "HSRP Active State" on a Nexus 7000 Series Switch?
On a Nexus 7018, when trying to perform a 'no shut' on Ethernet 1/3, the ERROR: Ethernet1/3:
Config not allowed, as first port in the portgrp is dedicated error message
is received.
What is vPC and what are its benefits?
Why does vPC not block either of the vPC uplinks?
How do I create a peer link for VDC and a keepalive link for each VDC?
What does the %EEM_ACTION6INFORM: Packets dropped due to IDS check length
consistent on module message mean?
How do I verify the features enabled on Nexus 7000 Series Switch with NXOS 4.2?
Is there a tool available for configuration conversion on Cisco 6500 series to the Nexus platform?
How many syslog servers can be added to a Nexus 7000 Series Switch?
Is Nexus 7010vPC feature (LACP enabled) compatible with the Cisco ASA etherchannel feature and with
ACE 4710 etherchannel?
What are orphan ports?
How many OSPF processes can be run in a virtual device context (VDC)?
Which Nexus 7000 modules support Fibre Channel over Ethernet (FCoE)?
What is the minimum NXOS release required to support FCoE in the Nexus 7000 Series Switches?
On a Nexus, is the metrictype keyword not available in the "defaultinformation originate" command?
How do I redistribute connected routes into an OSPF instance on a Nexus 7010 with a defined metric?
What is the equivalent NXOS command for the "ip multicastrouting" IOS command, and does the Nexus
7000 support PIMSparse mode?
When I issue the "show ip route bgp" command, I see my routes being learned via OSPF and BGP. How can I
verify on the NXOS which one will always be used and which one is a backup?
How do I avoid receiving the "Failed to process kickstart image. PreUpgrade check failed" error message
when upgrading the image on a Nexus 7000 Series Switch?
How can I avoid receiving the "Configuration does not match the port capability" error message when
enabling "switchport mode fexfabric"?
When I issue the "show interface counters errors" command, I see that one of the interfaces is consistently
posting errors. What are the FCSErr and RcvErr in the output of the "show interface counters errors"
command?
How do I enable/disable logging link status per port basis on a Nexus 7000 Series Switch?
On a Nexus 7000 running NXOS 5.1(3), can the DecNet be bridged on a VLAN?
How do I check the Network Time Protocol (NTP) status on a Nexus 7000 Series Switch?
How do I capture the output of the show techsupport details?
Can a Nexus 7000 be a DHCP server and can it relay DHCP requests to different DHCP servers per VLAN?
How do I verify if XL mode is enabled on a Nexus 7000 device?
How do I implement VTP in a Nexus 7000 Series Switch where VLANs are manually configured?
Is there a best practice for portchannel load balancing between Nexus 1000V Series and Nexus 7000 Series
Switches?
During Nexus 7010 upgrade from 5.2.1 to 5.2.3 code, the Xbar module in slot 4 keeps powering off. The
%MODULE2XBAR_DIAG_FAIL: Xbar 4 reported failure due to Module asic(s)
reported sync loss (DevErr is LinkNum). Trying to Resync in device 88
(device error 0x0) error message is received.
What does the %OC_USDSLOT182RF_CRC: OC2 received packets with CRC error
from MOD 6 through XBAR slot 5/inst 1 error message mean?
How do I verify packet drops on a Nexus 7000 Switch?
Related Information

Introduction
This document addresses the most frequently asked questions (FAQ) associated with Cisco Nexus 7000 Series
Switches.

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Q. What is the command is used to verify the "HSRP Active State" on a

Nexus 7000 Series Switch?
A. The command is show hsrp active or show hsrp brief .

Nexux_7K# show hsrp br

P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan132 32 90 P Standby 10.101.32.253 local 10.101.32.254 (conf)
Vlan194 94 90 P Standby 10.101.94.253 local 10.101.94.254 (conf)
Vlan2061 61 110 P Active local 10.100.101.253 10.100.101.254 (conf)

Nexus_7K# show hsrp standb br

P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan132 32 90 P Standby 10.101.32.253 local 10.101.32.254 (conf)
Vlan194 94 90 P Standby 10.101.94.253 local 10.101.94.254 (conf)
Vlan196 96 90 P Standby 10.101.96.253 local 10.101.96.254 (conf)

Q. On a Nexus 7018, when trying to perform a 'no shut' on Ethernet 1/3,

the ERROR: Ethernet1/3: Config not allowed, as first port
in the portgrp is dedicated error message is received.
A. The device thinks that the first port in the portgrp is in dedicated mode instead of shared
mode. When the first port of a portgrp is in dedicated mode, the other ports of the portgrp
cannot be used.

Q. What is vPC and what are its benefits?

A. Virtual PortChannel (vPC) is a portchanneling concept that extends link aggregation to
two separate physical switches.

Benefits of vPC include:

Utilizes all available uplink bandwidth

Allows the creation of resilient Layer 2 topologies based on link aggregation
Eliminates the dependence of Spanning Tree Protocol in Layer 2 access distribution
layer(s)
Enables transparent server mobility and server high availability (HA) clusters
Scales available Layer 2 bandwidth
Simplifies network design
 Dualhomed servers can operate in activeactive mode
Faster convergence upon link failure
Improves convergence time when a single device fails
Reduces capex and opex

Q. Why does vPC not block either of the vPC uplinks?

A. Nexus 7000 has a loop prevention method that drops traffic traversing the peer link
(destined for a vPC peer link) when there are no failed vPC ports or links. The rule is simple:
if the packet crosses the vPC peer link, it may not go out any port in a vPC even if that vPC
does not have the original VLAN.

Q. How do I create a peer link for VDC and a keepalive link for each
VDC?
A. Configure the vPC Keepalive Link and Messages

This example demonstrates how to configure the destination, source IP address, and VRF for
the vPCpeerkeepalive link:

switch# configure terminal

switch(config)# feature vpc
switch(config)# vpc domain 100
switch(configvpcdomain)# peerkeepalive destination 172.168.1.2 source
172.168.1.1 vrf vpckeepalive

Create the vPC Peer Link

This example demonstrates how to configure a vPC peer link:

switch# configure terminal

switch(config)# interface portchannel 20
switch(configif)# vpc peerlink
switch(configvpcdomain)#

Q. What does the %EEM_ACTION6INFORM: Packets dropped due

to IDS check length consistent on module message mean?
A. Cisco NXOS supports Intrusion Detection System (IDS) checks that validate IP packets
to ensure proper formatting. This is an enhancement beginning in 5.x. The EEM message is
being logged because a packet is received by the switch where the Ethernet frame size is
shorter than the expected length to include the IP packet length plus the Ethernet header. The
 packet is dropped by the hardware due to this condition.

In order to verify that the IDS drops occurred since the last switch reboot, issue the show
hardware forwarding ip verify module [#] ".

Q. How do I verify the features enabled on Nexus 7000 Series Switch

with NXOS 4.2?
A. Issue the show feature command in order to verify.

switchN7K# show feature

Feature Name Instance State

tacacs 1 enabled
scheduler 1 enabled
isis 2 disabled
isis 3 disabled
isis 4 disabled
ospf 1 enabled
ospf 2 disabled
ospf 3 disabled

switchN7K# show run | I feature

feature vrrp
feature tacacs+
feature scheduler
feature ospf
feature bgp
feature pim
feature pim6
feature eigrp
feature pbr
feature privatevlan
feature udld
feature interfacevlan
feature netflow
feature hsrp
feature lacp
feature dhcp
feature tunnel

Q. Is there a tool available for configuration conversion on Cisco 6500

series to the Nexus platform?
A. Cisco has developed the IOSNXOS Migration Tool for quick configuration conversion
on Cisco 6500 series to the Nexus series OS.

Q. How many syslog servers can be added to a Nexus 7000 Series

Switch?
A. The maximum number of syslog servers configured is 3.

Q. Is Nexus 7010vPC feature (LACP enabled) compatible with the Cisco

ASA etherchannel feature and with ACE 4710 etherchannel?
A. With respect to vPC, any device that runs the LACP (which is a standard), is compatible
with the Nexus 7000, including ASA/ACE.
Q. What are orphan ports?
A. Orphan ports are single attached devices that are not connected via a vPC, but still carry
vPC VLANs. In the instance of a peerlink shut or restoration, an orphan port's connectivity
may be bound to the vPC failure or restoration process. Issue the show vpc orphanports
command in order to identify the impacted VLANs.

Q. How many OSPF processes can be run in a virtual device context

(VDC)?
A. There can be up to four (4) instances of OSPFv2 in a VDC.

Q. Which Nexus 7000 modules support Fibre Channel over Ethernet

(FCoE)?
A. The Cisco Nexus 7000 Series 32Port 1 and 10 Gigabit Ethernet Module support FCoE.
The part number of the product is N7KF132XP15.

Q. What is the minimum NXOS release required to support FCoE in the

Nexus 7000 Series Switches?
A. FCoE is supported on Cisco Nexus 7000 Series systems running Cisco NXOS Release
5.2 or later.

Q. On a Nexus, is the metrictype keyword not available in the

"defaultinformation originate" command?
A. On a Nexus, use a routemap command with a set clause of metrictype
type[] in order to have the same functionality as in IOS using the defaultinformation
originate always metrictype [] command.

For example:

switch(config)#routemap STATOSPF, permit, sequence 10

switch(configroutemap)#match interface ethernet 1/2
switch(configroutemap)#set metrictype {external | internal | type1 | type2}

Q. How do I redistribute connected routes into an OSPF instance on a

Nexus 7010 with a defined metric?
A. In NXOS, a routemap is always required when redistributing routes into an OSPF
instance, and you will also use this routemap to set the metric. Further, subnet redistribution
is by default, so you do not have to add the subnets keyword.

For example:

switch(config)#accesslist 101 permit ip <connected network> <wildcard> any

switch(config)#accesslist 101 permit ip <connected network> <wildcard> any
switch(config)#accesslist 101 permit ip <connected network> <wildcard> any
switch(config)#accesslist 101 deny any
!
Router(config)# routemap direct2ospf permit 10
Router(configroutemap)# match ip address 101
 Router(configroutemap)# set metric <100>

Router(configroutemap)# set metrictype type1

!
switch(config)#router ospf 1
switch(configrouter)#redistribute direct routemap direct2ospf

Q. What is the equivalent NXOS command for the "ip

multicastrouting" IOS command, and does the Nexus 7000 support
PIMSparse mode?
A. The command is feature pim. In NXOS, multicast is enabled only after enabling the PIM
or PIM6 feature on each router and then enabling PIM or PIM6 sparse mode on each interface
that you want to participate in multicast.

For example:

switch(config)#feature pim
switch(config)#interface Vlan[536]
switch(configif)#ip pim sparsemode

See Cisco Nexus 7000 Series NXOS Multicast Routing Configuration Guide, Release 5.x
for a complete configuration guide.

Q. When I issue the "show ip route bgp" command, I see my routes

being learned via OSPF and BGP. How can I verify on the NXOS which
one will always be used and which one is a backup?
A. Here is what is received:

Nexus_7010#show ip route bgp

IP Route Table for VRF "default"
'*' denotes best ucast nexthop
'**' denotes best mcast nexthop
'[x/y]' denotes [preference/metric]

172.20.62.0/23, ubest/mbest: 1/0

*via 10.194.160.2, [20/0], 18:53:35, bgp[ASNumber], internal, tag [Number]
via 10.194.16.5, Vlan116, [110/1043], 18:43:51, ospf1, intra
172.20.122.0/23, ubest/mbest: 1/0
*via 10.194.160.2, [20/0], 18:53:35, bgp[ASNumber], internal, tag [Number]
via 10.194.16.5, Vlan116, [110/1041], 18:43:51, ospf1, intra

By default, BGP selects only a single best path and does not perform load balancing. As a
result, the route marked with the * will always be used, unless it goes down, at which point
any remaining routes will become the preferred path.

Q. How do I avoid receiving the "Failed to process kickstart image.

PreUpgrade check failed" error message when upgrading the image on
a Nexus 7000 Series Switch?
A. One potential reason for receiving this error message is if the file name specified is not
correct.

For example:
 switch#install all kickstart bootflash:n7000slkickstart.5.1.1a.bin system
bootflash:n7000sldk9.5.1.1a.bin

In this example, the file name contains "sl" (lowercase letter l) instead of "s1" (number 1).

Q. How can I avoid receiving the "Configuration does not match the port
capability" error message when enabling "switchport mode fexfabric"?
A. This error message is generated because the port is not FEX capable:

N7K2(config)#interface ethernet 9/5

N7K2(configif)#switchport mode fexfabric
ERROR: Ethernet9/5: Configuration does not match the port capability

In order to resolve this problem, check the port capabilities by using the show interface
ethernet command.

For example:

N7K2#show interface ethernet 9/5 capabilities

Ethernet9/5
Model: N7KM132XP12
Type (SFP capable): 10Gbase(unknown)
Speed: 10000
Duplex: full
Trunk encap. type: 802.1Q
Channel: yes
Broadcast suppression: percentage(0100)
Flowcontrol: rx(off/on),tx(off/on)
Rate mode: shared
QOS scheduling: rx(8q2t),tx(1p7q4t)
CoS rewrite: yes
ToS rewrite: yes
SPAN: yes
UDLD: yes
Link Debounce: yes
Link Debounce Time: yes
MDIX: no
Pvlan Trunk capable: no
Port Group Members: 1,3,5,7
TDR capable: no
FabricPath capable: no
Port mode: Routed,Switched
FEX Fabric: no
dot1Qtunnel mode: yes

From this output of the show interface ethernet 9/5 capabilities command, you can see FEX
Fabric: no. This verifies that the port is not FEX capable. In order to resolve this problem,
upgrade the EPLD images to Cisco NXOS Release 5.1(1) or later.

Q. When I issue the "show interface counters errors" command, I see

that one of the interfaces is consistently posting errors. What are the
FCSErr and RcvErr in the output of the "show interface counters
errors" command?
A. Here is what is received:

Nexus7000#show interface counters errors


Port AlignErr FCSErr XmitErr RcvErr UnderSize OutDiscards

Eth1/1 0 26 0 26 0 0

With FCSErr and RcvErr, it is usually an indication that you are receiving corrupt packets.

Q. How do I enable/disable logging link status per port basis on a Nexus

7000 Series Switch?
A. All interface link status (up/down) messages are logged by default. Link status events can
be configured globally or per interface. The interface command enables link status logging
messages for a specific interface.

For example:

N7k(config)#interface ethernet x/x

N7k(configif)#logging event port linkstatus

Q. On a Nexus 7000 running NXOS 5.1(3), can the DecNet be bridged on

a VLAN?
A. All of the Nexus platforms support passing DecNet frames through the device from a
layer2 perspective. However, there is no support for routing DecNet on the Nexus.

Q. How do I check the Network Time Protocol (NTP) status on a Nexus

7000 Series Switch?
A. In order to display the status of the NTP peers, issue the show ntp peerstatus command:

switch#show ntp peerstatus

Total peers : 1

* selected for sync, + peer mode(active),

peer mode(passive), = polled in client mode

remote local st poll reach delay vrf

*10.1.10.5 0.0.0.0 1 64 377 0.00134 default

Q. How do I capture the output of the show techsupport details?

A. Issue the tacpac bootflash://<filename> command in order to redirect the output of the
show tech command to a file, and then gzip the file.

For example:

switch#tacpac bootflash://showtech.switch1

Issue the copy bootflash://showtech.switch1 tftp://<server IP/<path> command in order to

copy the file from bootflash to the TFTP server.
 For example:

switch#copy bootflash://showtech.switch1 tftp://<server IP/<path>

Q. Can a Nexus 7000 be a DHCP server and can it relay DHCP requests
to different DHCP servers per VLAN?
A. The Nexus 7000 does not support a DHCP server, but it does support DHCP relay. For
relay, use the ip dhcp relay address x.x.x.x interface command.

See Cisco Nexus 7000 Series NXOS Security Configuration Guide, Release 5.x for more
information on Dynamic Host Configuration Protocol (DHCP) on a Cisco NXOS device.

Q. How do I verify if XL mode is enabled on a Nexus 7000 device?

A. The Scalable Feature License is the new Nexus 7000 system license that enables the
incremental table sizes supported on the MSeries L Modules. Without the license, the
system will run in standard mode, meaning none of the larger table sizes will be accessible.
Having nonXL and XL modules in a system is supported, but for the system to run in XL
mode all modules need to be XL capable, and the Scalable Feature license needs to be
installed. Mixing modules is supported, with the system running in the nonXL mode. If the
modules are in the same system, the entire system falls back to the common smallest value. If
the XL and nonXL are isolated using VDCs, then each VDC is considered a separate system
and can be run in different modes.

In order to confirm whether the Nexus 7000 has the XL option enabled, you first need to
check if the Scalable Feature License is installed. Also, having nonXL and XL modules in a
system is supported, but in order for the system to run in XL mode, all modules need to be
XL capable.

Q. How do I implement VTP in a Nexus 7000 Series Switch where VLANs

are manually configured?
A. Cisco does not recommend running VTP in data centers. If someone attaches a switch to
the network with a higher revision number without changing the VTP mode from the server,
it will override the VLAN configuration on the switch.

Q. Is there a best practice for portchannel load balancing between

Nexus 1000V Series and Nexus 7000 Series Switches?
A. There is no recommended best practice for loadbalancing between the Nexus 1000V
Series and Nexus 7000 Series Switches. You can choose either a flowbased or a
sourcebased model depending on the network's requirement.

Q. During Nexus 7010 upgrade from 5.2.1 to 5.2.3 code, the Xbar
module in slot 4 keeps powering off. The %MODULE2XBAR_DIAG_FAIL:
Xbar 4 reported failure due to Module asic(s) reported
sync loss (DevErr is LinkNum). Trying to Resync in device
88 (device error 0x0) error message is received.
 A. This error message corresponds to diagnostic failures on module 2. It could be a bad
connection to the Xbar from the linecard, which is results in the linecard being unable to
sync. Typically with these errors, the first step is to reseat the module. If that does not resolve
the problem, reseat the fabric as well as the module individually.

Q. What does the %OC_USDSLOT182RF_CRC: OC2 received

packets with CRC error from MOD 6 through XBAR slot
5/inst 1 error message mean?
A. These errors indicate that the octopus engine received frames that failed the CRC error
checks. This can be caused by multiple reasons. For example:

Hardware problems:

Bad links
Backplane issues
Sync losses
Seating problems
Software problems:

Old fpga
Frames forwarded to LC that it is unable to understand

Q. How do I verify packet drops on a Nexus 7000 Switch?

A. Verify the Rx Pause and TailDrops fields from the output of the show interface {/} and
show hardware internal errors module module # commands for the module with these
ports.

For example:

Nexus7K#show interface e7/25

Ethernet7/25 is up

! Output suppressed

input rate 1.54 Kbps, 2 pps; output rate 6.29 Mbps, 3.66 Kpps
RX
156464190 unicast packets 0 multicast packets 585 broadcast packets
156464775 input packets 11172338513 bytes
0 jumbo packets 0 storm suppression packets
0 runts 0 giants 0 CRC 0 no buffer
0 input error 0 short frame 0 overrun 0 underrun 0 ignored
0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
0 input with dribble 0 input discard
7798999 Rx pause
TX
6365127464 unicast packets 6240536 multicast packets 2290164 broadcast packets
6373658164 output packets 8294188005962 bytes
0 jumbo packets
0 output error 0 collision 0 deferred 0 late collision
0 lost carrier 0 no carrier 0 babble
0 Tx pause

The pauses on e7/25 indicate that the server is having difficulty keeping up with the amount
 of traffic sent to it.

Nexus7k#show hardware internal erroe module 2 | include

r2d2_tx_taildrop_drop_ctr_q3
37936 r2d2_tx_taildrop_drop_ctr_q3 0000000199022704 2
37938 r2d2_tx_taildrop_drop_ctr_q3 0000000199942292 4
37941 r2d2_tx_taildrop_drop_ctr_q3 0000000199002223 5
37941 r2d2_tx_taildrop_drop_ctr_q3 0000000174798985 17

This indicates that the amount of traffic sent to these device was too much for the interface
itself to transmit. Since each interface was configured as a trunk allowing all VLANs and
multicast/broadcast traffic counters were low, it appears there is a lot of unicast flooding that
may be causing drops for these interfaces.

Related Information
Cisco Nexus 7000 Series Switches: Support Page
Fibre Channel over Ethernet (FCoE)
Switches Product Support
LAN Switching Technology Support
Technical Support & Documentation Cisco Systems

Contacts & Feedback | Help | Site Map

2013 2014 Cisco Systems, Inc. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks of
Cisco Systems, Inc.

Updated: Jun 28, 2011 Document ID: 113010