I've inherited two MDS switchs (9500). They work great execpt for one small issue. When editing a zoneset on the second (non-principal) switch everything works nicely, ports on the principal switch can be zoned in the zoneset (via device-alias). But if the zoneset is edited on the principal switch all changes from the second MDS are lost.
Does the fact the first MDS is the "fcdomain principal switch" make it so it overides any zoneset changes? Or is there a zoneset config I'm missing?
Also, will executing "zoneset distribute ..." on the non-principal second MDS (where the zoneset config is what we want) push the zoneset config to the principal switch?
Principal switch selection and FCDomain settings have no effect on zoneset creation and editing.
You are currently using basic zoning.
When you create a zoneset and activate it on one switch. Active zoneset will automatically be distributed to all switches that run the specific VSAN. But you will not see this zoneset in the configuration on other switches!! You will only see it on the switch where you created the zoneset!
Another switch: "show zoneset active vsan 100" will show the zoneset you created and activated from the first switch
Another switch: "show zoneset vsan 100" will show you nothing
When you just create a zoneset on one switch and don't activate it. Again, you won't see this zoneset on any other switch.
"show zoneset active vsan 100" will not show you that zoneset, because you didn't activate it
"show zoneset vsan 100" will not show you that zoneset
When creating zonesets on one switch you have an option to distribute zonesets to other switches:
configuration command "zoneset distribute full vsan 100" on every switch. This command will distribute the zoneset configuration to other switches *when you activate* a zoneset on one switch. It doesn't distribute zoneset configurations to other switches when you just create a zoneset, you have to activate it.
exec command "zoneset distribute vsan 100" will distribute ALL zonesets (1 active and all inactive) to other switches, so that you can use "show zoneset" command to see all zonesets from other switches. They will also show up in the "show run". This is the command you are looking for, you were right!
If you are using SANOS 2.0(1b) or higher, you can switch to enhanced zoning mode which uses CFS (Cisco Fabric Services) to distribute zoneset information to other switches. It behaves just like any other application that uses CFS (ntp, ivr, port-security, and so on).
on every switch config command "zone mode enhanced vsan 100".
now every time you make changes to zonesets, simply run "zone commit vsan 100" and they will show up in the configuration on other switches.
I do activate the zoneset on the second MDS, and it "shows" active on the principal MDS. What happens when activating an edited zones/zoneset on the principal MDS, it transfers an older zoneset. But do the same on the second MDS and all is well.
We have CFS working, but I can't figure out why the it seems to be one way/automatic from the fcdomain principal switch. I thought I might be because of the fcdomain relationship.
I figured "zoneset distribute ..." would do what I needed, but I wanted to make sure before execution :).
Thanks for the link... very helpfull especially the part at the very bottom...
This command was introduced in 1.0.4 SAN-OS to automatically propagate active zoneset:
zoneset distribute full vsan #
This will automatically propagate and copy the active zoneset to the full zoneset on each switch whenever there is a change to the active zoneset. This command must be explicitly enabled on each VSAN on every switch to function correctly.
This eliminates the need to do a zone copy prior to making zoning changes on any switch in the fabric. It is still necessary, however, to issue the copy running start command to save to full zoneset in NVRAM prior to rebooting the switch.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...