我在 vPC 配置中遇到了一对 Nexus 3048 交换机的奇怪问题。
由于核心仍在实施中,我们遇到了一个奇怪的问题:客户端无法从 DHCP 服务器获取 IP 地址,但 SVI 可以从 DHCP 服务器获取地址。
DHCP 服务器插在另一台交换机上,但连接是在第一个 Nexus 上的一个接口上建立的,该接口具有以下配置:
interface Ethernet1/23
description "Untag 37 directly from 3COM 4200G"
switchport access vlan 37
spanning-tree port type edge
spanning-tree bpdufilter enable
no shutdown
Nexus 内部没有发生第 3 层路由。它是普通的第 2 层网络,应该可以毫无困难地工作。
奇怪的是,SVI 可以从 DHCP 服务器获取 IP 地址。第二个 Nexus 上的同一个 SVI 也无法获得地址。
我已经完成了以下测试来调试问题:
- 使用两个交换机创建了一个 vPC,并从启用端口通道的主机尝试了 DHCP。
- 首先在第一个 Nexus 上,然后在第二个 Nexus 上将主机插入孤立端口。
- 将端口从中继更改为访问,如上面的配置。
- 在端口上使用了不同的 DHCP 服务器。
在所有情况下,DHCP 仍然不起作用。但是有连接性,因为我可以在所有情况下手动设置 IP 地址,并且一切正常。孤立端口、中继端口、端口通道等。
所以这绝对是交换机上丢弃 DHCP 数据包的原因。Nexus 上没有启用 DHCP 功能,所以它不可能是任何安全问题:
core1# sh feature | grep -i dhcp
dhcp 1 disabled
我什tcpdump至尝试在客户端机器上查看是否发送了 DHCP 包,我可以确认它们正在发送。在交换机上,我尝试了一些调试,ethanalyzer我看到很多“DHCP 发现”请求没有任何答复。只有第一台交换机的 SVI DHCP 请求似乎在工作。这是一个片段:
2017-06-03 23:38:49.617523 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x9697d613
2017-06-03 23:39:05.254997 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x9697d613
2017-06-03 23:39:17.119522 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x9697d613
2017-06-03 23:39:24.317940 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x9697d613
2017-06-03 23:39:35.687699 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x9697d613
2017-06-03 23:40:02.900892 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xd7c4ba70
2017-06-03 23:40:10.946648 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xd7c4ba70
2017-06-03 23:40:21.071947 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xd7c4ba70
2017-06-03 23:40:35.114446 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xd7c4ba70
2017-06-03 23:40:49.380103 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0xd7c4ba70
2017-06-03 23:44:05.282352 146.164.37.11 -> 146.164.36.50 DHCP DHCP Request - Transaction ID 0x592f3e7a
2017-06-03 23:44:05.283041 146.164.36.50 -> 146.164.37.11 DHCP DHCP ACK - Transaction ID 0x592f3e7a
2017-06-03 23:46:03.509158 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x75bda403
2017-06-03 23:46:11.942522 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x75bda403
2017-06-03 23:46:26.965735 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x75bda403
2017-06-03 23:46:38.008869 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x75bda403
2017-06-03 23:46:45.221171 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x75bda403
2017-06-03 23:46:57.352744 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x75bda403
2017-06-03 23:47:09.395484 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x13487f09
2017-06-03 23:47:16.159521 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x13487f09
2017-06-03 23:47:32.450281 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x13487f09
2017-06-03 23:47:40.803963 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x13487f09
2017-06-03 23:48:00.665313 0.0.0.0 -> 255.255.255.255 DHCP DHCP Discover - Transaction ID 0x13487f09
该报告是使用以下命令生成的:
ethanalyzer local interface inband capture-filter "port 67 or port 68" limit-captured-frames 0
这真的很令人沮丧,因为 DHCP 非常简单,它应该可以毫无困难地工作。有问题的 DHCP 服务器是在 Debian 7 Wheezy 上运行的 isc-dhcpd-server,它正在生产中,为许多不同的子网提供服务,因此它可以正常工作。
我缺少什么?有什么应该在 Nexus 上启用的?也许某种默认 ACL 阻止了 DHCP 流量?
更准确地说,这是拓扑图:
+-------------+ +-------------+ +-----------+
| DHCP Server | ---> | 3COM Switch | ---> | Nexus #01 | <--- Random Host
+-------------+ +-------------+ +-----------+
||
+-----------+
| Nexus #02 | <--- Random Host
+-----------+
DHCP 服务器具有以下网络配置:
IP: 146.164.36.50/24
GW: 146.164.36.36
在 3COM 交换机上,有用于从不同子网进行 DHCP 中继的规则,配置方式如下:
#
dhcp-server 1 ip 146.164.36.50
dhcp-server detect
vlan 1
description Management
igmp-snooping enable
#
vlan 10
description Servers
#
vlan 37
#
vlan 100
description Acesso
#
interface Vlan-interface1
ip address 10.3.12.1 255.255.255.0
dhcp-server 1
#
interface Vlan-interface10
ip address 146.164.36.36 255.255.255.0
#
interface Vlan-interface37
ip address 146.164.37.1 255.255.255.0
dhcp-server 1
一切都在 DHCP 中继端工作,因为任何连接到 Vlan 接口 37 的东西都按预期工作,如果它是交换机的随机主机并连接了其他主机,则无关紧要。
最后是完整的 Nexus #01 配置。第二个有类似的配置。
core1# sh run
!Command: show running-config
!Time: Sun Jun 4 00:05:49 2017
version 7.0(3)I2(2d)
hostname core1
vdc core1 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 104
limit-resource u4route-mem minimum 128 maximum 128
limit-resource u6route-mem minimum 96 maximum 96
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
cfs eth distribute
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature vtp
username admin password 5 ! role network-admin
username ferrao password 5 ! role network-admin
username ferrao sshkey ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDM+cCPmszkpw0DMeOYLSWoGAHd4POhfQJ5llIu6uJ2CX0VNSzRDGIr01fMQKvjTcsqX2EoF2xpO8nj8XZoSNUetwC+G
J3dBWKxFnZ+AFCzT4pTOWDmGKr0k75r7sU2yqlkgAuVryWB/Y5e8QIyVcaVyrbUGqDQBIA6f9lqF3pYivzTU1XLiz5sQNv/7DSvHVBA9MiFycs4PMhqh89YzW+QU2H4v3zWVTXd/FyXr3Pp3wvkWu1NY
GviIx3LMg9S3mydk2i5MUddoOPPfHQKtrOiBpXApZwegRGOHVqvkEfn6GLNkCXBT151vRRVKGeUbiZyg0RLUnuE61UbpCUvEXtWxH2EHUiYDWzFhZVPvE451meyYdr0mFEGFaW97mnjGNmYle9sx5UmW
5r3f/KJHdOzDgAGWwPN9H9AdbXSLtycovJGhglJ8nLouTz3CZPFnsAvOrHx/svJnLTJU1LJDJanFVqMgTpnXDcjW/8fCyVgyZcPHjQnY+VyUM/4zYPceEA+ghKgBJMyBQ0RC+SxdiC9wrYK/urw/GxNj
VY6upfpmzsfetIK07OTuucaohHTg5Oo3gIJhQ8Vgi4souxs0+rrskhW4ztxw1VI3UXiUGotmAh6VWFyoIuG4a+Z8fPi3PZ3NyC90Byalmz5lp1SXBjcTeYwUvpCQGKxdkhISl+Bjw==
username heliocm password 5 ! role network-admin
username heliocm sshkey rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTtokq0PacXStKYhfZy8KMIkCugdzCAkc7fDtK+PCjscrqL41otfV/WjOXg3qftJUswx1Ggt5qvbSGx452fLwAxGoXWsJn
ohwbPwwkqRG1kpVyxYt3xIgw2EkJsbrm8T4PuajfqPBJFgZU3opMH1msRmQN+WrRyZhvZPf6wE4Ahx4nrzxo6Tmgzf6v9xUZQ1RlAMODzUfaM054nKh/fJz+A9L281Ra6vHmYuLoDNzR4MQxCVPiZfUA
gwIWLcVStdWhQ3a5i/bzbNyp3+5MgtO0BC0Q5kSZD3SGkuM8vsQTn+l6Zqi2nqOX7bfdrrqIQa8XAidyoQOsthKTI21SQGO6XUI8sSPCwuNKGrbHDLqX0+0xVdUsDupZ9lPX9T737YIvefksFHVX9lgZ
YcfxG3LRyDV6vqaDRZRq8bOmFO/nMConXxUbIJ/lJqKiR/x9yS7wV3Ja+l6v5ObOV9g9/vKP1tde1uyoJ8Wd08HtENAibEAExPhJhc12O0fpi7ZbrjEoJj6n7kHdRHcGvtpXysN3n7MkVR+xSxxZFAYX
AHyp/yfR6y5QSVJvH4efnSLRRtZN3X2R0mJhT2icQpmueVaxCHi4gCSGnCZIP8IrLdy0JxR9UFMt0B92n3aVjTJ1he2nKOmXPbUntFMT1kkunWTFPK85hPLDp5G+4IZaIv5bww==
ssh login-attempts 5
ssh key rsa 2048
no ip domain-lookup
ip domain-name cc.if.ufrj.br
ip name-server 146.164.36.15
spanning-tree mode mst
system default switchport shutdown
no service unsupported-transceiver
ip access-list copp-system-acl-eigrp
10 permit eigrp any 224.0.0.10/32
ipv6 access-list copp-system-acl-eigrp6
10 permit eigrp any ff02::a/128
ip access-list copp-system-acl-icmp
10 permit icmp any any
ip access-list copp-system-acl-igmp
10 permit igmp any any
ip access-list copp-system-acl-ntp
10 permit udp any any eq ntp
20 permit udp any eq ntp any
ip access-list copp-system-acl-pimreg
10 permit pim any any
ip access-list copp-system-acl-ping
10 permit icmp any any echo
20 permit icmp any any echo-reply
ip access-list copp-system-acl-routingproto1
10 permit tcp any gt 1024 any eq bgp
20 permit tcp any eq bgp any gt 1024
30 permit udp any 224.0.0.0/24 eq rip
40 permit tcp any gt 1024 any eq 639
50 permit tcp any eq 639 any gt 1024
70 permit ospf any any
80 permit ospf any 224.0.0.5/32
90 permit ospf any 224.0.0.6/32
ip access-list copp-system-acl-routingproto2
10 permit udp any 224.0.0.0/24 eq 1985
20 permit 112 any 224.0.0.0/24
ip access-list copp-system-acl-snmp
10 permit udp any any eq snmp
20 permit udp any any eq snmptrap
ip access-list copp-system-acl-ssh
10 permit tcp any any eq 22
20 permit tcp any eq 22 any
ip access-list copp-system-acl-stftp
10 permit udp any any eq tftp
20 permit udp any any eq 1758
30 permit udp any eq tftp any
40 permit udp any eq 1758 any
50 permit tcp any any eq 115
60 permit tcp any eq 115 any
ip access-list copp-system-acl-tacacsradius
10 permit tcp any any eq tacacs
20 permit tcp any eq tacacs any
30 permit udp any any eq 1812
40 permit udp any any eq 1813
50 permit udp any any eq 1645
60 permit udp any any eq 1646
70 permit udp any eq 1812 any
80 permit udp any eq 1813 any
90 permit udp any eq 1645 any
100 permit udp any eq 1646 any
ip access-list copp-system-acl-telnet
10 permit tcp any any eq telnet
20 permit tcp any any eq 107
30 permit tcp any eq telnet any
40 permit tcp any eq 107 any
ipv6 access-list copp-system-acl-v6routingProto2
10 permit udp any ff02::66/128 eq 2029
20 permit udp any ff02::fb/128 eq 5353
30 permit 112 any ff02::12/128
ipv6 access-list copp-system-acl-v6routingproto1
10 permit 89 any ff02::5/128
20 permit 89 any ff02::6/128
30 permit udp any ff02::9/128 eq 521
ip access-list copp-system-dhcp-relay
10 permit udp any eq bootps any eq bootps
class-map type qos match-all iscsi
match cos 4
policy-map type qos iscsi
class iscsi
set qos-group 4
class class-default
class-map type network-qos iscsi
match qos-group 4
policy-map type network-qos iscsi
class type network-qos iscsi
mtu 1500
pause no-drop
class type network-qos class-default
mtu 1500
policy-map type network-qos jumbo
class type network-qos class-default
mtu 9216
system qos
service-policy type network-qos iscsi
class-map type control-plane match-any copp-icmp
match access-group name copp-system-acl-icmp
class-map type control-plane match-any copp-ntp
match access-group name copp-system-acl-ntp
class-map type control-plane match-any copp-s-arp
class-map type control-plane match-any copp-s-bfd
class-map type control-plane match-any copp-s-bpdu
class-map type control-plane match-any copp-s-dai
class-map type control-plane match-any copp-s-default
class-map type control-plane match-any copp-s-dhcpreq
class-map type control-plane match-any copp-s-dhcpresp
match access-group name copp-system-dhcp-relay
class-map type control-plane match-any copp-s-dpss
class-map type control-plane match-any copp-s-eigrp
match access-group name copp-system-acl-eigrp
match access-group name copp-system-acl-eigrp6
class-map type control-plane match-any copp-s-glean
class-map type control-plane match-any copp-s-igmp
match access-group name copp-system-acl-igmp
class-map type control-plane match-any copp-s-ipmcmiss
class-map type control-plane match-any copp-s-l2switched
class-map type control-plane match-any copp-s-l3destmiss
class-map type control-plane match-any copp-s-l3mtufail
class-map type control-plane match-any copp-s-l3slowpath
class-map type control-plane match-any copp-s-mpls
class-map type control-plane match-any copp-s-pimautorp
class-map type control-plane match-any copp-s-pimreg
match access-group name copp-system-acl-pimreg
class-map type control-plane match-any copp-s-ping
match access-group name copp-system-acl-ping
class-map type control-plane match-any copp-s-ptp
class-map type control-plane match-any copp-s-routingProto1
match access-group name copp-system-acl-routingproto1
match access-group name copp-system-acl-v6routingproto1
class-map type control-plane match-any copp-s-routingProto2
match access-group name copp-system-acl-routingproto2
class-map type control-plane match-any copp-s-selfIp
class-map type control-plane match-any copp-s-ttl1
class-map type control-plane match-any copp-s-v6routingProto2
match access-group name copp-system-acl-v6routingProto2
class-map type control-plane match-any copp-s-vxlan
class-map type control-plane match-any copp-snmp
match access-group name copp-system-acl-snmp
class-map type control-plane match-any copp-ssh
match access-group name copp-system-acl-ssh
class-map type control-plane match-any copp-stftp
match access-group name copp-system-acl-stftp
class-map type control-plane match-any copp-tacacsradius
match access-group name copp-system-acl-tacacsradius
class-map type control-plane match-any copp-telnet
match access-group name copp-system-acl-telnet
policy-map type control-plane copp-system-policy
class copp-s-default
police pps 400
class copp-s-l2switched
police pps 200
class copp-s-ping
police pps 100
class copp-s-l3destmiss
police pps 100
class copp-s-glean
police pps 500
class copp-s-selfIp
police pps 500
class copp-s-l3mtufail
police pps 100
class copp-s-ttl1
police pps 100
class copp-s-ipmcmiss
police pps 400
class copp-s-l3slowpath
police pps 100
class copp-s-dhcpreq
police pps 300
class copp-s-dhcpresp
police pps 300
class copp-s-dai
police pps 300
class copp-s-igmp
police pps 400
class copp-s-eigrp
police pps 200
class copp-s-pimreg
police pps 200
class copp-s-pimautorp
police pps 200
class copp-s-routingProto2
police pps 1300
class copp-s-v6routingProto2
police pps 1300
class copp-s-routingProto1
police pps 1000
class copp-s-arp
police pps 200
class copp-s-ptp
police pps 1000
class copp-s-vxlan
police pps 1000
class copp-s-bfd
police pps 350
class copp-s-bpdu
police pps 12000
class copp-s-dpss
police pps 1000
class copp-s-mpls
police pps 100
class copp-icmp
police pps 200
class copp-telnet
police pps 500
class copp-ssh
police pps 500
class copp-snmp
police pps 500
class copp-ntp
police pps 100
class copp-tacacsradius
police pps 400
class copp-stftp
police pps 400
control-plane
service-policy input copp-system-policy
vtp domain cc.if.ufrj.br
snmp-server contact "Vinicius Ferrao <ferrao@cc.if.ufrj.br>"
snmp-server location "Computacao Central IF/UFRJ - CT/A-312"
snmp-server user admin network-admin auth md5 0x4f0d470b1ab6ab111b4b82962ec368f0 priv 0x4f0d470b1ab6ab111b4b82962ec368f0 localizedkey
snmp-server user ferrao network-admin auth md5 0xeab88c5301991d27d34983cf480d49ef priv 0xeab88c5301991d27d34983cf480d49ef localizedkey
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
ntp server 146.164.48.5 use-vrf management
vlan 1
vlan 7
name MGMT-IQ
vlan 11
name iSCSI-MPIO1
vlan 12
name iSCSI-MPIO2
vlan 29
name SRV-IQ
vlan 30
name Labs-IQ
vlan 36
name SRV-IF
vlan 37
name Unused37
vlan 40
name Unused40
vlan 136
name Access-IF
vlan 146
name SRV-CC
vlan 172
name Access-IQ
vlan 312
name MGMT-IF
vlan 666
name LIG
spanning-tree port type edge bpduguard default
spanning-tree mst 0-1 priority 24576
spanning-tree mst configuration
name cc
revision 1
instance 1 vlan 2-4094
vrf context management
ip route 0.0.0.0/0 146.164.36.1
vrf context vpc-peer-keepalive
no system urpf disable
no port-channel load-balance resilient
vpc domain 1
peer-switch
role priority 1
system-priority 1000
peer-keepalive destination 172.31.2.2 source 172.31.2.1 vrf vpc-peer-keepalive
auto-recovery
ipv6 nd synchronize
ip arp synchronize
interface Vlan1
interface Vlan37
no shutdown
ip address dhcp
interface Vlan136
interface port-channel25
description XenServer #1
switchport mode trunk
switchport trunk native vlan 37
switchport trunk allowed vlan 29,36-37,40,136,146,312
spanning-tree port type edge trunk
vpc 25
interface port-channel27
description XenServer #2
switchport mode trunk
switchport trunk native vlan 37
switchport trunk allowed vlan 29,36-37,40,136,146,312
spanning-tree port type edge trunk
vpc 27
interface port-channel29
description XenServer #3
switchport mode trunk
switchport trunk native vlan 37
switchport trunk allowed vlan 29,36-37,40,136,146,312
spanning-tree port type edge trunk
vpc 29
interface port-channel31
description XenServer #4
switchport mode trunk
switchport trunk native vlan 37
switchport trunk allowed vlan 29,36-37,40,136,146,312
spanning-tree port type edge trunk
vpc 31
interface port-channel33
description XenServer #5
switchport mode trunk
switchport trunk native vlan 37
switchport trunk allowed vlan 29,36-37,40,136,146,312
spanning-tree port type edge trunk
vpc 33
interface port-channel47
description vPC Peer-link Keepalive
no switchport
vrf member vpc-peer-keepalive
ip address 172.31.2.1/30
interface port-channel51
description vPC Peer-link
switchport mode trunk
spanning-tree port type network
speed 10000
vpc peer-link
interface Ethernet1/1
interface Ethernet1/2
interface Ethernet1/3
interface Ethernet1/4
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet1/10
interface Ethernet1/11
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
description "Teste DHCP"
switchport access vlan 37
spanning-tree port type edge
no shutdown
interface Ethernet1/23
description "Untag 37 direto 3COM"
switchport access vlan 37
spanning-tree port type edge
spanning-tree bpdufilter enable
no shutdown
interface Ethernet1/24
description Uplink Temporario IF
switchport mode trunk
switchport trunk allowed vlan 36,136,312
spanning-tree port type edge trunk
spanning-tree bpdufilter enable
interface Ethernet1/25
description XenServer #1 Interface #1
switchport mode trunk
switchport trunk native vlan 37
switchport trunk allowed vlan 29,36-37,40,136,146,312
channel-group 25 mode active
no shutdown
interface Ethernet1/26
description XenServer iSCSI #1 Interface #1
switchport access vlan 11
spanning-tree port type edge
service-policy type qos input iscsi
no shutdown
interface Ethernet1/27
description XenServer #2 Interface #1
switchport mode trunk
switchport trunk native vlan 37
switchport trunk allowed vlan 29,36-37,40,136,146,312
channel-group 27 mode active
no shutdown
interface Ethernet1/28
description XenServer iSCSI #2 Interface #1
switchport access vlan 11
spanning-tree port type edge
service-policy type qos input iscsi
no shutdown
interface Ethernet1/29
description XenServer #3 Interface #1
switchport mode trunk
switchport trunk native vlan 37
switchport trunk allowed vlan 29,36-37,40,136,146,312
channel-group 29 mode active
no shutdown
interface Ethernet1/30
description XenServer iSCSI #3 Interface #1
switchport access vlan 11
spanning-tree port type edge
service-policy type qos input iscsi
no shutdown
interface Ethernet1/31
description XenServer #4 Interface #1
switchport mode trunk
switchport trunk native vlan 37
switchport trunk allowed vlan 29,36-37,40,136,146,312
channel-group 31 mode active
no shutdown
interface Ethernet1/32
description XenServer iSCSI #4 Interface #1
switchport access vlan 11
spanning-tree port type edge
service-policy type qos input iscsi
no shutdown
interface Ethernet1/33
description XenServer #5 Interface #1
switchport mode trunk
switchport trunk native vlan 37
switchport trunk allowed vlan 29,36-37,40,136,146,312
channel-group 33 mode active
no shutdown
interface Ethernet1/34
description XenServer iSCSI #5 Interface #1
switchport access vlan 11
spanning-tree port type edge
service-policy type qos input iscsi
no shutdown
interface Ethernet1/35
interface Ethernet1/36
interface Ethernet1/37
interface Ethernet1/38
interface Ethernet1/39
interface Ethernet1/40
interface Ethernet1/41
interface Ethernet1/42
interface Ethernet1/43
interface Ethernet1/44
interface Ethernet1/45
interface Ethernet1/46
interface Ethernet1/47
description vPC Peer-link Keepalive Interface #1
no switchport
channel-group 47
interface Ethernet1/48
description vPC Peer-link Keepalive Interface #2
no switchport
channel-group 47
interface Ethernet1/49
interface Ethernet1/50
description Storage iSCSI Interface #1
switchport access vlan 11
spanning-tree port type edge
service-policy type qos input iscsi
interface Ethernet1/51
description vPC Peer-link Interface #1
switchport mode trunk
channel-group 51 mode active
no shutdown
interface Ethernet1/52
description vPC Peer-link Interface #2
switchport mode trunk
channel-group 51 mode active
no shutdown
interface mgmt0
vrf member management
ip address 146.164.36.89/24
line console
line vty
boot nxos bootflash:/nxos.7.0.3.I2.2d.bin
ip route 0.0.0.0/0 146.164.37.1