Using a 40Gb to 10Gb Breakout Cable on NX-OS

QSFP to SFP+ Breakout Cable

This cable turns a 40Gbps port into four 10Gbps ports

As part of a core refresh, I had a pair of shiny new Nexus 93108TC-EX switches. I needed to connect them to the old core switches using a QSFP to SFP+ breakout cable because the old switch didn’t have any 40Gb ports. I patched everything in and the transceivers looked fine, but when I turned up one of the 10Gb ports connected to the 40Gb ports it just started flapping. The port on the 40Gb side just says the bandwidth was 40000000 and it wasn’t breaking out the channels. I was not able to find any commands for it that were obvious in the CLI, so I start the Googling for the documentation. it took a bit longer to find than I thought it should, so thought I’d share it here to save you some time.

So, turned out I was doing it wrong. Yeah, I know we already figured that out.
The Nexus 3000/9000: Consolidated Interface Breakout configuration document has the instructions for various platforms, but it’s pretty simple:

(config)# interface breakout module 1 port 53 map ?
10g-4x Breaks out a 40G high BW front panel port into four 10G ports
25g-4x Breaks out a 100G high BW front panel port into four 25G ports
50g-2x Breaks out a 100G high BW front panel port into two 50G ports

9k(config)# interface breakout module 1 port 53 map 10g-4x
2017 Jan 20 15:10:39 9k %ETHPORT-5-IF_DOWN_INTERFACE_REMOVED: Interface Ethernet1/53 is down (Interface removed)
2017 Jan 20 15:10:39 9k %VDC_MGR-5-VDC_STATE_CHANGE: vdc 1 state changed to updating
2017 Jan 20 15:10:39 9k %VDC_MGR-5-VDC_STATE_CHANGE: vdc 1 state changed to active
2017 Jan 20 15:10:39 9k %VDC_MGR-5-VDC_MEMBERSHIP_ADD: vdc_mgr: Interface Ethernet1/53/1 has been added to this vdc
2017 Jan 20 15:10:39 9k %VDC_MGR-5-VDC_MEMBERSHIP_ADD: vdc_mgr: Interface Ethernet1/53/2 has been added to this vdc
2017 Jan 20 15:10:39 9k %VDC_MGR-5-VDC_MEMBERSHIP_ADD: vdc_mgr: Interface Ethernet1/53/3 has been added to this vdc
2017 Jan 20 15:10:39 9k %VDC_MGR-5-VDC_MEMBERSHIP_ADD: vdc_mgr: Interface Ethernet1/53/4 has been added to this vdc
2017 Jan 20 15:10:40 9k %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/53/1 is down (Administratively down)
2017 Jan 20 15:10:40 9k %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/53/2 is down (Administratively down)
2017 Jan 20 15:10:40 9k %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/53/3 is down (Administratively down)
2017 Jan 20 15:10:40 9k %ETHPORT-5-IF_DOWN_ADMIN_DOWN: Interface Ethernet1/53/4 is down (Administratively down)

So there you go. In this case, Ethernet 1/53 disappears and is replaced with Ethernet1/53/1 – 4. I hadn’t expected that parameter to be in the global config and had been expecting to find it in the interface configuration. You may now enjoy the full benefit of your breakout cables.

FIN

What I’m Looking Forward to at Cisco Live 2017

I have arrived in Las Vegas for Cisco Live 2017. My schedule is pretty full and I wanted to share some of what I’m looking forward to this year. One thing I’m not looking forward to is 112F temperatures outside! I’m glad I’ll be safely inside the air conditioned spaces.

The Social Scene

I have a lot of friends here at Cisco Live. Many fellow attendees, some exhibitors, and even a few Cisco Live staff. It’s great to see everyone and catch up on what everyone has been up to. We talk about tech, analyze the announcements, and just generally geek out. We often talk about problems we are having and help each other solve them, too. It really adds to the conference when it’s not only highly educational, but also fun! The Tweet Up that happens on Sunday evening is always a great time of catching up and meeting new people, too.

CCDE Techtorial

I’ll be attending the CCDE techtorial, TECCCDE-3005. It should be an informative day all about network design and how to think about network design. I don’t know that I’ll actually actively pursue the CCDE certification, but I’m interesting to see what I can learn from this session. This session will probably generate a lot of tweets!

On a related note, I’ll be taking a certification exam on Monday. Full conference attendees have the opportunity to take a certification exam at no charge, so I figured I may as well try out the CCDE written exam to see where I’m at. I don’t really expect to pass, but I am curious to see how I’ll do.

TFDx

Tech Field Day is running Tech Field Day Extra at Cisco Live on Tuesday and Wednesday. The sessions will be live streamed and recorded for later viewing. I’ll be busy on Tuesday, so I’ll have to watch Cisco’s presentations (starting at 8:30 Pacific) at a later date, but I’m one of the delegates for Wednesday’s presentations with OpenGear at 1PM, Paessler at 2:30, and NetApp at 4PM. I’m really looking to hearing what they all have to say and having the opportunity to talk with them during TFDx.

Meet the Engineer

Myself and a couple other Wi-Fi professionals have an hour to talk Wi-Fi with Jerome Henry. Jerome is a deep Wi-Fi expert, so I expect this that hour discussion is going to go by really quick!

Sessions

There are over 1000 sessions to choose from. Making these choices is hard! Here’s a couple that I’m most interested in:

  • DNA Assurance: bring intelligence to your WLAN issues [BRKEWN-2032]
    Remember Jerome from the MTE session? He’s also an entertaining and informative teacher and this is one of his session. I’m still pretty vague on this DNA architecture, but if Jerome is giving a presentation on how DNA can help solve Wi-Fi problems, I need to see this.
  • APIC-EM: Controller based policy and network automation – changing the future [BRKARC-3004]
    I still haven’t played with APIC-EM, though I’ve seen a few demos in the past. It’s time to see what this thing can do and how I can apply it to managing my own environment.
  • IT Career Choice: Specialization vs Generalization [IITGEN-1002]
    This is a 30 minute panel discussion about the specialist vs generalist career decision with myself and two other Cisco Champions. It’s in the IoT Theater at 1PM on Tuesday. I hope those who attend find it interesting!
  • Cisco SD-Access Wireless Integration [BRKEWN-2020]
    SD-Access is brand new Campus Fabric stuff. It ties into the DNA architecture and I know nothing about it. This session should fix that!
  • Improve Enterprise WLAN Spectrum Quality with Cisco’s advanced RF capacities (RRM, CleanAir, ClientLink, etc) [BRKEWN-3010]
    Oddly, I don’t think I’ve ever been to this session before. It’s time to fix that and Cisco’s Jim Florwick is fantastic. Should learn a thing or two and will certainly have some existing knowledge reinforced.
  • Cisco Live Network and NOC: Panel Discussion [PNLNMS-1035]
    This is always a fascinating discussion. The people who run the network for Cisco Live talk about how they did, the successes and failures, and share some fascinating statistics about the network and the way it was used. I usually hit this session about every other year. It really is amazing that they are able to support 25k+ attendees by building a network in about less than a week that will only be used for a week.

So, those are the things I’m most looking forward to. I’m sure I’ll find the keynotes interesting and there’s always new things to see in the World of Solutions. I’m sure I’ll be surprised by some great unexpected things this week.

FIN

Updated WLC Snippet

Just a quick note to share my updated TextExpander snippet for downloading files to a Cisco WLC. I’ve added a dropdown for my most commonly used datatypes and transfer modes and made the username and password optional. Enjoy!

transfer download datatype %fillpopup:name=datatype:default=code:config:webadmincert:webauthbundle:webauthcert%
transfer download filename %fill%
transfer download path %fill:/%
transfer download serverip %fill%
transfer download mode %fillpopup:name=popup 7:tftp:default=sftp:ftp%
%fillpart%transfer download username %fill%
transfer download password %fill%%fillpartend%
%fillpart%transfer download certpassword %fill%%fillpartend%
transfer download start

Cisco Live 2015, Antennas, & Mike Rowe

Last month I attended Cisco Live! 2015. I’m a big fan of this conference and always feel like it’s a great event. This year was a large show with around 25,000 attendees, well over 700 sessions, hundreds of vendors, and only four days to take in as much as you can.  It is summer camp for geeks, where we get to learn new things and talk to everyone we haven’t seen since last year’s conference.

The Keynote

This year’s conference was historic as the last Cisco Live with John Chambers as the CEO of Cisco. At the end of his keynote he brought out his replacement, Chuck Robbins. They said all the things you expect them to say, but we’ll have to see how everything shakes out with the changes this brings. After 25 years with Chambers at the helm, this is going to be quite the transition for Cisco. It will be interesting to watch over the next few years, but I’m optimistic that things will go well.

The Antennas

One of the more interesting things I was able to get a close look at is the new Hyperlocation Module for Cisco APs. It uses a new version of the WSM (WSM2, I believe) and wraps around the AP. They made a cool version of the module that allows you to see the antenna arrays inside.

Cisco Hyperlocation Module, Transparent Edition

Cisco Hyperlocation Module, Transparent Edition

The idea here is that with this array of antennas, they can determine the Angle of Arrival of a Wi-Fi signal. This allows a much more precise calculation of location and with these you can improve from the previous best case of about 3m of accuracy to about 1m of accuracy. That’s some pretty precise location information. Potentially more important, this will give more flexibility in design. You no longer will need to have APs all the way out in the corners of a building to get good location information. They also said that the module is where they do their research and try out new things before including them in the AP. There is an implication that they will try to get this technology inside the next generation of APs. Imagine if all your APs just had something like this built in. Designing a wireless deployment for 5GHz might naturally be a location capable design if you choose the right APs.

I also learned about a new patch antenna. The 2513P stadium patch antenna available from Cisco has 30 degree beam width and the 2566P patch has a beam width between 105 and 120 degrees, depending on the band. They wanted something in between so there is now a 2566D that has a 60 degree beam width. If you’ve ever worked with the 2566P, you know about dealing with the cables. There just are not many good ways to install that antenna in an aesthetically pleasing manner. The 2566D helps with that. The antenna will mount flush to the wall with the cables either going straight out the bottom or straight out the back. This gives you options for a much cleaner installation.

Cisco AIR-ANT2566D4M-R Antenna

Cisco AIR-ANT2566D4M-R Antenna

The Dirty Jobs

The conference ended with a closing keynote from Mike Rowe, who told the story of what led to the creation of the Mike Rowe Works Foundation. Mike started the foundation to provide scholarships to those who wanted to work hard and learn a skilled trade. He was very entertaining, but had a message that things are out of whack in the US when many people are out of work, yet jobs remain unfilled. Many of those jobs are from the skilled trades such welders, plumbers, and electricians. Jobs that don’t require a college degree, yet people are racking up huge debt from student loans for an education to get a job that may not exist. Mike Rowe seems like a down to earth guy and he’s leveraged his position to do some good work. You might consider checking out http://profoundlydisconnected.com if you like the sound of what he’s doing. You can also view his keynote online at the Cisco Live on-demand library (free account required).

I have more to say, but that’s enough for now. I’m already looking forward to next year’s conference. In fact, I’m already registered!

FIN

Cisco TSHOOT v2 (300-135)

My CCNP certification (Story here, if interested) was expiring at the end of June. I’d taken a number of professional and expert level exams at Cisco Live over the years, but hadn’t passed anything that would renew my CCNP. It was time for the (almost) sure thing. TSHOOT.

The TSHOOT exam is my favorite Cisco written exam because it is all hands on. You don’t actually configure anything; you are just looking and analyzing. This exam is unique in several ways, including:

  • The network topology is available for download.
  • You really can score 1000 (that’s a perfect score).
  • It’s actually fun.

The exam is set up as a series of trouble tickets in the topology mentioned above. There is a problem description and you have access to the consoles of simulated equipment to try and determine the cause. After you have investigated, you answer three questions to narrow down the cause and the solution, then you move on to the next ticket. If you know your stuff, it’s a pretty easy exam. That said, don’t get too comfortable. I started running out of time because I was taking too relaxed of an approach and ended up using almost the entire time to complete the exam.

If you’ve taken the previous version:

  • The topology is the same (as best I can tell)
  • The question style for the tickets is the same.
  • You are no longer allowed to abort a ticket. You must finish once started and you must answer in the order delivered.
  • The simple multiple choice questions are spread throughout the test instead of all being at the beginning.
  • The interface is different. There are no tabs for the tickets. You just click “next” when you are finished with your answers.

I’m pleased to report that I did pass and even had a perfect score. I’ve never done that before and I doubt I could do it on any of the conventional multiple choice exams, but it was satisfying to achieve on this one. With my CCNP R&S recertification complete, I can concentrate on other studies without worrying about it!

In case you are looking for study materials, you may want to investigate the CCNP Routing and Switching TSHOOT 300-135 Official Cert Guide Premium Edition eBook and Practice Test or the Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Foundation Learning Guide.

FIN

My Cisco Live Schedule

First of all, if you are a Cisco Live NetVet, the scheduler is open at https://www.ciscolive2015.com/connect/mySchedule.ww. If you are not a NetVet, it will open for you on March 31st.

I’ve spent a bit of time tweaking my schedule and here’s my current plan:

My schedule for Cisco Live

Scott’s schedule for Cisco Live

I suspect I may want to change things up a little after the technical seminar on Sunday. I might also change things after the slides are released and I can see what the plan is for those sessions. Focus this year is obviously on wireless. :) I’m looking to learn more about are CMX and all the changes that have come with MSE 10. I’m not using CMX right now, but the need for it and the value are starting to rise. My current architecture is centralized controllers and FlexConnect APs. This has some limitations, so I’ll be looking to learn more about the converged access solution to see if I can leverage the 3650s we’ve been deploying to get the APs back to local mode, but still have the branch traffic stay in the branch. I might drop a session to spend some quality time in the WoS without a huge crowd, but I’ll have to see what the session slides say first. I haven’t looked to see what recent recordings are available in the Cisco Live On-demand Library, either. Might be able to free up a session or two that way, as well.

I dropped the industry keynote and replaced it with the CCIE Wireless written exam. I’ve taken the R&S exam a couple times before and didn’t quite make the cut, but I’ve been doing a lot more wireless work than routing work, so I’m optimistic that I can get a better score here. We’ll see how I do in a few months. :)

FIN

What’s new in WLC 7.6.110 – 8.0.100

A while back I wrote an article that covered the changes from WLC 7.1 – 7.6.100 . Let’s catch up to 8.0, shall we?

7.6.110

  • Bugfix release.
  • Fix for issues with WMM with Broadcom clients (no 802.11n for you)
  • Fix for an issue with the AP3700 and replay counters which apparently causes major performance problems on 5GHz.

7.6.120

  • Adds support for 2700 series and 700W series APs.
  • Adds “Cisco WLAN Express Setup” for 2500 series controllers. The notes say: “It includes easy to use GUI Configuration Wizard, an intuitive monitoring dashboard and several Cisco Wireless LAN best practices enabled by default.” Sounds nifty. I need to get a 2504 for my lab… If you are upgrading a 2500 to this release, there’s a decent chunk of steps involved to enable this feature. More info about the feature and the steps here: Cisco WLAN Express Setup for Cisco 2500 Series Wireless Controller.
  • Of course, lots of bugfixes.
  • Several crashes fixed.
  • Obligatory security fixes.
  • False DFS positives fixed.
  • If you really want to see if your favorite bug is fixed, check here: 7.6.120 Resolved Caveats

7.6.130

  • Bugfix release with an even longer list of resolved caveats (7.6.130 Resolved Caveats).
  • More crash fixes and obligatory security fixes. The ones that jumped out at me below.
  • 99% CPU usage fix.
  • Apple auth problems fixed.
  • Fix for CAPWAP disassociation due to DTLS errors
  • Vocera broadcast failure fix
  • RAID volumes get proper status codes
  • vWLC Service Port issue with distributed vSwitch fixed
  • Annoying MFP anomaly messages fixed (but I’m still seeing them)

Now the really interesting stuff. Major releases are always fun, at least once the first round or two of bug fixes come in. Let’s see what’s shiny, shall we?

[Note: I’ve since found this Cisco Wireless Release 8.0 document, which has a nice summary of the features.]

8.0.100

  • Cisco Aironet AP and Scale Features
    • Keep-alives now sent over both control and data CAPWAP tunnels.
    • New Flex+Bridge mode enabled FlexConnect functionality across mesh APs. This means if the wired link goes down, your AP can failover to mesh backhaul. (Not supported on 1130 and 1240. No surprise.)
    • Mesh fast convergence. Automatically sets faster convergence timers. Convergence time per hop down to 20s.
    • AP700W gets VLAN tagging
    • FlexConnect APs can be a PPPoE client. Was in 7.3/7.4, but not 7.5/7.6. Now it’s back. And it’s angry…
    • Dynamic Channel Assignment (DCA) on RF Profiles. Enables multi-country support using AP groups and simplifies mixed channel environments (40MHz/80MHz mix). Sounds like this could be useful for those of us with a mixed .11n and .11ac environment, which will probably be just about everybody soon… See Configuring RF Profiles for more information. (Not supported for mesh/bridge APs.)
    • Rx-SOP: Receiver Start of Packet threshold. #shiny Particularly helpful in high density environments. This helps reduce CCI by controlling what frames the AP will decode. The No Strings Attached Show has a nice whitepaper about it. Config information is here: Configuring Receiver Start of Packet Detection Threshold.
    • Optimized Roaming. Ooh, more #shiny! This helps with sticky clients by disassociating them based on RSSI and data rate. This will also help prevent clients from associating as they pass by. Config info: Configuring Optimized Roaming.
    • Side note: Good article covering Rx-SOP, Optimized Roaming, and RSSI low at Revolution Wi-Fi: Optimized Roaming, RSSI Low Check, RX-SOP, Oh My!
    • AP1700 support added
    • CleanAir Express for AP1600 and AP1700
    • OEAP gets basic firewall support, split tunneling, VoIP QoS
    • Increased scale of vWLC (now up to 6000 clients)
    • 2500 WLC now supports wired guests
  • Native IPv6 (if you need the exhaustive list see Native IPv6 Support)
    • Finally!
    • SLAAC for the service port
    • Full support for all the services and ways of accessing the WLC that you would expect out of v6 support.
    • DHCPv6 option 52 for controller discovery
    • CAPWAP preferred mode – you can choose v4 or v6 as preferred. v4 is preferred by default
    • List of things not supported, which will take away your initial joy:
      • FlexConnect-local switched, mesh/outdoor, teleworker/OEAP, converged acces
      • Services: mDNS, AVC, and TrustSec
      • Bridge mode APs with 64MB of RAM: 600 OEAP, ISR 800/802, 1130, 1240, 1250, 1310, 1410, 1520
      • Internal DHCPv6 server, DHCPv6 proxy, auto-configuration, dynamic interfaces, RA interfaces, OSCP and CA server URL, VLAN pooling
      • NTPv4 (typo?), MLDv2, IPSec v3 and IKEv2, RLDP and CIDS, PMIPv6, mDNS IPv6 clients, and New Mobility
      • IPv6 is not supported for HA Redundancy Interface configuration
      • Auto-RRM, Dynamic Anchoring, DNS RADIUS/TACACS+, core dump
  • Security and RADIUS enhancements
    • SPs can configure new VSAs and tell the WLC how to handle them.
    • WLC can be configured to use the realm value to determine the RADIUS server for a client.
    • WebAuth now works for HTTPS.
    • 802.1X and EAP WLANs now support sending the WLAN ID to the RADIUS server.
    • SHA256 certificate support
  • Ease of Management Features
    • SSID and WLAN profiles can be renamed (Yay! Now you can cleanup the mess!)
    • “ping” can be sourced from a dynamic interface.
    • “show ap summary” now shows the AP’s IP address. Also can search for APs based on IP in the GUI.
    • Bunch of new show system commands. They provide more info about how WLC is running.
    • show run-config startup-commands – Finally, something you can copy and paste into a controller!
    • You can globally enable/disable SSH/telnet for all APs on a controller.
    • Choice of color themes for the GUI (default and red). Helps distinguish between controllers.
    • You can now flash the LEDs on an AP to identify it. About time…
    • “show client detail” now shows AP and WLAN
    • “show ap join stats” corrects output for renamed APs
    • “debug client” now shows the AP connected and RSSI.
    • You can now update the OUI list without upgrading the controller. But it requires a reboot…
    • 802.11v. My understanding is it’s supposed to leverage 802.11k info to control client associations. Not sure if any clients actually support this.
    • 802.11r mixed mode. Yes, bold. No need for a seperate SSID for 802.11r and non-11r clients. This is very shiny. And useful.
  • High Availability Enhancements
    • 802.11ac is now supported in HA. I hadn’t realized it wasn’t supported before.
    • Handful of enhancements to HA, including faster sync and more configurability.
    • Internal DHCP now works with client SSO. The database is synced between the active and standby controllers.
  • Better policy control for mDNS
  • AVC
    • NBAR 2 protocol pack updated to 11. Heh.
    • Per app, per client rate limiting. Nice.
    • QoS marking can choose the direction instead of only bidirectional. I wonder what the use case for that is.
  • Q-in-Q support. Outer tag for AP group. Inner tag assigned by AAA.
  • VideoStream now supported for FlexConnect locally switched mode.
  • WPA/TKIP now only configurable from the CLI.

Closing Notes

WLC 8.0 is supported on PI 2.1.1. A number of the new features aren’t supported, though I expect those will be available in PI 2.2. ISE 1.2 is supported. Obviously, MSE 8.0 is supported with it. It’s not clear is MSE 8.0 upgrade is required, but it is at least implied.

I suspect this will be the last release to support the 1130 and 1240 series.

8.0.100 has a LONG list of resolved caveats (many of which are also resolved in the 7.x code base) and a decent list of open ones. If you are considering 8.0, I recommend going over those carefully: WLC 8.0 Caveats. Personally, I will likely wait for 8.0.110 before going into production with it.

FIN