traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: create Work/C9300GX_2_Build

Browse source
This commit is contained in:
Administrator 2026-02-19 20:50:54 +00:00 committed by John Smith
parent c704490c6c
commit 51056f845d
1 changed files with 910 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

910
Work/C9300GX_2_Build.md Normal file
View file

@ -0,0 +1,910 @@
---
title: C9300GX Initial Build
description:
published: true
date: 2026-02-19T20:50:41.541Z
tags:
editor: markdown
dateCreated: 2026-02-19T20:50:41.541Z
---
# AT1EU-NEXUS-2 — Cisco Nexus 9300 Configuration
## Overview
AT1EU-NEXUS-2 is the **secondary** switch in a vPC pair (role priority 10 — same as primary; tie broken by MAC address). It runs NX-OS 10.3(7) and shares vPC domain 1 with AT1EU-NEXUS-1. The vPC peer-link (Po10) spans Eth1/2728, and out-of-band management (mgmt0 at 192.168.0.2) is used for the vPC peer-keepalive path.
**Key roles of this switch:**
- vPC secondary (role priority 10, tie-broken by system MAC)
- STP root peer (same priorities as NEXUS-1 — `peer-switch` ensures both act as root)
- Layer 3 gateway for Vlan502 (Atom VRF, IP 15.0.2.122/24)
- NTP master (stratum 3)
- Same upstream/storage/compute port-channel topology as NEXUS-1
---
## Cut-and-Paste Configuration
```
version 10.3(7) Bios:version 07.71
switchname AT1EU-NEXUS-2
! --- QoS: Jumbo Frame Policy ---
policy-map type network-qos JUMBO
class type network-qos class-default
mtu 9216
! --- VDC Resource Limits ---
vdc AT1EU-NEXUS-2 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
! --- Features ---
feature nxapi
feature bash-shell
feature scp-server
cfs eth distribute
feature udld
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature telemetry
! --- RBAC ---
role name network-ro
rule 2 permit command show running config
rule 1 permit read
! --- Users ---
username admin password 5 $5$FIEALE$VdyvYPq0DyT./Pw59UUWC9bPs1coNfermExTM9MF6BB role network-admin
ssh key rsa 2048
! --- Banner ---
banner motd ^
********************* DOD NOTICE AND CONSENT BANNER *************************
* You are accessing a U.S. Government (USG) Information System (IS) that is *
* provided for USG-authorized use only. By using this IS (which includes any*
* device attached to this IS), you consent to the following conditions: *
*-The USG routinely intercepts and monitors communications on this IS for *
* purposes including, but not limited to, penetration testing, COMSEC *
* monitoring, network operations and defense, personnel misconduct (PM), *
* law enforcement (LE), and counterintelligence (CI) investigations. *
*-At any time, the USG may inspect and seize data stored on this IS. *
*-Communications using, or data stored on, this IS are not private, are *
* subject to routine monitoring, interception, and search, and may be *
* disclosed or used for any USGauthorized purpose. *
*-This IS includes security measures (e.g., authentication and access *
* controls) to protect USG interests--not for your personal benefit or *
* privacy. *
*-Notwithstanding the above, using this IS does not constitute consent to *
* PM, LE or CI investigative searching or monitoring of the content of *
* privileged communications, or work product, related to personal *
* representation or services by attorneys, psychotherapists, or clergy, and *
* their assistants. Such communications and work product are private and *
* confidential. See User Agreement for details. *
************************ POC: SIL Network Team ****************************
^
! --- SSH ---
ssh ciphers aes256-gcm
! --- DNS & Domain ---
ip domain-lookup
ip domain-name atom.dev use-vrf Atom
ip name-server 15.0.2.128 15.0.2.129 15.32.2.128 use-vrf Atom
! --- RADIUS ---
radius-server host 15.0.11.68 key 7 "V1P-jaynmv" authentication accounting
radius-server host 15.32.11.68 key 7 "V1P-jaynmv" authentication accounting
aaa group server radius NETMAN_RADIUS
server 15.0.11.68
server 15.32.11.68
use-vrf Atom
! --- Management ACL ---
ip access-list SWITCH_MGMT
10 permit ip 15.0.11.150/32 any log
20 permit ip 15.0.11.151/32 any log
30 permit ip 15.32.2.154/32 any log
40 permit ip 15.0.2.154/32 any log
50 permit ip 15.32.2.1/32 any log
60 permit ip 15.0.2.1/32 any log
70 permit ip 15.0.2.2/32 any log
80 permit ip 15.0.11.47/32 any log
90 permit ip 15.32.11.45/32 any log
93 permit ip 15.32.11.150/32 any log
100 deny ip any any log
! --- System QoS ---
system qos
service-policy type network-qos JUMBO
copp profile strict
! --- SNMP ---
snmp-server user admin network-admin auth sha 043A9864CA85100D231AA42F8FA9734C2B5C027F2B74 priv aes-128 365AD478C4A00B497D76B703D3AE75414E3C3C4B386A localizedV2key
snmp-server host 15.0.2.188 traps version 3 priv at-sw-svc
snmp-server host 15.0.11.80 traps version 3 priv testsnmp
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
! --- NTP ---
ntp server 15.0.0.9 prefer use-vrf Atom key 123
ntp server 15.32.0.9 prefer use-vrf Atom key 125
ntp server 15.32.0.30 use-vrf management
ntp server 115.0.0.9 use-vrf management key 125
ntp source-interface Vlan502
ntp authenticate
ntp authentication-key 125 md5 pz5-lihj 7
ntp trusted-key 125
ntp logging
ntp master 3
! --- AAA ---
aaa authentication login default group NETMAN_RADIUS local
aaa authentication login console group NETMAN_RADIUS local
aaa accounting default group NETMAN_RADIUS local
system default switchport
no ip source-route
! --- VLANs ---
vlan 1-2,8,10,12,66,85,100-103,107-108,121-124,129-130,142-143,145-146,148-150,153,157-158,188,305,321,323,340,342,349,353,374,382,501-502,504-505,549,551,559,562-563,600,611,660-661,667-668,672-673,697-698,701-702,704-710,720-722,724,727,740,750-751,772,777,800-802,804,814,820-823,905,1051,1127,1129,1160-1161,1551,1559-1560,1670-1674,1720-1722,1800-1802,1814-1817,1862,1865,1870-1871
vlan 1882-1883,1885,1905,3563,3965
vlan 2
name TEST_CLUS_COMM
vlan 8
name FP_Test1
vlan 10
name NESS_BOX_TRANSIT
vlan 12
name FP_Test2
vlan 66
name NATIVE_VLAN
vlan 85
name NESS-Temp
vlan 101
name iscsi_csv
vlan 102
name iscsi_boot
vlan 107
name Test
vlan 108
name NET_TEST_NET
vlan 121
name Atom_Backup
vlan 124
name Admin_iSCSI
vlan 143
name Secman_Storage
vlan 146
name Foxhound_Storage
vlan 150
name iscsi
vlan 153
name Javelin(L4)
vlan 157
name GNext_Storage
vlan 158
name NESS_Storage
vlan 188
name JASON_NFS
vlan 321
name ATOM_Backup
vlan 323
name AT-vServer
vlan 340
name ucs_test
vlan 342
name MadHatter_SVM_Mgmt
vlan 349
name Rock_SVM3_Mgmt
vlan 353
name Javlin_SVM
vlan 374
name Rock_Backup_Mgmt
vlan 382
name Darrin_User
vlan 501
name MGMT
vlan 502
name Atom_User2
vlan 504
name Commvault_Testing
vlan 505
name NETAPP_SNAP
vlan 549
name WDS
vlan 551
name L4_User
vlan 559
name Victory_WS_L4
vlan 562
name Brace(L3)_User
vlan 563
name Brace
vlan 667
name Britt_Test
vlan 668
name RockTesters(L4)_User
vlan 672
name GTRI_User
vlan 673
name VDI(L5)
vlan 701
name MH_L3_DATA_HLCI
vlan 702
name MH_L4_DATA_HLCI
vlan 704
name Legacy-704
vlan 705
name Legacy-705
vlan 706
name Legacy-706
vlan 707
name Legacy-707
vlan 708
name Legacy-708
vlan 709
name Legacy-709
vlan 710
name Legacy-710
vlan 721
name GTRI_JAVELIN_L4-721
vlan 740
name NETMAN
vlan 750
name l4_secman
vlan 751
name Secman_DMP-751
vlan 777
name FTD1010_TSHOOT
vlan 804
name FH_L4_HLCI
vlan 814
name ROCK_L4_MLS
vlan 820
name GNext_User
vlan 821
name GNext_Sentris
vlan 822
name GNext_VPX
vlan 823
name GNext_VDA
vlan 905
name Rock_(L4)
vlan 1051
name IP_SEC_1010
vlan 1127
name Vic_Storage
vlan 1551
name Services(L3)_User
vlan 1559
name Victory(L3)_User
vlan 1670
name BigTen_User
vlan 1671
name Victory_DMP-1671
vlan 1672
name VIC_VDI
vlan 1673
name Victory_Sentris
vlan 1720
name Javelin(L3)_User
vlan 1721
name GTRI_JAVELIN_L3-1721
vlan 1722
name Victory_VDI-1722
vlan 1800
name Foxhound(L3)_User
vlan 1801
name FH_L3_DATA_HLCI
vlan 1815
name ServMan_User
vlan 1870
name AT1EU-JavelinCoop(L3)_User
vlan 1883
name NESS_User
vlan 1885
name NESS_Client
vlan 1905
name Rock(L3)_User
vlan 3563
name Brace_User
vlan 3965
name V3E_DEV_HOST
! --- Spanning Tree ---
spanning-tree port type edge bpduguard default
spanning-tree port type edge bpdufilter default
spanning-tree port type network default
spanning-tree vlan 1,66 priority 8192
spanning-tree vlan 2,100-102,107-108,121-123,129,142,145,148-150,153,305,323,340,353,382,501-502,505,549,551,562-563,600,611,660-661,667-668,672,697-698,701-702,704-710,720-722,724,727,750,772,800-802,804,814,905,1127,1129,1160-1161,1551,1559-1560,1670,1672-1673,1720-1721,1800-1802,1814-1817,1862,1865,1870-1871,1882,1905,3563,3965 priority 24576
spanning-tree vlan 3-65,67-99,103-106,109-120,124-128,130-141,143-144,146-147,151-152,154-304,306-322,324-339,341-352,354-381,383-500,503-504,506-548,550,552-561,564-599,601-610,612-659,662-666,669-671,673-696,699-700,703,711-719,723,725-726,728-749,751-771,773-799,803,805-813,815-904,906-1126,1128,1130-1159,1162-1550,1552-1558,1561-1669,1671,1674-1719,1722-1799,1803-1813,1818-1861,1863-1864,1866-1869,1872-1881,1883-1904,1906-3562,3564-3964,3966-3967 priority 0
! --- VRF ---
vrf context Atom
ip domain-name atom.dev
ip name-server 15.0.2.128 15.0.2.129 15.32.2.128
ip route 0.0.0.0/0 15.0.2.254
vrf context management
! --- Port-Channel Load Balance ---
port-channel load-balance src-dst ip-l4port-vlan
! --- vPC Domain ---
vpc domain 1
peer-switch
role priority 10
peer-keepalive destination 192.168.0.1 source 192.168.0.2
delay restore 150
peer-gateway
auto-recovery
! --- SVI ---
interface Vlan1
interface Vlan502
no shutdown
vrf member Atom
no ip redirects
ip address 15.0.2.122/24
no ipv6 redirects
! --- Port-Channels ---
interface port-channel3
description //Trunk 500e X1
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
switchport block unicast
vpc 3
interface port-channel4
description //Trunk 500e X2
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
switchport block unicast
vpc 4
interface port-channel5
interface port-channel10
description //Trunk Peer - Allow STP
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type network
vpc peer-link
interface port-channel124
description //Trunk 9300
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-4094
spanning-tree port type normal
spanning-tree guard root
mtu 9216
vpc 124
interface port-channel125
description //Trunk UCS-A
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree guard root
mtu 9216
switchport block unicast
vpc 125
interface port-channel126
description //Trunk UCS-B
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard disable
spanning-tree guard root
mtu 9216
switchport block unicast
vpc 126
interface port-channel127
description //Trunk AFF300-A
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree guard root
mtu 9216
switchport block unicast
vpc 127
interface port-channel128
description //Trunk AFF300-B
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree guard root
mtu 9216
switchport block unicast
vpc 128
interface port-channel129
description //Trunk FAS 2750-A
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
vpc 129
interface port-channel130
description //Trunk Fas 2750-B
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
vpc 130
interface port-channel131
description //Trunk A70-A
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree guard root
mtu 9216
vpc 131
interface port-channel132
description //Trunk A70-B
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree guard root
mtu 9216
vpc 132
! --- Breakout Ports (100G -> 4x25G) ---
int e1/1 - 26
shutdown
exit
interface breakout module 1 port 1 map 25g-4x
interface breakout module 1 port 5 map 25g-4x
interface breakout module 1 port 9 map 25g-4x
! --- Physical Interfaces: Breakout (UCS/A70) ---
interface Ethernet1/1/1
description //Trunk 6554-2:25
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
switchport block unicast
channel-group 126 mode active
no shutdown
interface Ethernet1/1/2
description //Trunk 6554-2:26
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
switchport block unicast
channel-group 126 mode active
no shutdown
interface Ethernet1/1/3
description //Trunk 6554-1:27
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
switchport block unicast
channel-group 125 mode active
no shutdown
interface Ethernet1/1/4
description //Trunk 6554-1:28
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
switchport block unicast
channel-group 125 mode active
no shutdown
interface Ethernet1/5/1
description //Trunk A70-A
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
channel-group 131 mode active
no shutdown
interface Ethernet1/5/2
description //Trunk A70-A
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
channel-group 131 mode active
no shutdown
interface Ethernet1/5/3
description //Trunk A70-B
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
channel-group 132 mode active
no shutdown
interface Ethernet1/5/4
description //Trunk A70-B
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
channel-group 132 mode active
no shutdown
! --- Physical Interfaces: HLCI Access Ports ---
interface Ethernet1/9/1
description //Access L4 HLCI MAD HATTER - Allow STP BPDU
switchport access vlan 702
switchport trunk native vlan 66
spanning-tree port type edge
spanning-tree bpduguard disable
spanning-tree bpdufilter disable
mtu 9216
storm-control broadcast level 40.00
storm-control unicast level 50.00
udld enable
no shutdown
interface Ethernet1/9/2
description //Access L4 HLCI JAVELIN - Allow STP BPDU
switchport access vlan 721
switchport trunk native vlan 66
spanning-tree port type edge
spanning-tree bpduguard disable
spanning-tree bpdufilter disable
mtu 9216
storm-control broadcast level 40.00
storm-control unicast level 50.00
switchport block unicast
udld enable
no shutdown
interface Ethernet1/9/3
description //Access L4 HLCI FOXHOUND - Allow STP BPDU
switchport access vlan 804
switchport trunk native vlan 66
spanning-tree port type edge
spanning-tree bpduguard disable
spanning-tree bpdufilter disable
storm-control broadcast level 40.00
storm-control unicast level 50.00
switchport block unicast
udld enable
no shutdown
interface Ethernet1/9/4
description //Access L4 HLCI Rock (MLS) - Allow STP BPDU
switchport access vlan 814
switchport trunk native vlan 66
spanning-tree port type edge
spanning-tree bpduguard disable
spanning-tree bpdufilter disable
storm-control broadcast level 40.00
storm-control unicast level 50.00
switchport block unicast
udld enable
no shutdown
! --- Physical Interfaces: Standard Ports ---
interface Ethernet1/23
description //Access Netapp XFER
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
storm-control broadcast level 99.00
storm-control unicast level 99.00
switchport block unicast
udld enable
no shutdown
interface Ethernet1/24
description //Trunk 9300
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-4094
spanning-tree port type edge trunk
spanning-tree guard root
mtu 9216
channel-group 124 mode active
no shutdown
interface Ethernet1/25
description //Trunk 9300
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-4094
spanning-tree port type edge trunk
spanning-tree guard root
mtu 9216
channel-group 124 mode active
no shutdown
interface Ethernet1/26
description //Trunk 500e-X1
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree guard root
mtu 9216
switchport block unicast
udld enable
channel-group 3 mode active
no shutdown
interface Ethernet1/27
description //Trunk Peer - Allow STP
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type network
channel-group 10 mode active
no shutdown
interface Ethernet1/28
description //Trunk Peer - Allow STP
switchport mode trunk
switchport access vlan 67
switchport trunk native vlan 66
switchport trunk allowed vlan 2-66,68-4094
spanning-tree port type network
channel-group 10 mode active
no shutdown
! --- Bulk Disabled Ports ---
int e1/3/1-4,e1/7/1-4,e1/11/1-4,e1/13-22
description //Disabled access
switchport access vlan 67
switchport trunk native vlan 66
spanning-tree port type edge
spanning-tree bpduguard enable
spanning-tree guard root
storm-control broadcast level 99.00
storm-control unicast level 99.00
switchport block unicast
udld enable
shutdown
! --- Management Interface ---
interface mgmt0
vrf member management
ip address 192.168.0.2/24
icam monitor scale
! --- Console & VTY ---
line console
exec-timeout 5
line vty
session-limit 4
exec-timeout 5
access-class SWITCH_MGMT in
! --- Boot ---
boot nxos bootflash:/nxos64-cs.10.3.7.M.bin
! --- Logging ---
logging ip access-list cache entries 8001
logging logfile LOG_FILE 6 size 4096
logging server 15.0.2.146 6
logging server 15.0.2.222 6
logging level authpri 6
! --- Telemetry ---
telemetry
destination-profile
use-nodeid timba-6750aed76f7261301f12894a
destination-group timba-6750aed76f7261301f12894a-0
ip address 15.0.2.238 port 443 protocol HTTP encoding JSON
sensor-group timba-6750aed76f7261301f12894a-0
data-source NX-API
path "show system resources all-modules"
sensor-group timba-6750aed76f7261301f12894a-1
data-source NX-API
path "show module"
sensor-group timba-6750aed76f7261301f12894a-2
data-source NX-API
path "show environment power"
sensor-group timba-6750aed76f7261301f12894a-3
data-source NX-API
path "show interface fc regex *"
sensor-group timba-6750aed76f7261301f12894a-4
data-source DME
path sys/ch depth 1 query-condition query-target=subtree&target-subtree-class=eqptSensor
sensor-group timba-6750aed76f7261301f12894a-5
data-source DME
path sys/ch query-condition query-target=subtree&target-subtree-class=eqptSupC
sensor-group timba-6750aed76f7261301f12894a-6
data-source DME
path sys/ch query-condition query-target=subtree&target-subtree-class=eqptFt
sensor-group timba-6750aed76f7261301f12894a-7
data-source DME
path sys/intf query-condition query-target=subtree&target-subtree-class=ethpmPhysIf filter-condition updated(ethpmPhysIf.operSt)
subscription 578
dst-grp timba-6750aed76f7261301f12894a-0
snsr-grp timba-6750aed76f7261301f12894a-0 sample-interval 300000
snsr-grp timba-6750aed76f7261301f12894a-1 sample-interval 300000
snsr-grp timba-6750aed76f7261301f12894a-2 sample-interval 300000
snsr-grp timba-6750aed76f7261301f12894a-3 sample-interval 300000
snsr-grp timba-6750aed76f7261301f12894a-4 sample-interval 300000
snsr-grp timba-6750aed76f7261301f12894a-5 sample-interval 300000
snsr-grp timba-6750aed76f7261301f12894a-6 sample-interval 300000
snsr-grp timba-6750aed76f7261301f12894a-7 sample-interval 0
```
---
## Configuration Explanation
### Platform & Global Settings
Identical platform and global settings to NEXUS-1: NX-OS 10.3(7), Jumbo MTU QoS policy (9216 bytes), strict CoPP, AES256-GCM SSH, IP source-route disabled.
### VDC Resource Limits
Same as NEXUS-1.
### Features Enabled
Identical feature set to NEXUS-1.
### Authentication & Access Control
Identical RADIUS configuration, management ACL, and AAA settings to NEXUS-1. VTY exec-timeout is 5 minutes (vs. 0 on NEXUS-1 — worth standardizing).
### NTP
Two additional NTP servers compared to NEXUS-1: `15.32.0.30` (management VRF) and `115.0.0.9` (management VRF). Uses NTP key 125 (vs. key 123 on NEXUS-1). NTP source is Vlan502. Also acts as NTP master stratum 3.
### SNMP
SNMPv3 with SHA/AES-128. Has an additional trap target (15.0.11.80) compared to NEXUS-1. RMON events 15 configured identically.
### VLANs
Substantially the same VLAN database as NEXUS-1 with minor differences: VLAN 103 (Netapp_XFER) and VLAN 130 (SIL_SNAPMIRROR) are not present on NEXUS-2; VLAN 563 (Brace) is present on NEXUS-2 but not NEXUS-1. These discrepancies should be reviewed and aligned.
### Spanning Tree
Identical STP priorities to NEXUS-1. With `peer-switch` enabled in the vPC domain, both switches advertise the same STP bridge ID, making the pair appear as a single root to downstream devices.
### VRF & Routing
Same `Atom` VRF with default route to 15.0.2.254. Vlan502 SVI is at 15.0.2.122/24 (vs. 15.0.2.121 on NEXUS-1).
### vPC Domain
- **Domain:** 1
- **Role Priority:** 10 (same as NEXUS-1; system MAC determines actual secondary role)
- **Peer-link:** Po10 (Eth1/2728), `spanning-tree port type network`
- **Peer-keepalive:** mgmt0, destination 192.168.0.1, source 192.168.0.2
- **Options:** `peer-switch`, `peer-gateway`, `auto-recovery`, 150-second restore delay
- **vPC members:** Po3Po4, Po124Po132 (mirrored from NEXUS-1)
> **Note:** Po124 (9300) uses `switchport trunk allowed vlan 2-4094` on NEXUS-2 (includes VLAN 67) while NEXUS-1 uses `2-66,68-4094` (excludes VLAN 67). This inconsistency should be reviewed.
### Physical Interfaces
- **Breakout mapping:** Ports 1, 5, 9 broken out as 4x25G — same as NEXUS-1.
- **Eth1/1/11/1/2 → Po126 (UCS-B):** The UCS FI cross-connection is intentionally reversed vs NEXUS-1 (NEXUS-1 Eth1/1/11/1/2 go to Po125/UCS-A). This is correct behavior for dual-homed UCS FI connectivity.
- **Eth1/9/11/9/4:** L4 HLCI access ports (Mad Hatter, Javelin, Foxhound, Rock MLS) — note these are L4 VLANs (702, 721, 804, 814) vs. L3 VLANs on NEXUS-1, providing per-switch HLCI layer segregation.
- **Eth1/271/28:** vPC peer-link → Po10
- **Eth1/241/25:** 9300 uplink → Po124
- **Eth1/26:** 500e-X1 → Po3
- **Eth1/23:** NetApp XFER standalone (not in a port-channel)
- **Disabled ports:** Same hardening policy as NEXUS-1
### Telemetry
Same Timba streaming telemetry configuration as NEXUS-1, with a unique node ID. Multiple subscriptions push to 15.0.2.238:443 at 300-second intervals; interface state changes are event-driven (interval 0).
### Logging
Syslog to 15.0.2.146 and 15.0.2.222, both at severity 6. Note NEXUS-1 logs to 15.0.2.146 at severity 2 — this discrepancy should be reviewed.
### Boot
`bootflash:/nxos64-cs.10.3.7.M.bin`
---
## Notable Differences Between NEXUS-1 and NEXUS-2
| Parameter | NEXUS-1 | NEXUS-2 |
|---|---|---|
| mgmt0 IP | 192.168.0.1 | 192.168.0.2 |
| Vlan502 IP | 15.0.2.121 | 15.0.2.122 |
| vPC keepalive dest | 192.168.0.2 | 192.168.0.1 |
| NTP key used | 123 | 125 |
| Additional NTP servers | — | 15.32.0.30, 115.0.0.9 (mgmt VRF) |
| VTY exec-timeout | 0 (no timeout) | 5 min |
| Logging 15.0.2.146 severity | 2 | 6 |
| Po124 allowed VLANs | 2-66,68-4094 | 2-4094 |
| vPC peer-link physical ports | Eth1/4748 | Eth1/2728 |
| HLCI port VLANs (Eth1/9/x) | L3 (701, 1801, 1721, 1814) | L4 (702, 721, 804, 814) |
| Additional SNMP trap target | — | 15.0.11.80 |
| VLAN 103 (Netapp_XFER) | Present | Absent |
| VLAN 130 (SIL_SNAPMIRROR) | Present | Absent |
| VLAN 563 (Brace) | Absent | Present |