Page 1 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x First Published: 2014-03-15 Last Modified: 2017-01-22 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
Page 3: Table Of Contents
Adding a Switch to a Switch Profile Adding or Modifying Switch Profile Commands Importing a Switch Profile Importing Configurations in a vPC Topology Verifying Commands in a Switch Profile Isolating a Peer Switch Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 4 Guidelines and Limitations for CFS CFS Distribution CFS Distribution Modes Uncoordinated Distribution Coordinated Distribution Unrestricted Uncoordinated Distributions Verifying the CFS Distribution Status CFS Support for Applications CFS Application Requirements Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 5 Enabling CFS to Distribute FC Port Security Configurations Enabling CFS to Distribute FC Timer Configurations Enabling CFS to Distribute IVR Configurations Enabling CFS to Distribute NTP Configurations Enabling CFS to Distribute RADIUS Configurations Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 6 Guidelines and Limitations for User Accounts Configuring User Accounts Configuring SAN Admin Users Configuring RBAC Creating User Roles and Rules Creating Feature Groups Changing User Role Interface Policies Changing User Role VLAN Policies Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 7 Guidelines and Limitations for System Message Logging Default Settings for System Message Logging Configuring System Message Logging Configuring System Message Logging to Terminal Sessions Configuring System Message Logging to a File Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 8 Creating a Destination Profile Modifying a Destination Profile Associating an Alert Group with a Destination Profile Adding Show Commands to an Alert Group Configuring E-Mail Server Details Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x viii OL-31641-01...
Page 9 SNMP Functional Overview SNMP Notifications SNMPv3 Security Models and Levels for SNMPv1, v2, and v3 User-Based Security Model CLI and SNMP User Synchronization Group-Based SNMP Access Licensing Requirements for SNMP Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 10 Information About RMON RMON Alarms RMON Events Configuration Guidelines and Limitations for RMON Configuring RMON Configuring RMON Alarms Configuring RMON Events Verifying the RMON Configuration Default RMON Settings Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 11 Configuration Example for a SPAN ACL Configuration Example for SPAN-on-Latency Session Configuring ERSPAN C H A P T E R 1 7 Information About ERSPAN ERSPAN Source Sessions Monitored Traffic ERSPAN Types Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 12 Configuration Example for an ERSPAN SPAN-on-Drop Session Configuration Example for ERSPAN SPAN-on-Latency Session Additional References Related Documents Configuring NTP C H A P T E R 1 8 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 13 C H A P T E R 1 9 Information About Embedded Event Manager EEM Policies EEM Event Statement EEM Action Statements VSH Script Policies EEM Event Correlation EEM Virtualization Support EEM Licensing Requirements Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01 xiii...
Page 14 Prerequisites for OpenFlow Setting Up an OpenFlow Virtual Service Enabling OpenFlow Configuring the OpenFlow Switch Verifying OpenFlow Configuring NetFlow C H A P T E R 2 1 NetFlow Overview Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 15 Enabling the Switch to Perform a Soft Reload After a Process Crash Performing a Manual Soft Reload Configuration Examples for Soft Reload Verifying the Soft Reload Status Additional References for Soft Reload Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 16 Creating a Snapshot Entering Maintenance Mode Returning to Normal Mode Configuring the Maintenance Mode Profile File Verifying GIR Class-based Quality-of-Service MIB C H A P T E R 2 5 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 17 Adding and Activating Packages Committing the Active Package Set Deactivating and Removing Packages Displaying Installation Log Information Where to Go Next Additional References Feature Information for Performing Software Maintenance Upgrades Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01 xvii...
Page 18 Contents Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x xviii OL-31641-01...
Page 19: Document Conventions
Obtaining Documentation and Submitting a Service Request, page xxii Audience This publication is for network administrators who configure and maintain Cisco Nexus devices. Document Conventions As part of our constant endeavor to remodel our documents to meet our customers' requirements, we have Note modified the manner in which we document configuration tasks.
Page 20 Means reader take note. Notes contain helpful suggestions or references to material not covered in the Note manual. Means reader be careful. In this situation, you might do something that could result in equipment damage Caution or loss of data. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 21 Preface Related Documentation for Cisco Nexus 5600 Series NX-OS Software Related Documentation for Cisco Nexus 5600 Series NX-OS Software The entire Cisco NX-OS 5600 Series documentation set is available at the following URL: http://www.cisco.com/c/en/us/support/switches/nexus-5000-series-switches/ tsd-products-support-series-home.html Release Notes The release notes are available at the following URL: http://www.cisco.com/c/en/us/support/switches/nexus-5000-series-switches/products-release-notes-list.html...
Page 22: Documentation Feedback
What's New in Cisco Product Documentation. To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's New in Cisco Product Documentation RSS feed. RSS feeds are a free service.
Page 23: New And Changed Information
FEXs. A FEX group is added to optimize the procedure to bring up or take down the FEX. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 24 Once maintenance on the switch is complete, you can bring the switch into full operational mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 25: C H A P T E
Pre-provisioning allows users to synchronize the configuration for an interface that is online with one peer but offline with another peer. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 26 System message logging is based on RFC 3164. For more information about the system message format and the messages that the device generates, see the Cisco NX-OS System Messages Reference. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 27 (sometimes called port mirroring or port monitoring) selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe, a Fibre Channel Analyzer, or other Remote Monitoring (RMON) probes. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 28 VLANs and forwards the traffic using routable GRE-encapsulated packets to the ERSPAN destination session. The ERSPAN destination session switches the traffic to the destinations. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 29: Configuring Switch Profiles
Displaying the Switch Profile Buffer, page 22 • Synchronizing Configurations After a Switch Reboot, page 23 • Switch Profile Configuration show Commands, page 23 • Configuration Examples for Switch Profiles, page 24 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 30: Information About Switch Profiles
Information About Switch Profiles Information About Switch Profiles Several applications require consistent configuration across Cisco Nexus Series switches in the network. For example, with a Virtual Port Channel (vPC), you must have identical configurations. Mismatched configurations can cause errors or misconfigurations that can result in service disruptions.
Page 31: Configuration Validation
For example, the following command can only be configured in global configuration mode: switchport private-vlan association trunk primary-vlan secondary-vlan • Shutdown/no shutdown • System QoS Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 32: Software Upgrades And Downgrades With Switch Profiles
Prerequisites for Switch Profiles Switch profiles have the following prerequisites: • You must enable Cisco Fabric Series over IP (CFSoIP) distribution over mgmt0 on both switches by entering the cfs ipv4 distribute command. • You must configure a switch profile with the same name on both peer switches by entering the config sync and switch-profile commands.
Page 33 You can then make necessary corrections and try the commit again. • We recommend that you enable preprovisioning for all Generic Expansion Modules (GEMs) and Cisco Nexus Fabric Extender modules whose interface configurations are synchronized using the configuration synchronization feature.
Page 34: Configuring Switch Profiles
Example: switch(config-sync)# switch-profile abc switch(config-sync-sp)# Step 5 sync-peers destination IP-address Configures the peer switch. Example: switch(config-sync-sp)# sync-peers destination 10.1.1.1 switch(config-sync-sp)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 35: Adding A Switch To A Switch Profile
Follow these guidelines when adding switches: • Switches are identified by their IP address. • Destination IPs are the IP addresses of the switches that you want to synchronize. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 36 Displays the switch profile peer configuration. Example: switch# show switch-profile peer Step 6 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch# copy running-config startup-config Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 37: Adding Or Modifying Switch Profile Commands
Example: switch(config-sync)# switch-profile abc switch(config-sync-sp)# Step 3 Command argument Adds a command to the switch profile. Example: switch(config-sync-sp)# interface Port-channel100 switch(config-sync-sp-if)# speed 1000 switch(config-sync-sp-if)# interface Ethernet1/1 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 38 10.1.1.1 switch(config-sync-sp)# interface port-channel100 switch(config-sync-sp-if)# speed 1000 switch(config-sync-sp-if)# interface Ethernet1/1 switch(config-sync-sp-if)# speed 1000 switch(config-sync-sp-if)# channel-group 100 switch(config-sync-sp)# verify switch(config-sync-sp)# commit switch(config-sync-sp)# exit switch# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 39: Importing A Switch Profile
Example: switch(config-sync)# switch-profile switch(config-sync-sp)# Step 3 import {interface port/slot | running-config Identifies the commands that you want to import [exclude interface ethernet]} and enters switch profile import mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 40 Switch-Profile started, Profile ID is 1 switch(config-sync-sp)# show switch-profile buffer switch-profile : sp ---------------------------------------------------------- Seq-no Command ---------------------------------------------------------- switch(config-sync-sp)# import running-config exclude interface ethernet Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 41: Importing Configurations In A Vpc Topology
You can verify the commands that are included in a switch profile by entering the verify command in switch profile mode. Procedure Command or Action Purpose Step 1 config sync Enters configuration synchronization mode. Example: switch# config sync switch(config-sync)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 42: Deleting A Switch Profile
The all-config option completely deletes the switch profile on both peer switches. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 43: Deleting A Switch From A Switch Profile
Deleting a Switch from a Switch Profile You can delete a switch from a switch profile. Procedure Command or Action Purpose Step 1 Enters configuration synchronization mode. config sync Example: switch# config sync switch(config-sync)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 44: Displaying The Switch Profile Buffer
The following example shows how to display the switch profile buffer for a service profile called sp: switch# configure sync Enter configuration commands, one per line. End with CNTL/Z. switch(config-sync)# switch-profile sp Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 45: Synchronizing Configurations After A Switch Reboot
Synchronizing Configurations After a Switch Reboot If a Cisco Nexus Series switch reboots while a new configuration is being committed on a peer switch using a switch profile, complete the following steps to synchronize the peer switches after reload:...
Page 46: Configuration Examples For Switch Profiles
15801 usecs after Mon Aug 23 06:21:08 2010 End-time: 6480 usecs after Mon Aug 23 06:21:13 2010 Profile-Revision: 1 Session-type: Initial-Exchange Peer-triggered: Yes Profile-status: Sync Success Local information: ---------------- Status: Commit Success Error(s): Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 47 1 switchport mode trunk switchport trunk allowed vlan 1, 10-50 Step 6 Verify the commands in the switch profile. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 48: Verifying The Synchronization Status Example
10.1.1.1 class-map type qos match-all c1 match cos 2 class-map type qos match-all c2 match cos 5 policy-map type qos p1 class c1 set qos-group 2 class c2 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 49: Displaying The Switch Profile Synchronization Between Local And Peer Switches
Profile-Revision: 1 Session-type: Initial-Exchange Peer-triggered: Yes Profile-status: Sync Success Local information: ---------------- Status: Commit Success Error(s): Peer information: ---------------- IP-address: 10.193.194.51 Sync-status: In Sync. Status: Commit Success Error(s): switch2# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 50: Displaying Verify And Commit On Local And Peer Switches
Profile-Revision: 3 Session-type: Commit Peer-triggered: Yes Profile-status: Sync Success Local information: ---------------- Status: Commit Success Error(s): Peer information: ---------------- IP-address: 10.193.194.51 Sync-status: In Sync. Status: Commit Success Error(s): Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 51: Successful And Unsuccessful Synchronization Examples
---------------------------------------------------------- Seq-no Command ---------------------------------------------------------- interface Ethernet1/2 switchport mode trunk switchport trunk allowed vlan 101 vlan 101 ip igmp snooping querier 10.101.1.1 mac address-table static 0000.0000.0001 vlan 101 drop Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 52: Replacing A Cisco Nexus 5000 Series Switch
Replacing a Cisco Nexus 5000 Series Switch When a Cisco Nexus 5000 Series switch has been replaced, perform the following configuration steps on the replacement switch to synchronize it with the existing Cisco Nexus 5000 Series switch. The procedure can be done in a hybrid Fabric Extender A/A topology and Fabric Extender Straight-Through topology.
Page 53 Step 4. 20 If you are using the configuration synchronization feature, enter the show switch-profile name status command to ensure both switches are synchronized. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 54 Configuring Switch Profiles Replacing a Cisco Nexus 5000 Series Switch Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 55: Configuring Module Pre-Provisioning
Cisco Nexus 5600 Series Release Notes. Guidelines and Limitations Pre-provisioning has the following configuration guidelines and limitations: • When a module comes online, commands that are not applied are listed in the syslog. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 56: Enabling Module Pre-Provisioning
Copies the running configuration to the startup configuration. Example: switch# copy running-config startup-config This example shows how to select slot 101 and the N2K-C2232P module to pre-provision. switch# configure terminal switch(config)# slot 101 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 57: Removing Module Pre-Provisioning
N5K-M1404 switch(config-slot)# Verifying the Pre-Provisioned Configuration To display the pre-provisioned configuration, perform one of the following tasks: Command Purpose show module Displays module information. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 58: Configuration Examples For Pre-Provisioning
Displays the startup configuration including the pre-provisioned configuration. Configuration Examples for Pre-Provisioning The following example shows how to enable pre-provisioning on slot 110 on the Cisco Nexus 2232P Fabric Extender and how to pre-provision interface configuration commands on the Ethernet 110/1/1 interface. switch# configure terminal...
Page 59: Using Cisco Fabric Services
Default Settings for CFS, page 49 Information About CFS Some features in the Cisco Nexus Series switch require configuration synchronization with other switches in the network to function correctly. Synchronization through manual configuration at each switch in the network can be a tedious and error-prone process.
Page 60: Cisco Fabric Services Over Ethernet
Cisco Fabric Services over Ethernet The Cisco Fabric Services over Ethernet (CFSoE) is a reliable state transport mechanism that you can use to synchronize the actions of the vPC peer devices. CFSoE carries messages and packets for many features linked with vPC, such as STP and IGMP.
Page 61: Cfs Distribution
• CFS regions can be applied only to CFSoIP applications. CFS Distribution The CFS distribution functionality is independent of the lower layer transport. Cisco Nexus Series switches support CFS distribution over IP. Features that use CFS are unaware of the lower layer transport.
Page 62: Unrestricted Uncoordinated Distributions
The changes in the temporary buffer are not applied if you do not perform the commit operation. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 63: Enabling Cfs For An Application
The configuration changes are held in a pending database by that application. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 64: Verifying Cfs Lock Status
• None of the external switches report a successful state—The application considers this state a failure and does not apply the changes to any switch in the network. The network lock is not released. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 65: Discarding Changes
Step 3 switch# show application-name status (Optional) Shows the current application state. switch# show ntp status Distribution : Enabled Last operational state: Fabric Locked switch# clear ntp session Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 66: Cfs Regions
CFS region, its configuration cannot be distributed within another CFS region. Managing CFS Regions Creating CFS Regions You can create a CFS region. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 67: Assigning Applications To Cfs Regions
Enters global configuration mode. Step 2 switch(config)# cfs region region-id Enters CFS region configuration submode. Step 3 switch(config-cfs-region)# Indicates application(s) to be moved from one region into application another. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 68: Removing An Application From A Region
Step 2 switch(config)# no cfs region region-id Deletes the region. You see the, "All the applications in the Note region will be moved to the default region" warning. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 69: Configuring Cfs Over Ip
Globally enables CFS over IPv6 for all applications on the switch. Step 3 switch(config)# no cfs ipv6 distribute (Optional) Disables (default) CFS over IPv6 on the switch. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 70: Verifying The Cfs Over Ip Configuration
CFS is 239.255.70.83. Configuring IPv6 Multicast Address for CFS You can configure a CFS over IP multicast address value for IPv6. The default IPv6 multicast address is ff13:7743:4653. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 71: Verifying The Ip Multicast Address Configuration For Cfs Over Ip
Implicitly enabled with the first configuration change Application distribution Differs based on application Commit Explicit configuration is required CFS over IP Disabled IPv4 multicast address 239.255.70.83 IPv6 multicast address ff15::efff:4653 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 72: Enabling Cfs To Distribute Smart Call Home Configurations
Enabling CFS to Distribute Smart Call Home Configurations You can enable CFS to distribute Call Home configurations to all Cisco NX-OS devices in the network. The entire Call Home configuration is distributed except the device priority and the sysContact names.
Page 73: Enabling Cfs To Distribute Dpvm Configurations
Enabling CFS to Distribute DPVM Configurations You can enable CFS to distribute dynamic port VSAN membership (DPVM) configurations in order to consistently administer and maintain the DPVM database across all Cisco NX-OS devices in the fabric. Before You Begin Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe command.
Page 74: Enabling Cfs To Distribute Fc Domain Configurations
You can enable CFS to distribute Fibre Channel (FC) domain configurations in order to synchronize the configuration across the fabric from the console of a single Cisco NX-OS device and to ensure consistency in the allowed domain ID lists on all devices in the VSAN.
Page 75: Enabling Cfs To Distribute Fc Port Security Configurations
[########################################] 100% Enabling CFS to Distribute FC Timer Configurations You can enable CFS to distribute Fibre Channel (FC) timer configurations for all Cisco NX-OS devices in the fabric. Before You Begin Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe command.
Page 76: Enabling Cfs To Distribute Ivr Configurations
Enables CFS to distribute IVR configuration updates. You must enable IVR distribution on all Note IVR-enabled switches in the fabric. Step 3 switch(config)# show cfs application (Optional) Displays the CFS distribution status. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 77: Enabling Cfs To Distribute Ntp Configurations
[########################################] 100% Enabling CFS to Distribute NTP Configurations You can enable CFS to distribute NTP configurations to all Cisco NX-OS devices in the network. Before You Begin Make sure that you enable the NTP feature (using the feature ntp command).
Page 78: Enabling Cfs To Distribute Radius Configurations
Using Cisco Fabric Services Enabling CFS to Distribute RADIUS Configurations Enabling CFS to Distribute RADIUS Configurations You can enable CFS to distribute RADIUS configurations to all Cisco NX-OS devices in the network. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode.
Page 79: Enabling Cfs To Distribute Tacacs+ Configurations
[########################################] 100% Enabling CFS to Distribute TACACS+ Configurations You can enable CFS to distribute TACACS+ configurations to all Cisco NX-OS devices in the network. Before You Begin Make sure that you enable the TACACS+ feature (using the feature tacacs+ command).
Page 80 Using Cisco Fabric Services Enabling CFS to Distribute TACACS+ Configurations Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 81: Configuring Ptp
PTP operates within a logical scope called a PTP domain. Starting from Cisco NXOS Release 6.0(2)A8(3), PTP supports configuring multiple PTP clocking domains, PTP grandmaster capability, PTP cost on interfaces for slave and passive election, and clock identity.
Page 82: Ptp Device Types
Messages that are related to synchronization and establishing the master-slave hierarchy terminate in the protocol engine of a boundary clock and are not forwarded. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 83: Ptp Process
• The master receives the delay-request message and notes the time it was received. • The master sends a delay-response message to the slave. The number of delay request messages should be equal to the number of delay response messages. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 84: Clock Management
PTP requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Page 85: Default Settings For Ptp
Step 3 switch(config) # [no] ptp source Configures the source IP address for all PTP packets. ip-address [vrf vrf] The ip-address can be in IPv4 or IPv6 format. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 86 PTP Device Type: Boundary clock Clock Identity : 0:22:55:ff:ff:79:a4:c1 Clock Domain: 0 Number of PTP ports: 0 Priority1 : 1 Priority2 : 1 Clock Quality: Class : 248 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 87: Configuring Ptp On An Interface
Specifies the VLAN for the interface where PTP is being enabled. You can only enable PTP on one VLAN on an interface. The range is from 1 to 4094. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 88: Verifying The Ptp Configuration
Verifying the PTP Configuration Use one of the following commands to verify the configuration: Table 3: PTP Show Commands Command Purpose Displays the PTP status. show ptp brief Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 89: Feature History For Ptp
PTP is a time synchronization protocol for nodes distributed across a network. Its hardware timestamp feature provides greater accuracy than other time synchronization protocols such as the Network Time Protocol (NTP). Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 90 Configuring PTP Feature History for PTP Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 91: Configuring User Accounts And Rbac
Configuring User Accounts Default Settings for the User Accounts and RBAC, page 82 Information About User Accounts and RBAC Cisco Nexus Series switches use role-based access control (RBAC) to define the amount of access that each user has when the user logs into the switch.
Page 92: Predefined San Admin User Role
• Read-only access to all other configurations • Configuration and management of SAN features such as the following: ◦ FC-SP ◦ FC-PORT-SECURITY ◦ FCoE ◦ FCoE-NPV ◦ FPORT-CHANNEL-TRUNK ◦ PORT-TRACK ◦ FABRIC-BINDING Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 93: Rules
A command or group of commands defined in a regular expression. Feature Commands that apply to a function provided by the Cisco Nexus device. Enter the show role feature command to display the feature names available for this parameter. Feature group Default or user-defined group of features.
Page 94 Read and write permissions for port security-related commands Read and write permissions for Remote Domain Loopback (RDL)-related commands rmon Read and write permissions for RMON-related commands Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 95: User Role Policies
If a command rule permits access to specific resources (interfaces, VLANs, or VSANs), the user is permitted to access these resources, even if the user is not listed in the user role policies associated with that user. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 96: User Account Configuration Restrictions
• xfs Caution The Cisco Nexus 5000 and 6000 Series switch does not support all numeric usernames, even if those usernames were created in TACACS+ or RADIUS. If an all numeric username exists on an AAA server and is entered during login, the switch rejects the login request.
Page 97: User Password Requirements
(%), can be used in Cisco Nexus device passwords. If a password is trivial (such as a short, easy-to-decipher password), the Cisco Nexus device rejects the password. Be sure to configure a strong password for each user account. A strong password has the following characteristics: •...
Page 98: Configuring User Accounts
Copies the running configuration to the startup startup-config configuration. The following example shows how to configure a user account: switch# configure terminal switch(config)# username NewUser password 4Ty18Rnt switch(config)# exit switch# show user-account Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 99: Configuring San Admin Users
____ ____ _____________ ______ admin des(no) network-admin user1 des(no) san-admin ________________________________________________________________________ NOTIFICATION TARGET USES (configured for sending V3 Inform) ________________________________________________________________________ User Auth Priv ____ ____ ____ switch(config) # Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 100: Configuring Rbac
Repeat this command for as many rules as needed. Step 7 switch(config-role)# description text (Optional) Configures the role description. You can include spaces in the description. Step 8 switch(config-role)# end Exits role configuration mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 101: Creating Feature Groups
This example shows how to create a feature group: switch# configure terminal switch(config) # role feature-group group1 switch(config) # exit switch# show role feature-group switch# copy running-config startup-config switch# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 102: Changing User Role Interface Policies
2/1 switch(config-role-interface)# permit interface vfc 30/1 Changing User Role VLAN Policies You can change a user role VLAN policy to limit the VLANs that the user can access. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 103: Changing User Role Vsan Policies
Repeat this command for as many VSANs as needed. Step 5 switch(config-role-vsan) # exit Exits role VSAN policy configuration mode. Step 6 switch# show role (Optional) Displays the role configuration. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 104: Verifying The User Accounts And Rbac Configuration
The following table lists the default settings for user accounts and RBAC parameters. Table 5: Default User Accounts and RBAC Parameters Parameters Default User account password Undefined. User account expiry date None. Interface policy All interfaces are accessible. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 105 Configuring User Accounts Default Settings for the User Accounts and RBAC Parameters Default VLAN policy All VLANs are accessible. VFC policy All VFCs are accessible. VETH policy All VETHs are accessible. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 106 Configuring User Accounts and RBAC Configuring User Accounts Default Settings for the User Accounts and RBAC Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 107: Chapter 8 Configuring Session Manager
• Configuration session—Creates a list of commands that you want to implement in session manager mode. • Validation—Provides a basic semantic check on your configuration. Cisco NX-OS returns an error if the semantic check fails on any part of the configuration.
Page 108: Configuring Session Manager
The name can be any alphanumeric string. Step 2 switch(config-s)# ip access-list name Creates an ACL. Step 3 switch(config-s-acl)# permit protocol source (Optional) destination Adds a permit statement to the ACL. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 109: Verifying A Session
(Optional) Saves the session to a file. The location can be in bootflash or volatile. Discarding a Session To discard a session, use the following command in session mode: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 110: Configuration Example For Session Manager
Displays the contents of the configuration session. show configuration session status [name] Displays the status of the configuration session. show configuration session summary Displays a summary of all the configuration sessions. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 111: Chapter 9 Configuring Online Diagnostics
Online diagnostics provide verification of hardware components during switch bootup or reset, and they monitor the health of the hardware during normal switch operation. Cisco Nexus Series switches support bootup diagnostics and runtime diagnostics. Bootup diagnostics include disruptive tests and nondisruptive tests that run during system bootup and system reset.
Page 112: Health Monitoring Diagnostics
Bootup diagnostics log any failures to the onboard failure logging (OBFL) system. Failures also trigger an LED display to indicate diagnostic test states (on, off, pass, or fail). You can configure Cisco Nexus device to either bypass the bootup diagnostics or run the complete set of bootup diagnostics.
Page 113: Expansion Module Diagnostics
Tests the forwarding engine ASICs. Forwarding engine port Tests the ports on the forwarding engine ASICs. Front port Tests the components (such as PHY and MAC) on the front ports. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 114: Configuring Online Diagnostics
The following example shows how to configure the bootup diagnostics level to trigger the complete diagnostics: switch# configure terminal switch(config)# diagnostic bootup level complete Verifying the Online Diagnostics Configuration Use the following commands to verify online diagnostics configuration information: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 115: Default Settings For Online Diagnostics
Default Settings for Online Diagnostics The following table lists the default settings for online diagnostics parameters. Table 11: Default Online Diagnostics Parameters Parameters Default Bootup diagnostics level complete Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 116 Configuring Online Diagnostics Default Settings for Online Diagnostics Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 117: C H A P T E
System message logging is based on 3164. For more information about the system message format and the messages that the device generates, see the Cisco NX-OS System Messages Reference. By default, the Cisco Nexus device outputs messages to terminal sessions.
Page 118: Syslog Servers
You can configure the Cisco Nexus Series switch to sends logs to up to eight syslog servers. To support the same configuration of syslog servers on all switches in a fabric, you can use Cisco Fabric Services (CFS) to distribute the syslog server configuration.
Page 119: Guidelines And Limitations For System Message Logging
By default, logging is enabled for terminal sessions. Procedure Command or Action Purpose Step 1 switch# terminal monitor Copies syslog messages from the console to the current terminal session. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 120 If the severity level is not specified, the default of 2 is used. The configuration applies to Telnet and SSH sessions. Step 6 switch(config)# no logging (Optional) monitor [severity-level] Disables logging messages to Telnet and SSH sessions. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 121: Configuring System Message Logging To A File
Configures the name of the log file used to store system logfile-name severity-level [size messages and the minimum severity level to log. You can bytes] Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 122 Logging timestamp: Seconds Logging server: disabled Logging logfile: enabled Name - my_log: Severity - informational Size - 4194304 Facility Default Severity Current Session Severity -------- ---------------- ------------------------ aclmgr Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 123: Configuring Module And Facility Messages Logging
• 1 – alert • 2 – critical • 3 – error • 4 – warning • 5 – notification • 6 – informational • 7 – debugging Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 124: Configuring Logging Timestamps
The following example shows how to configure the severity level of module and specific facility messages: switch# configure terminal switch(config)# logging module 3 switch(config)# logging level aaa 2 Configuring Logging Timestamps You can configure the time-stamp units of messages logged by the Cisco Nexus Series switch. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode.
Page 125: Configuring Syslog Servers
However, if management is configured, it will not be listed in the output of the show-running command because it is the default. If a Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 126: Configuring Syslog On A Unix Or Linux System
You can configure a syslog server on a UNIX or Linux system by adding the following line to the /etc/syslog.conf file: facility.level <five tab characters> action The following table describes the syslog fields that you can configure. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 127: Configuring Syslog Server Configuration Distribution
$ kill -HUP ~cat /etc/syslog.pid~ Configuring syslog Server Configuration Distribution You can distribute the syslog server configuration to other switches in the network by using the Cisco Fabric Services (CFS) infrastructure. After you enable syslog server configuration distribution, you can modify the syslog server configuration and view the pending changes before committing the configuration for distribution.
Page 128 Displays information about the current state of the syslog info server distribution and the last action taken. Step 9 switch# copy running-config (Optional) startup-config Copies the running configuration to the startup configuration. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 129: Displaying And Clearing Log Files
Displays the console logging configuration. Displays the logging configuration. show logging info show logging internal info Displays the syslog distribution information. show logging ip access-list cache Displays the IP access list cache. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 130: Configuring Acl Logging
The log message is displayed on a flow basis. The flow is identified using the combination of IP source address, destination address, Layer 4 protocol, and the Layer 4 source/destination ports on an interface. The log message is generated based on the following conditions: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 131 However, applying such an ACL to any of the interfaces/vlans can be prevented. Mgmt0 supports permit logging. In the Cisco Nexus device, CTS is not supported, therefore RBACL is not supported. ACL logging is not supported for IPv6 and MAC ACLs. It is supported on all interfaces where PACL, RACL, VACL and VTY can be applied, including FEX HIF interfaces.
Page 132: Configuring The Acl Logging Cache
• Create an IP access list with at least one access control entry (ACE) configured for logging. • Configure the ACL logging cache. • Configure the ACL log match level. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 133: Configuring Vlan Access Map With Logging
This example shows how to create a VLAN access map for logging. switch# configure terminal switch(config)# vlan access-map vacl1 switch(config-access-map)# match ip address pacl1 switch(config-access-map)# action drop log switch(config-access-map)# exit switch(config)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 134: Configuring The Acl Log Match Level
This example shows how to set the rate limiter to 1000 packets per second. switch# configure terminal switch(config)# hardware rate-limiter access-list-log packets 1000 Clearing ACL Logs You can clear the ACL logs. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 135: Verifying Acl Logging
[detail] Displays the entries in cache and optionally additional details. Displays flow counts and rate limits show acllog status show acllog flows Displays the currently active logged flows. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 136 Configuring System Message Logging Verifying ACL Logging Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 137: Configuring Smart Call Home
Technical Assistance Center (TAC). If you have a service contract directly with Cisco, you can register your devices for the Smart Call Home service. Smart Call Home provides fast resolution of system problems by analyzing Smart Call Home messages sent from your devices and providing background information and recommendations.
Page 138: Smart Call Home Overview
You can also configure a destination profile to allow periodic inventory update messages by using the inventory alert group that will send out periodic messages daily, weekly, or monthly. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 139: Smart Call Home Alert Groups
Smart Call Home Alert Groups An alert group is a predefined subset of Smart Call Home alerts that are supported in all Cisco Nexus devices. Alert groups allow you to select the set of Smart Call Home alerts that you want to send to a predefined or custom destination profile.
Page 140: Smart Call Home Message Levels
0 (the switch sends all messages). Smart Call Home messages that are sent for syslog alert groups have the syslog severity level mapped to the Smart Call Home message level. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 141: Call Home Message Formats
• Common fields for all full text and XML messages • Inserted fields for a reactive or proactive event message • Inserted fields for an inventory event message • Inserted fields for a user-generated test message Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 142 /aml/header/type reactive or proactive. Message group Name of alert group, such as /aml/header/group syslog. Severity level Severity level of message. /aml/header/level Source ID Product type for routing. /aml/header/source Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 143 ID by any support service. Site ID Optional user-configurable field /aml/ header/siteID used for Cisco-supplied site ID or other data meaningful to alternate support service. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 144 Chassis serial number of the unit. /aml/body/chassis/serialNo Chassis part number Top assembly number of the /aml/body/chassis/partNo chassis. Fields specific to a particular alert group message are inserted here. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 145 Table 21: Inserted Fields for an Inventory Event Message Data Item (Plain Text and XML) Description (Plain Text and XML) XML Tag (XML Only) Chassis hardware version Hardware version of the chassis. /aml/body/chassis/hwVersion Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 146: Guidelines And Limitations For Smart Call Home
• You must have access to contact name (SNMP server contact), phone, and street address information. • You must have IP connectivity between the switch and the e-mail server. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 147: Default Call Home Settings
• Know the sMARTnet contract number for your switch • Know your e-mail address • Know your Cisco.com ID Procedure Step 1 In a browser, navigate to the Smart Call Home web page: http://www.cisco.com/go/smartcall/ Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 148: Configuring Contact Information
The contract-number can be up to 255 alphanumeric characters. Step 8 switch(config-callhome)# (Optional) customer-id customer-number Configures the customer number for this switch from the service agreement. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 149: Creating A Destination Profile
You must create a user-defined destination profile and configure the message format for that new destination profile. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 150: Modifying A Destination Profile
• Message level—The Call Home message severity level for this destination profile. • Message size—The allowed length of a Call Home message sent to the e-mail addresses in this destination profile. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 151 5 switch(config-callhome)# destination-profile full-text-destination message-size 10000 switch(config-callhome)# What to Do Next Associate an alert group with a destination profile. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 152: Associating An Alert Group With A Destination Profile
You can assign a maximum of five user-defined show commands to an alert group. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode. Step 2 switch(config)# callhome Enters Smart Call Home configuration mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 153: Configuring E-Mail Server Details
The following example shows how to add the show ip routing command to the Cisco-TAC alert group: switch# configuration terminal switch(config)# callhome switch(config-callhome)# alert-group Configuration user-def-cmd show ip routing...
Page 154: Configuring Periodic Inventory Notifications
The interval days range is from 1 to 30 days. [interval days] [timeofday time] The default is 7 days. The timeofday time is in HH:MM format. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 155: Disabling Duplicate Message Throttling
The following example shows how to disable duplicate message throttling: switch# configuration terminal switch(config)# callhome switch(config-callhome)# no duplicate-message throttle switch(config-callhome)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 156: Enabling Or Disabling Smart Call Home
Smart Call Home testing fails when the message level for the destination profile is set to 3 or higher. Important Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 157: Verifying The Smart Call Home Configuration
Displays the running configuration for Smart Call Home. show startup-config callhome Displays the startup configuration for Smart Call Home. Displays the technical support output for Smart Call show tech-support callhome Home. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 158: Sample Syslog Alert Notification In Full-Text Format
<soap-env:Envelope xmlns:soap-env="http://www.w3.org/2003/05/soap-envelope"> <soap-env:Header> <aml-session:Session xmlns:aml-session="http://www.example.com/2004/01/aml-session" soap-env:mustUnderstand="true" soap-env:role= "http://www.w3.org/2003/05/soap-envelope/role/next"> <aml-session:To>http://tools.example.com/services/DDCEService</aml-session:To> <aml-session:Path> <aml-session:Via>http://www.example.com/appliance/uri</aml-session:Via> </aml-session:Path> <aml-session:From>http://www.example.com/appliance/uri</aml-session:From> <aml-session:MessageId>M2:69000101:C9D9E20B</aml-session:MessageId> </aml-session:Session> </soap-env:Header> <soap-env:Body> <aml-block:Block xmlns:aml-block="http://www.example.com/2004/01/aml-block"> <aml-block:Header> <aml-block:Type>http://www.example.com/2005/05/callhome/syslog</aml-block:Type> <aml-block:CreationDate>2007-04-25 14:19:55 GMT+00:00</aml-block:CreationDate> <aml-block:Builder> <aml-block:Name>Cat6500</aml-block:Name> <aml-block:Version>2.0</aml-block:Version> </aml-block:Builder> <aml-block:BlockGroup> Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 159 00:01:05: %SYS-5-CONFIG_I: Configured from memory by console 00:01:09: %SYS-5-RESTART: System restarted --Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_DBG-VM), Experimental Version 12.2(20070421:012711) Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Thu 26-Apr-07 15:54 by xxx Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 160 Cisco DCOS Software, c6slc Software (c6slc-SPDBG-VM), Experimental Version 4.0 (20080421:012711)Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 26-Apr-08 16:40 by username1 00:00:25: DFC1: Currently running ROMMON from F2 region Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 161 PFC and will perform at current system operating mode. 00:07:06: %OIR-SP-6-INSCARD: Card inserted in slot 8, interfaces are now online Router#]]> </aml-block:Data> </aml-block:Attachment> </aml-block:Attachments> </aml-block:Block> </soap-env:Body> </soap-env:Envelope> Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 162 Configuring Smart Call Home Sample Syslog Alert Notification in XML Format Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 163: C H A P T E
You can create a checkpoint copy of the current running configuration at any time. Cisco NX-OS saves this checkpoint as an ASCII file which you can use to roll back the running configuration to the checkpoint configuration at a future time.
Page 164: Creating A Checkpoint
• Checkpoint names must be unique. You cannot overwrite previously saved checkpoints with the same name. • Checkpoints are not supported post upgrade or downgrade. • The Cisco NX-OS commands may differ from the Cisco IOS commands. Creating a Checkpoint You can create up to ten checkpoints of your configuration per switch.
Page 165: Implementing A Rollback
Verifying the Rollback Configuration Use the following commands to verify the rollback configuration: Command Purpose show checkpoint name [ all] Displays the contents of the checkpoint name. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 166 | startup-config | file dest-file} show rollback log [exec | verify] Displays the contents of the rollback log. Use the clear checkpoint database command to delete all checkpoint files. Note Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 167: Configuring Dns
A name server may also store information about other parts of the domain tree. To map domain names to IP addresses in Cisco NX-OS, you must first identify the hostnames, then specify a name server, and enable the DNS service.
Page 168: Dns Operation
High Availability Cisco NX-OS supports stateless restarts for the DNS client. After a reboot or supervisor switchover, Cisco NX-OS applies the running configuration. Prerequisites for DNS Clients The DNS client has the following prerequisites: •...
Page 169: Configuring Dns Clients
VRF that you configured this domain name under. Cisco NX-OS uses each entry in the domain list to append that domain name to any hostname that does not contain a complete domain name before starting a domain-name lookup.
Page 170 The following example shows how to configure a default domain name and enable DNS lookup: switch# config t switch(config)# vrf context management switch(config)# ip domain-name mycompany.com switch(config)# ip name-server 172.68.0.10 switch(config)# ip domain-lookup Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 171: Configuring Snmp
• An SNMP agent—The software component within the managed device that maintains the data for the device and reports these data, as needed, to managing systems. The Cisco Nexus device supports the agent and MIB. To enable the SNMP agent, you must define the relationship between the manager and the agent.
Page 172: Snmp Notifications
The switch cannot determine if the trap was received. An SNMP manager that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the Cisco Nexus device never receives a response, it can send the inform request again.
Page 173: Security Models And Levels For Snmpv1, V2, And V3
HMAC-MD5 or HMAC-SHA algorithms. Provides Data Encryption Standard (DES) 56-bit encryption in addition to authentication based on the Cipher Block Chaning (CBC) DES (DES-56) standard. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 174: User-Based Security Model
• HMAC-MD5-96 authentication protocol • HMAC-SHA-96 authentication protocol Cisco NX-OS uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3 message encryption and conforms with RFC 3826. The priv option offers a choice of DES or 128-bit AES encryption for SNMP security encryption. The priv option and the aes-128 token indicates that this privacy password is for generating a 128-bit AES key #.The...
Page 175: Group-Based Snmp Access
Licensing Requirements for SNMP This feature does not require a license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Page 176: Default Snmp Settings
Enabled linkUp/Down notification type ietf-extended Configuring SNMP Configuring SNMP Users The commands used to configure SNMP users in Cisco NX-OS are different from those used to configure Note users in Cisco IOS. Procedure Command or Action Purpose Step 1 Enters global configuration mode.
Page 177: Enforcing Snmp Message Encryption
You can configure SNMP to require authentication or encryption for incoming requests. By default, the SNMP agent accepts SNMPv3 messages without authentication and encryption. When you enforce privacy, Cisco NX-OS responds with an authorization error for any SNMPv3 PDU request that uses a security level parameter of either noAuthNoPriv or authNoPriv.
Page 178: Creating Snmp Communities
The ACL applies to both IPv4 and IPv6 over UDP and TCP. After creating the ACL, assign the ACL to the SNMP community. For more information about creating ACLs, see the NX-OS security configuration guide for the Cisco Nexus Series software that you are using.
Page 179 192.0.2.1 informs version 2c public The following example shows how to configure a host receiver for an SNMPv3 inform: switch(config)# snmp-server host 192.0.2.1 informs version 3 auth NMS Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 180: Configuring Snmp Notification Receivers With Vrfs
Configuring SNMP Notification Receivers with VRFs Configuring SNMP Notification Receivers with VRFs You can configure Cisco NX-OS to use a configured VRF to reach the host receiver. SNMP adds entries into the cExtSnmpTargetVrfTable of the CISCO-SNMP-TARGET-EXT-MIB when you configure the VRF reachability and filtering options for an SNMP notification receiver.
Page 181: Configuring A Source Interface For Sending Out All Snmp Notifications
2/1 This example shows how to configure a source interface to sending out SNMPv2c traps: switch# configure terminal switch(config) # snmp-server source-interface traps ethernet 2/1 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 182: Configuring A Host Receiver For Snmp Notifications
• Using SNMP v2 with context—The SNMP client needs to specify the context by specifying a community; for example, <community>@<context>. • Using SNMP v3—You can specify the context. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 183: Enabling Snmp Notifications
Enabling SNMP Notifications You can enable or disable notifications. If you do not specify a notification name, Cisco NX-OS enables all notifications. The snmp-server enable traps CLI command enables both traps and informs, depending on the configured Note notification host receivers.
Page 184 CISCO-FSPF-MIB snmp-server enable traps fspf CISCO-PSM-MIB snmp-server enable traps port-security CISCO-RSCN-MIB snmp-server enable traps rscn snmp-server enable traps rscn els snmp-server enable traps rscn ils Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 185: Configuring Link Notifications
You can configure which linkUp/linkDown notifications to enable on a device. You can enable the following types of linkUp/linkDown notifications: • cieLinkDown—Enables the Cisco extended link state down notification. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 186: Disabling Link Notifications On An Interface
Specifies the interface to be changed. Step 3 switch(config -if)# no snmp trap Disables SNMP link-state traps for the interface. link-status This feature is enabled by default. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 187: Enabling One-Time Authentication For Snmp Over Tcp
You can configure an SNMP context to map to a logical network entity, such as a protocol instance or VRF. Procedure Command or Action Purpose Step 1 switch# configuration terminal Enters global configuration mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 188: Modifying The Aaa Synchronization Time
Modifying the AAA Synchronization Time You can modify how long Cisco NX-OS holds the synchronized user configuration. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode.
Page 189: Disabling Snmp
Displays SNMP roles. Displays SNMP sessions. show snmp sessions show snmp trap Displays the SNMP notifications enabled or disabled. show snmp user Displays SNMPv3 users. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 190 Configuring SNMP Verifying the SNMP Configuration Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 191: Chapter 1 5 Configuring Rmon
You can use alarms with RMON events to generate a log entry or an SNMP notification when the RMON alarm triggers. RMON is disabled by default and no events or alarms are configured in Cisco Nexus devices. You can configure your RMON alarms and events by using the CLI or an SNMP-compatible network management station.
Page 192: Rmon Events
• Sample type—Absolute samples take the current snapshot of the MIB object value. Delta samples take two consecutive samples and calculate the difference between them. • Rising threshold—The value at which the Cisco Nexus device triggers a rising alarm or resets a falling alarm.
Page 193: Configuring Rmon
Step 4 switch# show rmon {alarms | hcalarms} (Optional) Displays information about RMON alarms or high-capacity alarms. Step 5 switch# copy running-config startup-config (Optional) Saves this configuration change. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 194: Configuring Rmon Events
Use the following commands to verify the RMON configuration information: Command Purpose show rmon alarms Displays information about RMON alarms. Displays information about RMON events. show rmon events Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 195: Default Rmon Settings
Default RMON Settings The following table lists the default settings for RMON parameters. Table 27: Default RMON Parameters Parameters Default Alarms None configured. Events None configured. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 196 Configuring RMON Default RMON Settings Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 197: Chapter
• Configuring a SPAN-on-Drop Session, page 187 • Configuring a SPAN-on-Latency Session, page 188 • Activating a SPAN Session, page 189 • Suspending a SPAN Session, page 190 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 198: Configuring Span
Information About SPAN SPAN Sources SPAN sources refer to the interfaces from which traffic can be monitored. The Cisco Nexus device supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VSANs and VLANs as SPAN sources. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources.
Page 199: Span Destinations
• The maximum number of SPAN sessions supported on the Nexus 5000 Series and Nexus 5500 Series switches is 4. • The maximum number of SPAN sessions supported on the Nexus 5600 Series and Nexus 6000 Series switches is 16.
Page 200: Span With Acl
Memory (TCAM) entries for interface SPAN sources are always programmed before the TCAM entries for VLAN SPAN sources. SPAN traffic is rate-limited as follows on Cisco Nexus devices to prevent a negative impact to production traffic: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x...
Page 201 • Span-on-Latency Source cannot be part of any other span session i.e. Local Span or Span-on-drop. • ACL based SOL is not supported. The following limitations apply to SPAN (local SPAN) session Access Control Lists (ACL) configurations: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 202 • SPAN has a HIF Port Channel (with one or more member HIF ports) as source with Rx only • The following guidelines apply when configuring local SPAN sessions with ACLs: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 203: Creating Or Deleting A Span Session
The following example shows how to configure a SPAN monitor session: switch# configure terminal switch(config) # monitor session 2 switch(config) # Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 204: Configuring An Ethernet Destination Port
The following example shows how to configure a virtual ethernet (VETH) SPAN destination port: switch# configure terminal switch(config)# interface vethernet10 switch(config-if)# switchport monitor switch(config-if)# exit switch(config)# monitor session 2 switch(config-monitor)# destination interface vethernet10 switch(config-monitor)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 205: Configuring Mtu Truncation For Each Span Session
Configuring the Rate Limit for SPAN Traffic By configuring a rate limit for SPAN traffic to 1Gbps across the entire monitor session, you can avoid impacting the monitored production traffic. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 206: Configuring Source Ports
The following example shows how to configure a virtual Fibre Channel SPAN source port: switch# configure terminal switch(config)# monitor session 2 switch(config-monitor)# source interface vfc 129 switch(config-monitor)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 207: Configuring Source Port Channels, Vsans, Or Vlans
2 switch(config-monitor)# source vsan 1 switch(config-monitor)# Configuring the Description of a SPAN Session For ease of reference, you can provide a descriptive name for a SPAN session. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 208: Configuring An Acl Filter For A Span Session
Copies the running configuration to the startup configuration. This example shows how to configure an ACL filter for a SPAN session: switch# configure terminal switch(config) # monitor session 3 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 209: Configuring A Span-On-Drop Session
# monitor session 3 type span-on-drop switch(config-span-on-drop) # description span-on-drop-session_3 switch(config-span-on-drop) # source interface ethernet 1/3 switch(config-span-on-drop) # destination interface ethernet 1/2 switch(config) # copy running-config startup-config switch(config) # Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 210: Configuring A Span-On-Latency Session
ID or a new session type. Step 6 description description Adds a description to the session configuration. Example: switch(config-span-on-latency)# description SPAN-on-Latency-session Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 211: Activating A Span Session
Opens the specified SPAN session or all session-number} shut sessions. The following example shows how to activate a SPAN session: switch# configure terminal switch(config) # no monitor session 3 shut Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 212: Suspending A Span Session
Troubleshooting SPAN session with large number of source ports issues Table 28: Troubleshooting SPAN session with large number of source ports Problem Solution Recommendation Description Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 213: Displaying Span Information
The following example shows how to display SPAN session information: switch# show monitor SESSION STATE REASON DESCRIPTION ------- ----------- ---------------------- -------------------------------- The session is up down Session suspended down No hardware resource Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 214: Configuration Example For A Span Acl
# monitor session 11 type span-on-latency switch(config-span-on-latency) # description span-on-latency-session_11 switch(config-span-on-latency) # source interface ethernet 1/3 switch(config-span-on-latency) # destination interface ethernet 1/1 switch(config-span-on-latency) # mtu 1500 switch(config) # copy running-config startup-config switch(config) # Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 215: Configuring Erspan
Additional References, page 217 Information About ERSPAN The Cisco NX-OS system supports the Encapsulated Remote Switching Port Analyzer (ERSPAN) feature on both source and destination ports. ERSPAN transports mirrored traffic over an IP network. The traffic is encapsulated at the source router and is transferred across the network. The packet is decapsulated at the destination router and then sent to the destination interface.
Page 216: Monitored Traffic
• For a source VLAN or source VSAN, the ERSPAN can monitor only ingress traffic. ERSPAN Types Cisco NX-OS Release 7.1(1)N1(1) supports two types of ERSPAN—ERSPAN Type II (default) and ERSPAN Type III. All previous Cisco NX-OS releases support only ERSPAN Type II.
Page 217: Erspan Sources
• Destination ports do not participate in any spanning tree instance or any Layer 3 protocols. • Ingress and ingress learning options are not supported on monitor destination ports. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 218: Truncated Erspan
The default is no truncation so switches or routers receiving large ERSPAN packets might drop these oversized packets. Note Do not enable the truncated ERSPAN feature if the destination ERSPAN router is a Cisco Nexus 6001 or Cisco Nexus 6004 switch because the Cisco Nexus 6000 Series switch drops these truncated packets. ERSPAN with ACL With ERSPAN traffic the destination is remote and the overall impact of bandwidth congestion can be significant.
Page 219: Multiple Erspan Sessions
14 sessions. In such a scenario, an additional TCAM entry has to be programmed to handle egress multicast traffic on a Network Interface (NIF) port. • The maximum number of ports for each ERSPAN session is 128. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 220 • Due to system limitations, the extent to which an ACL associated to ERSPAN session can scale depends on the how the SPAN source is configured. The following table shows different scenarios and the corresponding maximum ACL size supported. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 221 ERSPAN has single HIF Ports as source with both Current Available TCAM Entries/3 Tx and Rx. ERSPAN has multiple HIF Ports as source with Current Available TCAM Entries/4 both Tx and Rx. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 222 (using the no filter access-group current acl name command), and then configure the new filter access group (using the filter access-group new acl name command). Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 223: Guidelines And Limitations For Erspan Type Iii
1024. The same session number cannot be used more type erspan-source than once. switch(config-erspan-src)# The session IDs for source sessions are in the same global ID space, so each session ID is globally unique. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 224 Configures the VRF to use instead of the global routing table. You can use a VRF that you have specifically configured or the default VRF. Example: switch(config-erspan-src)# vrf default Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 225: Configuring An Erspan Type Iii Source Session
Configuring an ERSPAN Type III Source Session Procedure Command or Action Purpose Step 1 configuration terminal Enters global configuration mode. Example: switch# config t switch(config)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 226 Step 7 source interface { ethernet Associates the ERSPAN source session number with the source ports (1-255). slot/chassis number | portchannel number } Example: switch(config-erspan-src)# source interface eth 1/1 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 227 On Cisco Nexus 5000 Series switches, only two Example: ERSPAN source sessions can be running switch(config-erspan-src)# no shut simultaneously. On Cisco Nexus 5500 Series switches, up to four source sessions can be running simultaneously. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 228: Configuring Truncated Erspan
ID or session type, use the no version of the command to remove the session and then re-create the session through the command with a new session ID or a new session type. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 229: Configuring An Erspan Destination Session
Example: switch(config)# interface ethernet switch(config-if)# Step 3 switchport Configures switchport parameters for the selected slot and port or range of ports. Example: switch(config-if)# switchport Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 230 You can configure only interfaces as a destination. slot/port[-port], [type slot/port [port]]] [port-channel channel-number]]} You can configure destination ports as Note trunk ports. Example: switch(config-erspan-dst)# destination interface ethernet 2/5 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 231: Configuring An Erspan Span-On-Drop Session
Use the monitor session command to configure an ERSPAN SPAN-on-Drop session. Each session is identified by a unique session number. Note There can only be one active SPAN-on-Drop or SPAN-on-Drop ERSPAN session at any time. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 232: Configuring An Erspan Span-On-Latency Session
Configuring an ERSPAN SPAN-on-Latency Session You can configure an MTU size for the ERSPAN traffic to reduce the amount of fabric or network bandwidth used in sending ERSPAN packets. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 233 Specifies the Ethernet interface to use as the source SPAN port. Example: You can configure multiple SPAN source Note switch(config-span-on-latency-erspan)# ports. source interface ethernet 1/3 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 234: Shutting Down Or Activating An Erspan Session
Because only a specific number of ERSPAN sessions can be running simultaneously, you can shut down a session to free hardware resources to enable another session. By default, ERSPAN sessions are created in the shut state. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 235 Example: switch(config-erspan-src)# monitor session 3 type erspan-destination Step 6 shut Shuts down the ERSPAN session. By default, the session is created in the shut state. Example: switch(config-erspan-src)# shut Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 236: Verifying The Erspan Configuration
{all | session-number | range Displays the ERSPAN session configuration. session-range} show running-config monitor Displays the running ERSPAN configuration. Displays the ERSPAN startup configuration. show startup-config monitor Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 237: Configuration Examples For Erspan
This example shows how to configure an IP address as the source for an ERSPAN session: switch# configure terminal switch(config)# monitor erspan origin ip-address 192.0.2.1 switch(config)# exit switch(config)# copy running-config startup config Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 238: Configuration Example For Truncated Erspan
This example shows how to configure an ERSPAN SPAN-on-Drop session: switch# configure terminal switch(config) # monitor session 47 type span-on-drop-erspan switch(config-span-on-drop-erspan) # description span-on-drop-erspan-session_47 switch(config-span-on-drop-erspan) # source interface ethernet 1/3 switch(config-span-on-drop-erspan) # destination ip 10.1.1.1 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 239: Configuration Example For Erspan Span-On-Latency Session
Related Topic Document Title ERSPAN commands: complete command syntax, Cisco Nexus NX-OS System Management Command command modes, command history, defaults, usage Reference for your platform. guidelines, and examples Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 240 Configuring ERSPAN Related Documents Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 241: Configuring Ntp
• A stratum 1 time server is directly attached to an authoritative time source (such as a radio or atomic clock or a GPS time source). • A stratum 2 NTP server receives its time through NTP from a stratum 1 time server. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 242: Ntp As Time Server
Before synchronizing, NTP compares the time reported by several network devices and does not synchronize with one that is significantly different, even if it is a stratum 1. Because Cisco NX-OS cannot connect to a radio or atomic clock and act as a stratum 1 server, we recommend that you use the public NTP servers available on the Internet.
Page 243: Licensing Requirements
• If you use CFS to distribute NTP, all devices in the network should have the same VRFs configured as you use for NTP. • If you configure NTP in a VRF, ensure that the NTP server and peers can reach each other through the configured VRFs. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 244: Default Settings For Ntp
Configuring NTP Default Settings for NTP • You must manually distribute NTP authentication keys on the NTP server and Cisco NX-OS devices across the network. • Use NTP broadcast or multicast associations when time accuracy and reliability requirements are modest, your network is localized, and the network has more than 20 clients.
Page 245: Configuring The Device As An Authoritative Ntp Server
This example shows how to configure the Cisco NX-OS device as an authoritative NTP server with a different stratum level: switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z.
Page 246: Configuring An Ntp Server And Peer
Use the use-vrf keyword to configure the NTP peer to communicate over the specified VRF. The vrf-name argument can be default, management, or any case-sensitive alphanumeric string up to 32 characters. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 247: Configuring Ntp Authentication
The range for trusted keys is from 1 to 65535. This command provides protection against accidentally synchronizing the device to a time source that is not trusted. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 248: Configuring Ntp Access Restrictions
• The peer keyword enables the device to receive time requests and NTP control queries and to synchronize itself to the servers specified in the access list. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 249: Configuring The Ntp Source Ip Address
The ip-address can be in IPv4 or IPv6 format. This example shows how to configure an NTP source IP address of 192.0.2.2. switch# configure terminal switch(config)# ntp source 192.0.2.2 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 250: Configuring The Ntp Source Interface
Displays the NTP logging configuration status. logging-status Step 4 switch(config)# copy running-config (Optional) startup-config Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 251: Enabling Cfs Distribution For Ntp
When you commit the NTP configuration changes, the effective database is overwritten by the configuration changes in the pending database and all the devices in the network receive the same configuration. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 252: Discarding Ntp Configuration Changes
Discarding NTP Configuration Changes After making the configuration changes, you can choose to discard the changes instead of committing them. If you discard the changes, Cisco NX-OS removes the pending database changes and releases the CFS lock. Procedure Command or Action...
Page 253: Verifying The Ntp Configuration
{ipaddr {ipv4-addr} | name peer-name}} show ntp status Displays the NTP CFS distribution status. show ntp trusted-keys Displays the configured NTP trusted keys. show running-config ntp Displays NTP information. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 254: Configuration Examples For Ntp
10 permit ip host 10.1.1.1 any switch(config-acl)# 20 permit ip host 10.8.8.8 any Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 255 10 permit ip host 10.6.6.6 any switch(config-acl)# 20 permit ip host 10.7.7.7 any switch(config)# ip access-list query-only-acl switch(config-acl)# 10 permit ip host 10.2.2.2 any switch(config-acl)# 20 permit ip host 10.3.3.3 any Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 256 Configuring NTP Configuration Examples for NTP Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 257: Configuring Eem
EEM consists of three major components: • Event statements—Events to monitor from another Cisco NX-OS component that might require some action, workaround, or notification. • Action statements—An action that EEM can take, such as sending an e-mail, or disabling an interface, to recover from an event.
Page 258: Eem Policies
(the default option). EEM maintains event logs on the supervisor. Cisco NX-OS has a number of preconfigured system policies. These system policies define many common events and actions for the device. System policy names begin with two underscore characters (__).
Page 259: Eem Event Statement
If you want to allow the triggered event to process any default actions, you must configure the EEM policy Note to allow the event default action statement. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 260: Eem Action Statements
Boolean operators (and, or, andnot), with the count and time, you can define a combination of these events to trigger a custom action. For information about configuring EEM event correlation, see Defining a User Policy Using the CLI, on Note page 241. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 261: Eem Virtualization Support
EEM Virtualization Support EEM Virtualization Support You configure EEM in the virtual device context (VDC) that you are logged into. By default, Cisco NX-OS places you in the default VDC. You must be in this VDC to configure policies for module-based events.
Page 262: Default Settings For Eem
Enclose the string in quotation marks. Step 4 switch(config)# copy running-config (Optional) startup-config Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 263: Defining A User Policy Using The Cli
[module policy. module-id] Step 8 switch(config-applet)# copy Saves the change persistently through reboots and restarts by copying the running configuration to the running-config startup-config startup configuration. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 264: Event Statement Configuration
Triggers an event if a fan fails for more than the configured time, in seconds. The number range is Example: module dependent. The seconds range is from 10 to switch(config-applet)# event fanbad time 3000 64000. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 265 Triggers an event if the specified system manager major-percent minor minor-percent clear memory threshold is exceeded. The range for the clear-percent percentage is from 1 to 99. Example: switch(config-applet)# event sysmgr memory minor Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 266: Action Statement Configuration
The action label is in the format number1.number2. Example: number can be any number up to 16 digits. The range switch(config-applet)# action 1.0 event-default for number2 is from 0 to 9. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 267: Defining A Policy Using A Vsh Script
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command. Ensure that you are logged in with administrator privileges. Ensure that your script name is the same name as the script filename. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 268: Registering And Activating A Vsh Script Policy
Overriding a Policy You can override a system policy. Before You Begin Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 269: Configuring The Syslog As An Eem Publisher
1.0 syslog priority warnings msg "Link is flapping." switch(config-applet)# show event manager policy-state ethport switch(config-applet)# copy running-config startup-config Configuring the Syslog as an EEM Publisher You can monitor syslog messages from the switch. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 270 This example shows how to configure the syslog as an EEM publisher: switch# configure terminal switch(config)# event manager applet abc switch(config-applet)# event syslog occurs 10 switch(config-applet)# copy running-config startup-config Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 271: Defining A User Policy Using The Cli To Trigger A Tcl Script
Sample Tcl file (Vlan.tcl). Copy this file to the bootflash. Running the file creates 99 VLANs and names them. set i 1 while {$i<100} { cli configure terminal cli vlan $i cli name VLAN$i cli no shutdown Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 272: Defining A User Policy Using The Cli To Trigger A Python Script
244. action-statementpython-filename Repeat Step 6 for multiple action statements. Step 7 switch(config-applet)# show event Displays information about the status of the configured manager policy-state name [module policy. module-id] Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 273: Verifying The Eem Configuration
Displays information about the policy state, including thresholds. show event manager script system [policy-name | Displays information about the script policies. all] show event manager system-policy [all] Displays information about the predefined system policies. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 274: Configuration Examples For Eem
“copy run start” switch(config-applet)# event syslog tag three pattern “hello” switch(config-applet)# tag one or two or three happens 1 in 120 switch(config-applet)# action 1.0 reload module 1 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 275: Configuring Openflow
Cisco ONE Platform Kit provides the ability to host Cisco internal or external third party applications on or adjacent to Cisco’s networking infrastructure, and enables programmatic access to networking services in a controlled and consistent manner.
Page 276: Openflow Limitations
OpenFlow Limitations OpenFlow Limitations The Cisco Nexus 5500 and Cisco Nexus 6000 switches do not support the OpenFlow action to rewrite the layer-2 destination MAC address. Therefore, the XNC controller use cases such as Topology Independent Forwarding and Latency Optimized Forwarding may not be work correctly on the Cisco Nexus 5500 and Cisco Nexus 6000 switches.
Page 277: Supported Actions
OpenFlow policies can be applied to the ACL-table and the MAC-table. OpenFlow relates tables by means of the ‘pipeline’ concept. The Cisco Nexus device supports two pipelines, 201 and 202. You can toggle the pipeline between 201and 202 by entering the pipeline id command in the openflow-agent logical switch configuration.
Page 278: Prerequisites For Openflow
The OpenFlow agent requires the Cisco Nexus device to be configured with OpenFlow specific commands in order to support topology discovery and the installation of flows. The Cisco Nexus device works in a hybrid mode so that the default commands from the startup-config file are executed upon boot up. This might create an undesirable effect and therefore must be changed.
Page 279: Setting Up An Openflow Virtual Service
Setting Up an OpenFlow Virtual Service Template Based TCAM Carving for OpenFlow The Cisco Nexus device supports template-based TCAM carving. To configure OpenFlow on the device, you must make a number of changes to the TCAM carving regions using the template based TCAM carving commands.
Page 280: Configuring The Openflow Switch
Step 5 controller ipv4 ipv4-address port Establishes the connection with the controller over port-numbervrf vrf-name security {none | the specified VRF. tls} You can disable or enable the TLS. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 281: Verifying Openflow
Example: switch(config-ofa)# exit Verifying OpenFlow Use one of the following commands to verify the configuration: Command Purpose show running-config | section openflow Displays the OpenFlow running configuration information. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 282 Displays information about the OpenFlow agent flows. show openflow openflow-agent switch number ports Displays information about the OpenFlow agent port status. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 283: Configuring Netflow
Flexible NetFlow enables enhanced network anomalies and security detection. Flexible NetFlow allows you to define an optimal flow record for a particular application by selecting the keys from a large collection of predefined fields. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 284: Flow Record
NetFlow gathers for the flow. You can define a flow record with any combination of keys and fields of interest. Cisco NX-OS supports a rich set of keys. A flow record also defines the types of counters gathered per flow. You can configure 32-bit or 64-bit packet or byte counters. The key fields are specified with the match keyword.
Page 285: Specifying The Match Parameters
Example: The match transport Note switch(config-flow-record)# match transport destination-port and the match ip destination-port protocol commands are required to export Layer 4 port data. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 286: Netflow Collect Parameters
Example: that 64-bit counters are used. switch(config-flow-record)# switch(config-flow-record)# collect counter packets Collects the sampler identifier used for the collect flow sampler id flow. Example: switch(config-flow-record)# collect flow sampler Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 287: Sampled Netflow
The sampling mode supported is M out of N (M:N), where M packets are selected randomly out of every N packets for sampling, and only those packets can create flows. The lowest possible sampling rate on the Cisco Nexus 6000 series is 1:64K packets. The following table shows the different packet rates for different port...
Page 288: How To Configure Netflow
• Define one or many flow exporters by specifying export format, protocol, destination and other parameters. • Define a flow monitor based on the above flow record and flow exporter(s). • Apply the flow monitor to an interface with a sampling method specified. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 289: Enabling The Netflow Feature
Example: switch(config)# flow record IPv4Flow Step 3 descriptionstring Describes this flow record. Example: switch(config-flow-record)# description Ipv4flow Step 4 matchtype Specifies the match key. Example: switch(config-flow-record)# match transport destination-port Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 290: Creating A Flow Exporter
VRF name. switch(config-flow-exporter)# destination 192.0.2.1 Step 4 source interface-type name/port Specifies the interface to use to reach the NetFlow collector at the configured destination. Example: switch(config-flow-exporter)# source ethernet 2/1 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 291 Step 13 copy running-config startup-config (Optional) Saves the change persistently through reboots and restarts by copying the running configuration Example: to the startup configuration. switch(config)# copy running-config startup-config Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 292: Creating A Flow Monitor
Step 7 copy running-config startup-config (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to Example: the startup configuration. switch(config)# copy running-config startup-config Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 293: Creating A Sampler
Applying a Flow Monitor to an Interface You can not apply a flow monitor to an egress interface, only ingress Netflow is supported. Note Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 294: Configuring Bridged Netflow On A Vlan
Example: startup configuration. switch(config)# copy running-config startup-config Configuring Bridged NetFlow on a VLAN You can apply a flow monitor and a sampler to a VLAN. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 295: Configuring Netflow Timeouts
You can optionally configure global NetFlow timeouts that apply to all flows in the system. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 296: Verifying The Netflow Configuration
You can enter up to 63 alphanumeric characters for the sampler name. Displays information about NetFlow hardware IP show hardware ip flow flows. show running-config netflow Displays the NetFlow configuration that is currently on your device. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 297: Monitoring Netflow
1 out-of 65536 flow monitor pw record pw exporter pw interface Ethernet2/9 ip flow monitor pw input sampler testsampler Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 298 Configuring NetFlow Example: Configuring a NetFlow Exporter Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 299: Soft Reload
Soft Reload Debugging Syslogs are generated during various stages of a soft reload indicating the current health of a switch. The following syslogs can be used for debugging Soft Reload: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 300: Licensing Requirements For Soft Reload
• A normal switch reload is attempted if a soft reload due to a process crash fails. • A soft reload is not triggered when the following scenarios occur: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 301: Default Setting For Soft Reload
• After a soft reload, we recommend not making any configuration changes until a manual switch reload is done. Default Setting for Soft Reload Parameter Default Soft Reload Disabled Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 302: Configuring Soft Reload
This example shows a verification command that displays the status of the soft reload, followed by the command to initiate a manual soft reload. show system soft-reload status Soft-reload is disabled Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 303: Configuration Examples For Soft Reload
Related Topic Document Title Command reference Cisco Nexus 5600 Series NX-OS System Management Command Reference Feature History for Soft Reload This table lists the release history for this feature. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 304 You can also use the soft-reload command to trigger a manual soft reload of the switch. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 305: Information About Gir
In Cisco NX-OS Release 7.1(0)N1(1), the default mode for GIR is “shutdown”. When you place the switch in maintenance mode, all protocols are gracefully brought down and all physical ports are shut down. When normal mode is restored, all the protocols and ports are brought back up.
Page 306: Configuring Gir (Cisco Nx-Os Release 7.3(0)N1(1))
• Interfaces • FabricPath Starting with Cisco NX-OS Release 7.3(0)N1(1), the default mode for GIR is “isolate”. Use the system mode maintenance command to put all the enabled protocols in maintenance mode. The switch will use the isolate command to isolate the protocols from the network. The switch will then be isolated from the network but is not shut down.
Page 307: Maintenance Profile
GIR as in the Cisco NX-OS Release 7.1(0)N1(1). • When you cold boot a switch that has custom profile configured and is running a Cisco NX-OS Release 7.3(1)N1(1) image to any other Cisco NX-OS Release that does not support maintenance mode, the same configuration file cannot be used after write-erase reload.
Page 308: Unplanned Maintenance
The timer will then restart from that instant with the new timer value. Once the configured time elapses, the switch returns to normal mode automatically without using the no system mode maintenance mode command. Use the no system mode maintenance timeout command to disable the timer. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 309: Snapshot
You can then compare the new after_maintenance snapshot with the before_maintenance snapshot. Starting with Cisco NX-OS release 8.0(1), the [no] system mode maintenance command has been enhanced to execute a normal mode profile and activate a timer ensuring that sufficient time is provided for the switch to complete any hardware programming that may be going on before the after_maintenance snapshot is taken.
Page 310 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 311: Suppress Fib Pending
FEX Group GIR Functionality You can use GIR to perform maintenance and software upgrade of the Cisco Nexus 5000, 5500 and 6000 Series switches and the connected FEXs in a dual homed vPC topology. A FEX group is a logical grouping of FEXs.
Page 312: Guidelines And Limitations For Gir
• Snapshot information is not copied automatically to the standby supervisor in a dual supervisor system. • GIR may not provide zero application traffic loss for certain topologies and configurations. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 313: Configuring Custom Maintenance Mode And Custom Normal Mode Profile
Configuring GIR (Cisco NX-OS Release 7.3(0)N1(1)) Configuring Custom Maintenance Mode and Custom Normal Mode Profile • Starting with Cisco NX-OS Release 7.3(0)N1(1), we recommend not using the configure profile [maintenance-mode | normal-mode] type admin command and we strongly recommend using the configure maintenance profile [maintenance-mode | normal-mode] command.
Page 314: Creating A Snapshot
Feature 'ospfv3' not enabled, skipping... Executing 'show isis database detail vrf all'... Done Executing 'show ip rip vrf all'... Done Executing user-specified 'show ip route detail vrf all'... Done Snapshot 'before_maint' created Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 315: Adding Show Commands To Snapshots
In most cases, only the element-key1 argument needs to be specified to be able to distinguish among row entries. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 316 | xml <?xml version="1.0" encoding="ISO-8859-1"?> <nf:rpc-reply xmlns:nf="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="http://w ww.cisco.com/nxos:7.3.0.N1.1.:urib"> <nf:data> <show> <ip> <__readonly__> <TABLE_vrf> <ROW_vrf> <vrf-name-out>default</vrf-name-out> <TABLE_addrf> <ROW_addrf> <addrf>ipv4</addrf> <TABLE_prefix> <ROW_prefix> <ipprefix>0.0.0.0/32</ipprefix> <ucast-nhops>1</ucast-nhops> <mcast-nhops>0</mcast-nhops> Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 317: Dumping Snapshot Sections
Puts all enabled protocols in maintenance mode (using the isolate mode maintenance command). [always-use-custom-profile Use the dont-generate-profile and shutdown options to put the switch in maintenance mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 318 We recommend configuring the reset reason and saving it to the startup configuration. This enables the switch to go into the maintenance mode after a switch reloads due to any reason. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 319 Starting with Cisco NX-OS Release 8.0(1), a visible CLI indicator has been added to show that the system Note is in maintenance mode. For example, switch(config)# will appear as switch(maint-mode)(config)#.
Page 320 Applying : router bgp 64581 Applying : shutdown Applying : router eigrp p2 Applying : shutdown Applying : address-family ipv6 unicast Applying : shutdown Applying : router eigrp 0 Applying : shutdown Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 321 This example shows how to put the switch in maintenance mode without presenting any switch prompts: switch# configure terminal switch(config)# system mode maintenance non-interactive Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 322: Returning To Normal Mode
150 Returning to Normal Mode Starting with Cisco NX-OS Release 8.0(1), a visible CLI indicator has been added to show that the system Note is in maintenance mode. For example, switch(config)# will appear as switch(maint-mode)(config)#.
Page 323 2016 Dec 5 06:20:23 switch %$ VDC-1 %$ %MMODE-2-MODE_CHANGED: System changed to "normal" mode. switch# show system mode System Mode: Normal This example shows how to return to normal mode from maintenance mode on a switch running the Cisco NX-OS Release 7.3(0)D1(1): switch# configure terminal switch(config)# no system mode maintenance...
Page 324: Deleting A Maintenance Profile
Enter configuration commands, one per line. End with CNTL/Z. switch(config-mm-profile)# router bgp 100 switch(config-mm-profile-router)# isolate switch(config-mm-profile-router)# exit switch(config-mm-profile)# sleep instance 1 10 switch(config-mm-profile)# interface ethernet 1/1 switch(config-mm-profile-if-verify)# shutdown switch(config-mm-profile-if-verify)# end Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 325 660 address-family ipv6 unicast no shutdown router ospfv3 ospf_ipv6 no shutdown [Maintenance Mode] router ospfv3 ospf_ipv6 shutdown Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 326 1 shutdown This example shows how to use the isolate command to put all protocols into maintenance mode: switch(config)# system mode maintenance Following configuration will be applied: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 327 Applying : router isis 70 Applying : shutdown Applying : vpc domain 2 Applying : shutdown2016 Jan 15 11:10:36.080386 CP-BL26-N7K-1A %$ VDC-1 %$ %VPC-2-VPC_SHUTDOWN: vPC shutdown status is ON Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 328 Enter configuration commands, one per line. End with CNTL/Z. switch(config-mm-profile)# vpc domain 1 switch(config-mm-profile-vpc-domain)# shutdown switch(config-mm-profile-vpc-domain)# exit switch(config-mm-profile)# system interface shutdown switch(config-mm-profile)# end Exit maintenance profile mode. switch# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 329 This example shows how to create a maintenance mode profile and normal mode profile for upgrading vPC with FEX (refer topology below): N5K-1 configuration: switch# configure terminal switch(config)# configure maintenance profile maintenance-mode Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 330 Use route-map my-rmap-deny in maintenance mode configuration to exclude SVIs having tag 200 configuration. switch(config)# route-map my-rmap-deny deny 10 switch(config-route-map)# match tag 200 switch(config-route-map)# exit switch(config)# route-map my-rmap-deny permit 20 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 331: Verifying Gir
[maintenance-mode | Displays the details of the maintenance mode or normal mode profile. normal-mode] show maintenance snapshot-delay Displays the after_maintenance snapshot-delay timer value. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 332: Verifying Gir At Protocol Level
BGP attributes information Number of attribute entries HWM of attribute entries Bytes used by entries : 100 Entries pending delete HWM of entries pending delete BGP paths per attribute HWM Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 333 Metric-style : advertise(wide), accept(narrow, wide) Area address(es) : Process is up and running (isolate) VRF ID: 1 Stale routes during non-graceful controlled restart Interfaces supported by IS-IS : Ethernet1/2 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 334: Feature History For Gir
Graceful Insertion and Removal 7.1(0)N1(1) This feature was introduced. The (GIR) default mode for GIR is “shutdown”. Refer Configuring GIR (Cisco NX-OS Release 7.1(0)N1(1)). Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 335: Information About Gir
When normal mode is restored, all the protocols and ports are brought back up. The following protocols are supported: • Border Gateway Protocol (BGP) • BGPv6 • Enhanced Interior Gateway Routing Protocol (EIGRP) • EIGRPv6 • Intermediate System-to-Intermediate System (ISIS) Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 336: Chapter 2 4 Configuring Gir (Cisco Nx-Os Release 7.1(0)N1(1))
Step 3 Take a snapshot before entering maintenance mode. Creating a Snapshot, on page 316. Step 4 Put the switch into maintenance mode. Entering Maintenance Mode, on page 317 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 337: Configuring The Normal Mode Profile File
This example shows how to create a normal mode custom profile file: switch# configure terminal switch(config)# configure profile normal-mode type admin switch(config-profile)# router bgp 65501 switch(config-profile-router)# no shutdown Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 338: Creating A Snapshot
Executing show ipv6 eigrp topology summary... Done Executing show vpc... Done Executing show ip ospf vrf all... Done Feature 'ospfv3' not enabled, skipping... Executing show isis vrf all... Done Snapshot 'snap1' created switch# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 339: Entering Maintenance Mode
Executes a previously created normal mode profile file or a maintenance dynamically created normal mode profile file. The [dont-generate-profile] dont-generate-profile option suppresses the creation of the normal mode profile file. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 340: Configuring The Maintenance Mode Profile File
102 switch(config-profile-router)# shutdown switch(config-profile-router)# set-overload-bit always switch(config-profile-router)# exit switch(config-profile)# router bgp 103 switch(config-profile-router)# shutdown switch(config-profile-router)# exit switch(config-profile)# vpc domain 20 switch(config-profile-router)# shutdown switch(config-profile-router)# exit Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 341: Verifying Gir
Verifying GIR Use one of the following commands to verify the configuration: Command Purpose show system mode Displays current system mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 342 Snapshot Name --------------------------------------------------------------------------------------- snapshot_before_maintenance Wed Sep 10 20:19:31 2014 system-internal-snapshot snapshot_after_maintenance Wed Sep 10 20:29:54 2014 system-internal-snapshot snap1 Wed Sep 10 20:36:15 2014 For testing Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 343 100 no shutdown router eigrp 101 no shutdown router isis 102 no set-overload-bit always router bgp 103 no shutdown vpc domain 20 no shutdown no system interface shutdown Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 344 Configuring GIR (Cisco NX-OS Release 7.1(0)N1(1)) Verifying GIR Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 345: Chapter 2 5 Class-Based Quality-Of-Service Mib
• cbQosClassMapCfg • cbQosMatchStmtCfg • cbQosPoliceStats • cbQosPolicyMapCfg • cbQosPoliceCfg The following cbQoSMIB tables are supported by QoS policies: • cbQosInterfacePolicy • cbQosObjects • cbQosQueueingCfg • cbQosServicePolicy • cbQosSetCfg Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 346: Licensing Requirements For Class-Based Quality-Of-Service Mib
Licensing Requirements for Class-based Quality-of-Service MIB This feature does not require a license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Page 347: Configuring A Qos Policy
Configures the service policy for a class-map. class-map-name Step 12 switch(config-pmap-c-qos) # set Assigns the QoS group identifier for a class of qos-group qos-group-value traffic in a type qos policy map. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 348: Displaying Class-Based Quality-Of-Service Mib Configuration And Statistics
Command or Action Purpose Step 1 $ snmpwalk -v2c -c community-name Displays class-map and policy-map configuration and statistics. ip-address oid Use the snmpwalk command on an Note SNMP-enabled server. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 349 Use the snmpwalk command on the Objects Table: $ snmpwalk -v2c -c public A.B.C.D cbQosObjects Objects Table (QoS only table) corresponding to the policy-map, class-map, match & set Statements CISCO-CLASS-BASED-QOS-MIB::cbQosConfigIndex.285212681.285212681 = Gauge32: 285212836 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 350 Use the snmpwalk command on the Set Action Table: $ snmpwalk -v2c -c public A.B.C.D cbQosSetCfg Set Action Table (QoS only table) corresponding to the set statement configured above Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 351 All CoPP configurations are available by default. The sample snmpwalk outputs below display the cbQosMatchStmtStats and cbQosClassMapStats tables that are supported by the QoS policies starting from Cisco NX-OS Release 7.3(0)N1(1): $ snmpwalk -v2c -c public A.B.C.D cbQosMatchStmtStats CISCO-CLASS-BASED-QOS-MIB::cbQosMatchPrePolicyPkt64.285212681.285212683 = Counter64: 10 //The config indices match the objects displayed in the Objects Table above CISCO-CLASS-BASED-QOS-MIB::cbQosMatchPrePolicyPkt64.285212681.285212684 = Counter64: 4...
Page 352: Additional References For Class-Based Quality-Of-Service Mib
Related Topic Document Title Licensing Cisco NX-OS Licensing Guide Command reference Cisco Nexus 5600 Series NX-OS QoS Command Reference Cisco Nexus 5600 Series NX-OS System Management Command Reference Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 353: Feature History For Class-Based Quality-Of-Service Mib
Class-based 7.3(0)N1(1) The following cbQoSMIB Quality-of-Service MIB tables are supported by QoS Phase 2 policies: cbQosClassMapStats, cbQosMatchStmtStats and cbQosQueueingStats Class-based 7.1(1) N1(1) This feature was introduced. Quality-of-Service MIB Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 354 Class-based Quality-of-Service MIB Feature History for Class-based Quality-of-Service MIB Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 355: Chapter 2 6 Performing Software Maintenance Upgrades
A software maintenance upgrade (SMU) is a package file that contains fixes for specific defects. SMUs are created to respond to immediate issues and do not include new features. This module describes how to perform software maintenance upgrades (SMUs) on Cisco Nexus 5600 Series devices.
Page 356: Information About Performing A Software Maintenance Upgrades
• Each CLI install request is assigned a request ID, which can be used later to review the events. • SMUs are dependent on your physical device. So, an SMU for the Cisco Nexus 6000 Series switch will not work for the Cisco Nexus 5000 Series switch and vice versa.
Page 357: Package Management
When you activate packages, use the test option to test the effects of a command without impacting the running system. After the activation process completes, enter the show install log command to display the process results. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 358: How To Perform Software Maintenance Upgrades
This example shows how to display the active packages for the entire system. Use this information to determine if a software change is required. switch# show install active Boot Images: Kickstart Image: bootflash:/n6000-uk9-kickstart.7.2.1.N1.1.bin System Image: bootflash:/n6000-uk9.7.2.1.N1.1.bin Active Packages: Active Packages on Module #1: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 359: Downloading The Smu Package File From Cisco.com
Go to the Download Software page at this URL: http://software.cisco.com/download/navigator.html Step 3 In the Select a Product list, choose Switches > Data Center Switches > Cisco Nexus 5000/6000 Series Switches > model. Step 4 Choose the appropriate SMU file for your device and click Download.
Page 360: Copying The Package File To A Local Storage Device Or Network Server
(SCP). • SSH File Transfer Protocol—SFTP is part of the SSHv2 feature in the security package and provides for secure file transfers. For more information, see the Cisco Nexus 6000 Series NX-OS Security Configuration Guide.
Page 361 • directory-path—The network file server path that leads to the package file to be added. • filename—The name of the package file that you want to add. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 362 “/” following the server address. • filename—The name of the package file that you want to add. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 363: Adding And Activating Packages
Ensure that you meet all of the prerequisites for the activation of packages. Complete the procedure described in Copying the Package File to a Local Storage Device or Network Server. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 364 After the activation process finishes, enter the show install log command to display the process results. Step 6 Repeat Step 5 until all packages are Activates additional packages as required. activated. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 365: Committing The Active Package Set
Install operation 2 completed successfully at Thu Jan 9 01:20:46 2014 switch# show install committed Boot Images: Kickstart Image: bootflash:/n6000-uk9-kickstart.7.2.1.N1.1.bin System Image: bootflash:/n6000-uk9.7.2.1.N1.1.bin Committed Packages: n6000-uk9.7.2.1.N1.1.CSCuw28765.bin Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 366: Deactivating And Removing Packages
The package files can be reactivated later, or they can be removed from the disk. The Cisco NX-OS software also provides the flexibility to roll back the selected package set to a previously saved package set. If you find that you prefer a previous package set over the currently active package set, you can use the install deactivate and install commit commands to deactivate the current package and install active and install commit commands to activate the previous package.
Page 367: Displaying Installation Log Information
The installation log provides information on the history of the installation operations. Each time an installation operation is run, a number is assigned to that operation. • Use the show install log command to display information about both successful and failed installation operations. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 368 Patch sync done to standby Tue Oct 13 06:08:05 2015 The following package is now available to be activated: n6000-uk9.7.2.1.N1.1.CSCuw28765.bin Install operation 1 file exist at Tue Oct 13 06:08:05 2015 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 369: Where To Go Next
Kickstart Image: bootflash:/n6000-uk9-kickstart.7.2.1.N1.0.328.bin System Image: bootflash:/n6000-uk9.7.2.1.N1.0.328.bin ----------------------------------------------------------- n6000-uk9.7.2.1.N1.1.CSCuw28765.bin Active Modules ----------------------------------------------------------- switch# Where to Go Next For information about configuring control policies, see the "Configuring ISG Control Policies" module. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 370: Additional References
SMUs are created to respond to immediate issues and do not include new features. Note No SMUs have been released for the Cisco Nexus 5000 and 6000 Series switches. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 371 NTP source IP address distributing NTP configurations rate limiter for ACL logging distributing RADIUS configurations SPAN-on-Drop distributing Smart Call Home configurations syslog as EEM publisher distributing TACACS+ configurations virtual service Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01 IN-1...
Page 372 89, 90, 91, 92 configuring monitored traffic default settings prerequisites expansion modules related documents health monitoring sessions runtime multiple Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x IN-2 OL-31641-01...
Page 373 10, 62, 75, 97, 124, 153, 221, 239 SNMP system message logging for NTP licensing requirements ERSPAN smart call home limitations 254, 265 SNMP NetFlow switch profiles OpenFlow Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01 IN-3...
Page 374 SNMP user role VLAN policies, changing NTP configurations user role VSAN policies, changing using CFS to distribute Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x IN-4 OL-31641-01...
Page 375 IDs default settings description disabling session manager 85, 87, 88 filtering requests committing a session functional overview configuring an ACL session (example) group-based access Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01 IN-5...
Page 376 SPAN-on-drop verifying SPAN-on-Drop sessions user role VLAN policies, changing SPAN-on-Latency 178, 188, 192 RBAC configuration example user role VSAN policies, changing VLANs, configuring VSANs, configuring Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x IN-6 OL-31641-01...
Page 377 NTP configuration RBAC OpenFlow users RBAC description smart call home user accounts VRFs configuring SNMP notification receivers with filtering SNMP notifications VSH script policies Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01 IN-7...
Page 378 Index Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x IN-8 OL-31641-01...

Cisco Nexus 5600 Series Configuration Manual

C H a P T E

Configuring Switch Profiles

Configuring Module Pre-Provisioning

Using Cisco Fabric Services

Configuring PTP

Configuring User Accounts and RBAC

Chapter 8 Configuring Session Manager

Chapter 9 Configuring Online Diagnostics

Configuring Online Diagnostics

C H a P T E

Configuring System Message Logging

Configuring Smart Call Home

C H a P T E

Configuring Rollback

Configuring DNS

Configuring SNMP

Chapter 1 5 Configuring RMON

Configuring SPAN

Configuring ERSPAN

Quick Links

Related Manuals for Cisco Nexus 5600 Series

Summary of Contents for Cisco Nexus 5600 Series