Cisco Nexus 5010 - Secondary power supply.

Quick note on secondary power supplies in Cisco Nexus 5010.

Today I did some maintenance with Nexus 5010 - installed secondary power supplies and rerouted power cables. It was pretty straightforward. Here is the status without secondary power supply:

n5k-1# show environment power 

Power Supply:
Voltage: 12 Volts
-----------------------------------------------------------
PS  Model                Input Power       Power     Status
                         Type  (Watts)     (Amp)
-----------------------------------------------------------
1   N5K-PAC-550W         AC     544.56     45.38     ok
2   --                   --         --        --     absent              

Mod Model                   Power     Power       Power     Power       Status
                            Requested Requested   Allocated Allocated
                            (Watts)   (Amp)       (Watts)   (Amp)
--- ----------------------  -------   ----------  --------- ----------  ----------
1    N5K-C5010P-BF-SUP      349.20    29.10       349.20    29.10       powered-up

Power Usage Summary:
--------------------
Power Supply redundancy mode:                 Redundant
Power Supply redundancy operational mode:     Non-redundant

Total Power Capacity                              544.56 W

Power reserved for Supervisor(s)                  349.20 W
Power currently used by Modules                     0.00 W

                                                -------------
Total Power Available                             195.36 W
                                                -------------
n5k-1#

I followed Cisco Nexus 5000 Series Hardware Installation Guide > Replacing or Installing Power Supplies. After you install secondary power supply you will see the following syslog messages. If power cable is not plugged in yet you will see “FAIL” yellow led on PS.

2019 Apr 29 08:41:30 n5k1 %PFMA-5-PS_FOUND: Power supply 2 found (Serial number DTM142700X1)
2019 Apr 29 08:41:30 n5k1 %NOHMS-2-NOHMS_DIAG_ERR_PS_FAIL: System minor alarm on power supply 2: failed
2019 Apr 29 08:41:30 n5k1 %PFMA-2-PS_FAIL: Power supply 2 failed or shutdown (Serial number DTM142700X1)

Status with two PSUs installed, but cable is not yet connected to the 2nd PSU:

n5k1# show environment power 

Power Supply:
Voltage: 12 Volts
-----------------------------------------------------------
PS  Model                Input Power       Power     Status
                         Type  (Watts)     (Amp)
-----------------------------------------------------------
1   N5K-PAC-550W         AC     544.56     45.38     ok
2   --                   --         --        --     fail/shutdown       

Mod Model                   Power     Power       Power     Power       Status
                            Requested Requested   Allocated Allocated
                            (Watts)   (Amp)       (Watts)   (Amp)
--- ----------------------  -------   ----------  --------- ----------  ----------
1    N5K-C5010P-BF-SUP      349.20    29.10       349.20    29.10       powered-up

Power Usage Summary:
--------------------
Power Supply redundancy mode:                 Redundant
Power Supply redundancy operational mode:     Non-redundant

Total Power Capacity                              544.56 W

Power reserved for Supervisor(s)                  349.20 W
Power currently used by Modules                     0.00 W

                                                -------------
Total Power Available                             195.36 W
                                                -------------
n5k1#

After I plugged in the power cable I had to wait ~15 seconds to get the following syslog messages:

2019 Apr 29 08:45:42 n5k-1 %NOHMS-2-NOHMS_DIAG_ERR_PS_RECOVERED: Recovered: System minor alarm on power supply 2: failed

Here is the status with two PSUs and both cables plugged in:

n5k-1# show environment power 

Power Supply:
Voltage: 12 Volts
-----------------------------------------------------------
PS  Model                Input Power       Power     Status
                         Type  (Watts)     (Amp)
-----------------------------------------------------------
1   N5K-PAC-550W         AC     544.56     45.38     ok
2   N5K-PAC-550W         AC     544.56     45.38     ok                  

Mod Model                   Power     Power       Power     Power       Status
                            Requested Requested   Allocated Allocated
                            (Watts)   (Amp)       (Watts)   (Amp)
--- ----------------------  -------   ----------  --------- ----------  ----------
1    N5K-C5010P-BF-SUP      349.20    29.10       349.20    29.10       powered-up

Power Usage Summary:
--------------------
Power Supply redundancy mode:                 Redundant
Power Supply redundancy operational mode:     Redundant

Total Power Capacity                             1089.12 W

Power reserved for Supervisor(s)                  349.20 W
Power currently used by Modules                     0.00 W

                                                -------------
Total Power Available                             739.92 W
                                                -------------
n5k-1#

Then to reroute power cables I disconnected 1st power supply for ~5 seconds and haven’t got any syslog messages. So, there’s some delay and you have to be aware that brief power cable disconnection will not be registered in the logs.

Good luck!

Cisco Nexus - N7K - Which one of Supervisors is Active? [SOLVED]

Вот конечно же мелоч, а когда нужно сделать все очень быстро не такая уж и мелоч.

Сегодня во время реконфигурирования N7K с 2мя супервизорами N7K-SUP2E в шасси, пришлось подключаться к девайсу при помощи консоли. Первый вопрос который у меня возник - в какой из них подключаться? Кто из них Active?

Ответ нашел тут:

The supervisor that becomes active has a green ACTIVE LED (the standby supervisor module has an amber ACTIVE LED).

На супервизоре рядом с портом консоли есть mgmt0 интерфейс. Если он подключен, а он скорее всего подключен и активен, то легко определить, что физически в активном состоянии линк только у одного - он и активный супервизор.

How to configure Cisco Nexus 7K for Cisco ACS (TACACS). [SOLVED]

So, I was needed to configure Cisco Nexus 7K with NX-OS 6.x to use TACACS server configured on Cisco ACS 5.X. I decided to build minimal lab to test it before deployment on real hardware: NX-OS and Cisco ACS. I have already had Cisco ACS but I was needed to get some NX-OS virtual device. Cisco Nexus 1000v was not the case because I had VMware Workstation ONLY and had no time to install Cisco Nexus 1000v in a nested ESXi installed on Workstation. Thus I tried to use Cisco Titanium 5.1.2.

Installing Cisco Nexus Titanium on VMware Workstation

* Prepare your VMware Workstation.
* Download .RAR with “Titanium-VM” (just use Google to find the file).
* Import VMware into VMware Workstation: Open > ….vmx > “I Copied”.
* Add Serial port to the VM like this:
* Connect to the Serial port using PuTTY (you will see nothing before VM is booted).
* Start VM. You will see the the following, but it’s OK. BTW, you will see CLI prompt after VM booted (just wait for a while) and NO ANY messages in VM console.

Loader Loading stage1.5.

Loader loading, please wait...
WARNING: Ancient bootloader, some functionality may be limited!

* After VM is booted you will see the following:

.
*****************
 Username: admin
 Password: cisco
*****************
.N7K login:

* Then you probably would reconfigure Management interface to let VM access to your network:

N7K(config)# int mgmt 0
N7K(config-if)# ip address 10.0.0.200/24
N7K(config-if)# no sh
N7K(config-if)# this config

interface mgmt0
  vrf member management
  ip address 10.0.0.200/24

N7K(config-if)# end
N7K# ping 10.0.0.1 vrf management
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=63 time=94.748 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=63 time=2.842 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=63 time=4.994 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=63 time=3.653 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=63 time=7.946 ms

--- 10.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 2.842/22.836/94.748 ms
N7K# copy run start
[########################################] 100%
Copy complete, now saving to disk (please wait)...
N7K#

* TACACS+ feature is disabled by default:

N7K# show feature | i Feature|tacacs
Feature Name          Instance  State
tacacs                1         disabled
N7K#
N7K# conf t
N7K(config)# feature tacacs+
N7K(config)# exit
N7K# show feature | i Feature|tacacs
Feature Name          Instance  State
tacacs                1         enabled
N7K#

* Template:

! Before start you have to make sure that your username, password and role is configured locally.
! Then I suggest you to configure local authentication for console connectins.
aaa authentication login console local

tacacs-server host 10.0.0.100 key $SECRET$
tacacs-server host 10.0.0.100 timeout 3

aaa group server tacacs+ AAA
 server 10.0.0.100
 use-vrf management
 source-interface mgmt0
 exit

! For test purposes you can test authentication procedure:
test aaa group AAA USERNAME PASSWORD
user has been authenticated

...
aaa accounting default group AAA
...

! Some optional timeouts.
line console
 exec-timeout 15
 exit
line vty
 exec-timeout 15
 exit

! Save configuration.
copy run start

Some useful links:
* Cisco Secure Access Control System > Nexus Integration with ACS 5.2 Configuration Example.
* Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 6.x > Configuring TACACS+.
* TACACS+ configuration on Nexus 7000.

* http://roadtocciedc.blogspot.com/2014/01/cisco-titanium-nx-os-emulator.html
* http://routing-bits.com/2011/05/24/nexus-user-roles/
* http://networkhobo.com/2014/01/23/configure-tacacs-access-on-nexus-7k/

Admin area