Guest

Cisco Nexus 3000 Series Switches

Cisco Nexus 3064 Quick Start Guide

  • Viewing Options

  • PDF (1.3 MB)
  • Feedback

This guide describes configuration of Cisco Nexus® 3064 Series Switches and shows you different High-Frequency Trading (HFT) deployments. You can deploy the Cisco Nexus 3064 in a switched or routed design.

Establish Connectivity. 4

Layer 2 Deployment 4

Configure Port Channels. 4

Traffic Engineering and Spanning Tree. 7

Layer 3 Deployment 10

Enable Layer 3 Capabilities. 10

Install License. 10

Steps to Enable Features. 11

Examples: 11

Configure Layer 3 at Exchange Interconnectivity Layer 12

Configure OSPF Between N3K-1 and N3K-2. 12

Configure BGP on N3K-1, N3K-2, AS1, and AS2. 13

Configure HSRP on N3K-1 and N3K-2. 13

Configure Multicast with N3K.. 15

Configure MSDP.. 16

Configure Layer 3 at Access Layer 19

Configure Layer 2 and Layer 3 Jumbo MTU.. 20

Layer 2 Jumbo MTU.. 20

Layer 3 Jumbo MTU.. 21

Configure Switched Port Analyzer. 22


You can deploy the Cisco Nexus 3064 at switch access level or at higher interconnectivity level directly to the exchange layer 3 servers for example, as commonly deployed in High Frequency Trading designs. Figure 1 shows a switched access design, and Figure 2 shows a routed access design.

This guide uses a topology of 4 switches to encompass larger deployment options. The document can be used as reference when deploying a pair or a single Nexus 3064 for smaller scale implementations.

Figure 1.      Switched Access Design

Figure 2.      Routed Access Design

Establish Connectivity

Use the management port on the Cisco Nexus 3064 to configure the basic connectivity to the switch.

The configuration is identical to that of the Cisco Nexus 5000 Series Switch:

1. config t

2. interface mgmt  0

3. ip address ip-address subnet mask

4. no shutdown

5. vrf context management

6. ip route 0.0.0.0 0.0.0.0  default-gateway-ip-address

7. copy running-config startup-config

An example follows:

 

n3k-1(config)# int mgmt 0

n3k-1(config-if)# ip address 172.25.186.249/24

n3k-1(config-if)# no shut

n3k-1(config-if)#

n3k-1(config-if)# vrf context management

n3k-1(config-vrf)# ip route 0.0.0.0 0.0.0.0 172.25.186.1

 

n3k-1(config-vrf)# ping 10.29.176.74 vrf management

PING 10.29.176.74 (10.29.176.74): 56 data bytes

64 bytes from 10.29.176.74: icmp_seq=0 ttl=251 time=1.133 ms

64 bytes from 10.29.176.74: icmp_seq=1 ttl=251 time=0.779 ms

64 bytes from 10.29.176.74: icmp_seq=2 ttl=251 time=0.745 ms

64 bytes from 10.29.176.74: icmp_seq=3 ttl=251 time=0.747 ms

64 bytes from 10.29.176.74: icmp_seq=4 ttl=251 time=0.745 ms

 

Note:    To ping from the management interface, you must add part of the management of Virtual Route Forwarding (VRF), the sub-commands "vrf management".

Layer 2 Deployment

This scenario is similar to deploying four Cisco Nexus 5000 Switches in a Layer 2 configuration

Configure Port Channels

The port-channel configuration commands are common to those of the other Cisco Nexus Operating System (NX-OS) platforms.

In this example we configure the topology shown in Figure 3.

Figure 3.      Physical Port Connectivity

Note:    You must enable the Link Aggregation Control Protocol (LACP) feature with the command feature lacp for LACP-negotiated port channels:

1. feature lacp: Enables LACP

2. interface port-channel  PO_NUMBER: Creates an interface port channel

3. switchport mode trunk ip address ip-address subnet mask: Defines the port-channel interface as a trunk

4. interface Ethernet 1/number-number: Selects a range of interfaces

5. switchport mode trunk: Defines the interfaces as trunks

6. channel-group PO_NUMBER   [mode active]: Bundles the interfaces in a port channel

6. copy running-config startup-config: Saves the running configuration into bootflash

The configuration follows:

 

n3k-1(config)# feature lacp

n3k-1(config)# interface port-channel 1

n3k-2(config-if)# switchport mode trunk

n3k-1(config)# interface port-channel 12

n3k-2(config-if)# switchport mode trunk

n3k-1(config)# interface port-channel 13

n3k-2(config-if)# switchport mode trunk

n3k-1(config)# interface port-channel 14

n3k-2(config-if)# switchport mode trunk

n3k-1(config)# int e1/1-2

n3k-1(config-if-range)# switchport mode trunk

n3k-1(config-if-range)# channel-group 1 mode active

n3k-1(config-if-range)# int e1/30-40

n3k-1(config-if-range)# switchport mode trunk

n3k-1(config-if)# channel-group 12 mode active

n3k-1(config-if)# int e1/20-29

n3k-1(config-if-range)# switchport mode trunk

n3k-1(config-if-range)# channel-group 13 mode active

n3k-1(config-if-range)# int e1/10-19

n3k-1(config-if-range)# switchport mode trunk

n3k-1(config-if-range)# channel-group 14 mode active

 

A similar configuration is repeated on the other devices:

 

n3k-2(config)# feature lacp

n3k-2(config)# interface port-channel 2

n3k-2(config-if)# switchport mode trunk

n3k-2(config-if)# interface port-channel 12

n3k-2(config-if)# switchport mode trunk

n3k-2(config-if)#interface port-channel 24

n3k-2(config-if)# switchport mode trunk

n3k-2(config-if)# interface port-channel 23

n3k-2(config-if)# switchport mode trunk

n3k-2(config-if)# interface  e1/1-2

n3k-2(config-if-range)# switchport mode trunk

n3k-2(config-if-range)# channel-group 2

n3k-2(config-if-range)# interface e1/30-40

n3k-2(config-if-range)# switchport mode trunk

n3k-2(config-if)# channel-group 12 mode active

n3k-2(config-if)# interface e1/20-29

n3k-2(config-if-range)# switchport mode trunk

n3k-2(config-if-range)# channel-group 24 mode active

n3k-2(config-if-range)# interface e1/10-19

n3k-2(config-if-range)# switchport mode trunk

n3k-2(config-if-range)# channel-group 23 mode active

 

n3k-3(config)# feature lacp

n3k-3(config)# interface port-channel 13

n3k-3(config-if)# switchport mode trunk

n3k-3(config-if)# interface port-channel 34

n3k-3(config-if)# switchport mode trunk

n3k-3(config-if)# interface port-channel 23

n3k-3(config-if)# switchport mode trunk

n3k-3(config-if)# interface e1/20-29

n3k-3(config-if-range)# switchport mode trunk

n3k-3(config-if-range)# channel-group 13 mode active

n3k-3(config-if-range)# interface e1/20-29

n3k-3(config-if-range)# switchport mode trunk

n3k-3(config-if-range)# channel-group 13 mode active

n3k-3(config-if-range)# interface e1/10-19

n3k-3(config-if-range)# switchport mode trunk

n3k-3(config-if-range)# channel-group 23 mode active

n3k-3(config-if-range)# interface e1/30-31

n3k-3(config-if)# switchport mode trunk

n3k-3(config-if)# channel-group 34 mode active

 

 

n3k-4(config)# feature lacp

n3k-4(config)# interface po 24

n3k-4(config-if)# switchport mode trunk

n3k-4(config-if)# interface port-channel 14

n3k-4(config-if)# switchport mode trunk

n3k-4(config-if)# interface port-channel 34

n3k-4(config-if)# switchport mode trunk

n3k-4(config-if)# interface e1/10-19

n3k-4(config-if-range)# switchport mode trunk

n3k-4(config-if-range)# interface e1/20-29

n3k-4(config-if-range)# switchport mode trunk

n3k-4(config-if-range)# channel-group 24 mode active

n3k-4(config-if-range)# interface e1/30-31

n3k-4(config-if)# switchport mode trunk

n3k-4(config-if)# channel-group 34 mode active

 

Traffic Engineering and Spanning Tree

This section describes traffic engineering - how to adjust the traffic path for the Ethernet frames. The configuration example shows how to achieve the logical diagram displayed below in Figure 4.

Figure 4.      Switched Access Design Logical Diagram

In the topology shown in Figure 4, N3k-1 is the root switch and N3k-2 the secondary root:

N3k-1(config)# spanning-tree vlan 1-3967,4049-4093 root primary

N3k-2(config)# spanning-tree vlan 1-3967,4049-4093 root secondary

With this configuration of spanning tree, N3k-1 being the root, N3k-4 port-channel 14 will forward traffic, whereas port-channel 24 will block it. If the traffic destined on the hosts behind N3k-4 needs to flow through N3k-2 directly, then you can adjust spanning-tree cost and priority to change the traffic path; for example, you can increase the cost on port-channel 14 on the N3k-4.

The configuration before changes follows:

n3k-4(config-if)# show spanning-tree vlan 1

 

VLAN0001

  Spanning tree enabled protocol rstp

  Root ID    Priority    24577

             Address     0005.73ce.4801

             Cost        1

             Port        4109 (port-channel14)

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)

             Address     0005.73ab.2d3d

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po14             Root FWD 1         128.4109 P2p     -> this is the traffic path

Po24             Altn BLK 1         128.4119 P2p

Po34             Desg FWD 2         128.4129 P2p

 

The configuration after changes follows:

 

n3k-4(config-if)#interface port-channel 14

n3k-4(config-if)# spanning-tree cost 3

 

Verification follows:

 

n3k-4(config-if)# show spanning-tree vlan 1

 

VLAN0001

  Spanning tree enabled protocol rstp

  Root ID    Priority    24577

             Address     0005.73ce.4801

             Cost        2

             Port        4119 (port-channel24)

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)

             Address     0005.73ab.2d3d

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po14             Altn BLK 3         128.4109 P2p

Po24             Root FWD 1         128.4119 P2p   -> this is now traffic path

Po34             Altn BLK 2         128.4129 P2p

 

n3k-1(config)# show spanning-tree vlan 1

 

VLAN0001

  Spanning tree enabled protocol rstp

  Root ID    Priority    24577

             Address     0005.73ce.4801

             This bridge is the root

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

  Bridge ID  Priority    24577  (priority 24576 sys-id-ext 1)

             Address     0005.73ce.4801

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po1              Desg FWD 1         128.4096 P2p

Po12             Desg FWD 1         128.4107 P2p

Po13             Desg FWD 1         128.4108 P2p

Po14             Desg FWD 1         128.4109 P2p

Eth1/3           Desg FWD 2         128.131  P2p

 

 

n3k-2(config-if-range)# show spanning-tree vlan 1

 

VLAN0001

  Spanning tree enabled protocol rstp

  Root ID    Priority    24577

             Address     0005.73ce.4801

             Cost        1

             Port        4107 (port-channel12)

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

  Bridge ID  Priority    28673  (priority 28672 sys-id-ext 1)

             Address     0005.73c6.34c1

             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

 

Interface        Role Sts Cost      Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po2              Desg FWD 1         128.4097 P2p

Po12             Root FWD 1         128.4107 P2p

Po23             Desg FWD 1         128.4118 P2p

Po24             Desg FWD 1         128.4119 P2p

Eth1/3           Desg FWD 2         128.131  P2p

 

 

Layer 3 Deployment

Enable Layer 3 Capabilities

Layer 3 capabilities are built into the Cisco Nexus 3064, so you just need to acquire a software license and then enable the features in order to use Layer 3 functions. There are two licenses the Basic and the Enterprise versions. Please refer to the product release notes for further information on licensing.

Install License

1.     Find out your host-id:

n3k-1# show license host-id

License hostid: VDH=SSI15040AM0

You must provide your host-id to receive your license file.

2.     Copy your license file to bootflash:

Use the command copy to copy your file from your server (ftp, scp, or tftp); for example:

 

n3k-1# copy ftp: bootflash:

Enter source filename: N3K_SSI1453ATSM.lic

Enter vrf (If no input, current vrf 'default' is considered): management

Enter hostname for the ftp server: 10.10.10.1

Enter username: ftpuser

Password:

***** Transfer of file Completed Successfully *****

 

Note:    You can also copy from a USB drive when it is inserted in the Cisco Nexus 3064 USB port.

3.     Install your license file:

n3k-1# install license bootflash:N3K_SSI1453ATSM.lic

Installing license .....done

n3k-# show license usage

 

Feature                      Ins  Lic   Status Expiry Date Comments

                                 Count

--------------------------------------------------------------------------------

LAN_BASE_SERVICES_PKG         Yes   -   In use Never       -

LAN_ENTERPRISE_SERVICES_PKG   No   -   In use Never       -

--------------------------------------------------------------------------------

Now you can enable the Layer 3 features on the Cisco Nexus 3064.

Note that if you have an enterprise level of license, you must also install the Cisco NX-OS® Software IP Base license.

The Layer 3 functions are enabled with the command feature. The command show feature lists all the options available and the current status of the feature (enabled or disabled).

Steps to Enable Features

1.     configure terminal

2.     feature A

3.     show feature

Examples:

-enable bgp

Use the following command to enable the Border Gateway Protocol (BGP):

 

n3k-1(config)# feature bgp

n3k-1(config)# show feature | i bgp

bgp                   1         enabled (not-running)

 

-enable ospf

 

To enable Open Shortest Path First (OSPF), use the following command:

 

n3k-1(config)# show feature | i ospf

ospf                  1         enabled (not-running)

ospf                  2         enabled (not-running)

ospf                  3         enabled (not-running)

ospf                  4         enabled (not-running)

 

 

-enable eigrp

 

To enable Enhanced IGRP (EIGRP), use the following command:

 

n3k-1(config)# sh feature | i eigrp

eigrp                 1         enabled (not-running)

eigrp                 2         enabled (not-running)

eigrp                 3         enabled (not-running)

eigrp                 4         enabled (not-running)

 

-enable HSRP

n3k-1(config)#feature hsrp

n3k-1(config)# sh feature | i hsrp

hsrp_engine           1         enabled

 

Configure Layer 3 at Exchange Interconnectivity Layer

This example shows how to configure Layer 3 on the exchange interconnectivity level on N3K-1 and N3K-2, as shown in Figures 1 and 4.

The following features are covered:

   OSPF

   BGP

   Hot Standby Router Protocol (HSRP)

   Multicast (Protocol Independent Multicast [PIM])

   Multicast Source Discovery Protocol (MSDP)

Figure 5.      Switched Server Access Design

Configure OSPF Between N3K-1 and N3K-2

N3K-1

 router ospf 1

 interface port-channel12

 no switchport

  ip address 10.12.1.1/24

  ip router ospf 1 area 0.0.0.0

interface loopback0

  ip address 3.3.1.1/24

  ip router ospf 1 area 0.0.0.0

 

N3K-2

router ospf 1

interface port-channel12

  no switchport

  ip address 10.12.1.2/24

  ip router ospf 1 area 0.0.0.0

interface loopback0

  ip address 3.3.2.2/24

  ip router ospf 1 area 0.0.0.0

 

Configure BGP on N3K-1, N3K-2, AS1, and AS2

AS stands for Autonomous System

N3K-1

router bgp 3

  neighbor 3.3.2.2 remote-as 3

    update-source loopback0

    address-family ipv4 unicast

  neighbor 10.10.1.1 remote-as 1

    address-family ipv4 unicast

 

N3K-2

router bgp 3

  neighbor 3.3.1.1 remote-as 3

    update-source loopback0

    address-family ipv4 unicast

  neighbor 10.10.2.1 remote-as 2

    address-family ipv4 unicast

 

Configure HSRP on N3K-1 and N3K-2

In this example, HSRP is enabled for VLANs 50 and 60. The hosts on VLANs 50 and 60 behind N3K-3 and N3k-4 can use the HSRP IP as their default gateway IP address.

N3K-1

 

feature hsrp

vlan 50

name 10.50.1.0

vlan 60

name 10.60.1.0

 

interface Vlan50

  no shutdown

  description server-vlan

  ip address 10.50.1.2/24

  ip ospf passive-interface

  ip router ospf 1 area 0.0.0.0

  hsrp 1

    preempt delay minimum 240

    priority 110

    timers msec 250 msec 750

    ip 10.50.1.1

interface Vlan60

  no shutdown

  description server-vlan

  ip address 10.60.1.2/24

  ip ospf passive-interface

  ip router ospf 1 area 0.0.0.0

  hsrp 1

    preempt delay minimum 240

    priority 110

    timers msec 250 msec 750

    ip 10.60.1.1

 

N3K-2

 

feature hsrp

vlan 50

name 10.50.1.0

vlan 60

name 10.60.1.0

 

interface Vlan50

  no shutdown

  description server-vlan

  ip address 10.50.1.3/24

  ip router ospf 1 area 0.0.0.0

  hsrp 1

    preempt delay minimum 240

    timers msec 250 msec 750

    ip 10.50.1.1

 

interface Vlan60

  no shutdown

  ip address 10.60.1.3/24

  ip router ospf 1 area 0.0.0.0

  hsrp 1

    preempt delay minimum 240

    timers msec 250 msec 750

    ip 10.60.1.1

 

N3K-1 will be the active router for both VLANs because it has a higher priority.

You can use the command show hsrp to verify.

Configure Multicast with N3K

Figure 6.      Multicast Switched Server Access Design

This example shows multicast communication between a source and a receiver. It shows allows multicast communication between the Rendezvous Point and the hosts on VLANs 50 and 60. Static or Auto-RP can be utilized.

N3K-1

 

feature pim

ip pim auto-rp forward listen

 

interface port-channel1

  description to_RP

  ip pim sparse-mode

 

interface port-channel12

  description to_N3K-2

  ip pim sparse-mode

 

interface loopback0

  ip pim sparse-mode

 

interface Vlan50

  description server-vlan

  ip pim sparse-mode

  ip pim dr-priority 10

interface Vlan60

  description server-vlan

  ip pim sparse-mode

  ip pim dr-priority 10

 

N3K-2

 

feature pim

ip pim auto-rp forward listen

 

interface port-channel1

  description to_RP

  ip pim sparse-mode

 

interface port-channel12

  description to_N3K-1

  ip pim sparse-mode

 

interface loopback0

  ip pim sparse-mode

 

interface Vlan50

  description server-vlan

  ip pim sparse-mode

 

interface Vlan60

  description server-vlan

  ip pim sparse-mode

Configure MSDP

You can use MSDP to exchange multicast source information between multiple BGP-enabled PIM sparse-mode domains.

When a receiver for a group matches the group transmitted by a source in another domain, the Rendezvous Point (RP) sends PIM join messages in the direction of the source to build a shortest-path tree. The designated router (DR) sends packets on the source tree within the source domain, which may travel through the route processor in the source domain and along the branches of the source tree to other domains. In domains where there are receivers, route processors in those domains can be on the source tree. The peering relationship is conducted over a TCP connection.

You can configure an MSDP peer when you configure a peering relationship with each MSDP peer that resides either within the current PIM domain or in another PIM domain. MSDP is enabled on the router when you configure the first MSDP peering relationship. Before you begin, ensure that you configured BGP and PIM in the domains of the routers that you will configure as MSDP peers.

Figure 7.      MSDP Peering Between Rendezvous Point in Different PIM Domains

Figure 7 shows three PIM domains. The connected route processors (routers) are called MSDP peers because each one maintains its own set of multicast sources.

Source host 1 sends the multicast data to group 224.1.1.1. On route processor 3 (RP3), the MSDP process learns about the source through PIM register messages and generates Source-Active (SA) messages to its MSDP peers that contain information about the sources in its domain. When RP1 receives the request from host 2 for the multicast data on group 224.1.1.1, it builds a shortest-path tree to the source by sending a PIM join message in the direction of host 1 at 10.50.1.100.

Summary Steps

1. config t

2. feature msdp

3. ip msdp peer peer-ip-address connect-source interface [remote-as as-number]

4. Repeat Step 3 for each MSDP peering relationship.

5. show ip msdp summary [vrf vrf-name | known-vrf-name | all]

6. copy running-config startup-config

The configuration follows:

RP1 (NX-OS)

feature mdsp

ip msdp peer 10.10.1.2 connect-source port-channel 1 remote-as 3

ip msdp password 10.10.1.2 my_peer_password_31

ip msdp sa-interval 80

 

RP2 (NX-OS)

feature mdsp

ip msdp peer 10.10.2.2 connect-source port-channel 1 remote-as 3

ip msdp password 10.10.2.2 my_peer_password_42

ip msdp sa-interval 80

 

RP3 (N3K-1)

feature mdsp

ip msdp peer 10.10.1.1 connect-source port-channel 1 remote-as 1

ip msdp peer 10.12.1.2 connect-source port-channel 12

ip msdp password 10.10.1.1 my_peer_password_31

ip msdp sa-interval 80

ip mdsp mesh-group 10.12.1.2 mesh_group_34

 

 

RP4 (N3K-2)

feature mdsp

ip msdp peer 10.10.2.1 connect-source port-channel 1 remote-as 2

ip msdp password 10.10.2.1 my_peer_password_42

ip msdp sa-interval 80

ip mdsp mesh-group 10.12.1.1 mesh_group_34

 

Verification

show ip msdp summary [vrf vrf-name | known-vrf-name | all]

Example:

[snip]

MSDP peer 10.10.1.1 for VRF "default"

AS 1, local address: 10.10.1.2 (port-channel1)

  Description: none

  Connection status: Established

    Uptime(Downtime): 00:03:30

[snip]

Configure Layer 3 at Access Layer

Another possible design is to configure Layer 3 to the access layer as illustrated in Figures 8 and 9.

The configuration of N3k-3 and N3k-4 in this topology is similar as that for N3K-1 and N3K-2 in the previous example (Figures 1 and 5).

Figure 8.      Layer 3 Design at Server Access Layer

Figure 9.      Layer 3 Server Access Design Protocol View

Configure Layer 2 and Layer 3 Jumbo MTU

This section describes how to change the maximum-transmission-unit (MTU) size for Layer 2 frames or Layer 3 packets. The MTU changes do not require a switch reboot, and they take effect immediately.

Layer 2 Jumbo MTU

Layer 2 jumbo MTU configuration is similar across all Cisco Nexus NX-OS platforms.

The default MTU size is 1500 bytes on the Cisco Nexus 3064. To allow a higher MTU size (jumbo), you must change the configuration.

Use the following command to verify the Layer 2 MTU size:

 

n3k-1# sh queuing int e1/1

Ethernet1/1 queuing information:

  TX Queuing

    qos-group  sched-type  oper-bandwidth

        0       WRR            100

 

  RX Queuing

    qos-group 0

    HW MTU: 1500 (1500 configured)

[snip]

n3k-1#

 

The configuration follows:

n3k-1#configure terminal

n3k-1(config)# policy-map type network-qos jumbo

n3k-1(config-pmap-nq)# class type network-qos class-default

n3k-1(config-pmap-nq-c)# mtu 9216

n3k-1(config-pmap-nq-c)# system qos

n3k-1(config-sys-qos)# service-policy type network-qos jumbo

 

Verification follows:

 

n3k-1# show queuing int e1/1

Ethernet1/1 queuing information:

  TX Queuing

    qos-group  sched-type  oper-bandwidth

        0       WRR            100

 

  RX Queuing

    qos-group 0

    HW MTU: 9216 (9216 configured)

[snip]

 

 

Layer 3 Jumbo MTU

SVI Layer 3 MTU

The configuration follows:

 

n3k-1(config)# feature interface-vlan

n3k-1(config-if)# int vlan 1

n3k-1(config-if)# ip address 1.1.1.2/24

n3k-1(config-if)# no shutdown

n3k-1(config-if)# mtu 9216

 

Verification follows:

 

n3k-1(config-if)# show int vlan 1

Vlan1 is up, line protocol is up

  Hardware is EtherSVI, address is  0005.73ce.4801

  Internet Address is 1.1.1.2/24

  MTU 9216 bytes, BW 1000000 Kbit, DLY 10 usec 

 

Interface Layer 3

The configuration follows:

 

n3k-1#configure terminal

n3k-1(config)#interface e1/3

n3k-1(config)#no switchport

n3k-1(config)#ip address 33.33.33.3/24

n3k-1(config-if)#mtu 9216

 

Verification follows:

 

n3k-1(config-if)# show int e1/3

Ethernet1/3 is up

  Hardware: 1000/10000 Ethernet, address: 0005.73ce.4801 (bia 0005.73ce.47ca)

  Internet Address is 33.33.33.3/24

  MTU 9216 bytes, BW 10000000 Kbit, DLY 10 usec 

 

Configure Switched Port Analyzer

The Cisco Nexus 3064PQ can handle:

   A maximum of four active sessions simultaneously:

     Two sessions with source interfaces monitoring in both directions

     Four sessions when monitored traffic is in only one direction (RX or TX)

   Up to 18 configured sessions, allowing easier configuration changes

The best practice is to use only the RX type of source traffic for Switched Port Analyzer (SPAN) to provide better performance: RX traffic is cut-through, whereas TX is store-and-forward. Hence, when monitoring both directions (RX and TX), the performance is not as good as when monitoring only RX. If you need to monitor both directions of traffic, you can monitor RX on more physical ports to capture both sides of the traffic.

Example: Monitor bidirectional traffic to and from server B.

The goal in this example (Figure 10) is to monitor traffic going to server B in both directions. The other devices communicating with server B are servers A and C. The SPAN destination client to receive the traffic is also connected to the Cisco Nexus 3064PQ. To achieve better performance, the configuration needs to monitor RX traffic on three ports: Ethernet 1/1, 1/2, and 1/3 instead of just Ethernet 1/2 (both directions).

Figure 10.    SPAN Configuration Example

The configuration on N3K-3 follows:

 

interface ethernet1/9

 switchport monitor

 

monitor session 1

 source interface ethernet 1/1,ethernet 1/2,ethernet 1/3 rx

 destination interface ethernet 1/9

 no shutdown

 

Verification follows:

 

n3k-3# show monitor session 2

   session 1

---------------

type              : local

state             : up

source intf       :

    rx            : Eth1/1       Eth1/2       Eth1/3

    tx            :

    both          :

source VLANs      :

    rx            :

destination ports : Eth1/9  

 

Note:    If more than the four SPAN resources are used (two bidirectional or four unidirectional SPAN sessions), the following error message will be displayed when you attempt to bring up the monitor session with the no shutdown command:
“ERROR: Destination resource unavailable. All destination resources used up.”

It’s also possible to monitor a VLAN as a source traffic or a port-channel.