Download  Print this page
   
1
2
Table of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456

Advertisement

Cisco Nexus 7000 Series NX-OS System Management Configuration
Guide
First Published: 2013-11-20
Last Modified: 2015-03-26
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

Advertisement

Table of Contents

   Related Manuals for Cisco Nexus 7000 Series

   Summary of Contents for Cisco Nexus 7000 Series

  • Page 1 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide First Published: 2013-11-20 Last Modified: 2015-03-26 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
  • Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
  • Page 3: Table Of Contents

    P r e f a c e Audience xxiii Document Conventions xxiii Related Documentation for Cisco Nexus 7000 Series NX-OS Software Documentation Feedback xxvii Obtaining Documentation and Submitting a Service Request xxvii New and Changed Information C H A P T E R 1...
  • Page 4 Enabling CFS to Distribute FC Port Security Configurations Enabling CFS to Distribute FC Timer Configurations Enabling CFS to Distribute IVR Configurations Enabling CFS to Distribute NTP Configurations Enabling CFS to Distribute RADIUS Configurations Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 5 Clock Manager High Availability Virtualization Support Licensing Requirements for NTP Prerequisites for NTP Guidelines and Limitations for NTP Default Settings for NTP Configuring NTP Enabling or Disabling NTP in a VDC Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 6 Finding Feature Information About PTP PTP Device Types PTP Process Pong Clock Manager High Availability for PTP Virtualization Support Licensing Requirements for PTP Prerequisites for PTP Guidelines and Limitations for PTP Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 7 Configuration Example for CDP Additional References Related Documents MIBs Feature History for CDP Configuring System Message Logging C H A P T E R 7 Finding Feature Information About System Message Logging Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 8 Database Merge Guidelines High Availability Virtualization Support Licensing Requirements for Smart Call Home Prerequisites for Smart Call Home Guidelines and Limitations for Smart Call Home Default Settings for Smart Call Home Cisco Nexus 7000 Series NX-OS System Management Configuration Guide viii...
  • Page 9 Sample Syslog Alert Notification in XML Format Additional References Related Documents MIBs Feature History for Smart Call Home Configuring Rollback C H A P T E R 9 Finding Feature Information About Rollbacks Automatically Generated System Checkpoints Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 10 Verifying a Session Committing a Session Saving a Session Discarding a Session Verifying the Session Manager Configuration Configuration Example for Session Manager Additional References Related Documents Feature History for Session Manager Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 11 Displaying the Results of Running Scheduler Jobs Related Documents Feature History for the Scheduler Configuring SNMP C H A P T E R 1 2 Finding Feature Information About SNMP SNMP Functional Overview SNMP Notifications SNMPv3 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 12 Enabling a One-Time Authentication for SNMP over TCP Assigning SNMP Device Contact and Location Information Configuring the Context to Network Entity Mapping Disabling SNMP Modifying the AAA Synchronization Time Verifying SNMP Configuration Configuration Examples for SNMP Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 13 C H A P T E R 1 4 Finding Feature Information Information About Online Diagnostics Online Diagnostics Overview Bootup Diagnostics Runtime or Health Monitoring Diagnostics Recovery Actions for Specified Health-Monitoring Diagnostics On-Demand Diagnostics Cisco Nexus 7000 Series NX-OS System Management Configuration Guide xiii...
  • Page 14 Action Statements VSH Script Policies Environment Variables EEM Event Correlation High Availability Virtualization Support Licensing Requirements for EEM Prerequisites for EEM Guidelines and Limitations for EEM Default Settings for EEM Configuring EEM Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 15 Configuration Example for OBFL Additional References Related Documents Feature History for OBFL Configuring SPAN C H A P T E R 1 7 Finding Feature Information About SPAN SPAN Sources Characteristics of Source Ports Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 16 Shutting Down or Resuming a SPAN Session Configuring MTU Truncation for Each SPAN Session Configuring a Source Rate Limit for Each SPAN Session Configuring Sampling for Each SPAN Session Complex Rule-based SPAN Creating Filters Creating Filter-Lists Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 17 Finding Feature Information About ERSPAN ERSPAN Types ERSPAN Sources ERSPAN Destinations ERSPAN Sessions Extended ERSPAN Session 4K VLANs per ERSPAN Session Rule-Based ERSPAN Exception ERSPAN Network Analysis Module High Availability Cisco Nexus 7000 Series NX-OS System Management Configuration Guide xvii...
  • Page 18 Configuration Example for Exception ERSPAN Related Documents Feature History for ERSPAN Configuring LLDP C H A P T E R 1 9 Finding Feature Information About LLDP About DCBXP High Availability Cisco Nexus 7000 Series NX-OS System Management Configuration Guide xviii...
  • Page 19 Licensing Requirements for NetFlow Prerequisites for NetFlow Guidelines and Limitations for NetFlow Default Settings for NetFlow Configuring NetFlow Enabling the NetFlow Feature Creating a Flow Record Specifying the Match Parameters Specifying the Collect Parameters Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 20 Configuring the EEE LPI Sleep Threshold Verifying the EEE Configuration Configuration Examples for EEE Related Documents Feature History for EEE Converting CLI Commands to Network Configuration Format C H A P T E R 2 2 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 21 Configuration Examples to Override (Disable) Shutdown for Fan Tray Removal Overriding (Disabling) a Shutdown for Removal of One or More Fan Trays Overriding (Disabling) a Shutdown for Removal of a Specified Fan Tray Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 22 Configuration Example to Register an EEM Policy with the EEM Configuration Limits for Cisco NX-OS System Management A P P E N D I X C Configuration Limits for Cisco NX-OS System Management Cisco Nexus 7000 Series NX-OS System Management Configuration Guide xxii...
  • Page 23: Document Conventions

    Obtaining Documentation and Submitting a Service Request, page xxvii Audience This publication is for network administrators who configure and maintain Cisco Nexus devices. Document Conventions As part of our constant endeavor to remodel our documents to meet our customers' requirements, we have Note modified the manner in which we document configuration tasks.
  • Page 24 Means reader take note. Notes contain helpful suggestions or references to material not covered in the Note manual. Means reader be careful. In this situation, you might do something that could result in equipment damage Caution or loss of data. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide xxiv...
  • Page 25 Related Documentation for Cisco Nexus 7000 Series NX-OS Software Related Documentation for Cisco Nexus 7000 Series NX-OS Software The entire Cisco Nexus 7000 Series NX-OS documentation set is available at the following URL: http://www.cisco.com/en/us/products/ps9402/tsd_products_support_series_home.html Release Notes The release notes are available at the following URL: http://www.cisco.com/en/US/products/ps9402/prod_release_notes_list.html...
  • Page 26 • Cisco Nexus 7000 Series NX-OS Unicast Routing Command Reference • Cisco Nexus 7000 Series NX-OS Virtual Device Context Command Reference • Cisco NX-OS FCoE Command Reference for Cisco Nexus 7000 and Cisco MDS 9500 Other Software Documents You can locate these documents starting at the following landing page: http://www.cisco.com/en/us/products/ps9402/tsd_products_support_series_home.html...
  • Page 27: Documentation Feedback

    What's New in Cisco Product Documentation. To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's New in Cisco Product Documentation RSS feed. RSS feeds are a free service.
  • Page 28 Preface Obtaining Documentation and Submitting a Service Request Cisco Nexus 7000 Series NX-OS System Management Configuration Guide xxviii...
  • Page 29: C H A P T E

    C H A P T E R New and Changed Information This chapter provides release-specific information for each new and changed feature in the Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 6.x. • New and Changed Information, page 1...
  • Page 30: C H A P T E

    The switch is removed from the regular switching path and put into a maintenance mode. Once maintenance on the switch is complete, you can bring the switch into full operational mode. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 31: Chapter

    Added NAM support for NetFlow data 6.2(2) Chapter 20, sources. “Configuring NetFlow” NetFlow Added support for full NetFlow and 6.2(2) Chapter 20, sampled NetFlow on the Cisco NetFlow “Configuring NetFlow” Generation Appliance (NGA). Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 32: Chapter

    Chapter 17, “Configuring SPAN” XMLIN Introduced the XMLIN tool to enable 6.2(2) Chapter 25, “Converting you to convert CLI commands to the CLI Commands to Network Configuration (NETCONF) Network Configuration protocol. Format” Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 33: Cisco Nexus 7000 Series Nx-os System Management Configuration Guide

    “Configuring Online RewriteEngineLoopback and Diagnostics” SnakeLoopback test and the Spine path tests Online diagnostics Added support for configuring online 6.1(1) Chapter 14, (GOLD) diagnostics in the admin VDC. “Configuring Online Diagnostics” Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 34: Chapter

    ACL entries. Online diagnostics Added PTP support on port-channel 6.0(1) Chapter 14, (GOLD) member ports. “Configuring Online Diagnostics” Added support for F2 Series modules. 6.0(1) Chapter 5, “Configuring PTP” Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 35: Chapter

    Changed the command to enable or 5.2(1) Chapter 4, “Configuring disable NTP from [no] ntp enable to [no] NTP” feature ntp. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 36: Cisco Nexus 7000 Series Nx-os System Management Configuration Guide

    VLANs independently of their creation, when configuring bridged NetFlow on a VLAN. DCBXP This link layer protocol is used to 5.1(1) Chapter 19, announce, exchange, and negotiate node “Configuring LLDP” parameters between peers. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 37: Cisco Nexus 7000 Series Nx-os System Management Configuration Guide

    NetFlow You can specify the NetFlow instance 5.0(2) Chapter 20, for which you want to display NetFlow “Configuring NetFlow” IPv4 flows and NetFlow table utilization. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 38: Cisco Nexus 7000 Series Nx-os System Management Configuration Guide

    Chapter 4, “Configuring ntp server command to configure a key NTP” to be used while communicating with the NTP server. SNMP notifications Updated the snmp-server enable traps 5.0(2) Chapter 12, commands. “Configuring SNMP” Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 39: Cisco Nexus 7000 Series Nx-os System Management Configuration Guide

    C H A P T E R Overview This chapter describes the system management features that you can use to monitor and manage Cisco NX-OS devices. This chapter contains the following sections: • Cisco NX-OS Device Configuration Methods, page 12 •...
  • Page 40: Cisco Nx-os Device Configuration Methods

    Troubleshooting Features, page 17 Cisco NX-OS Device Configuration Methods You can configure devices using direct network configuration methods or web services hosted on a Cisco Data Center Network Management (DCNM) server. This figure shows the device configuration methods available to a network user.
  • Page 41: Configuring With Cli Or Xml Management Interface

    Configuring with Cisco DCNM or a Custom GUI You can configure Cisco NX-OS devices using the Cisco DCNM client or from your own GUI as follows: • Cisco DCNM Client—You can configure devices using the Cisco DCNM client, which runs on your local PC and uses web services on the Cisco DCNM server.
  • Page 42: Precision Time Protocol

    Network Time Protocol (NTP). For more information about PTP. Cisco Discovery Protocol You can use the Cisco Discovery Protocol (CDP) to discover and view information about all Cisco equipment that is directly attached to your device. CDP runs on all Cisco-manufactured equipment including routers, bridges, access and communication servers, and switches.
  • Page 43: Session Manager

    RMON Remote monitoring (RMON) is an Internet Engineering Task Force (IETF) standard monitoring specification that allows various network agents and console systems to exchange network monitoring data. Cisco NX-OS supports RMON alarms, events, and logs to monitor Cisco NX-OS devices.
  • Page 44: Onboard Failure Logging

    NetFlow identifies packet flows for both ingress and egress IP packets and provide statistics based on these packet flows. NetFlow does not require any change to either the packets themselves or to any networking device. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 45: Fabricpath

    LPI mode in a way that is transparent to upper layer protocols and applications. Troubleshooting Features Cisco NX-OS provides troubleshooting tools such as ping, traceroute, Ethanalyzer, and the Blue Beacon feature. When a service fails, the system generates information that can be used to determine the cause of the failure.
  • Page 46 Overview Troubleshooting Features Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 47: Configuring Cfs

    You can use Cisco Fabric Services (CFS) to distribute and synchronize a configuration on one Cisco device with all other Cisco devices in your network. CFS provides you with consistent and, in most cases, identical configurations and behavior in your network.
  • Page 48: Applications That Use Cfs To Distribute Configuration Changes

    VDC are noted in the configuration instructions throughout this chapter. For more information on FCoE and storage VDCs, see the Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500 and the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide.
  • Page 49: Cfs Distribution Modes

    CFS Connectivity in a Mixed Fabric CFS is an infrastructure component that also runs on the Cisco Nexus 7000 Series switches, Cisco Nexus 5000 Series switches, and Cisco MDS 9000 switches. A mixed fabric of different platforms (such as the Cisco Nexus 9000 Series, Cisco Nexus 7000 Series, Cisco Nexus 5000 Series, and Cisco MDS 9000 switches) can interact with each other.
  • Page 50: Cfs Merge Support

    Configuring CFS CFS Merge Support For more information on CFS for the Cisco Nexus 7000 Series, Cisco Nexus 5000 Series, and Cisco MDS 9000 switches, see the Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, and Cisco MDS 9000 Family NX-OS System Management Configuration Guide, respectively.
  • Page 51: High Availability

    High Availability Stateless restarts are supported for CFS. After a reboot or a supervisor switchover, the running configuration is applied. For more information on high availability, see the Cisco Nexus 9000 Series NX-OS High Availability and Redundancy Guide. Licensing Requirements for CFS...
  • Page 52: Default Settings For Cfs

    • You cannot distribute the user role configuration between a Cisco MDS 9500 Series switch and the storage VDC configured for a Cisco Nexus 7000 Series switch. To prevent this distribution, make sure to assign the user role configuration in Cisco MDS and the Cisco Nexus 7000 storage VDC to different CFS regions.
  • Page 53: Configuring Cfs Distribution

    Enabling CFS to Distribute Smart Call Home Configurations You can enable CFS to distribute Call Home configurations to all Cisco NX-OS devices in the network. The entire Call Home configuration is distributed except the device priority and the sysContact names.
  • Page 54: Enabling Cfs To Distribute Dpvm Configurations

    Enabling CFS to Distribute DPVM Configurations You can enable CFS to distribute dynamic port VSAN membership (DPVM) configurations in order to consistently administer and maintain the DPVM database across all Cisco NX-OS devices in the fabric. Before You Begin Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe command.
  • Page 55: Enabling Cfs To Distribute Fc Domain Configurations

    You can enable CFS to distribute Fibre Channel (FC) domain configurations in order to synchronize the configuration across the fabric from the console of a single Cisco NX-OS device and to ensure consistency in the allowed domain ID lists on all devices in the VSAN.
  • Page 56: Enabling Cfs To Distribute Fc Port Security Configurations

    [########################################] 100% Enabling CFS to Distribute FC Timer Configurations You can enable CFS to distribute Fibre Channel (FC) timer configurations for all Cisco NX-OS devices in the fabric. Before You Begin Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe command.
  • Page 57: Enabling Cfs To Distribute Ivr Configurations

    Enables CFS to distribute IVR configuration updates. You must enable IVR distribution on all Note IVR-enabled switches in the fabric. Step 3 switch(config)# show cfs application (Optional) Displays the CFS distribution status. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 58: Enabling Cfs To Distribute Ntp Configurations

    [########################################] 100% Enabling CFS to Distribute NTP Configurations You can enable CFS to distribute NTP configurations to all Cisco NX-OS devices in the network. Before You Begin Make sure that you enable the NTP feature (using the feature ntp command).
  • Page 59: Enabling Cfs To Distribute Radius Configurations

    Configuring CFS Enabling CFS Distribution for Applications Enabling CFS to Distribute RADIUS Configurations You can enable CFS to distribute RADIUS configurations to all Cisco NX-OS devices in the network. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode.
  • Page 60: Enabling Cfs To Distribute Tacacs+ Configurations

    [########################################] 100% Enabling CFS to Distribute TACACS+ Configurations You can enable CFS to distribute TACACS+ configurations to all Cisco NX-OS devices in the network. Before You Begin Make sure that you enable the TACACS+ feature (using the feature tacacs+ command).
  • Page 61: Enabling Cfs To Distribute User Role Configurations

    Configuring CFS Specifying a CFS Distribution Mode Enabling CFS to Distribute User Role Configurations You can enable CFS to distribute user role configurations to all Cisco NX-OS devices in the network. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode.
  • Page 62: Configuring An Ip Multicast Address For Cfsoip

    239.255.1.1 Distribution over this IP type will be affected Change multicast address for CFS-IP? Are you sure? (y/n) [n] y switch(config)# cfs ipv4 distribute switch(config)# show cfs status Distribution : Enabled Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 63: Configuring Cfs Regions

    You can move an application to a different region. For example, you can move NTP from region 1 to region When you move an application, its scope is restricted to the new region. It ignores all other regions for Note distribution or merging purposes. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 64: Removing An Application From A Cfs Region

    Enters the configuration mode for the specified region. Step 3 switch(config-cfs-region)# no Removes the specified application from the application-name region. Step 4 Repeat Step 3 for each application that you (Optional) want to remove from this region. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 65: Deleting A Cfs Region

    Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. switch# configure terminal switch(config)# no cfs region 4 WARNING: All applications in the region will be moved to default region. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 66: Creating And Distributing A Cfs Configuration

    CFS working copy and releases the fabric lock. If none of the external devices report a successful status, no changes are made, and the fabric lock remains in place. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 67: Clearing A Locked Session

    Shows the current application state. switch# show ntp status Distribution : Enabled Last operational state: Fabric Locked switch# clear ntp session switch# show ntp status Distribution : Enabled Last operational state: No session Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 68: Discarding A Cfs Configuration

    CFS commands continue to function as if the device was physically isolated. Before You Begin If the virtual port channel (vPC) feature is enabled, only IP distribution is disabled. You must first disable vPC before you can disable CFS distribution. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 69: Verifying The Cfs Configuration

    CFS for merge support, distribution scope, and distribution region. show cfs internal Displays information internal to CFS including memory statistics, event history, and so on. Displays all active locks. show cfs lock Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 70: Additional References For Cfs

    CFS configuration for IVR CFS configuration for RSCN FCoE Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500 RADIUS Cisco Nexus 7000 Series NX-OS Security Configuration Guide Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 71: Feature History For Cfs

    CFS protocol 5.2(1) Added CFS over Fibre Channel (CFSoFC) distribution support for device alias, DPVM, FC domain, FC port security, FC timer, IVR, and RSCN. CFS protocol 4.1(2) This feature was introduced. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 72 Configuring CFS Feature History for CFS Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 73: Configuring Ntp

    C H A P T E R Configuring NTP This chapter describes how to configure the Network Time Protocol (NTP) on Cisco NX-OS devices. This chapter includes the following sections: • Finding Feature Information, page 45 • About NTP, page 45 •...
  • Page 74: Ntp Associations

    Before synchronizing, NTP compares the time reported by several network devices and does not synchronize with one that is significantly different, even if it is a stratum 1. Because Cisco NX-OS cannot connect to a radio or atomic clock and act as a stratum 1 server, we recommend that you use the public NTP servers available on the Internet.
  • Page 75: Ntp Multicast Associations

    NTP as a Time Server The Cisco NX-OS device can use NTP to distribute time. Other devices can configure it as a time server. You can also configure the device to act as an authoritative NTP server, enabling it to distribute time even when it is not synchronized to an outside time source.
  • Page 76: Virtualization Support

    Virtualization Support If you are running a Cisco NX-OS Release prior to 5.2, up to one instance of NTP is supported on the entire platform. You must configure NTP in the default virtual device context (VDC), and you are automatically placed in the default VDC unless you specify otherwise.
  • Page 77 • If you configure NTP in a VRF, ensure that the NTP server and peers can reach each other through the configured VRFs. • You must manually distribute NTP authentication keys on the NTP server and Cisco NX-OS devices across the network.
  • Page 78: Default Settings For Ntp

    Disabled NTP logging Disabled Configuring NTP Be aware that the Cisco NX-OS commands for this feature may differ from those commands used in Cisco Note IOS. Enabling or Disabling NTP in a VDC You can enable or disable NTP in a particular VDC. NTP is enabled in all VDCs by default.
  • Page 79: Enabling Or Disabling Ntp On An Interface

    Step 4 copy running-config startup-config (Optional) Saves the change persistently through reboots and restarts by copying the running Example: configuration to the startup configuration switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 80: Configuring The Device As An Authoritative Ntp Server

    Make sure you know the IP address or Domain Name System (DNS) names of your NTP server and its peers. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 81 A domain name is resolved only when you have a DNS switch(config)# show ntp peers server configured. Step 5 (Optional) copy running-config startup-config Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 82: Configuring Ntp Authentication

    Example: to it. The range for trusted keys is from 1 to switch# config t Enter configuration commands, one per line. 65535. End with CNTL/Z. switch(config)# ntp authentication-key 42 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 83: Configuring Ntp Access Restrictions

    Step 2 [no] ntp access-group {peer | serve Creates or removes an access group to control NTP access | serve-only | query-only} and applies a basic IP access list. access-list-name Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 84: Configuring The Ntp Source Ip Address

    NTP packets are sent. You can configure NTP to use a specific source IP address. Procedure Command or Action Purpose Step 1 Enters global configuration mode. configure terminal Example: switch# configure terminal switch(config)# Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 85: Configuring The Ntp Source Interface

    You can configure an NTP IPv4 broadcast server on an interface. The device then sends broadcast packets through that interface periodically. The client is not required to send a response. Before You Begin Use the switchto vdc command to switch to the desired nondefault VDC. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 86 This example shows how to configure an Ethernet interface to send NTP broadcast packets: switch# configure terminal switch(config)# interface ethernet6/1 switch(config-if)# ntp broadcast 192.0.2.10 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 87: Configuring An Ntp Multicast Server

    2 to 4. Step 4 copy running-config startup-config (Optional) (Optional) Saves the change persistently through reboots and restarts by copying the running Example: configuration to the startup configuration. switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 88: Configuring An Ntp Multicast Client

    Configuring NTP on a Secondary (Non-Default) VDC You can configure a non-default VDC to get a timing update from the default VDC and its clients in order to synchronize with it. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 89: Configuring Ntp Logging

    192.0.2.2 switch(config)# copy running-config startup-config Configuring NTP Logging You can configure NTP logging in order to generate system logs with significant NTP events. NTP logging is disabled by default. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 90: Enabling Cfs Distribution For Ntp

    [no] ntp distribute Enables or disables the device to receive NTP configuration updates that are distributed through CFS. Step 3 switch(config)# show ntp status (Optional) Displays the NTP CFS distribution status. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 91: Committing Ntp Configuration Changes

    Discarding NTP Configuration Changes After making the configuration changes, you can choose to discard the changes instead of committing them. If you discard the changes, Cisco NX-OS removes the pending database changes and releases the CFS lock. Procedure Command or Action...
  • Page 92: Releasing The Cfs Session Lock

    Displays NTP information. Use the clear ntp session command to clear the NTP sessions. Use the clear ntp statistics command to clear the NTP statistics. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 93: Configuration Examples For Ntp

    10 permit ip host 10.1.1.1 any switch(config-acl)# 20 permit ip host 10.8.8.8 any switch(config)# ip access-list serve-acl switch(config-acl)# 10 permit ip host 10.4.4.4 any switch(config-acl)# 20 permit ip host 10.5.5.5 any Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 94: Additional References

    Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. Table 5: Feature History for NTP Feature Name Releases Feature Information Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 95 NTP access groups 5.2(1) Added the serve, serve-only, and query-only access group options to control access to additional NTP services. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 96 NTP source IP address or interface 4.1(3) Added the ability set the source IP address or source interface that NTP includes in all NTP packets sent to peers. 4.0(3) Added the ability to disable NTP. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 97: Configuring Ptp

    C H A P T E R Configuring PTP This chapter describes how to configure the Precision Time Protocol (PTP) on Cisco NX-OS devices. This chapter includes the following sections: • Finding Feature Information, page 69 • About PTP, page 70 •...
  • Page 98: About Ptp

    Network Time Protocol (NTP). Beginning with Cisco NX-OS Release 7.3(0)D1(1), PTP also implements IEEE 802.1AS to support Audio Video Bridging (AVB) on Nexus 7700 platform for F3 line cards. For details on AVB configuration, see "Cisco Nexus 7000 Audio Video Bridging Configuration Guide".
  • Page 99: Ptp Process

    Beginning with Cisco NX-OS Release 7.3(0)D1(1) release, the generalized-PTP clock mode is introduced Note to support AVB feature. PTP operates only in boundary clock mode. Cisco recommends deployment of a Grand Master Clock (10 Note MHz) upstream, with servers containing clocks requiring synchronization connected to the switch.
  • Page 100: Pong

    PTP requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
  • Page 101: Guidelines And Limitations For Ptp

    VDC. Similarly, priority flow control is not supported if Pong is enabled in the same VDC. • Beginning with Cisco NX-OS Release 6.1, PTP is supported in Layer 3 mode for F2, F2e, and M2 Series modules.
  • Page 102: Configuring Ptp

    # [no] ptp domain (Optional) Configures the domain number to use for this clock. PTP number domains allow you to use multiple independent PTP clocking subdomains on a single network. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 103 It is used in AVB. Step 12 switch(config) # [no] show ptp (Optional) Displays parent clock information. parent Step 13 switch(config) # [no] show ptp (Optional) Displays local clock time property information. time-property Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 104: Configuring Ptp On An Interface

    After you globally enable PTP, it is not enabled on all supported interfaces by default. You must enable PTP interfaces individually. Before You Begin Make sure that you have globally enabled PTP on the switch and configured the source IP address for PTP communication. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 105 This example shows how to configure PTP on an interface and configure the intervals for the announce, delay-request, and synchronization messages: switch# configure terminal switch(config)# interface ethernet 2/1 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 106: Verifying The Ptp Configuration

    Displays the last few PTP corrections. show ptp parent Displays the properties of the PTP parent. show ptp port interface ethernet slot/port Displays the status of the PTP port on the switch. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 107: Configuration Examples For Ptp

    Delay request interval(log mean): 4 Announce receipt time out: 2 Peer mean path delay: 0 Announce interval(log mean): 3 Sync interval(log mean): -1 Delay Mechanism: End to End Peer delay request interval(log mean): 0 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 108: Related Documents

    Cisco Nexus 7000 Series NX-OS Troubleshooting Guide Clock manager Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide MIBs MIBs MIBs link CISCO-PTP-MIB To locate and download supported MIBs, go to the following URL: ftp://ftp.cisco.com/pub/mibs/supportlists/nexus7000/ Nexus7000MIBSupportList.html Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 109: Feature History For Ptp

    FF:FF to FF:FE. 6.1(1) Deprecated the vrf option from the ptp source command. 6.0(1) Added PTP support on port-channel member ports. 6.0(1) Added support for F2 Series modules. 5.2(1) This feature was introduced. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 110 Configuring PTP Feature History for PTP Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 111: Configuring Cdp

    C H A P T E R Configuring CDP This chapter describes how to configure the Cisco Discovery Protocol (CDP) on Cisco NX-OS devices. This chapter includes the following sections: • Finding Feature Information, page 83 • About CDP, page 83 •...
  • Page 112: Vtp Feature Support

    Configuring CDP VTP Feature Support You can use CDP to discover and view information about all the Cisco devices that are directly attached to the device. CDP gathers protocol addresses of neighboring devices and discovers the platform of those devices. CDP runs over the data link layer only.
  • Page 113: High Availability

    Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide. Prerequisites for CDP If you configure VDCs, install the appropriate license and enter the desired VDC. See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide for configuration information and the Cisco NX-OS Licensing Guide for licensing information.
  • Page 114: Default Settings For Cdp

    60 seconds CDP hold timer 180 seconds Configuring CDP Be aware that the Cisco NX-OS commands for this feature may differ from those commands used in Cisco Note IOS. Enabling or Disabling CDP Globally CDP is enabled by default. You can disable CDP and then reenable it.
  • Page 115: Enabling Or Disabling Cdp On An Interface

    Displays CDP information for an interface. Example: switch(config-if)# show cdp interface ethernet 1/2 Step 5 (Optional) copy running-config startup-config Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 116: Configuring Optional Cdp Parameters

    The range is from 5 to 254 seconds. The Example: default is 60 seconds. switch(config)# cdp timer 50 Step 6 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 117: Verifying The Cdp Configuration

    Device-ID Local Intrfce Hldtme Capability Platform Port ID Mgmt-switch mgmt0 R S I WS-C4948-10GE Gig1/37 switch88(FOX1518GRE6) Eth1/25 R S I s N5K-C5596UP Eth1/25 switch89(FOX1518GQJ2) Eth1/26 R S I s N5K-C5596UP Eth1/25 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 118: Additional References

    Table 9: Feature History for CDP Feature Name Releases Feature Information CDP support for VTP domain 4.2(1) CDP advertises the VLAN Trunking name Protocol (VTP) type-length-value field (TLV) in CDP version-2 packets. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 119: Configuring System Message Logging

    C H A P T E R Configuring System Message Logging This chapter describes how to configure system message logging on Cisco NX-OS devices. This chapter contains the following sections: • Finding Feature Information, page 91 • About System Message Logging, page 91 •...
  • Page 120: Syslog Servers

    The syslog servers run on remote systems that log system messages based on the syslog protocol. You can configure up to eight IPv4 or IPv6 syslog servers. To support the same configuration of syslog servers on all switches in a fabric, you can use Cisco Fabric Services (CFS) to distribute the syslog server configuration.
  • Page 121: Binary Tech Support

    Binary Tech Support Binary Tech Support Binary tech support is a log-collecting framework that collects logs internally from all Cisco NX-OS processes that are running on the device. Enter the show tech-support all binary uri command to collect logs from across the entire device, including virtual device contexts (VDCs), and linecards.
  • Page 122: Configuring System Message Logging

    Disabled Syslog server configuration distribution Disabled Configuring System Message Logging Be aware that the Cisco NX-OS commands for this feature might differ from those commands used in Note Cisco IOS. Configuring System Message Logging to Terminal Sessions You can configure the device to log messages by their severity level to console, Telnet, and SSH sessions.
  • Page 123 The configuration applies to Telnet and SSH sessions. If the severity level is not specified, the default of 2 is used. The no option disables the device’s ability to log messages to the Telnet and SSH sessions. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 124: Logging System Messages To A File

    0 to 7: Example: switch(config)# logging logfile • 0 – emergency my_log 6 • 1 – alert • 2 – critical • 3 – error • 4 – warning Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 125: Configuring Module And Facility Messages Logging

    You can configure the severity level and time-stamp units of messages logged by modules and facilities. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 126 The no option resets the logging severity level for the specified facility to its default level. If you do not specify a facility and severity level, the device resets all facilities to their default levels. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 127: Configuring Syslog Servers

    Note Cisco recommends that you configure the syslog server to use the management virtual routing and forwarding (VRF) instance. For more information on VRFs, see the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide. Procedure Command or Action...
  • Page 128 (Optional) Displays the syslog server configuration. Example: switch(config)# show logging server Step 6 (Optional) copy running-config startup-config Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 129: Configuring Destination Port For Forwarding Syslogs

    Displays the syslog server configuration. Example: switch(config)# show logging server Step 4 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 130: Configuring Syslog Servers On A Unix Or Linux System

    Create the log file by entering these commands at the shell prompt: Example: $ touch /var/log/myfile.log $ chmod 666 /var/log/myfile.log Step 3 Make sure the system message logging daemon reads the new changes by checking myfile.log after entering this command: Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 131: Displaying And Clearing Log Files

    Verifying the System Message Logging Configuration To display system message logging configuration information, perform one of the following tasks: Command Purpose Displays the console logging configuration. show logging console Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 132: Configuration Example For System Message Logging

    Additional References Related Documents Related Topic Document Title System messages CLI commands Cisco Nexus 7000 Series NX-OS System Management Command Reference System messages Cisco NX-OS System Messages Reference Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 133: Feature History For System Message Logging

    Syslog servers 5.1(1) Increased the number of supported syslog servers from three to eight. IPv6 support 4.2(1) Added support for IPv6 syslog hosts.. System message logging 4.0(1) This feature was introduced. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 134 Configuring System Message Logging Feature History for System Message Logging Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 135: Configuring Smart Call Home

    C H A P T E R Configuring Smart Call Home This chapter describes how to configure the Smart Call Home feature of the Cisco NX-OS devices. This chapter contains the following sections: • Finding Feature Information, page 107 •...
  • Page 136: Destination Profiles

    Smart Call Home Alert Groups An alert group is a predefined subset of Smart Call Home alerts that are supported in all Cisco Nexus devices. Alert groups allow you to select the set of Smart Call Home alerts that you want to send to a predefined or...
  • Page 137 Environmental Events related to power, fan, and show environment environment-sensing elements such show logging last 200 as temperature alarms. show module show version Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 138 Syslog port group Events generated by the syslog show license usage PORT facility. show logging last 200 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 139: Smart Call Home Message Levels

    The following table lists each Smart Call Home message level keyword and the corresponding syslog level for the syslog port alert group. Table 14: Severity and Syslog Level Mapping Smart Call Home Level Keyword Syslog Level Description Catastrophic Network-wide catastrophic failure. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 140: Obtaining Smart Call Home

    Debugging messages. Obtaining Smart Call Home If you have a service contract directly with Cisco, you can register for the Smart Call Home service. Smart Call Home analyzes Smart Call Home messages and provides background information and recommendations. For known issues, particularly online diagnostics failures, Automatic Service Requests are generated with the Cisco TAC.
  • Page 141: Distributing Smart Call Home Using Cfs

    Distributing Smart Call Home Using CFS You can use Cisco Fabric Services (CFS) to distribute a Smart Call Home configuration to all CFS-enabled devices in the network. The entire Smart Call Home configuration is distributed except the device priority and the sysContact names.
  • Page 142: Licensing Requirements For Smart Call Home

    Smart Call Home has the following prerequisites: • To send messages to an email address, you must first configure an email server. To send messages using HTTP, you must have access to an HTTPS server and have a valid certificate installed on the Cisco Nexus device.
  • Page 143: Default Settings For Smart Call Home

    • A syslog should be printed if inband is used for SCH where non-standard destination ports are used warning the user to add these ports. Consideration should also be made with a syslog warning when using either a HTTP or HTTPS proxy server on a non-administrative port to allow reachability to Cisco's web servers.
  • Page 144: Configuring Smart Call Home

    Disabled and no proxy server configured Configuring Smart Call Home Be aware that the Cisco NX-OS commands may differ from the Cisco IOS commands. Note We recommend that you complete the Smart Call Home configuration procedures in the following sequence:...
  • Page 145 Switch priority is used by the operations Note personnel or TAC support personnel to decide which Call Home message should be responded to first. You can prioritize Call Home alerts of the same severity from each switch. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 146: Creating A Destination Profile

    Enters Smart Call Home configuration mode. Example: switch(config)# callhome switch(config-callhome)# Step 3 destination-profile name Creates a new destination profile. The name can be any alphanumeric string up to 31 characters. Example: switch(config-callhome)# destination-profile Noc101 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 147: Modifying A Destination Profile

    • Message level—The Smart Call Home message severity level for this destination profile. • Message size—The allowed length of a Smart Call Home message sent to the email addresses in this destination profile. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 148 Smart Call Home severity level to destinations in this profile. The range is from Example: 0 to 9, where 9 is the highest severity level. switch(config-callhome)# destination-profile full-txt-destination message-level 5 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 149: Associating An Alert Group With A Destination Profile

    Enters Smart Call Home configuration mode. Example: switch(config)# callhome switch(config-callhome)# Step 3 destination-profile {name | CiscoTAC-1 | Associates an alert group with this full-txt-destination | short-txt-destination} destination profile. Use the All keyword Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 150: Adding Show Commands To An Alert Group

    You cannot add user-defined CLI show commands to the CiscoTAC-1 destination profile. Note Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 151: Configuring The Email Server

    The highest priority server is tried first. If the message fails to be sent, the next server in the list is tried until the limit is exhausted. If two servers have equal priority, the one that was configured earlier is tried first. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 152 Step 6 commit Commits the Smart Call Home configuration commands. Example: switch(config-callhome)# commit Step 7 (Optional) show callhome transport Displays the transport-related configuration for Smart Call Home. Example: switch(config-callhome)# show callhome transport Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 153: Configuring Vrfs To Send Messages Using Http

    Blue Step 4 commit Commits the Smart Call Home configuration commands. Example: switch(config-callhome)# commit Step 5 (Optional) show callhome Displays information about Smart Call Home. Example: switch(config-callhome)# show callhome Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 154: Configuring An Http Proxy Server

    The VRF used for transporting messages Note through the proxy server is the same as that configured using the transport http use-vrf command. Step 5 commit Commits the Smart Call Home configuration commands. Example: switch(config-callhome)# commit Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 155: Configuring Periodic Inventory Notifications

    X days an update is sent (where X is switch(config-callhome)# periodic-inventory notification the update interval). interval 20 Step 4 commit Commits the Smart Call Home configuration commands. Example: switch(config-callhome)# commit Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 156: Disabling Duplicate Message Throttling

    Disables duplicate message throttling for Smart Call Home. Example: Duplicate message throttling is enabled by switch(config-callhome)# no default. duplicate-message throttle Step 4 Commits the Smart Call Home configuration commit commands. Example: switch(config-callhome)# commit Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 157: Enabling Or Disabling Smart Call Home

    Example: switch(config-callhome)# commit Step 5 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config What to Do Next Optionally generate a test message. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 158: Testing The Smart Call Home Configuration

    Displays one or more Smart Call Home destination profiles. show callhome merge Displays the status of the last CFS merger for Smart Call Home. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 159: Configuration Examples For Smart Call Home

    Noc101 format full-txt destination-profile full-text-destination email-addr person@company.com destination-profile full-text-destination message-level 5 destination-profile Noc101 alert-group Configuration alert-group Configuration user-def-cmd show ip route transport email mail-server 192.0.2.10 priority 1 transport http use-vrf Blue enable Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 160: Additional References

    Home Severity Level Configuration PERIODIC_CONFIGURATION Periodic configuration update message. Diagnostic DIAGNOSTIC_MAJOR_ALERT GOLD generated a major alert. DIAGNOSTIC_MINOR_ALERT GOLD generated a minor alert. DIAGNOSTIC_NORMAL_ALERT Smart Call Home generated a normal diagnostic alert. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 161 CISCO_TAC Supervisor SUP_FAILURE Supervisor module operation has Hardware and failed. CISCO_TAC Syslog-group-port PORT_FAILURE syslog message that corresponds to the port facility has been generated. SYSLOG_ALERT syslog alert message has been generated. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 162: Message Formats

    Data Item (Plain Text and XML) Description (Plain Text and XML) XML Tag (XML Only) Timestamp Date and time stamp of event in /aml/header/time ISO time notation: YYYY-MM-DD HH:MM:SS GMT+HH:MM. Message name Name of message. /aml/header/name Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 163 ID by any support service. Site ID Optional user-configurable field /aml/ header/siteId used for Cisco-supplied site ID or other data meaningful to alternate support service. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 164 Model name of the device (the /aml/body/chassis/name specific model as part of a product family name). Serial number Chassis serial number of the unit. /aml/body/chassis/serialNo Chassis part number Top assembly number of the /aml/body/chassis/partNo chassis. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 165: Alert Group Message Fields

    FRU software version Software version(s) that is running /aml/body/fru/swVersion on the affected FRU. Fields for Inventory Event Messages The following table describes the inventory event message format for full text or XML messages. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 166: Fields For User-generated Test Messages

    System Name:dc3-test Contact Name:Jay Tester Contact Email:contact@example.com Contact Phone:+91-80-1234-5678 Street Address:#1 Any Street Event Description:SYSLOG_ALERT 2008 Jan 17 16:31:33 dc3-test %ETHPORT-2-IF_SEQ_ERROR: Error (0x20) while communicating with component MTS_SAP_ELTM opcode:MTS_OPC_ETHPM_PORT_PHY_CLEANUP (for:RID_PORT: Ethernet3/1) syslog_facility:ETHPORT Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 167 2008 Jan 17 16:29:31 dc3-test %DAEMON-3-SYSTEM_MSG: Telnet disabled, removing - dcos-xinetd[19073] 2008 Jan 17 16:29:32 dc3-test %DAEMON-3-SYSTEM_MSG: ssh disabled, removing - dcos-xinetd[19079] 2008 Jan 17 16:29:32 dc3-test %DAEMON-3-SYSTEM_MSG: Telnet disabled, removing - Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 168 1 vdc_name: dc3-test interfaces: Ethernet3/1 Ethernet3/2 Ethernet3/3 Ethernet3/4 Ethernet3/5 Ethernet3/6 Ethernet3/7 Ethernet3/8 Ethernet3/9 Ethernet3/10 Ethernet3/11 Ethernet3/12 Ethernet3/13 Ethernet3/14 Ethernet3/15 Ethernet3/16 Ethernet3/17 Ethernet3/18 Ethernet3/19 Ethernet3/20 Ethernet3/21 Ethernet3/22 Ethernet3/23 Ethernet3/24 Ethernet3/25 Ethernet3/26 Ethernet3/27 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 169: Sample Syslog Alert Notification In Xml Format

    <aml-block:Block xmlns:aml-block="http://www.cisco.com/2004/01/aml-block"> <aml-block:Header> <aml-block:Type>http://www.cisco.com/2005/05/callhome/syslog</aml-block:Type> <aml-block:CreationDate>2008-01-17 16:31:33 GMT+0000</aml-block:CreationDate> <aml-block:Builder> <aml-block:Name>DC3</aml-block:Name> <aml-block:Version>4.1</aml-block:Version> </aml-block:Builder> <aml-block:BlockGroup> <aml-block:GroupId>1005:TXX12345678:478F82E6</aml-block:GroupId> <aml-block:Number>0</aml-block:Number> <aml-block:IsLast>true</aml-block:IsLast> <aml-block:IsPrimary>true</aml-block:IsPrimary> <aml-block:WaitForPrimary>false</aml-block:WaitForPrimary> </aml-block:BlockGroup> <aml-block:Severity>5</aml-block:Severity> </aml-block:Header> <aml-block:Content> <ch:CallHome xmlns:ch="http://www.cisco.com/2005/05/callhome" version="1.0"> <ch:EventTime>2008-01-17 16:31:33 GMT+0000</ch:EventTime> <ch:MessageDescription>SYSLOG_ALERT 2008 Jan 17 16:31:33 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 170 2008 Jan 17 16:29:27 dc3-test %NETSTACK-3-IP_UNK_MSG_MAJOR: netstack [4336] Unrecognized message from MRIB. Major type 1807 2008 Jan 17 16:29:27 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is DOWN in vdc 1 2008 Jan 17 16:29:27 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is DOWN in vdc 2 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 171 WCOREDUMP(9) returned zero . 2008 Jan 17 16:31:23 dc3-test %SYSMGR-2-SERVICE_CRASHED: Service \"eltm\" (PID 24407) hasn&apos;t caught signal 9 (no core). 2008 Jan 17 16:31:24 dc3-test vsh[24532]: CLIC-3-FAILED_EXEC: Can not exec command Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 172 <aml-block:Name>show license usage</aml-block:Name> <aml-block:Data encoding="plain"> <![CDATA[Feature Ins Lic Status Expiry Date Comments Count -------------------------------------------------------------------------------- LAN_ADVANCED_SERVICES_PKG Yes - In use Never - LAN_ENTERPRISE_SERVICES_PKG Yes - Unused Never - -------------------------------------------------------------------------------- ]]> </aml-block:Data> </aml-block:Attachment> </aml-block:Attachments> </aml-block:Block> </soap-env:Body> </soap-env:Envelope> Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 173: Additional References

    Added the ability to configure multiple SMTP servers. VRF support for HTTP transport 5.0(2) VRFs can be used to send e-mail and of Smart Call Home messages other Smart Call Home messages over HTTP. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 174 Feature History for Smart Call Home Crash notifications 4.0(1) Messages are sent for process crashes on line cards. Destination profile configuration 4.1(3) The commands destination-profile http and destination-profile transport-method cannot be distributed. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 175: Configuring Rollback

    Feature History table in this chapter. About Rollbacks A rollback allows you to take a snapshot, or user checkpoint, of the Cisco NX-OS configuration and then reapply that configuration to your device at any point without having to reload the device. A rollback allows...
  • Page 176: Automatically Generated System Checkpoints

    Cisco NX-OS automatically creates system checkpoints. You can use either a user or system checkpoint to perform a rollback. You can create a checkpoint copy of the current running configuration at any time. Cisco NX-OS saves this checkpoint as an ASCII file which you can use to roll back the running configuration to the checkpoint configuration at a future time.
  • Page 177: Virtualization Support

    You can create different checkpoint copies in each VDC. You cannot apply the checkpoint of one VDC into another VDC. By default, Cisco NX-OS places you in the default VDC. See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide.
  • Page 178 Configuring Rollback Guidelines and Limitations for Rollbacks • Beginning in Cisco NX-OS Release 4.2(1), you can start a checkpoint filename with the word auto. • Beginning in Cisco NX-OS Release 4.2(1), you can name a checkpoint file summary or any abbreviation of the word summary.
  • Page 179: Default Settings For Rollbacks

    This table lists the default settings for rollback parameters. Parameters Default Rollback type Atomic Configuring Rollbacks Be aware that the Cisco NX-OS commands may differ from the Cisco IOS commands. Note Creating a Checkpoint You can create up to ten checkpoints of your configuration. Procedure Command or Action...
  • Page 180: Implementing A Rollback

    • best-effort—Implement a rollback and skip any errors. • stop-at-first-failure—Implement a rollback that stops if an error occurs. The default is atomic. This example shows how to implement a rollback to a user checkpoint name. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 181: Verifying The Rollback Configuration

    This example shows how to create a checkpoint file and then implements a best-effort rollback to a user checkpoint name: checkpoint stable rollback running-config checkpoint stable best-effort Additional References Related Documents Related Topic Document Title Rollback CLI commands Cisco Nexus 7000 Series NX-OS System Management Command Reference Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 182: Feature History For Rollback

    4.1(3) A rollback fails for NetFlow if during rollback, you try to modify a record that is programmed in the hardware. A rollback is not supported for checkpoints across software versions. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 183: C H A P T E

    C H A P T E R Configuring Session Manager This chapter describes how to configure Session Manager on Cisco NX-OS devices. This chapter contains the following sections: • Finding Feature Information, page 155 • About Session Manager, page 155 •...
  • Page 184: High Availability

    Session Manager sessions remain available after a supervisor switchover. Sessions are not persistent across a software reload. Virtualization Support By default, Cisco NX-OS places you in the default VDC. See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide. Licensing Requirements for Session Manager...
  • Page 185: Guidelines And Limitations For Session Manager

    • If an interface reloads while you are configuring that interface in a configuration session, Session Manager may accept the commands even though the interface is not present in the device at that time. Configuring Session Manager Be aware that the Cisco NX-OS commands might differ from Cisco IOS commands. Note Creating a Session You can create up to 32 configuration sessions.
  • Page 186: Configuring Acls In A Session

    [name] (Optional) Displays the contents of the session. Example: switch(config-s)# show configuration session myacls Verifying a Session Use the following command in session mode to verify a session: Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 187: Committing A Session

    Discards the configuration session without applying Example: the changes. switch(config-s)# abort switch# Verifying the Session Manager Configuration To display the Session Manager configuration information, perform one of the following tasks: Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 188: Configuration Example For Session Manager

    Session Manager CLI commands Cisco Nexus 7000 Series NX-OS System Management Command Reference VDCs Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide Configuration files Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 189: Feature History For Session Manager

    Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. Table 18: Feature History for Session Manager Feature Name Releases Feature Information Session Manager 4.0(1) This feature was introduced. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 190 Configuring Session Manager Feature History for Session Manager Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 191: Configuring The Scheduler

    C H A P T E R Configuring the Scheduler This chapter describes how to configure the scheduler on Cisco NX-OS devices. This chapter includes the following sections: • Finding Feature Information, page 163 • About the Scheduler, page 163 •...
  • Page 192: Remote User Authentication

    The scheduler maintains a log file containing the job output. If the size of the job output is greater than the size of the log file, the output is truncated. High Availability Scheduled jobs remain available after a supervisor switchover or a software reload. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 193: Virtualization Support

    Virtualization Support Virtualization Support Jobs are created in the virtual device context (VDC) that you are logged into. By default, Cisco NX-OS places you in the default VDC. For more information, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide.
  • Page 194: Configuring The Scheduler

    16 to 1024. The default is 16. Note If the size of the job output is greater than the size of the log file, then the output is truncated. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 195: Configuring Remote User Authentication

    Step 5 switch(config)# copy running-config (Optional) startup-config Copies the running configuration to the startup configuration. Defining a Job You can define a job including the job name and the command sequence. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 196: Deleting A Job

    Step 3 switch(config-job)# show scheduler job (Optional) [name name] Displays the job information. Step 4 switch(config)# copy running-config (Optional) Copies the running configuration to the startup startup-config configuration. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 197: Defining A Timetable

    Day of the week (dow) specified as one of the following: • An integer such as 1 = Sunday, 2 = Monday, and so • An abbreviation such as Sun = Sunday. The maximum length for the entire argument is 10. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 198: Clearing The Scheduler Log File

    Clears the scheduler log file. Verifying the Scheduler Configuration To display the scheduler configuration information, perform one of the following tasks: Command Purpose show scheduler config Displays the scheduler configuration. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 199: Configuration Examples For The Scheduler

    Last Execution Time : Fri Jan 2 1:00:00 2013 Last Completion Time: Fri Jan 2 1:00:01 2013 Execution count : 2 ----------------------------------------------- Job Name Last Execution Status ----------------------------------------------- back-cfg Success (0) switch# Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 200: Displaying The Results Of Running Scheduler Jobs

    Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. Table 19: Feature History for the Scheduler Feature Name Releases Feature Information Scheduler 4.0(1) This feature was introduced. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 201: Finding Feature Information

    C H A P T E R Configuring SNMP This chapter describes how to configure the SNMP feature on Cisco NX-OS devices. This chapter contains the following sections: • Finding Feature Information, page 173 • About SNMP, page 174 •...
  • Page 202: Configuring Snmp

    • An SNMP agent—The software component within the managed device that maintains the data for the device and reports these data, as needed, to managing systems. The Cisco Nexus device supports the agent and MIB. To enable the SNMP agent, you must define the relationship between the manager and the agent.
  • Page 203 : notify-license-expiry license : notify-no-license-for-feature license : notify-licensefile-missing license : notify-license-expiry-warning upgrade : UpgradeOpNotifyOnCompletion upgrade : UpgradeJobStatusNotify rmon : risingAlarm rmon : fallingAlarm rmon : hcRisingAlarm rmon : hcFallingAlarm entity : entity_sensor Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 204: Snmpv3

    Encryption What Happens noAuthNoPriv Community string Uses a community string match for authentication. noAuthNoPriv Community string Uses a community string match for authentication. noAuthNoPriv Username Uses a username match for authentication. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 205: User-based Security Model

    Cisco NX-OS uses two authentication protocols for SNMPv3: • HMAC-MD5-96 authentication protocol • HMAC-SHA-96 authentication protocol Cisco NX-OS uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3 message encryption and conforms with RFC 3826. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 206: Cli And Snmp User Synchronization

    SNMPv3 user management can be centralized at the Access Authentication and Accounting (AAA) server level. This centralized user management allows the SNMP agent in Cisco NX-OS to leverage the user authentication service of the AAA server. Once user authentication is verified, the SNMP PDUs are processed further.
  • Page 207 If a user is not present in the remote user database, the SNMPv3 server returns an “Unknown user” message without checking for the availability of AAA servers. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 208: Group-based Snmp Access

    VRF using the CISCO-CONTEXT-MAPPING-MIB or the CLI. High Availability for SNMP Cisco NX-OS supports stateless restarts for SNMP. After a reboot or supervisor switchover, Cisco NX-OS applies the running configuration. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 209: Virtualization Support For Snmp

    Virtualization Support for SNMP Cisco NX-OS supports one instance of the SNMP per virtual device context (VDC). By default, Cisco NX-OS places you in the default VDC. For more information, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide.
  • Page 210: Configuring Snmp

    License notifications Enabled Configuring SNMP Note Be aware that the Cisco NX-OS commands for this feature may differ from those commands used in Cisco IOS. You can configure up to 10 SNMP hosts on a device. Note Configuring SNMP Users You can configure a user for SNMP.
  • Page 211: Enforcing Snmp Message Encryption

    You can configure SNMP to require authentication or encryption for incoming requests. By default, the SNMP agent accepts SNMPv3 messages without authentication and encryption. When you enforce privacy, Cisco NX-OS responds with an authorization error for any SNMPv3 PDU request using a security level parameter of either noAuthNoPriv or authNoPriv.
  • Page 212: Creating Snmp Communities

    {group group | ro | Creates an SNMP community string. Example: switch(config)# snmp-server community public Step 3 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 213: Filtering Snmp Requests

    Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Authenticating SNMPv3 Users Based on Location You can authenticate local or remote SNMPv3 users based on their location. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 214: Configuring Snmp Notification Receivers

    “Incorrect password” message. Configuring SNMP Notification Receivers You can configure Cisco NX-OS to generate SNMP notifications to multiple host receivers. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode.
  • Page 215: Configuring A Source Interface For Snmp Notifications

    The source interface IP address defines the source address inside of the SNMP trap, and the connection is opened with the address of the egress interface as source. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 216: Configuring The Notification Target User

    You must configure a notification target user on the device to send SNMPv3 inform notifications to a notification host receiver. Cisco NX-OS uses the credentials of the notification target user to encrypt the SNMPv3 inform notification messages to the configured notification host receiver.
  • Page 217: Configuring Snmp Notification Receivers With Vrfs

    You must configure the host before configuring the VRF reachability or filtering options. You can configure Cisco NX-OS to use a configured VRF to reach the host receiver or to filter notifications based on the VRF in which the notification occurred.
  • Page 218: Configuring Snmp To Send Traps Using An Inband Port

    (at the global or host level) and the VRF used to send the traps. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 219: Enabling Snmp Notifications

    Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Enabling SNMP Notifications You can enable or disable notifications. If you do not specify a notification name, Cisco NX-OS enables all notifications. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 220 The snmp-server enable traps command enables both traps and informs, depending on the configured Note notification host receivers. The following table lists the commands that enable the notifications for Cisco NX-OS MIBs. Table 22: Enabling SNMP Notifications Related Commands All notifications...
  • Page 221 CISCO-INTERFACE-XCVR MONITOR-MIB snmp-server enable traps link cisco-xcvr-mon-status-chg Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 222 CISCO-RMON-MIB snmp-server enable traps rmon snmp-server enable traps rmon fallingAlarm snmp-server enable traps rmon hcFallingAlarm snmp-server enable traps rmon hcRisingAlarm snmp-server enable traps rmon risingAlarm Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 223 Use the following commands in global configuration mode to enable the specified notification: Command Purpose snmp-server enable traps Enables all SNMP notifications. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 224 [event-notify] [smtp-send-fail] Enables Call Home notifications. Optionally, enables the following specific notifications: • event-notify—Enables Call Home external event notifications. • smtp-send-fail—Enables Simple Mail Transfer Protocol (SMTP) message send fail notifications. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 225 • c c m C L I R u n n i n g C o n f i g C h a n g e d — E n a b l e s SNMP notifications for configuration changes in the running or startup configuration. snmp-server enable traps eigrp [tag] Enables CISCO-EIGRP-MIB SNMP notifications. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 226 Optionally, enables the following specific notifications: • FeatureOpStatusChange—Enables feature operation status-change notifications. snmp-server enable traps hsrp [state-change] Enables CISCO-HSRP-MIB SNMP notifications. Optionally, enables the following specific notifications: • state-change—Enables HSRP state-change notifications. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 227 • cisco-extended-linkDown—Enables Cisco extended link state down notifications. • cisco-extended-linkUp—Enables Cisco extended link state up notifications. • linkDown—Enables IETF link state down notifications. • linkUp—Enables IETF link state up notifications. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 228 LAN (VLAN) secure MAC violation notifications. snmp-server enable traps rf [redundancy-framework] Enables redundancy framework (RF) SNMP notifications. Optionally, enables the following specific notifications: • redundancy-framework—Enables RF supervisor switchover MIB notifications. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 229 [root-inconsistency] Optionally, enables the following specific notifications: • inconsistency—Enables SNMP STPX MIB inconsistency update notifications. • loop-inconsistency—Enables SNMP STPX MIB loop-inconsistency update notifications. • root-inconsistency—Enables SNMP STPX MIB root-inconsistency update notifications. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 230 • default-zone-behavior-change—Enables default zone behavior change notifications. • merge-failure—Enables merge failure notifications. • merge-success—Enables merge success notifications. • request-reject1—Enables request reject notifications. • unsupp-mem—Enables unsupported member notifications. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 231: Disabling Link Notifications On An Interface

    IF-MIB for all interfaces. Optionally, use the | keyword and the grep keyword to search for a Example: particular interface in the output. switch# show interface snmp-ifindex | grep -i Eth12/1 Eth12/1 441974784 (0x1a580000) Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 232: Enabling A One-time Authentication For Snmp Over Tcp

    Configures sysContact, which is the SNMP contact name. Example: switch(config)# snmp-server contact Admin Step 3 snmp-server location name Configures sysLocation, which is the SNMP location. Example: switch(config)# snmp-server location Lab-7 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 233: Configuring The Context To Network Entity Mapping

    Before You Begin Determine the logical network entity instance. For more information on VRFs and protocol instances, see the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide or the Cisco Nexus 7000 Series NX-OS Multicast Routing Configuration Guide. Procedure...
  • Page 234: Disabling Snmp

    Disables SNMP. SNMP is enabled by default. Example: switch(config)# no snmp-server protocol enable Modifying the AAA Synchronization Time You can modify how long Cisco NX-OS holds the synchronized user configuration. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 235: Verifying Snmp Configuration

    Displays the SNMP engineID. Displays SNMP roles. show snmp group show snmp host Displays information about configured SNMP hosts. Displays SNMP sessions. show snmp session Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 236: Configuration Examples For Snmp

    Configuration Examples for SNMP This example shows how to configure Cisco NX-OS to send the Cisco linkUp or Down notifications to one notification host receiver using the Blue VRF and defines two SNMP users, Admin and NMS: configure terminal snmp-server contact Admin@company.com...
  • Page 237: Additional References

    Cisco Nexus 7000 Series NX-OS System Management Command Reference VDCs Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide IP ACLs and AAA Cisco Nexus 7000 Series NX-OS Security Configuration Guide Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 238: Rfcs

    Configuring SNMP RFCs Related Topic Document Title MIBs Cisco Nexus 7000 Series and 9000 Series NX-OS MIB Quick Reference RFCs Title RFC 3414 User-based Security Model (USM) for Version 3 of the Simple Network Management Protocol (SNMPv3) RFC 3415 View-based Access Control Model (VACM) for the...
  • Page 239 SNMP notifications. SNMP AAA synchronization 4.0(3) Added the ability to modify the synchronized user configuration timeout. SNMP protocol 4.0(3) Added the ability to disable the SNMP protocol. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 240 Configuring SNMP Feature History for SNMP Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 241: Chapter 1 3 Configuring Rmon

    C H A P T E R Configuring RMON This chapter describes how to configure the remote monitoring (RMON) feature on Cisco NX-OS devices. This chapter contains the following sections: • Finding Feature Information, page 213 • About RMON, page 214 •...
  • Page 242: About Rmon

    You can use alarms with RMON events to generate a log entry or an SNMP notification when the RMON alarm triggers. RMON is enabled by default, but no alarms are configured in Cisco NX-OS. You can configure RMON alarms by using the CLI or an SNMP-compatible network management station.
  • Page 243: High Availability For Rmon

    Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide. Prerequisites for RMON If you configure VDCs, install the appropriate license and enter the desired VDC. See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide for configuration information and the Cisco NX-OS Licensing Guide for licensing information.
  • Page 244: Default Settings For Rmon

    Alarms None configured Configuring RMON Note Be aware that the Cisco NX-OS commands for this feature may differ from those commands used in Cisco IOS. Configuring RMON Alarms You can configure RMON alarms on any integer-based SNMP MIB object. You can optionally specify the following parameters: •...
  • Page 245: Configuring Rmon Events

    You can configure RMON events to associate with RMON alarms. You can reuse the same event with multiple RMON alarms. Before You Begin Make sure you have configured an SNMP user and enabled SNMP notifications. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 246: Verifying The Rmon Configuration

    This example shows how to create a delta rising alarm on ifInOctets.14 and associates a notification event with this alarm: configure terminal rmon alarm 20 1.3.6.1.2.1.2.2.1.14.1 2900 delta rising-threshold 1500 1 falling-threshold Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 247: Additional References

    Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. Table 24: Feature History for RMON Feature Name Releases Feature Information RMON 4.0(1) This feature was introduced. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 248 Configuring RMON Feature History for RMON Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 249: Chapter 1 4 Configuring Online Diagnostics

    C H A P T E R Configuring Online Diagnostics This chapter describes how to configure the generic online diagnostics (GOLD) feature on Cisco NX-OS devices. This chapter contains the following sections: • Finding Feature Information, page 221 • Information About Online Diagnostics, page 221 •...
  • Page 250: Online Diagnostics Overview

    Bootup Diagnostics Bootup diagnostics run during bootup and detect faulty hardware before Cisco NX-OS brings a module online. For example, if you insert a faulty module in the device, bootup diagnostics test the module and take it offline before the device uses the module to forward traffic.
  • Page 251 Checks the Cisco Trusted Security (CTS) device initialization on a module. ManagementPortLoopback Disruptive test, not an Sup1, Sup2, and Sup2E — on-demand test. Tests loop back on the management port of a module. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 252: Runtime Or Health Monitoring Diagnostics

    30 min All modules — integrity of the primary boot device on a module. SecondaryBootROM Verifies the 30 min All modules — integrity of the secondary boot device on a module. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 253 Nondisruptive 5 min All M2, F2, and F2e All M1, F1, and F3 per-port loopback modules modules test, and hence can N77-M348XP-23L run on ports that N77-M324FQ-25L are up as well. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 254 ExternalCompactFlash Verifies access to 30 min Sup1, Sup2, and Sup2E — the external compact flash devices. PwrMgmtBus Verifies the 30 sec Sup1, Sup2, and Sup2E — standby power management control bus. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 255: Recovery Actions For Specified Health-monitoring Diagnostics

    6.2(8), you must manually shut the devices to recover the network. In Cisco NX-OS Release 6.2(8) and later releases, you can configure the system to take disruptive action if the system detects failure on one of the following runtime, or health-monitoring, tests: •...
  • Page 256: On-demand Diagnostics

    A key part of high availability is detecting hardware failures and taking corrective action while the device runs in a live network. Online diagnostics in high availability detect hardware failures and provide feedback to high availability software components to make switchover decisions. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 257: Virtualization Support

    Cisco NX-OS supports online diagnostics in the default virtual device context (VDC) or, beginning with Cisco NX-OS Release 6.1, in the admin VDC. By default, Cisco NX-OS places you in the default VDC. Online diagnostics are virtual routing and forwarding (VRF) aware. You can configure online diagnostics to use a particular VRF to reach the online diagnostics SMTP server.
  • Page 258: Default Settings For Online Diagnostics

    Configuring Online Diagnostics Note Be aware that the Cisco NX-OS commands for this feature may differ from those commands used in Cisco IOS. Setting the Bootup Diagnostic Level You can configure the bootup diagnostics to run the complete set of tests or you can bypass all bootup diagnostic tests for a faster module bootup time.
  • Page 259: Activating A Diagnostic Test

    The argument ranges are as follows: • slot—The range is from 1 to 10. • test-id—The range is from 1 to 14. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 260: Setting A Diagnostic Test As Inactive

    The following ranges are valid for the each keyword: • slot —The range is from 1 to 10. • test-id —The range is from 1 to 14. • name —Can be any case-sensitive alphanumeric string up to 32 characters Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 261: Configuring Corrective Action

    1 to 30. The count range is from 1 to 1000. This CLI command can be used to modify the Note consecutive failure count for GOLD system default policies. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 262: Starting Or Stopping An On-demand Diagnostic Test

    Verifies that the diagnostic has been scheduled. Clearing Diagnostic Results You can clear diagnostic test results. Use the following command in any mode to clear the diagnostic test results: Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 263: Simulating Diagnostic Results

    Displays information about bootup diagnostics. show diagnostic content module {slot | all} Displays information about diagnostic test content for a module. show diagnostic description module slot test [test-name | all] Displays the diagnostic description. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 264: Configuration Examples For Online Diagnostics

    This example shows how to start all on-demand tests on module 6: diagnostic start module 6 test all This example shows how to activate test 2 and set the test interval on module 6: configure terminal diagnostic monitor module 6 test 2 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 265: Additional References

    Enables you to configure recovery actions for the following runtime on specified diagnostic tests: PortLoopback, RewriteEngineLoopback, SnakeLoopback health-monitoring test , and StandbyFabricLoopback. diagnostics. Online diagnostics 6.2(6) Added support to all F3 modules except for N77-F348XP-23. (GOLD) Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 266 5.1(1) Added support for the FIPS and BootupPortLoopback tests. (GOLD) Online diagnostics 4.2(1) Added support for the PortLoopback, StatusBus, and StandbyFabricLoopback (GOLD) tests. Online diagnostics 4.0(1) This feature was introduced. (GOLD) Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 267: Configuring The Embedded Event Manager

    To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the “New and Changed Information” chapter or the Feature History table in this chapter. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 268: About Eem

    (the default option). EEM maintains event logs on the supervisor. Cisco NX-OS has a number of preconfigured system policies. These system policies define many common events and actions for the device. System policy names begin with two underscore characters (__).
  • Page 269 Policies with default actions Note that cannot be completely overridden will be augmented. __BootupPortLoopback __FIPS __IntPortLoopback __PortLoopback __RewriteEngineLoopback __SnakeLoopback __SwPortLoopback __asic_register_check __compact_flash __eobc_port_loopback __ethpm_debug_1 __ethpm_debug_2 __ethpm_debug_3 __ethpm_debug_4 __ethpm_link_flap __external_compact_flash __gold_obfl __lcm_module_failure Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 270: Event Statements

    Action statements describe the action triggered by a policy. Each policy can have multiple action statements. If no action is associated with a policy, EEM still observes events but takes no actions. EEM supports the following actions in action statements: Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 271: Vsh Script Policies

    If you define an environment variable for the shutdown reason, called default-reason, you can replace that reset reason with the environment variable, as shown in the following example. switch (config-eem-policy)# action 1.0 foreshut module 1 reset-reason $default-reason You can reuse this environment variable in any policy. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 272: Eem Event Correlation

    Virtualization Support You configure EEM in the virtual device context (VDC) that you are logged into. By default, Cisco NX-OS places you in the default VDC. You must be in this VDC to configure policies for module-based events.
  • Page 273: Default Settings For Eem

    • EEM event correlation does not override the system default policies. • Default action execution is not supported for policies that are configured with tagged events. • You can invoke EEM from Python. For more information about Python, see the Cisco Nexus 7000 Series NX-OS Programmability Guide.
  • Page 274: Defining A User Policy Using The Cli

    Registers the applet with EEM and enters applet configuration mode. The applet-name can be any case-sensitive, alphanumeric string up to 29 Example: characters. switch(config)# event manager applet monitorShutdown switch(config-applet)# Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 275: Configuring Event Statements

    Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Configuring Event Statements Use one of the following commands in Applet Configuration mode to configure an event statement: Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 276 Triggers an event if a fan is removed from the device for more than the configured Example: time, in seconds. The number range is switch(config-applet)# event fanabsent time module dependent. The seconds range is from 10 to 64000. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 277 {critical | minor | severe} Triggers an event if a memory threshold Example: is crossed. See also Configuring Memory Thresholds, on page 264. switch(config-applet)# event memory critical Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 278 Use this option for overriding policies. switch(config-applet)# event policy-default count 3 The repeats range is from 1 to 65000. The seconds range is from 0 to 4294967295, where 0 indicates no time limit. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 279 Example: time interval specified. The switchover switch(config-applet)# event sysmgr count is from 1 to 65000. The time interval switchover count 10 time 1000 is from 0 to 2147483647. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 280: Configuring Action Statements

    The object-number range is from 1 to 500. Configuring Action Statements Use any of the following commands in Applet configuration (config-applet) mode to configure action statements: Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 281 1.0 overbudgetshut module 3-5 The action label is in the format number1.number2. number1 can be any number up to 16 digits. The range for number2 is from 0 to 9. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 282 Example: The action label is in the format switch(config-applet)# action 1.0 end number1.number2. number1 can be any number up to 16 digits. The range for number2 is from 0 to 9. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 283 The action label is in the format switch(config-applet)# action 2.0 puts "Hello world" number1.number2. number1 can be any number up to 16 digits. The range for number2 is from 0 to 9. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 284 Example: The action label is in the format switch(config-applet)# action 2.0 break number1.number2. number1 can be any number up to 16 digits. The range for number2 is from 0 to 9. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 285 The action label is in the format number1.number2. "(.*) (.*) (.*)" "one two three" _match _sub1 number1 can be any number up to 16 digits. The range for number2 is from 0 to 9. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 286 5.2 string match "*Bl*" $str The action label is in the format number1.number2. number1 can be any number up to 16 digits. The range for number2 is from 0 to 9. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 287 5.7 string trimleft "$string" "Hello" The action label is in the format number1.number2. number1 can be any number up to 16 digits. The range for number2 is from 0 to 9. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 288: Defining A Policy Using A Vsh Script

    Name the text file and save it. Step 3 Copy the file to the following system directory: bootflash://eem/user_script_policies. Registering and Activating a VSH Script Policy You can register and activate a policy defined in a VSH script. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 289: Scheduling An Eem Policy

    Schedules an EEM policy and sets the class-options number thread-number policy scheduling options like class and thread number for execution. Example: switch(config)# event manager scheduler applet thread class default number 2 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 290: Overriding A Policy

    Overriding a Policy You can override a system policy. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 291 Displays information about the configured policy. Example: switch(config-applet)# show event manager policy-state ethport Step 8 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 292: Configuring Memory Thresholds

    Alert : MINOR ALERT RECOVERED • 2013 May 7 17:06:35 switch %$ %PLATFORM-2-MEMORY_ALERT: Memory Status Alert : SEVERE ALERT RECOVERED • 2013 May 7 17:06:35 switch %$ %PLATFORM-2-MEMORY_ALERT: Memory Status Alert : CRITICAL ALERT RECOVERED Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 293: Configuring Syslog As Eem Publisher

    EEM should be available for registration by syslog. The syslog daemon must be configured and executed. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 294: Verifying The Eem Configuration

    Verifying the EEM Configuration To display EEM configuration information, use one of the following commands: Command Purpose show event manager environment [variable-name Displays information about the event manager environment variables. | all] Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 295: Configuration Examples For Eem

    1 syslog priority errors msg module 3 “upgrade is not a hitless upgrade!” action 2 policy-default This example shows how to override the __ethpm_link_flap system policy and shuts down the interface: event manager applet ethport override __ethpm_link_flap event policy-default count 2 time 1000 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 296: Related Documents

    Your software release might not support all the features in this document. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 297 EEM policy. Syslog as EEM publisher 5.1(1) Added support to monitor syslog messages from the switch. Memory thresholds configuration 4.1(3) Added a configuration section for memory thresholds. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 298 Configuring the Embedded Event Manager Feature History for EEM Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 299: Configuring Onboard Failure Logging

    C H A P T E R Configuring Onboard Failure Logging This chapter describes how to configure the onboard failure logging (OBFL) features on Cisco NX-OS devices. This chapter includes the following sections: • Finding Feature Information, page 271 •...
  • Page 300: About Obfl

    About OBFL About OBFL Cisco NX-OS provides the ability to log failure data to persistent storage, which you can retrieve and display for analysis at a later time. This onboard failure logging (OBFL) feature stores failure and environmental information in nonvolatile memory on the module. The information will help analyze failed modules.
  • Page 301: Prerequisites For Obfl

    Prerequisites for OBFL Prerequisites for OBFL If you configure VDCs, install the appropriate license and enter the desired VDC. See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide for configuration information and the Cisco NX-OS Licensing Guide for licensing information.
  • Page 302 Enables the OBFL interrupt statistics. Example: switch(config)# hw-module logging onboard interrupt-stats Module: 7 Enabling interrupt-stats ... was successful. Module: 10 Enabling interrupt-stats ... was successful. Module: 12 Enabling interrupt-stats ... was successful. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 303: Verifying The Obfl Configuration

    Displays interrupt statistics. show logging onboard module slot Displays OBFL information for a specific module. show logging onboard obfl-history Displays history information. show logging onboard obfl-logs Displays log information. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 304: Configuration Example For Obfl

    Use the clear logging onboard command to clear the OBFL information for each of the show command options listed. Configuration Example for OBFL This example shows how to enable OBFL on module 2 for environmental information: switch# configure terminal switch(config)# hw-module logging onboard module 2 environmental-history Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 305: Additional References

    Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. Table 31: Feature History for OBFL Feature Name Releases Feature Information OBFL 4.0(1) This feature was introduced. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 306 Configuring Onboard Failure Logging Feature History for OBFL Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 307: Chapter 1 7 Configuring Span

    Feature History table in this chapter. About SPAN SPAN analyzes all traffic between source ports by directing the SPAN session traffic to a destination port with an external analyzer attached to it. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 308: Span Sources

    • Fabric port channels connected to the Cisco Nexus 2000 Series Fabric Extender (FEX) • Satellite ports and host interface port channels on the Cisco Nexus 2000 Series Fabric Extender— These interfaces are supported in Layer 2 access mode, Layer 2 trunk mode, and Layer 3 mode.
  • Page 309: Characteristics Of Destination Ports

    SPAN Sessions You can create SPAN sessions to designate sources and destinations to monitor. See the Cisco Nexus 7000 Series NX-OS Verified Scalability Guide for information on the number of supported SPAN sessions. This figure shows a SPAN configuration. Packets on three Ethernet ports are copied to destination port Ethernet 2/5.
  • Page 310: Extended Span Sessions

    Unidirectional sessions use one resource, and traditional sessions use two resources. These 12 resources are shared between local and SPAN source sessions across all VDCs. If you are configuring an extended SPAN session on a Cisco Nexus 7710 switch or a Cisco Nexus 7718 switch, the following applies: •...
  • Page 311: Exception Span

    Exception SPAN enables you to span exception packets. Packets that have failed an intrusion detection system (IDS), Layer 3 IP verification, and FabricPath are treated as exception packets. Beginning with Cisco NX-OS Release 6.2(10), you can remove the FabricPath and VLAN tag headers Note from SPAN packets.
  • Page 312: Virtual Span Sessions

    You can also use the Cisco Network Analysis Module (NAM) to monitor SPAN data sources for application performance, traffic analysis, and packet header analysis. To use NAM for monitoring the Cisco Nexus 7000 SPAN data sources, see the Cisco Nexus 7000 Series Network analysis Module (NAM-NX1) Quick Start Guide.
  • Page 313: High Availability

    High Availability The SPAN feature supports stateless and stateful restarts. After a reboot or supervisor switchover, the running configuration is applied. For more information on high availability, see the Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide. Virtualization Support A virtual device context (VDC) is a logical representation of a set of system resources.
  • Page 314 • If a module is not in the VDC in which the inband interface is sourced, packets destined to the supervisor cannot be captured. • For Cisco NX-OS releases prior to 6.1, you can monitor the inband interface only from the default VDC. Inband traffic from all VDCs is monitored. Beginning with Cisco NX-OS Release 6.1, the monitoring of the inband interface is no longer restricted to the default VDC: ◦...
  • Page 315 • SPAN does not capture pause frames in a Fibre Channel over Ethernet (FCoE) network because pause frames sent from the virtual expansion (VE) port are generated and terminated by the outermost MAC layer. For more information on FCoE, see the Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500.
  • Page 316: Guidelines And Limitations For F1 Series Module

    IPv6 destination IP filters. They support only IPv4 and IPv6 ToS filters with values from 0 to 3. Port channel member lane, FCoE source ID, and FCoE destination ID are not supported. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 317: Guidelines And Limitations For F2/f2e Series Modules

    However, the distribution pattern can be different from that of regular (non-SPAN destination) port channels. For example, you can have even load distribution for regular port channels but uneven load distribution (or no load balancing) for SPAN destination port channels. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 318: Guidelines And Limitations For F3 Series Module

    • SPAN sampling is supported only on F Series modules. It is not supported on M Series modules. • Beginning with Cisco NX-OS Release 6.1, FCoE SPAN on F2 Series modules is supported for storage VDCs.
  • Page 319: Guidelines And Limitations For M2/m2xl Series Modules

    Fabric Extender. • If a port channel is the SPAN destination interface for SPAN traffic that is sourced from a Cisco Nexus 7000 M1 Series module, only a single member interface will receive copied source packets. The same limitation does not apply to SPAN traffic sourced from all other Cisco Nexus series modules, including the Cisco Nexus 7000 M1-XL Series modules.
  • Page 320: Guidelines And Limitations For M3 Series Modules

    VDC. Guidelines and Limitations for M3 Series Modules • Beginning with Cisco NX-OS Release 7.3(1)DX(1), SPAN is supported on M3 Series modules. • SPAN sampling is supported on M Series modules and Supervisor 2.
  • Page 321: Configuring Span

    Configuring SPAN Configuring SPAN Configuring SPAN Cisco NX-OS commands for this feature may differ from those in Cisco IOS. Note Configuring a SPAN Session You can configure a SPAN session on the local device only. By default, SPAN sessions are created in the shut state.
  • Page 322 Step 7 no monitor session session-number Clears the configuration of the specified SPAN session. The new session configuration is added to the existing session configuration. Example: switch(config)# no monitor session 3 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 323 You can enter a range of Ethernet ports, a port channel, an inband interface, a range of VLANs, a Cisco Nexus 2000 Series Fabric Extender interface, or a Example: fabric port channel connected to a Cisco Nexus 2000 Series switch(config-monitor)# source interface ethernet 2/1-3, Fabric Extender.
  • Page 324 Enables the SPAN session. By default, the session is created in the shut state. Example: switch(config-monitor)# no shut Step 18 show monitor session {all | (Optional) session-number | range session-range} Displays the SPAN configuration. [brief] Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 325: Configuring Multi-destination Span On F2 Series Modules

    Configuring Multi-Destination SPAN on F2 Series Modules If you are configuring a multiple destination port for a SPAN session on a Cisco Nexus 7000 switch, do the following: • Remove the module type restriction when configuring multiple SPAN destination port to allow a SPAN session.
  • Page 326 {number | Checks the configuration to ensure that the primary attribute is not configured on the destination port. range} [primary] Displays an error message if more than one port is configured. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 327: Configuring Multiple Span Sessions On A Span Destination Port

    • Rate limiter 'auto' mode is not allowed with span session(s) having shared span destination port(s). • The 'manual' mode is recommended when the rate limit is required for individual SPAN session. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 328: Configuring A Virtual Span Session

    Before You Begin Ensure that you are in the correct VDC (or use the switchto vdc command). You have already configured the destination ports in trunk mode. For more information, see the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide.
  • Page 329 Example: session. switch(config-monitor)# source vlan 3, 6-8 rx Example: switch(config-monitor)# source interface ethernet 101/1/1-3 Step 5 Repeat Step 4 to configure all virtual SPAN (Optional) VLAN sources. — Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 330 VLANs on each destination port. Step 13 (Optional) show interface ethernet (Optional) Displays the interface trunking configuration for the selected slot and port or range of ports. Example: switch(config)# interface ethernet 2/5 switch(config-if)# Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 331: Configuring An Rspan Vlan

    (Optional) Displays the VLAN configuration. Remote SPAN VLANs are listed together. Example: switch(config)# show vlan Step 6 copy running-config startup-config (Optional) (Optional) Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 332: Shutting Down Or Resuming A Span Session

    The no form of the command enables the SPAN session. switch(config-monitor)# shut By default, the session is created in the shut state. Step 5 (Optional) show monitor Displays the status of SPAN sessions. Example: switch(config-monitor)# show monitor Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 333: Configuring Mtu Truncation For Each Span Session

    3 switch(config-monitor)# Step 3 [no] mtumtu Configures the MTU truncation size for packets in the specified SPAN session. The range is from 64 to 1500 bytes. Example: switch(config-monitor)# mtu 64 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 334: Configuring A Source Rate Limit For Each Span Session

    Ensure that you are in the correct VDC (or use the switchto vdc command). Procedure Command or Action Purpose Step 1 Enters global configuration mode. configure terminal Example: switch# configure terminal switch(config)# Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 335 Example: switch(config)# monitor session 3 switch(config-monitor)# Step 5 copy running-config (Optional) startup-config Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 336: Configuring Sampling For Each Span Session

    Configuring Sampling for Each SPAN Session Configuring Sampling for Each SPAN Session Beginning with Cisco NX-OS Release 6.1, you can configure a sampling range for spanned traffic in order to reduce the SPAN traffic bandwidth and to monitor peer-to-peer traffic. Packet range-based sampling is used to provide an accurate count of the SPAN source packets.
  • Page 337: Complex Rule-based Span

    [arp | eth | fcoe |ipv4 |ipv6] Specifying match criteria in the Note same line or in multiple lines will Example: have the same result. switch(config-monitor-filter)# match eth-type 0x0800 switch(config-monitor-filter)# match src-mac 40:55:39:0c:98:c1 ff:ff:ff:ff:ff:00 dest-mac 40:55:39:0c:98:c1 ff:ff:ff:ff:ff:00 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 338: Creating Filter-lists

    X and deny filter Y are SPAN-ed—it is an OR condition. Associating a Filter List to a Monitor Session BEFORE YOU BEGIN Ensure that you are in the correct VDC (or use the switchto vdc command). Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 339: Configuring A Session With Rules Enabled

    Configuring a Session with Rules Enabled To create a local/erspan-source unidirectional/bidirectional session, configure the following: Procedure Command or Action Purpose Step 1 Enters global configuration mode. configure terminal Example: switch# configure terminal switch(config)# Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 340: Configuring The Multicast Best Effort Mode For A Span Session

    Layer 3 interfaces (that is, on the egress module, packets that egress out of Layer 2 interfaces are not replicated for SPAN). Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 341: Configuring Rule-based Span

    The packets are spanned only if all conditions are met. Before You Begin Ensure that you are in the correct VDC (or use the switchto vdc command). Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 342 • pc-lane—Specifies a filter based on a member of the port channel. • src-mac—Specifies a filter based on a source MAC address. • trace-route—Specifies a filter based on the route bit in the header. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 343 The optional keywords are as follows: Example: • src-ip—Specifies a filter based on an IPv4 source IP switch(config-monitor)# filter address. frame-type ipv4 l4-protocol 3 • dest-ip—Specifies a filter based on an IPv4 destination IP address. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 344 You can enter a range of Ethernet ports, a port channel, an inband interface, a range of VLANs, a Cisco Nexus 2000 Series Fabric Extender interface, or a Example: fabric port channel connected to a Cisco Nexus 2000 Series...
  • Page 345: Configuring Exception Span

    SPAN session. The optional keywords are as follows:. • rx—Specifies an ingress extended SPAN session. Example: switch(config)# monitor session • tx—Specifies an egress extended SPAN session. switch(config-monitor)# • shut—Specifies a shut state for the selected session. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 346 Example: switch(config)# show monitor session 3 Step 8 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 347: Removing Fabricpath And Vntag Headers

    (Optional) startup-config Copies the running configuration to the startup configuration. Removing Headers per Port Before You Begin Ensure that you are in the correct VDC (or use the switchto vdc command). Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 348: Verifying The Span Configuration

    Displays the resources that are available for the show resource monitor-session-extended extended session. show running-config Displays configuration of the commands for removing the FabricPath and VNTAG headers for SPAN. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 349: Configuration Examples For Span

    3 switch(config-monitor)# mode extended switch(config-monitor)# source interface all switch(config-monitor)# destination interface ethernet 2/5 switch(config-monitor)# no shut switch(config-monitor)# exit switch(config)# show monitor session 3 switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 350: Configuration Example For A Unidirectional Span Session

    3 switch(config)# copy running-config startup-config Configuration Example for a Virtual SPAN Session Procedure Step 1 Configure destination ports in access or trunk mode, and enable SPAN monitoring. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 351: Configuration Example For A Span Session With A Private Vlan Source

    100 switch(config-if)# no shut switch(config-if)# exit switch(config)# interface ethernet 3/2 switch(config-if)# switchport switch(config-if)# switchport mode trunk switch(config-if)# switchport trunk native vlan 100 switch(config-if)# no shut Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 352: Configuration Example For Span With Mtu Truncation And Span Sampling

    10.1.1.1/24 switch(config-monitor)# source interface ethernet 2/1-3, ethernet 3/1 rx switch(config-monitor)# destination interface ethernet 2/5, ethernet 3/7 switch(config-monitor)# no shut switch(config)# show monitor session 3 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 353: Configuration Example For Exception Span

    Table 34: Feature History for SPAN Feature Name Releases Feature Information SPAN 7.3(0)DX(1) Added support for M3 Series modules. SPAN 7.3(0)D1(1) Added support for 4K VLANs per SPAN Session. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 354 SPAN session. SPAN 5.1(1) Added support for F1 Series modules and increased the number of supported SPAN sessions from 18 to 48. SPAN 4.1(3) Added a table of SPAN session limits. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 355: Finding Feature Information

    C H A P T E R Configuring ERSPAN This chapter describes how to configure an encapsulated remote switched port analyzer (ERSPAN) to transport mirrored traffic in an IP network on Cisco NX-OS devices. This chapter contains the following sections: •...
  • Page 356: Configuring Erspan

    The packet is decapsulated at the destination router and then sent to the destination interface. ERSPAN Types Cisco NX-OS Release 6.1 and later releases support ERSPAN Type II and Type III. All previous Cisco NX-OS releases support only ERSPAN Type II.
  • Page 357: Erspan Destinations

    ERSPAN destination ports. ERSPAN Sessions You can create ERSPAN sessions that designate sources and destinations to monitor. The figure below shows an ERSPAN configuration. Figure 6: ERSPAN Configuration Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 358: Extended Erspan Session

    Unidirectional sessions use one resource, and bidirectional use two resources. These 12 resources are shared between local and ERSPAN source sessions across all VDCs. If you are configuring an extended SPAN session on a Cisco Nexus 7710 switch or a Cisco Nexus 7718 switch, the following applies: •...
  • Page 359: Exception Erspan

    Each VDC supports one exception ERSPAN session. Exception ERSPAN is supported in the egress direction only. In the case of an extended ERSPAN Rx session, the exception source configuration will be rejected. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 360: Network Analysis Module

    You can also use the Cisco Network Analysis Module (NAM) to monitor ERSPAN data sources for application performance, traffic analysis, and packet header analysis. To use NAM for monitoring the Cisco Nexus 7000 ERSPAN data sources, see the Cisco Nexus 7000 Series Network Analysis Module (NAM-NX1) Quick Start Guide.
  • Page 361: Guidelines And Limitations For Erspan

    Guidelines and Limitations for ERSPAN ERSPAN has the following configuration guidelines and limitations: • For ERSPAN session limits, see the Cisco Nexus 7000 Series NX-OS Verified Scalability Guide. • All ERSPAN replication is performed in the hardware. The supervisor CPU is not involved.
  • Page 362 ERSPAN source interfaces. • Beginning with Cisco NX-OS Release 5.2, you can configure the Cisco Nexus 2000 Series Fabric Extender (FEX) interfaces and the fabric port channels connected to the Cisco Nexus 2000 Series Fabric Extender as ERSPAN sources.
  • Page 363 Precision Time Protocol (PTP) master timers. • 1588 granularity mode is not supported in Cisco NX-OS Release 6.1 and is rejected if selected. • M2 Series modules support 100 microseconds (ms), 100 nanoseconds (ns), and ns granularity. F2 Series and F2e Series modules support only 100 ms and 100 ns granularity.
  • Page 364: Default Settings

    MAC addresses and source MAC addresses. • ERSPAN ACLs are not supported for use with OTV. • ERSPAN source sessions are supported on F3 Series modules. Beginning with Cisco NX-OS Release 7.2, ERPSPAN destination sessions are also supported on these modules. However, ERSPAN ACL sessions are not supported on F3 Series modules.
  • Page 365: Configuring Erspan

    Disabled Multicast best effort mode Disabled Configuring ERSPAN Be aware that the Cisco NX-OS commands for this feature may differ from those commands used in Cisco Note IOS. Configuring an ERSPAN Source Session You can configure an ERSPAN session on the local device only. By default, ERSPAN sessions are created in the shut state.
  • Page 366 You can configure one or more VLANs, as either a series of comma-separated entries or a range of numbers. For information on the VLAN range, see the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide. You can enable monitoring of a higher number of specific...
  • Page 367 Displays the running ERSPAN configuration. running-config monitor Step 20 switch(config)# show (Optional) startup-config monitor Displays the ERSPAN startup configuration. Step 21 switch(config)# copy (Optional) Copies the running configuration to the startup running-config startup-config configuration. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 368: Configuring An Erspan Destination Session

    Ensure that you are in the correct VDC (or use the switchto vdc command). Ensure that you have already configured the destination ports in monitor mode. For more information, see the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide. Procedure...
  • Page 369 Displays the running ERSPAN configuration. Step 20 switch# show startup-config monitor (Optional) Displays the ERSPAN startup configuration. Step 21 switch# copy running-config (Optional) startup-config [vdc-all] Copies the running configuration to the startup configuration. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 370: Shutting Down Or Activating An Erspan Session

    (Optional) Displays the status of ERSPAN sessions. Step 10 switch(config)# show running-config (Optional) Displays the ERSPAN running configuration. monitor Step 11 switch(config)# show startup-config (Optional) monitor Displays the ERSPAN startup configuration. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 371: Configuring Mtu Truncation For Each Erspan Session

    Configuring MTU Truncation for Each ERSPAN Session Beginning with Cisco NX-OS Release 6.1, in order to reduce the ERSPAN traffic bandwidth, you can configure the maximum bytes allowed for each replicated packet in an ERSPAN session. This value is called the maximum transmission unit (MTU) truncation size.
  • Page 372: Configuring A Source Rate Limit For Each Erspan Session

    Beginning with Cisco NX-OS Release 6.1, you can alleviate this problem as well as traffic overload on the source forwarding instance by configuring a source rate limit for each ERSPAN session.
  • Page 373: Configuring Sampling For Each Erspan Session

    Copies the running configuration to the startup configuration. Configuring Sampling for Each ERSPAN Session Beginning with Cisco NX-OS Release 6.1, you can configure a sampling range for spanned traffic in order to reduce the ERSPAN traffic bandwidth and to monitor peer-to-peer traffic. Packet range-based sampling is used to provide an accurate count of the ERSPAN source packets.
  • Page 374: Configuring The Multicast Best Effort Mode For An Erspan Session

    For Layer 3 multicast traffic, ERSPAN replication occurs on the egress module. If traffic is multicasted Note to multiple egress modules, you could capture multiple ERSPAN copies for each packet (that is, one copy from each egress module). Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 375: Configuring Rule-based Erspan

    Specifies the granularity of all ERSPAN Type III sessions across all VDCs. The granularity options are 100 microseconds (ms), 1588 | ns} 100 nanoseconds (ns), IEEE 1588 (in seconds or nanoseconds), and nanoseconds. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 376 • access-group—Specifies a filter based on an access dest-mac] [eth-type eth-value] control group. [flow-hash flow-value] [frame-type [eth | arp | fcoe | • vlan—Specifies a filter based on a VLAN range. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 377 • fc-sid—Specifies a filter based on an FC source ID. sof-value] [cmd-code cmd-value]] • fc-did—Specifies a filter based on an FC destination ID. • fcoe-type—Specifies a filter based on an FCoE type. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 378 {[interface [type slot/port [-port] packets. You can enter a range of Ethernet ports, a port channel, [,type slot/port[-port]]] an inband interface, a range of VLANs, a Cisco Nexus 2000 [port-channel channel-number]] Series Fabric Extender interface, or a fabric port channel | [vlan {number | range}]} [rx | connected to a Cisco Nexus 2000 Series Fabric Extender.
  • Page 379 Purpose up to 128 interfaces. The VLAN range is from 1 to 3967. The VLAN range of 4048 to 4093 is also supported for Cisco NX-OS releases prior to 6.1. You can specify the traffic direction to copy as ingress (rx), egress (tx) , or both.
  • Page 380: Configuring Exception Erspan

    Only one destination IP address is supported per ERSPAN source session. The Cisco Nexus 2000 Series Fabric Extender Note interfaces and the fabric port channels connected to the FEX cannot be configured as ERSPAN destinations. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 381: Verifying The Erspan Configuration

    Displays the resources that are available for the show resource monitor-session-mx-exception-src exception session. For detailed information about the fields in the output from these commands, see the Cisco Nexus 7000 Series NX-OS System Management Command Reference. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 382: Configuration Examples For Erspan

    192.0.2.1 switch(config-monitor)# vrf default switch(config-monitor)# erspan-id 200 switch(config-monitor)# filter vlan 1-1000 switch(config-monitor)# no shut switch(config-monitor)# exit switch(config)# show monitor session 2 switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 383: Configuration Example For A Unidirectional Erspan Session

    10 switch(config-access-map)# match ip address match_12_pkts switch(config-access-map)# action forward switch(config-access-map)# exit switch(config)# monitor session 1 type erspan-source switch(config-erspan-src)# header-type 3 switch(config-erspan-src)# filter access_group erspan_filter Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 384: Configuration Example For Erspan With Mtu Truncation And Erspan Sampling

    This example shows how to configure an exception ERSPAN session: switch# configure terminal switch(config)# monitor session 3 type erspan-source switch(config-erspan-src)# mode extended switch(config-erspan-src)# source exception all switch(config-erspan-src)# destination ip 10.1.1.1 switch(config-erspan-src)# no shut switch# show monitor session 3 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 385: Related Documents

    F2 and F2e Series modules. ERSPAN 6.2(2) Added NAM support for ERSPAN data sources. ERSPAN 6.2(2) Added support for extended ERSPAN. ERSPAN 6.2(2) Added support for rule-based ERSPAN. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 386 ERSPAN session. ERSPAN and ERSPAN ACLs 5.1(1) This feature was introduced. ERSPAN ERSPAN source sessions are supported on F3 Series modules. However, ERSPAN ACL sessions are not supported on F3 Series modules. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 387: Chapter 1 9 Configuring Lldp

    About LLDP The Cisco Discovery Protocol (CDP) is a device discovery protocol that allows network management applications to automatically discover and learn about other Cisco devices that are connected to the network. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 388: About Dcbxp

    Configuring LLDP About DCBXP To permit the discovery of non-Cisco devices, the switch also supports the Link Layer Discovery Protocol (LLDP), a vendor-neutral device discovery protocol that is defined in the IEEE 802.1ab standard. LLDP allows network devices to advertise information about themselves to other devices on the network. This protocol runs over the data-link layer, which allows two systems running different network layer protocols to learn about each other.
  • Page 389: High Availability

    Configuring LLDP High Availability For information on the quality of service (QoS) features, see the Cisco Nexus 7000 Series NX-OS Quality Note of Service Configuration Guide. DCBXP is enabled by default, provided LLDP is enabled. When LLDP is enabled, DCBXP can be enabled or disabled using the [no] lldp tlv-select dcbxp command.
  • Page 390: Default Settings For Lldp

    Configuring LLDP Default Settings for LLDP • Beginning with Cisco NX-OS Release 5.2, LLDP is supported for the Cisco Nexus 2000 Series Fabric Extender. LLDP packets can now be sent and received through the Fabric Extender ports for neighbor discovery.
  • Page 391: Enabling Or Disabling Lldp On An Interface

    After you globally enable LLDP, it is enabled on all supported interfaces by default. Step 5 switch(config-if)# show lldp (Optional) interface interface slot/port Displays the LLDP configuration on the interface. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 392: Configuring Optional Lldp Parameters

    Specifies the TLVs to send and receive in LLDP packets. The available TLVs are dcbxp, management-address, port-description, port-vlan, system-capabilities, system-description, and system-name. All available TLVs are enabled by default. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 393: Verifying The Lldp Configuration

    Enter configuration commands, one per line. End with CNTL/Z. switch(config)# feature lldp switch(config)# interface ethernet 7/9 switch(config-if)# no lldp transmit switch(config-if)# no lldp receive switch(config-if)# exit switch(config)# interface ethernet 7/10 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 394: Related Documents

    Table 37: Feature History for LLDP Feature Name Releases Feature Information LLDP 5.2(1) Added LLDP support for the Cisco Nexus 2000 Series Fabric Extender. DCBXP 5.1(1) This feature was introduced. LLDP 5.0(2) This feature was introduced. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 395: Finding Feature Information

    Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the “New and Changed Information”...
  • Page 396: Netflow

    NetFlow gathers for the flow. You can define a flow record with any combination of keys and fields of interest. Cisco NX-OS supports a rich set of keys. A flow record also defines the types of counters gathered per flow. You can configure 32-bit or 64-bit packet or byte counters.
  • Page 397: Flow Exporters

    IP address assigned to it, the flow exporter will be inactive. Cisco NX-OS exports data to the collector whenever a timeout occurs or when the flow is terminated (TCP FIN or RST received, for example). You can configure the following timers to force a flow export: •...
  • Page 398: Flow Monitors

    The IOD information of the interface can be retrieved using the show system internal im info global command. Cisco NX-OS supports UDP as the transport protocol for exports to up to two collectors. Note M1 Series modules support the configuration change from the Version 5 to Version 9 export format, but Note F2, F2e, and F3 Series modules do not.
  • Page 399: Netflow On Copp Interface Support

    1:80. On M3 series modules, the default rate limit value is 8000 PPS per ASIC (SoC). In such a scenario, the Cisco Nexus 7700 M3-Series 48-Port 1/10G Ethernet Module (with 2 SoCs) will rate limit 8000*2=16000 PPS only to the CPU per M3 Series module.
  • Page 400: Network Analysis Module

    VLAN, and QoS. See the NAM configuration example in the Configuration Examples for NetFlow. To use NAM for monitoring the Cisco Nexus 7000 NetFlow data sources, see the Cisco Nexus 7000 Series Network Analysis Module (NAM-NX1) Quick Start Guide.
  • Page 401: Guidelines And Limitations For Netflow

    • You must understand the resources required on your device because NetFlow consumes additional memory and CPU resources. • If you configure VDCs, install the appropriate license and enter the desired VDC. See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide for configuration information and the Cisco NX-OS Licensing Guide for licensing information.
  • Page 402 For more information on this command, see the Configuring IP ACLs chapter of the Cisco Nexus 7000 Series NX-OS Security Configuration Guide.
  • Page 403: Default Settings For Netflow

    15 seconds only) Flow timeout aggressive threshold Disabled Flow timeout fast threshold Disabled Flow timeout inactive 15 seconds Flow timeout session aging Disabled Configuring NetFlow To configure NetFlow, follow these steps: Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 404: Enabling The Netflow Feature

    You can create a flow record and add keys to match on and nonkey fields to collect in the flow. Before You Begin Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 405 {ipv4 | ipv6} {original-input | alphanumeric characters for the flow record name. original-output}} Example: switch(config-flow-exporter)# show flow record netflow protocol-port Step 7 copy running-config startup-config (Optional) Saves this configuration change. Example: switch(config-flow-exporter)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 406: Specifying The Match Parameters

    Specifies the Layer 2 attribute as a key. destination-address | ethertype | vlan} Example: switch(config-flow-record)# match datalink ethertype Specifying the Collect Parameters You must configure at least one of the following collect parameters for flow records: Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 407: Creating A Flow Exporter

    { ipv4-address | ipv6-address} Sets the destination IPv4 or IPv6 address for this flow exporter. You can optionally configure the [use-vrf name ] VRF to use to reach the NetFlow collector. You Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 408 Sets the template data resend timer. The range is from 1 to 86400 seconds. Example: switch(config-flow-exporter-version-9)# template data timeout 1200 Step 11 exit Returns to flow exporter configuration mode. Example: switch(config-flow-exporter-version-9)# exit Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 409: Creating A Flow Monitor

    IPv4Monitor Step 4 exporter name (Optional) Associates a flow exporter with this flow monitor. You can enter up to 63 alphanumeric characters Example: for the exporter name. switch(config-flow-monitor)# export Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 410: Creating A Sampler

    Defines the number of samples to take per the packet-number number of packets received. The sample-number range is from 1 to 64, and the packet-number range is from 1 to 65536 packets. Example: switch(config-flow-sampler)# mode 1 out-of 128 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 411: Applying A Flow Monitor To An Interface

    Step 5 layer2-switched flow monitor name input Associates a Layer 2-switched flow monitor and a sampler name sampler to the interface for input packets. You can Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 412: Configuring Netflow On Copp Interface Support

    You must perform the following tasks to complete configuring Netflow on COPP Interface Support feature: Creating a Flow Record, on page 376 Creating a Flow Monitor Creating a Sampler, on page 382 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 413: Configuring Bridged Netflow On A Vlan

    The Layer 2 keys are as follows: • Source and destination MAC addresses • Source VLAN ID • EtherType from the Ethernet frame You can apply Layer 2 NetFlow to the following interfaces for the ingress direction: Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 414 For more information about using the mac Example: packet-classify command, see the Cisco Nexus switch(config-if)# mac packet-classify 7000 Series NX-OS Security Configuration Guide. You must use this command to capture Note flows. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 415: Configuring Netflow Timeouts

    30 Step 3 copy running-config startup-config (Optional) Saves the change persistently through reboots and restarts by copying the running configuration Example: to the startup configuration. switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 416: Verifying The Netflow Configuration

    This example shows how to configure a NetFlow exporter configuration for IPv4 : feature netflow flow exporter ee version 9 flow record rr match ipv4 source address match ipv4 destination address collect counter bytes collect counter packets Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 417: Verification Examples For Netflow Copp Interface Support

    Ethernet2/45 ip flow monitor foo input ip address 10.20.1.1/24 no shutdown This example shows a NetFlow exporter configuration for IPv4 from the Cisco Nexus 7000 Series switch to NAM: flow exporter pw destination 172.20.101.87 use-vrf management transport udp 3000...
  • Page 418: Related Documents

    Series modules. NetFlow 7.3(0)D1(1) Added Netflow on CoPP Interface support. NetFlow 7.2(0)D1(1) Enhanced the F3 Series module packet processing rate to 50000 pps. NetFlow 6.2(6) Added support for F3 Series modules. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 419 NetFlow records that you can use to capture flows in Layer 2 interfaces. Rollback during NetFlow 4.1(3) Rollback fails for NetFlow if, during rollback, you try to modify a record that is programmed in the hardware. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 420 Configuring NetFlow Feature History for NetFlow Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 421: Finding Feature Information

    C H A P T E R Configuring EEE This chapter describes how to configure Energy Efficient Ethernet (EEE) on Cisco NX-OS devices. • Finding Feature Information, page 393 • Information About EEE, page 394 • Virtualization Support, page 394 •...
  • Page 422: Information About Eee

    Virtualization Support By default, Cisco NX-OS places you in the default virtual device context (VDC) unless you specifically configure another VDC. For more information about VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide. Licensing Requirements for EEE...
  • Page 423: Guidelines And Limitations

    Configuring EEE Guidelines and Limitations • To configure VDCs, you must install the appropriate license. See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide for configuration information and the Cisco NX-OS Licensing Guide for licensing information. Guidelines and Limitations Guidelines and Limitations: •...
  • Page 424: Configuring The Eee Lpi Sleep Threshold

    • Aggressive—Causes the device to enter LPI mode after 20 microseconds of detecting an idle state. • Nonaggressive—Causes the device to enter LPI mode after 600 microseconds of detecting an idle state. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 425: Verifying The Eee Configuration

    • Disabled—EEE is disabled on this interface. • Disagreed—EEE autonegotiation with the link partner has failed • Operational—EEE is enabled and operational on this interface. show interface ethernet slot/port capabilities Displays whether the interface is EEE capable. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 426: Configuration Examples For Eee

    EEE(efficient-ethernet): Operational Related Documents Related Topic Document Title EEE CLI commands Cisco Nexus 7000 Series NX-OS System Management Command Reference VDCs Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 427: Feature History For Eee

    Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. Table 43: Feature History for EEE Feature Name Releases Feature Information 6.1(2) This feature was introduced. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 428 Configuring EEE Feature History for EEE Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 429: Finding Feature Information

    Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the “New and Changed Information”...
  • Page 430: Licensing Requirements For Xmlin

    License Requirement Cisco NX-OS XMLIN requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
  • Page 431: Converting Show Command Output To Xml

    The copyrights to certain works contained in this software are owned by other third parties and used and distributed under license. Certain components of this software are licensed under the GNU General Public License (GPL) version 2.0 or the GNU Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 432 Please type "end" to finish and output the current XML document before building a new one. ******************************************************** % Command not successful switch(config-if-verify)(xmlin)# end <?xml version="1.0"?> <nf:rpc xmlns:nf="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="http://www.cisco.com/nxos:6.2.2.:configure_" xmlns:m="http://www.cisco.com/nxos:6.2.2.:_exec" message-id="1"> <nf:edit-config> <nf:target> <nf:running/> </nf:target> <nf:config> <m:configure> <m:terminal> <interface> <__XML__PARAM__interface> <__XML__value>Ethernet2/1</__XML__value> </__XML__PARAM__interface> </interface> </m:terminal> </m:configure> </nf:config> </nf:edit-config> Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 433: Related Documents

    Your software release might not support all the features in this document. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 434 Converting CLI Commands to Network Configuration Format Feature History for XMLIN Table 45: Feature History for XMLIN Feature Name Releases Feature Information XMLIN 6.2(2) This feature was introduced. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 435: Ietf Rfcs Supported By Cisco Nx-os System Management

    A P P E N D I X IETF RFCs supported by Cisco NX-OS System Management This appendix lists the IETF RFCs for system management supported in Cisco NX-OS. • IETF RFCs Supported by Cisco NX-OS System Management, page 407 IETF RFCs Supported by Cisco NX-OS System Management This appendix lists the IETF RFCs for system management supported in Cisco NX-OS.
  • Page 436 IETF RFCs supported by Cisco NX-OS System Management IETF RFCs Supported by Cisco NX-OS System Management Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 437: Eem System Policies

    Log, and disable further HM testing on affected ports after 10 consecutive failures of GOLD "RewriteEngine" test __asic_register_check Do CallHome, log error, and disable further HM testing for that ASIC device/instance after 20 consecutive failures of GOLD "ASICRegisterCheck" test Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 438 __pfm_fanbad_all_systemfan Syslog when fan goes bad __pfm_fanbad_any_singlefan Syslog when fan goes bad __pfm_power_over_budget Syslog warning for insufficient power overbudget __pfm_tempev_major TempSensor Major Threshold. Action: Shutdown __pfm_tempev_minor TempSensor Minor Threshold. Action: Syslog Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 439: Eem Events

    The following table describes the EEM events you can use on the device. EEM Event Description application Publishes an application-specific event. CLI command is entered that matches a pattern with a wildcard. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 440 System manager generates an event. temperature Temperature level in the system exceeds a threshold. timer Specified time is reached. track Tracked object changes state. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 441: Configuration Examples For Eem Policies

    Enter configuration commands, one per line. End with CNTL/Z. switch(config)# switch(config)# event manager applet rollbackTrigger switch(config-applet)# switch(config-applet)# description “Rollback trigger.” switch(config-applet)# event cli match “rollback *” switch(config-applet)# action 1.0 cli copy running-config bootflash:last_config switch(config)# copy running-config startup-config Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 442: Configuration Examples To Override (disable) Major Thresholds

    2 sensor 7 threshold major switch(config-applet)# end This example shows how to revert to the default configuration: switch# configure terminal switch(config)# no event manager applet myappletname override __pfm_tempev_major switch(config)# end Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 443: Overriding (disabling) An Entire Module

    __pfm_tempev_major switch(config-applet)# end switch# configure terminal switch(config)# event manager applet myapplet2 override __pfm_tempev_major switch(config-applet)# event temperature module 9 sensor 4 threshold major switch(config-applet)# action 2 policy-default switch(config-applet)# end Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 444: Enabling Multiple Sensors While Disabling All Remaining Sensors Of All Modules

    2 sensor 7 threshold major switch(config-applet)# action 4 policy-default switch(config-applet)# end switch# configure terminal switch(config)# event manager applet myapplet5 override __pfm_tempev_major switch(config-applet)# event temperature module 3 threshold major Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 445: Configuration Examples To Override (disable) Shutdown For Fan Tray Removal

    4 time 60 switch(config-applet)# end This example shows how to revert to the default configuration: switch# configure terminal switch(config)# no event manager applet myappletname override __pfm_fanabsent_any_singlefan switch(config)# end Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 446: Overriding (disabling) A Shutdown For Removal Of All Fan Trays Except One

    Configuration Examples to Create a Supplemental Policy Creating a Supplemental Policy for the Fan Tray Absent Event This example shows how to create a supplemental policy using the event fanabsent command: Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 447: Creating A Supplemental Policy For The Temperature Threshold Event

    You can specify a list of modules that the power over-budget action uses to shut down modules until the power recovers from the red (negative) zone. Empty slots and slots that contain a supervisor, standby supervisor, spine, or crossbar are skipped. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 448: Configuration Examples To Select Modules To Shut Down

    The device-type can be fan, module, or powersupply. The event-type can be insert, remove, or anyoir (insert or remove). The optional device-number specifies a single device. If omitted, all devices are selected. Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 449: Configuration Example To Generate A User Syslog

    When this event is triggered, the action defined in the policy is executed. Configuration Examples for SNMP Notification Polling an SNMP OID to Generate an EEM Event The SNMP object ID (OID) CISCO-SYSTEM-EXT-MIB::cseSysCPUUtilization is used for querying the CPU utilization of the switch: cseSysCPUUtilization OBJECT-TYPE SYNTAX Gauge32 (0..100 )
  • Page 450: Sending An Snmp Notification In Response To An Event In The Event Policy

    Configure an EEM event to bring up Ethernet interface 1/2 when Ethernet interface 3/23 comes up. Example: switch# configure terminal switch(config)# event manager applet track_3_23_up switch(config-applet)# event track 1 state up switch(config-applet)# action 1 syslog msg EEM applet track_3_23_down bringing up port Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 451: Configuration Example To Register An Eem Policy With The Eem

    • These five files need to be created and loaded into the above directory: ◦ load_schedules ◦ remove_vpc_if_peer_failed ◦ clean_up ◦ unload_schedules ◦ restore_vpc Configuration for the load_schedules file: feature scheduler configure terminal scheduler job name vpc_check configure terminal Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 452 Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 453 2.0 syslog msg severity alert "##### VPC PEER DETECTED. VPC CONFIG RESTORED #####" action 3.0 cli configure terminal action 4.0 cli copy bootflash:eem/user_script_policies/unload_schedules running-config action 5.0 cli no event manager applet restore_vpc action 6.0 cli end Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 454 Embedded Event Manager System Events and Configuration Examples Configuration Example to Register an EEM Policy with the EEM Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...
  • Page 455: Configuration Limits For Cisco Nx-os System Management

    A P P E N D I X Configuration Limits for Cisco NX-OS System Management The configuration limits are documented in the Cisco Nexus 7000 Series NX-OS Verified Scalability Guide. • Configuration Limits for Cisco NX-OS System Management, page 427 Configuration Limits for Cisco NX-OS System Management The configuration limits are documented in the Cisco Nexus 7000 Series NX-OS Verified Scalability Guide.
  • Page 456 Configuration Limits for Cisco NX-OS System Management Configuration Limits for Cisco NX-OS System Management Cisco Nexus 7000 Series NX-OS System Management Configuration Guide...

Comments to this Manuals

Symbols: 0
Latest comments: