Download Print this page

Cisco N5010P-N2K-BE Software Configuration Manual

Nx-os software configuration guide

Table of Contents

Advertisement

Quick Links

Download this manual

Enlarged version

S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m

Cisco Nexus 5000 Series NX-OS

Software Configuration Guide

Release 4.0(1a)N2(1)

June 2009

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Text Part Number: OL-16597-01

Table of Contents

Advertisement

Chapters

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the N5010P-N2K-BE and is the answer not in the manual?

Questions and answers

Summary of Contents for Cisco N5010P-N2K-BE

Page 1 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series NX-OS Software Configuration Guide Release 4.0(1a)N2(1)
Page 2 OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
Page 3: Table Of Contents
FCoE and Fibre Channel Switching Licensing Serviceability Switch Management Network Security Features Virtual Device Contexts Typical Deployment Topologies Ethernet TOR Switch Topology Fabric Extender Deployment Topology I/O Consolidation Topology 1-11 Supported Standards 1-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 4 Downgrading from a Higher Release Initial Configuration Configuration Prerequisites Initial Setup Preparing to Configure the Switch Default Login Configuring the Switch Changing the Initial Configuration 3-12 Accessing the Switch 3-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 5 C H A P T E R Licensing Terminology Licensing Model License Installation Obtaining a Factory-Installed License Performing a Manual Installation Obtaining the License Key File Installing the License Key File Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 6 Understanding VLAN Ranges Creating, Deleting, and Modifying VLANs Configuring a VLAN Creating and Deleting a VLAN Entering the VLAN Submode and Configuring the VLAN Adding Ports to a VLAN Verifying VLAN Configuration Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 7 Configuring the Rapid PVST+ Maximum Age Time for a VLAN 8-23 Specifying the Link Type 8-24 Restarting the Protocol 8-25 Verifying Rapid PVST+ Configurations 8-25 Configuring MST C H A P T E R Information About MST Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 8 9-25 Verifying MST Configurations 9-25 Configuring STP Extensions 10-1 C H A P T E R Information About STP Extensions 10-1 Understanding STP Port Types 10-2 Understanding Bridge Assurance 10-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 9 Information About Access and Trunk Interfaces 12-1 Understanding Access and Trunk Interfaces 12-1 Understanding IEEE 802.1Q Encapsulation 12-2 Understanding Access VLANs 12-3 Understanding the Native VLAN ID for Trunk Ports 12-3 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 10 Configuring Traffic Storm Control 15-3 Verifying Traffic Storm Control Configuration 15-3 Displaying Traffic Storm Control Counters 15-3 Traffic Storm Control Example Configuration 15-4 Default Settings 15-4 Switch Security Features Cisco Nexus 5000 Series Switch CLI Software Configuration Guide viii OL-16597-01...
Page 11 Allowing Users to Specify a RADIUS Server at Login 17-8 Configuring the Global RADIUS Transmission Retry Count and Timeout Interval 17-9 Configuring the RADIUS Transmission Retry Count and Timeout Interval for a Server 17-9 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 12 Configuring the Dead-Time Interval 18-12 Manually Monitoring TACACS+ Servers or Groups 18-12 Disabling TACACS+ 18-12 Displaying TACACS+ Statistics 18-13 Verifying TACACS+ Configuration 18-13 Example TACACS+ Configuration 18-13 Default Settings 18-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 13 Applying an IP ACL as a Port ACL 20-7 Applying an IP ACL as a VACL 20-8 Verifying IP ACL Configurations 20-8 Displaying and Clearing IP ACL Statistics 20-9 Configuring MAC ACLs 20-9 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 14 21-6 CFS Support for Applications 21-6 CFS Application Requirements 21-6 Enabling CFS for an Application 21-7 Locking the Network 21-8 Committing Changes 21-8 Discarding Changes 21-9 Saving the Configuration 21-9 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 15 C H A P T E R Information About Session Manager 23-1 Configuration Guidelines and Limitations 23-1 Configuring Session Manager 23-2 Creating a Session 23-2 Configuring ACLs in a Session 23-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xiii OL-16597-01...
Page 16 C H A P T E R Information About Call Home 26-1 Call Home Overview 26-1 Destination Profiles 26-2 Call Home Alert Groups 26-2 Call Home Message Levels 26-4 Obtaining Smart Call Home 26-5 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 17 Configuring the Notification Target User 27-7 Enabling SNMP Notifications 27-8 Configuring linkUp/linkDown Notifications 27-9 Disabling Up/ Down Notifications on an Interface 27-10 Enabling One-Time Authentication for SNMP over TCP 27-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 18 29-5 Configuring Priority Flow Control 29-6 Configuring IEEE 802.3x Link-Level Flow Control 29-6 Configuring LLDP 29-7 Configuring Global LLDP Commands 29-7 Configuring Interface LLDP Commands 29-8 Verifying FCoE Configuration 29-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 19 Configuring Policy Maps 31-9 Creating the System Service Policy 31-11 System Class Example 31-11 Enabling Jumbo MTU 31-11 Verifying Jumbo MTU 31-12 Configuring QoS on Interfaces 31-13 Configuring Untagged CoS 31-13 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xvii OL-16597-01...
Page 20 C H A P T E R Information About Fibre Channel Domains 33-1 About Domain Restart 33-3 Restarting a Domain 33-3 About Domain Manager Fast Restart 33-3 Enabling Domain Manager Fast Restart 33-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xviii OL-16597-01...
Page 21 About Persistent FC ID Selective Purging 33-17 Purging Persistent FC IDs 33-18 Verifying fcdomain Information 33-18 Default Settings 33-19 Configuring N Port Virtualization 34-1 C H A P T E R Information About NPV 34-1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 22 36-2 Configuring SAN Port Channels 36-4 SAN Port Channel Configuration Guidelines 36-5 Creating a SAN Port Channel 36-6 About SAN Port Channel Modes 36-6 About SAN Port Channel Deletion 36-7 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 23 37-9 About Static VSAN Deletion 37-9 Deleting Static VSANs 37-10 About Load Balancing 37-10 Configuring Load Balancing 37-10 About Interop Mode 37-11 Displaying Static VSAN Configuration 37-11 Default Settings 37-11 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 24 Merging the Database 38-22 Configuring Zone Merge Control Policies 38-23 Default Zone Policies 38-23 Configuring System Default Zoning Settings 38-23 Verifying Enhanced Zone Information 38-24 Compacting the Zone Database 38-24 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xxii OL-16597-01...
Page 25 Resetting FSPF to the Default Configuration 40-5 Enabling or Disabling FSPF 40-5 Clearing FSPF Counters for the VSAN 40-5 FSPF Interface Configuration 40-5 About FSPF Link Cost 40-6 Configuring FSPF Link Cost 40-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xxiii OL-16597-01...
Page 26 41-2 Registering Name Server Proxies 41-2 About Rejecting Duplicate pWWNs 41-2 Rejecting Duplicate pWWNs 41-3 About Name Server Database Entries 41-3 Displaying Name Server Database Entries 41-3 FDMI 41-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xxiv OL-16597-01...
Page 27 Verifying WWN Information 43-6 Link Initialization WWN Usage 43-6 Configuring a Secondary MAC Address 43-6 FC ID Allocation for HBAs 43-7 Default Company ID List 43-7 Verifying the Company ID Configuration 43-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 28 Configuring Port Security with Auto-Learning and CFS Distribution 45-3 Configuring Port Security with Auto-Learning without CFS 45-4 Configuring Port Security with Manual Database Configuration 45-5 Enabling Port Security 45-5 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xxvi OL-16597-01...
Page 29 Port Security Versus Fabric Binding 46-2 Fabric Binding Enforcement 46-2 Configuring Fabric Binding 46-3 Configuring Fabric Binding 46-3 Enabling Fabric Binding 46-3 About Switch WWN Lists 46-4 Configuring Switch WWN List 46-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xxvii OL-16597-01...
Page 30 Default Port Tracking Settings 48-7 Troubleshooting Configuring SPAN 49-1 C H A P T E R SPAN Sources 49-1 Characteristics of Source Ports 49-1 SPAN Destinations 49-2 Characteristics of Destination Ports 49-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xxviii OL-16597-01...
Page 31 Command 50-10 show tech-support fc Command 50-12 show tech-support platform Command 50-14 Default Settings 50-16 Configuration Limits 51-1 C H A P T E R N D E X Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xxix OL-16597-01...
Page 32 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 33 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Preface This preface describes the audience, organization, and conventions of the Cisco Nexus 5000 Series Switch CLI Software Configuration Guide. It also provides information on how to obtain related documentation.
Page 34: Document Conventions
Means reader take note. Notes contain helpful suggestions or references to material not covered in the Note manual. Means reader be careful. In this situation, you might do something that could result in equipment Caution damage or loss of data. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 35: Related Documentation
Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
Page 36 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 37: Product Overview
I/O consolidation. The Cisco Nexus 5010 switch provides 20 fixed Ethernet ports in a 1 RU switch and the Cisco Nexus 5020 switch provides 40 fixed Ethernet ports in a 2 RU switch. Optional expansion modules provide native Fibre Channel ports and additional Ethernet ports.
Page 38: I/O Consolidation
Fibre Channel network. Cisco Nexus 5000 Series switches use FCoE to carry Fibre Channel and Ethernet traffic on the same physical Ethernet connection between the switch and the server. At the server, the connection terminates to a converged network adapter (CNA).
Page 39: Virtual Interfaces
Management Interfaces, page 1-4 Chassis The Cisco Nexus 5010 switch is a 1 RU chassis and the Cisco Nexus 5020 switch is a 2 RU chassis designed for rack mounting. The chassis supports redundant fans and power supplies. The Cisco Nexus 5000 Series switching fabric is low latency, nonblocking and supports Ethernet frame sizes from 64 to 9216 bytes.
Page 40: Ethernet Interfaces
Fibre Channel ports are optional on the Cisco Nexus 5000 Series switch. When you use expansion modules up to 8 Fibre Channel ports are available on the Cisco Nexus 5010 switch and up to 16 Fibre Channel ports are available on the Cisco Nexus 5020 switch.
Page 41: Ethernet Switching
SAN port channels Licensing Cisco Nexus 5000 Series switches are shipped with the licenses installed. The switch provides commands to manage the licenses and install additional licenses. The Cisco Nexus 5000 Series switch provides quality of service (QoS) capabilities such as traffic prioritization and bandwidth allocation on egress interfaces.
Page 42: Switch Management
(NOC), and employ Cisco AutoNotify services to directly generate a case with the Cisco Technical Assistance Center (TAC). This feature is a step toward autonomous system operation, which enables networking devices to inform IT when a problem occurs and helps to ensure that the problem is resolved quickly.
Page 43: Network Security Features
SNMP—SNMP allows you to configure switches using Management Information Bases (MIBs). • Configuring with Cisco MDS Fabric Manager You can configure Cisco Nexus 5000 Series switches using the Fabric Manager client, which runs on a local PC and uses the Fabric Manager server. Network Security Features Cisco NX-OS Release 4.0 includes the following security features:...
Page 44: Virtual Device Contexts
In this example, the blade server rack incorporates blade switches that support 10-Gigabit Ethernet uplinks to the Cisco Nexus 5000 Series switch. The blade switches do not support FCoE, so there is no FCoE traffic and no Fibre Channel ports on the Cisco Nexus 5000 Series switch.
Page 45: Fabric Extender Deployment Topology
MDS9134 Layer All of the server-side ports on the Cisco Nexus 5000 Series switch are running standard Ethernet. FCoE is not required, so the server ports are connected using 10-Gigabit Ethernet NICs. The servers are connected to the data center SAN through MDS 9134 SAN switches. The server Fibre Channel ports require standard Fibre Channel HBAs.
Page 46 The Fabric Extender units are attached to their parent Cisco Nexus 5000 Series switches with 10-Gigabit fabric interfaces. Each Fabric Extender acts as a Remote I/O Module on the parent Cisco Nexus 5000 Series switch. All device configurations are managed on the Cisco Nexus 5000 Series switch and configuration information is downloaded using inband communication to the Fabric Extender.
Page 47: I/O Consolidation Topology
NX-5000 Access Layer The Cisco Nexus 5000 Series switch connects to the server ports using FCoE. Ports on the server require converged network adapters. For redundancy, each server connects to both switches. Dual-port CNA adapters can be used for this purpose. The CNA is configured in active-passive mode, and the server needs to support server-based failover.
Page 48: Supported Standards
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Supported Standards Table 1-1 lists the standards supported by the Cisco Nexus 5000 Series switches. Table 1-1 IEEE Compliance...
Page 49: Configuration Fundamentals
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m A R T Configuration Fundamentals...
Page 50 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m...
Page 51: Accessing The Command Line Interface
{hostname | ip_addr} want to access. Step 2 Initiates authentication. Login: admin Password: password If no password has been configured, press Return. Note Step 3 Exits the session when finished. switch# exit Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 52: Using The Cli
• Using CLI Command Modes Switches in the Cisco Nexus 5000 Series have two main command modes: user EXEC mode and configuration mode. The commands available to you depend on the mode you are in. To obtain a list of available commands in either mode, type a question mark (?) at the system prompt.
Page 53: Cli Command Hierarchy
Configure interface priority-flowcontrol service-policy Configure QoS service policy shutdown Enable/disable an interface snmp Modify SNMP interface parameters spanning-tree Spanning Tree Subsystem speed Enter the port speed storm-control Configure Interface storm control Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 54: Exec Mode Commands
Show running system information sleep Sleep for the specified number of seconds SSH to another system ssh6 SSH to another system system System management commands tac-pac save tac information to a specific location Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 55: Configuration Mode Commands
FDMI feature Command to enable/disable features FEX configuration fspf Configure fspf hostname Configure system's host name hw-module Enable/Disable OBFL information in-order-guarantee set in-order delivery guarantee interface Configure interfaces Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 56: Using Commands
You can configure the CLI to function in two ways: configure it interactively by entering commands at the CLI prompt or create an ASCII file containing switch configuration information (use the CLI to edit and activate the file). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 57: Listing Commands And Syntax
12:12:12:12:12:12:12:12 WARNING: Zone is empty. Deleting zone test. Exit the submode. switch(config-zone)# Delete a created facility. • If you want to delete a zone that you created: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 58: Using Keyboard Shortcuts
Exit Ctrl-Z Ctrl-L Clear session Table 2-3 describes the commonly used configuration submodes. Table 2-3 Common Configuration Submodes Submode Name From Configuration Mode, Enter: Submode Prompt Call home callhome switch(config-callhome)# Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 59: Using Cli Variables
Using CLI Variables The Cisco Nexus 5000 Series CLI parser supports the definition and use of variables in CLI commands. CLI variables can be used as follows: • Entered directly on the command line.
Page 60: Using Command Aliases
Command alias support is only available on the supervisor module, not the switching modules. • Command alias configuration takes effect for other user sessions immediately. You cannot override the default command alias alias, which aliases the show cli alias command. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 2-10 OL-16597-01...
Page 61: Defining Command Aliases
Note machine and copy it to the bootflash: directory. This section assumes that the script file resides in the bootflash: directory. The syntax for this command is run-script filename. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 2-11 OL-16597-01...
Page 62: Using Cli Variables In Scripts
The following example shows how to use CLI session variables in a script file used by the run-script command: switch# cli var name testinterface fc 1/1 switch# show file bootflash:test1.vsh show interface $(testvar) switch# run-script bootflash:test1.vsh `show interface $(testvar)` Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 2-12 OL-16597-01...
Page 63: Setting The Delay Time
When you execute the test-script command script, the switch software executes the discover scsi-target remote command, and then waits for 10 seconds before executing the show scsi-target disk command. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 2-13 OL-16597-01...
Page 64 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 65: Image Files On The Switch
Managing the Switch Configuration, page 3-21 • Using Switch File Systems, page 3-22 • Image Files on the Switch The Cisco Nexus 5000 Series switches have the following images: BIOS and loader images combined in one file • Kickstart image •...
Page 66: Starting The Switch
Boot Sequence, page 3-2 • Starting the Switch A Cisco Nexus 5000 Series switch starts its boot process as soon as its power cord is connected to an A/C source. The switch does not have a power switch. Boot Sequence When the switch boots, the golden BIOS validates the checksum of the upgradeable BIOS.
Page 67: Console Settings
7 switch(config-console)# exec-timeout 30 switch(config-console)# parity even switch(config-console)# stopbits 2 You cannot change the BIOS console settings. These are the same as the default console settings. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 68: Upgrading The Switch
To upgrade the software on the switch, follow these steps: Log in to the switch on the console port connection. Step 1 Log in to Cisco.com to access the Software Download Center. To log in to Cisco.com, go to the URL Step 2 http://www.cisco.com/ and click Log In at the top of the page.
Page 69 After the switch completes the installation, log in and verify that the switch is running the required Step 11 software version. switch# show version Cisco Nexus Operating System (NX-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 70: Downgrading From A Higher Release
Locate the image files you will use for the downgrade by entering the dir bootflash: command. If the image files are not stored on the bootflash memory, download the files from Cisco.com (using steps 1 through 9 of the software upgrade procedure).
Page 71: Initial Configuration
The management Ethernet port (mgmt0) is connected to an external hub, switch, or router. • Refer to the Cisco Nexus 5000 Series Hardware Installation Guide (for the required product) for more information. Save the host ID information for future use (for example, to enable licensed features). The host ID information is provided in the Proof of Purchase document that accompanies the switch.
Page 72: Initial Setup
• Initial Setup The first time that you access a switch in the Cisco Nexus 5000 Series, it runs a setup program that prompts you for the IP address and other configuration information necessary for the switch to communicate over the Ethernet interface. This information is required to configure and manage the switch.
Page 73: Default Login
To configure the switch for first time, follow these steps: Ensure that the switch is on. Switches in the Cisco Nexus 5000 Series boot automatically. Step 1 Enter the new password for the administrator.
Page 74 Enter yes (yes is the default) to enable the Telnet service. Enable the telnet service? (yes/no) [y]: yes Step 11 Enter yes (no is the default) to enable the SSH service. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-10 OL-16597-01...
Page 75 768 force ssh server enable system default switchport shutdown san system default switchport trunk mode on system default zone default-zone permit system default zone distribute full Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-11 OL-16597-01...
Page 76: Changing The Initial Configuration
Serial console access—You can use a serial port connection to access the CLI. • Out-of-band access—You can use Telnet or SSH to access a Cisco Nexus 5000 Series switch or use • the Cisco MDS 9000 Fabric Manager application to connect to the switch using SNMP.
Page 77: Assigning A Switch Name
The assigned name is displayed in the command-line prompt. The switch name is limited to 20 alphanumeric characters. This guide refers to a switch in the Cisco Nexus 5000 Series switch as switch, and it uses the switch# Note prompt.
Page 78: Adjusting For Daylight Saving Time Or Summer Time
Adjusting for Daylight Saving Time or Summer Time You can configure your switch to adjust for daylight saving time (or summer time). By default, Cisco NX-OS does not automatically adjust for daylight saving time. You must manually configure the switch to adjust to the daylight saving time.
Page 79: Ntp Configuration
Time synchronization happens when several frames are exchanged between clients and servers. The switches in client mode know the address of one or more NTP servers. The servers act as the time source and receive client synchronization requests. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-15 OL-16597-01...
Page 80: Ntp Configuration Guidelines
Server-2 Server Server association association Peer association Switch-1 Switch-2 In this configuration, the switches were configured as follows: Stratum 2 Server 1 • IPv4 address–10.10.10.10 – Stratum–2 Server-2 – Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-16 OL-16597-01...
Page 81: Configuring Ntp
NTP CFS Distribution You can enable NTP fabric distribution for all Cisco Nexus 5000 Series switches in a fabric using the Cisco Fabric Services (CFS). When you perform NTP configurations, and distribution is enabled, the entire server or peer configuration is distributed to all the switches in the fabric.
Page 82 If the administrator performs this task, your changes to the pending database are discarded and the fabric lock is released. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-18 OL-16597-01...
Page 83: Management Interface Configuration
• About the mgmt0 Interface The mgmt0 interface on Cisco NX-OS devices provides out-of-band management, which enables you to manage the device by its IPv4 or IPv6 address. The mgmt0 interface uses 10/100/1000 Ethernet. Before you begin to configure the management interface manually, obtain the switch’s IP address and Note subnet mask.
Page 84: Configuring The Management Interface
5202 multicast frames, 0 compressed 0 input errors, 0 frame, 0 overrun, 0 fifo 570 packets output, 85555 bytes 0 underrun, 0 output errors, 0 collisions 0 fifo, 0 carrier errors Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-20 OL-16597-01...
Page 85: Shutting Down The Management Interface
Use the copy running-config startup-config command to save the new configuration into nonvolatile storage. Once this command is entered, the running and the startup copies of the configuration are identical. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-21 OL-16597-01...
Page 86: Clearing A Configuration
This command exchanges the current directory to the root directory on the bootflash: file system: switch# cd bootflash: This example changes the current directory to a mystorage directory that resides in the current directory: switch# cd mystorage Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-22 OL-16597-01...
Page 87: Displaying The Current Directory
[y] y The delete command can also delete empty and nonempty directories. When you enter this command, a warning is displayed to confirm your intention to delete the directory. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-23 OL-16597-01...
Page 88: Moving Files
The delete command deletes a specified file or the specified directory and all its contents. This example shows how to delete a file from the current working directory: switch# delete dns_config.cfg This example deletes the entire bootflash: directory and all its contents: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-24 OL-16597-01...
Page 89: Displaying File Contents
This example unzips the file that was compressed in the previous example: switch# gunzip Samplefile switch# dir 1525859 Jul 04 00:51:03 2003 Samplefile Usage for volatile:// 1527808 bytes used 19443712 bytes free 20971520 bytes total Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-25 OL-16597-01...
Page 90 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 91 C H A P T E R Managing Licenses This chapter describes how to manage licenses on a Cisco Nexus 5000 Series switch. Licensing allows you to access specified premium features on the switch after you install the appropriate license for that feature. This chapter contains information related to licensing types, options, procedures, installation, and management for the Cisco NX-OS software.
Page 92: Managing Licenses
Table 4-1 lists the feature-based license packages. Any feature not included in the Storage Services license package is bundled with the Cisco NX-OS Note software and is provided with the switch hardware at no additional charge (See Base Services Package Table 4-1).
Page 93: License Installation
Contact your reseller or Cisco representative and request this service. Step 1 Note If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco Systems, contact Cisco Technical Support at this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml Your switch is shipped with the required licenses installed in the system.
Page 94: Performing A Manual Installation
The license key file is sent to you by e-mail. The license key file is digitally signed to only authorize use on the requested switch. The requested features are also enabled once the Cisco NX-OS software on the specified switch accesses the license key file.
Page 95 You can use the show license file command to display information about a specific license file installed on the switch. switch# show license file Enterprise.lic Enterprise.lic: SERVER this_host ANY VENDOR cisco INCREMENT ENTERPRISE_PKG cisco 1.0 permanent uncounted \ HOSTID=VDH=FOX0646S017 \ NOTICE=”<LicFileID></LicFileID><LicLineID>0</LicLineID> \ <PAK>dummyPak</PAK>” SIGN=EE9F91EA4B64 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 96: Backing Up License Files
If you erase any existing licenses, you can only install them using the install license command. Identifying License Features in Use When a Cisco NX-OS software feature is enabled, it can activate a license grace period. To identify the features active for a specific license, use the show license usage license-name command.
Page 97 Enter yes (yes is the default) to continue with the license update. Do you want to continue? (y/n) y Clearing license ..done The FibreChannel.lic license key file is now uninstalled. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 98: Updating Licenses
The Enterprise.lic license key file is now updated. Grace Period Alerts Cisco NX-OS gives you a 120-day grace period. This grace period starts or continues when you are evaluating a feature for which you have not installed a license. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 99: License Transfers Between Switches
----------- ----------- The Cisco NX-OS license counter keeps track of all licenses on a switch. If you are evaluating a feature and the grace period has started, you will receive console messages, SNMP traps, system messages, and Call Home messages on a daily basis.
Page 100: Verifying The License Configuration
Displays information for a specific license file. switch# show license file Displays the host ID for the physical switch. switch# show license host-id Displays the usage information for installed licenses. switch# show license usage Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 4-10 OL-16597-01...
Page 101: Lan Switching
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m A R T LAN Switching...
Page 102 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m...
Page 103: Information About Ethernet Interfaces
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Configuring Ethernet Interfaces This section describes the configuration of the Ethernet interfaces on a Cisco Nexus 5000 Series switch. It includes the following sections: Information About Ethernet Interfaces, page 5-1 •...
Page 104: About The Unidirectional Link Detection Parameter
• Port number within the group. – The interface numbering convention is extended to support use with a Cisco Nexus 2000 Series Fabric Extender as follows: switch(config)# interface ethernet [chassis/]slot/port Chassis ID is an optional entry to address a connected Fabric Extender. The chassis ID is configured •...
Page 105 One side of a link has a port stuck (both transmission and receive) • One side of a link remains up while the other side of the link is down • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 106: About Interface Speed
A Cisco Nexus 5000 Series switch has a number of fixed 10-Gigabit ports, each equipped with SFP+ interface adapters. The Cisco Nexus 5010 switch has 20 fixed ports, the first 8 of which are switchable 1-Gigabit and 10-Gigabit ports. The Cisco Nexus 5020 switch has 40 fixed ports, the first 16 of which are switchable 1-Gigabit and 10-Gigabit ports.
Page 107: About Mtu Configuration
To configure the UDLD mode, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configure terminal Step 2 Enables UDLD for the device. switch(config)# feature udld Disables UDLD for the device. switch(config)# no feature udld Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 108: Configuring Interface Speed
Configuring Interface Speed The first 8 ports of a Cisco Nexus 5010 switch and the first 16 ports of a Cisco Nexus 5020 switch are switchable 1-Gigabit and 10-Gigabit ports. The default interface speed is 10-Gigabit. To configure these ports for 1-Gigabit Ethernet, insert a 1-Gigabit Ethernet SFP transceiver into the applicable port and then set its speed with the speed command.
Page 109: Configuring The Cisco Discovery Protocol
1000 command, you will get this error. By default, all ports are 10 Gigabits. Configuring the Cisco Discovery Protocol This section shows how to configure the Cisco Discovery Protocol (CDP). It includes the following topics: Configuring the CDP Characteristics, page 5-7 •...
Page 110: Configuring The Debounce Timer
Step 3 Enables the debounce timer for the amount of time (1 switch(config-if)# link debounce time milliseconds to 5000 milliseconds) specified. Disables the debounce timer if you specify 0 milliseconds. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 111: Configuring The Description Parameter
Purpose Step 1 Enters configuration mode. switch# configure terminal Step 2 Enters interface configuration mode for the specified switch(config)# interface type slot/port interface. Step 3 Disables the interface. switch(config-if)# shutdown Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 112: Displaying Interface Information
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec, reliability 255/255, txload 190/255, rxload 192/255 Encapsulation ARPA Port mode is trunk full-duplex, 10 Gb/s, media type is 1/10g Input flow-control is off, output flow-control is off Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 5-10 OL-16597-01...
Page 113 10300 MBits/sec Link length supported for 50/125mm fiber is 82 m(s) Link length supported for 62.5/125mm fiber is 26 m(s) cisco id is -- cisco extended id number is 4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 5-11 OL-16597-01...
Page 114: Default Physical Ethernet Settings
Default Physical Ethernet Settings The following table lists the default settings for all physical Ethernet interfaces: Parameter Default Setting Debounce Enable, 100 milliseconds Duplex Auto (full-duplex) Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 5-12 OL-16597-01...
Page 115 Access Speed Auto (10000) 1. MTU cannot be changed per-physical Ethernet interface. You modify MTU by selecting maps of QoS classes. See Chapter 31, “Configuring QoS,” for additional information. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 5-13 OL-16597-01...
Page 116 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 117: Chapter 6 Configuring Vlans
Creating, Deleting, and Modifying VLANs, page 6-3 Understanding VLANs VLAN Trunking Protocol (VTP) mode is OFF. VTP BPDUs are dropped on all interfaces of a Cisco Note Nexus 5000 Series switch, which partitions VTP domains if other switches have VTP turned on.
Page 118: Understanding Vlan Ranges
Understanding VLAN Ranges The Cisco Nexus 5000 Series switch supports VLAN numbers 1to 4094 in accordance with the IEEE 802.1Q standard. These VLANs are organized into ranges. You use each range slightly differently. The switch is physically limited in the number of VLANs it can support. The hardware also shares this available range with its VSANs.
Page 119: Creating, Deleting, And Modifying Vlans
VLANs 3968 to 4047 and 4094 are reserved for internal use; these VLANs cannot be changed or used. Note Cisco NX-OS allocates a group of 80 VLAN numbers for those features, such as multicast and diagnostics, that need to use internal VLANs for their operation. By default, the system allocates VLANs numbered 3968 to 4047 for internal use.
Page 120: Configuring A Vlan
You cannot create or delete those VLANs that are reserved for internal use. This example shows how to create a range of VLANs from 15 to 20: switch# configure terminal switch(config)# vlan 15-20 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 121: Entering The Vlan Submode And Configuring The Vlan
VLAN, VLAN1, or VLANs 1006 to 4094. This example shows how to configure optional parameters for VLAN 5: switch# configure terminal switch(config)# vlan 5 switch(config-vlan)# name accounting switch(config-vlan)# state active switch(config-vlan)# no shutdown Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 122: Adding Ports To A Vlan
Eth1/1, Eth1/2, Eth1/3, Eth1/4 Eth1/5, Eth1/6, Eth1/7, Eth1/8 Eth1/9, Eth1/10, Eth1/11 Eth1/12, Eth1/15, Eth1/16 Eth1/17, Eth1/18, Eth1/19 Eth1/20, Eth1/21, Eth1/22 Eth1/23, Eth1/24, Eth1/25 Eth1/26, Eth1/27, Eth1/28 Eth1/29, Eth1/30, Eth1/31 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 123 --------------- ------------------------------------------- The following example shows the VLAN settings summary: switch# show vlan summary Number of existing VLANs Number of existing user VLANs Number of existing extended VLANs : 0 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 124 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 125: Chapter 7 Configuring Private Vlans
VLANs. Note A PVLAN isolated port on a Cisco Nexus 5000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1q encapsulation and cannot be used as a trunk port. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 126: Primary And Secondary Vlans In Private Vlans
Community VLANs—Ports within a community VLAN can communicate with each other but • cannot communicate with ports in other community VLANs or in any isolated VLANs at the Layer 2 level. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 127: Understanding Private Vlan Ports
VLAN in the private VLAN. Figure 7-2 shows the traffic flows within a private VLAN, along with the types of VLANs and types of ports. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 128 For an association to be operational, the following conditions must be met: The primary VLAN must exist and be configured as a primary VLAN. • • The secondary VLAN must exist and be configured as either an isolated or community VLAN. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 129: Understanding Broadcast Traffic In Private Vlans
Configuring a Private VLAN Note You must have already created the VLAN before you can assign the specified VLAN as a private VLAN, This section includes the following topics: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 130: Configuration Guidelines For Private Vlans
Disables the private VLAN feature on the switch. switch(config)# no feature private-vlan You cannot disable private VLANs if there are Note operational ports on the switch that are in private VLAN mode. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 131: Configuring A Vlan As A Private Vlan
Each item can be a single secondary VLAN ID or a hyphenated range of secondary VLAN IDs. The secondary-vlan-list parameter can contain multiple community and isolated VLAN IDs. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 132: Configuring An Interface As A Private Vlan Host Port
You can configure an interface as a private VLAN host port. In private VLANs, host ports are part of the secondary VLANs, which are either community VLANs or isolated VLANs. You then associate the host port with both the primary and secondary VLANs. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 133: Configuring An Interface As A Private Vlan Promiscuous Port
Step 1 Enters configuration mode. switch# configure terminal Step 2 Selects the port to configure as a private VLAN switch(config)# interface type slot/port promiscuous port. A physical interface is required. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 134: Verifying Private Vlan Configuration
Primary Secondary Type Ports ------- --------- --------------- ------------------------------------------- community community Eth1/12, veth1/1 community community isolated Eth1/2 switch# show vlan private-vlan type Vlan Type ---- ----------------- primary Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 7-10 OL-16597-01...
Page 135 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m community community community community isolated The following example shows how to display enabled features: switch# show system internal clis feature 7 pvlan enabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 7-11 OL-16597-01...
Page 136 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 137: Information About Rapid Pvst+
Understanding STP, page 8-2 • Understanding Rapid PVST+, page 8-6 • Rapid PVST+ Interoperation with Legacy 802.1D STP, page 8-16 • Rapid PVST+ Interoperation with 802.1s MST, page 8-17 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 138: Information About Rapid Pvst
STP-blocked state. The topology on an active switched network is determined by the following: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 139: Understanding The Bridge Id
“Configuring the Rapid PVST+ Bridge Priority of a VLAN” section on page 8-22). In Cisco NX-OS, the extended system ID is always enabled; you cannot be disable the extended system Note Extended System ID A 12-bit extended system ID field is part of the bridge ID (see Figure 8-1).
Page 140: Understanding Bpdus
The unique bridge ID of the switch that the transmitting switch determines is the root bridge • The STP path cost to the root • The bridge ID of the transmitting bridge • Message age • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 141 (lowering the numerical value) of the ideal switch so that it becomes the root bridge, you force an STP recalculation to form a new spanning tree topology with the ideal switch as the root. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 142: Understanding Rapid Pvst
VLAN has a single root switch. You can enable and disable STP on a per-VLAN basis when you are running Rapid PVST+. Rapid PVST+ is the default STP mode for the switch. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 143 (This immediate transition was previously a Cisco-proprietary feature named PortFast.) You should only configure on ports that connect to a single end station as edge ports. Edge ports do not generate topology changes when the link changes.
Page 144: Figure
8-4, switch A is connected to switch B through a point-to-point link, and all of the ports are in the blocking state. Assume that the priority of switch A is a smaller numerical value than the priority of switch B. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 145: Protocol Timers
This proposal/agreement handshake is initiated only when a non-edge port moves from the blocking to the forwarding state. The handshaking process then proliferates step-by-step throughout the topology. Protocol Timers Table 8-2 describes the protocol timers that affect the Rapid PVST+ performance. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 146: Port Roles
A port with the root or a designated port role is included in the active topology. A port with the alternate or backup port role is excluded from the active topology (see Figure 8-5). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-10 OL-16597-01...
Page 147: Port States
Learning—The LAN port prepares to participate in frame forwarding. • Forwarding—The LAN port forwards frames. Disabled—The LAN port does not participate in STP and is not forwarding frames. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-11 OL-16597-01...
Page 148 A LAN port in the forwarding state performs as follows: Forwards frames received from the attached segment. • Forwards frames switched from another port for forwarding. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-12 OL-16597-01...
Page 149: Synchronization Of Port Roles
Rapid PVST+ forces a port to synchronize with root information and the port does not satisfy any of the above conditions, its port state is set to blocking. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-13...
Page 150: Detecting Unidirectional Link Failure
Detecting Unidirectional Link Failure The software checks the consistency of the port role and state in the received BPDUs to detect unidirectional link failures that could cause bridging loops. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-14 OL-16597-01...
Page 151: Port Cost
On access ports, you assign port cost by the port. On trunk ports, you assign the port cost by the VLAN; you can configure the same port cost to all the VLANs on a trunk port. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-15...
Page 152: Rapid Pvst+ And Ieee 802.1Q Trunks
When you connect a Cisco switch to a non-Cisco switch through an 802.1Q trunk, the Cisco switch combines the STP instance of the 802.1Q VLAN of the trunk with the STP instance of the non-Cisco 802.1Q switch. However, all per-VLAN STP information that is maintained by Cisco switches is separated by a cloud of non-Cisco 802.1Q switches.
Page 153: Rapid Pvst+ Interoperation With 802.1S Mst
Once you enable Rapid PVST+ on the switch, you must enable Rapid PVST+ on the specified VLANs (see “Enabling Rapid PVST+ per VLAN” section on page 8-18). Rapid PVST+ is the default STP mode. You cannot simultaneously run MST and Rapid PVST+. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-17 OL-16597-01...
Page 154: Enabling Rapid Pvst+ Per Vlan
The vlan-range value can be 2 through 4094 (except reserved VLAN values. See Chapter 6, “Configuring VLANs.” This example shows how to enable STP on VLAN 5: switch# configure terminal switch(config)# spanning-tree vlan 5 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-18 OL-16597-01...
Page 155: Configuring The Root Bridge Id
With the switch configured as the root bridge, do not manually configure the hello time, forward-delay Note time, and maximum-age time using the spanning-tree mst hello-time, spanning-tree mst forward-time, and spanning-tree mst max-age global configuration commands. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-19 OL-16597-01...
Page 156: Configuring A Secondary Root Bridge
The hello-time can be from 1 to 10 seconds, and the default value is 2 seconds. This example shows how to configure the switch as the secondary root bridge for VLAN 5 with a network diameter of 4: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-20 OL-16597-01...
Page 157: Configuring The Rapid Pvst+ Port Priority
Enters configuration mode. switch# configure terminal Step 2 Selects the method used for Rapid PVST+ pathcost switch(config)# spanning-tree pathcost method {long | short} calculations. The default method is the short method. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-21 OL-16597-01...
Page 158: Configuring The Rapid Pvst+ Bridge Priority Of A Vlan
32768. This example shows how to configure the priority of VLAN 5 on Gigabit Ethernet port 1/4 to 8192: switch# configure terminal switch(config)# spanning-tree vlan 5 priority 8192 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-22 OL-16597-01...
Page 159: Configuring The Rapid Pvst+ Hello Time For A Vlan
Configuring the Rapid PVST+ Maximum Age Time for a VLAN You can configure the maximum age time per VLAN when using Rapid PVST+. To configure the maximum age time for a VLAN in Rapid PVST+, perform this task: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-23 OL-16597-01...
Page 160: Specifying The Link Type
This example shows how to configure the link type as a point-to-point link: switch# configure terminal switch (config)# interface ethernet 1/4 switch(config-if)# spanning-tree link-type point-to-point You can only apply this command to a physical Ethernet interface. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-24 OL-16597-01...
Page 161: Restarting The Protocol
Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Eth1/3 Root FWD 2 128.131 P2p Peer(STP) veth1/1 Desg FWD 2 128.129 Edge P2p Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-25 OL-16597-01...
Page 162 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 163 Hop Count, page 9-7 • Boundary Ports, page 9-7 • Detecting Unidirectional Link Failure, page 9-8 • Port Cost and Port Priority, page 9-8 • Interoperability with IEEE 802.1D, page 9-9 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 164: Configuring Mst
“IST, CIST, and CST” section on page 9-4 more information on the IST.) The MST region appears as a single bridge to adjacent MST regions and to other Rapid PVST+ regions and 802.1D spanning tree protocols. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 165: Mst Bpdus
(0) and last element (4095) set to 0. The value of element number X represents the instance to which VLAN X is mapped. When you change the VLAN-to-MSTI mapping, the system restarts MST. Caution Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 166: Ist, Cist, And Cst
CST outside a region. For more information, see the “Spanning Tree Operation Within an MST Region” section on page 9-5 and the “Spanning Tree Operations Between MST Regions” section on page 9-5. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 167 1 (A) is also the CIST root. The CIST regional root for region 2 (B) and the CIST regional root for region 3 (C) are the roots for their respective subtrees within the CIST. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 168 MST region. An MST region looks like a single switch to the CIST. The CIST external root path cost is the root path cost calculated between these virtual switches and switches that do not belong to any region. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 169: Hop Count
(see Figure 9-3). Figure 9-3 MST Boundary Ports MST region A MST region B Bridge Bridge Bridge B2 designated => B1 boundary, & B3 internal Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 170: Detecting Unidirectional Link Failure
The system uses port priorities to break ties among ports with the same cost. A lower number indicates a higher priority. The default port priority is 128. You can configure the priority to values between 0 and 224, in increments of 32. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 171: Interoperability With Ieee 802.1D
LAN, the designated switch of which is either a single spanning tree switch or a switch with a different MST configuration. MST interoperates with the Cisco prestandard MSTP whenever it receives prestandard MSTP on an MST Note port; no explicit configuration is necessary.
Page 172: Mst Configuration Guidelines
You must enable MST; Rapid PVST+ is the default. Changing the spanning tree mode disrupts traffic because all spanning tree instances are stopped for the Note previous mode and started for the new mode. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-10 OL-16597-01...
Page 173: Entering Mst Configuration Mode
VLAN-to-instance mapping, and MST revision number. Each command reference line creates its pending regional configuration in MST configuration mode. In Note addition, the pending region configuration starts with the current region configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-11 OL-16597-01...
Page 174: Specifying The Mst Name
You configure a region name on the bridge. For two or more bridges to be in the same MST region, they must have the identical MST name, VLAN-to-instance mapping, and MST revision number. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-12...
Page 175: Specifying The Mst Configuration Revision Number
IEEE 802.1w RSTP BPDUs. There is no limit to the number of MST regions in a network, but each region can support only up to 65 MST instances. You can assign a VLAN to only one MST instance at a time. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-13 OL-16597-01...
Page 176 1 vlan 10-20 switch(config-mst)# name region1 switch(config-mst)# revision 1 switch(config-mst)# show pending Pending MST configuration Name [region1] Revision Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-14 OL-16597-01...
Page 177: Mapping And Unmapping Vlans To Mst Instances
To unmap VLAN to MST instances, perform this task: Command Purpose Deletes the specified instance and returns the VLANs switch(config-mst)# no instance instance-id vlan vlan-range to the default MSTI, which is the CIST. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-15 OL-16597-01...
Page 178: Mapping Secondary Vlans To Same Msti As Primary Vlans For Private Vlans
With the switch configured as the root bridge, do not manually configure the hello time, forward-delay time, and maximum-age time using the spanning-tree mst hello-time, spanning-tree mst forward-time, and spanning-tree mst max-age global configuration commands. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-16 OL-16597-01...
Page 179: Configuring A Secondary Root Bridge
You can execute this command on more than one switch to configure multiple backup root bridges. Enter the same network diameter and hello-time values that you used when you configured the primary root bridge with the spanning-tree mst root primary global configuration command. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-17 OL-16597-01...
Page 180: Configuring The Port Priority
To configure the port priority, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configure terminal Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-18 OL-16597-01...
Page 181: Configuring The Port Cost
MST uses the long pathcost calculation method. Note To configure the port cost, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configure terminal Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-19 OL-16597-01...
Page 182: Configuring The Switch Priority
Exercise care when using this command. For most situations, we recommend that you enter the Note spanning-tree mst root primary and the spanning-tree mst root secondary global configuration commands to modify the switch priority. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-20 OL-16597-01...
Page 183: Configuring The Hello Time
1 to 10, and the default is 2 seconds. This example shows how to configure the hello time of the switch to 1 second: switch# configure terminal switch(config)# spanning-tree mst hello-time 1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-21 OL-16597-01...
Page 184: Configuring The Forwarding-Delay Time
(TTL) mechanism. You configure the maximum hops inside the region and apply it to the IST and all MST instances in that region. The hop count achieves the same result as the message-age information (triggers a reconfiguration). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-22 OL-16597-01...
Page 185: Configuring Pvst Simulation Globally
Rapid PVST+-enabled port. This port remains in the inconsistent state until the port stops receiving BPDUs, and then the port resumes the normal STP transition process. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-23 OL-16597-01...
Page 186: Specifying The Link Type
If the link type is shared, the STP reverts to 802.1D. The default is auto, which sets the link type based on the duplex setting of the interface. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-24 OL-16597-01...
Page 187: Restarting The Protocol
The following example shows how to display current MST configuration: switch# show spanning-tree mst configuration % Switch is not in mst mode Name [mist-attempt] Revision Instances configured 2 Instance Vlans mapped -------- --------------------------------------------------------------------- 1-12,14-41,43-4094 13,42 ------------------------------------------------------------------------------- Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-25 OL-16597-01...
Page 188 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 189: Information About Stp Extensions
C H A P T E R Configuring STP Extensions Cisco has added extensions to the Spanning Tree Protocol (STP) that make convergence more efficient. In some cases, even though similar functionality may be incorporated into the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) standard, we recommend using these extensions.
Page 190: Configuring Stp Extensions
Edge ports, which are connected to hosts, can be either an access port or a trunk port. The edge port interface immediately transitions to the forwarding state, without moving through the blocking or learning states. (This immediate transition was previously configured as the Cisco-proprietary feature PortFast.) Interfaces that are connected to hosts should not receive STP Bridge Protocol Data Units (BPDUs).
Page 191: Understanding Bpdu Guard
BPDU that it receives and go to forwarding. If the port configuration is not set to default BPDU Filtering, then the edge configuration will not affect BPDU Filtering. Table 10-1 lists all the BPDU Filtering combinations. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-3 OL-16597-01...
Page 192: Understanding Loop Guard
You can enable Loop Guard on a per-port basis. When you enable Loop Guard on a port, it is automatically applied to all of the active instances or VLANs to which that port belongs. When you disable Loop Guard, it is disabled for the specified ports. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-4 OL-16597-01...
Page 193: Understanding Root Guard
• Enabling Loop Guard on ports that are not connected to a point-to-point link will not work. • You cannot enable Loop Guard if Root Guard is enabled. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-5 OL-16597-01...
Page 194: Configuring Spanning Tree Port Types Globally
This example shows how to configure all ports connected to switches or bridges as spanning tree network ports: switch# configure terminal switch(config)# spanning-tree port type network default Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-6 OL-16597-01...
Page 195: Configuring Spanning Tree Edge Ports On Specified Interfaces
Configuring Spanning Tree Network Ports on Specified Interfaces You can configure spanning tree network ports on specified interfaces. Bridge Assurance runs only on spanning tree network ports. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-7 OL-16597-01...
Page 196: Enabling Bpdu Guard Globally
We recommend that you enable BPDU Guard on all edge ports. Note Before you configure this feature, you should do the following: Ensure that STP is configured. • Ensure that you have configured some spanning tree edge ports. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-8 OL-16597-01...
Page 197: Enabling Bpdu Guard On Specified Interfaces
Ethernet interfaces. This example shows how to explicitly enable BPDU Guard on the Ethernet edge port 1/4: switch# configure terminal switch (config)# interface ethernet 1/4 switch(config-if)# spanning-tree bpduguard enable Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-9 OL-16597-01...
Page 198: Enabling Bpdu Filtering Globally
You can apply BPDU Filtering to specified interfaces. When enabled on an interface, that interface does not send any BPDUs and drops all BPDUs that it receives. This BPDU Filtering functionality applies to the entire interface, whether trunking or not. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-10 OL-16597-01...
Page 199 Enables BPDU Filtering on the interface if the switch(config-if)# no spanning-tree bpdufilter interface is an operational spanning tree edge port and if you enter the spanning-tree port type edge bpdufilter default command. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-11 OL-16597-01...
Page 200: Enabling Loop Guard Globally
Entering the Loop Guard command for the specified interface overrides the global Loop Guard Note command. Before you configure this feature, you should do the following: • Ensure that STP is configured. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-12 OL-16597-01...
Page 201: Verifying Stp Extension Configuration
Displays the current status of spanning tree on the switch# show running-config spanning-tree [all] switch Displays selected detailed information for the current switch# show spanning-tree [options] spanning tree configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-13 OL-16597-01...
Page 202 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 203: Information About Etherchannels
EtherChannel. For example, if you configure Spanning Tree Protocol (STP) parameters on the EtherChannel, the Cisco NX-OS applies those parameters to each interface in the EtherChannel. You can use static EtherChannels, with no associated protocol, for a simplified configuration. For more efficient use of the EtherChannel, you can use the Link Aggregation Control Protocol (LACP), which is defined in IEEE 802.3ad.
Page 204: Information About Etherchannels
Cisco NX-OS creates a matching EtherChannel automatically if the EtherChannel does not already exist. You can also create the EtherChannel first. In this instance, Cisco NX-OS creates an empty channel group with the same channel number as the EtherChannel and takes the default configuration.
Page 205: Load Balancing Using Etherchannels
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m 802.3x flow control setting • • The Cisco Nexus 5000 Series switch only supports system level MTU. This attribute cannot be changed on an individual port basis. Broadcast/Unicast/Multicast Storm Control setting •...
Page 206: Understanding Lacp
LACP allows you to configure up to 8 interfaces into an EtherChannel. This section includes the following topics: LACP Overview, page 11-5 • LACP ID Parameters, page 11-5 • Port-Channel Modes, page 11-6 • • LACP Marker Responders, page 11-7 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 11-4 OL-16597-01...
Page 207 Port channel Individual link With LACP, you can bundle up to eight interfaces in a channel group. When you delete the EtherChannel, Cisco NX-OS automatically deletes the associated channel group. Note All member interfaces revert to their previous configuration. You cannot disable LACP while any LACP configurations are present.
Page 208 A port in active mode can form an EtherChannel successfully with another port that is in active • mode. A port in active mode can form an EtherChannel with another port in passive mode. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 11-6 OL-16597-01...
Page 209: Configuring Etherchannels
• Configuring the LACP Port Priority, page 11-11 • Creating an EtherChannel You can create an EtherChannel before creating a channel group. Cisco NX-OS automatically creates the associated channel group. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 11-7...
Page 210: Adding A Port To An Etherchannel
Adding a Port to an EtherChannel You can add a port to a new channel group or to a channel group that already contains ports. Cisco NX-OS creates the EtherChannel associated with this channel group if the EtherChannel does not already exist.
Page 211: Configuring Load Balancing Using Etherchannels
Step 5 Configures the port in a channel group and sets the mode. switch(config-if)# channel-group channel-number The channel-number range is from 1 to 4096. Cisco NX-OS creates the EtherChannel associated with this channel group if the EtherChannel does not already exist 1.
Page 212: Enabling Lacp
Command Purpose switch(config)# no port-channel Restores the default load-balancing algorithm. load-balance ethernet Before Release 4.0(1a)N1 of Cisco NX-OS, the source-dest-ip, source-dest-mac, and source-dest-port Note keywords were source-destination-ip, source-destination-mac, and source-destination-port, respectively. Enabling LACP LACP is disabled by default; you must enable LACP before you begin LACP configuration. You cannot disable LACP while any LACP configuration is present.
Page 213: Configuring The Lacp System Priority And System Id
2500 Configuring the LACP Port Priority When you enable LACP, you can configure each link in the LACP EtherChannel for the port priority. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 11-11 OL-16597-01...
Page 214: Verifying Port-Channel Configuration
Displays the range of used and unused channel numbers. switch# show port-channel usage Displays information on current running of the switch# show port-channel database EtherChannel feature. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 11-12 OL-16597-01...
Page 215: Information About Access And Trunk Interfaces
Understanding the Native VLAN ID for Trunk Ports, page 12-3 • Understanding Allowed VLANs, page 12-4 • Cisco NX-OS supports only IEEE 802.1Q-type VLAN trunk encapsulation. Note Understanding Access and Trunk Interfaces Ethernet interfaces can be configured either as access ports or a trunk ports, as follows: An access port can have only one VLAN configured on the interface;...
Page 216: Understanding Ieee 802.1Q Encapsulation
VLANs to traverse the same port and maintain traffic separation between the VLANs. The encapsulated VLAN tag also allows the trunk to move traffic end-to-end through the network on the same VLAN. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 12-2 OL-16597-01...
Page 217: Understanding Access Vlans
MAC source address. Understanding the Native VLAN ID for Trunk Ports Native VLAN ID numbers must match on both ends of the trunk. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 12-3 OL-16597-01...
Page 218: Understanding Allowed Vlans
Command Purpose Step 1 Enters configuration mode. switch# configure terminal Step 2 Specifies an interface to configure, and enters interface switch(config)# interface {{type slot/port} | {port-channel number}} configuration mode. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 12-4 OL-16597-01...
Page 219: Configuring Access Host Ports
Sets the interface to be an access host port, which switch(config-if)# switchport host immediately moves to the spanning tree forwarding state and disables port channeling on this interface. Apply this command only to end stations. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 12-5 OL-16597-01...
Page 220: Configuring Trunk Ports
If you do not configure this parameter, the trunk port uses the default VLAN as the native VLAN ID. To configure native VLAN for a 802.1Q trunk port, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configure terminal Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 12-6 OL-16597-01...
Page 221: Configuring The Allowed Vlans For Trunking Ports
This example shows how to add VLANs 15 to 20 to the list of allowed VLANs on the Ethernet 3/1 Ethernet trunk port: switch# configure terminal switch(config)# interface ethernet 3/1 switch(config-if)# switchport trunk allow vlan 15-20 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 12-7 OL-16597-01...
Page 222: Verifying Interface Configuration
Displays the interface configuration switch# show interface Displays information for all Ethernet interfaces, switch# show interface switchport including access and trunk interfaces. Displays interface configuration information. switch# show interface brief Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 12-8 OL-16597-01...
Page 223: Information About Mac Addresses
• Configuring a Static MAC Address, page 13-2 • Configuring the Aging Time for the MAC Table, page 13-2 • Clearing Dynamic Addresses from the MAC Table, page 13-3 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 13-1 OL-16597-01...
Page 224: Configuring A Static Mac Address
You can configure the amount of time that an entry (the packet source MAC address and port that packet ingresses) remain in the MAC table. You can also configure MAC aging time in interface configuration mode or VLAN configuration mode. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 13-2 OL-16597-01...
Page 225: Clearing Dynamic Addresses From The Mac Table
This example shows how to display the MAC address table: switch# show mac-address-table VLAN MAC Address Type Port ---------+-----------------+-------+---------+------------------------------ 0018.b967.3cd0 dynamic 10 Eth1/3 001c.b05a.5380 dynamic 200 Eth1/3 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 13-3 OL-16597-01...
Page 226 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Total MAC Addresses: 2 This example shows how to display the current aging time: switch# show mac-address-table aging-time Vlan Aging Time ----- ---------- Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 13-4 OL-16597-01...
Page 227: Chapter 14 Configuring Igmp Snooping
Layer 2 forwarding decisions. Cisco NX-OS supports IGMPv2 and IGMPv3. IGMPv2 supports IGMPv1, and IGMPv3 supports IGMPv2. Although not all features of an earlier version of IGMP are supported, the features related to membership query and membership report messages are supported for all IGMP versions.
Page 228: Igmpv1 And Igmpv2
Cisco NX-OS ignores the configuration of last member query interval when you enable the fast leave Note feature because it does not check for remaining hosts.
Page 229: Igmpv3
IGMP Forwarding The control plane of the Cisco Nexus 5000 Series switch is able to detect IP addresses but forwarding occurs using the MAC address only. When a host connected to the switch wants to join an IP multicast group, it sends an unsolicited IGMP join message, specifying the IP multicast group to join.
Page 230: Configuring Igmp Snooping Parameters
Note If the global setting is disabled, then all VLANs are treated as disabled, whether they are enabled or not. Step 3 Enters VLAN configuration mode. switch(config)# vlan vlan-id Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 14-4 OL-16597-01...
Page 231 1/10 switch(config-vlan)# ip igmp snooping static-group 230.0.0.1 interface ethernet 1/10 switch(config-vlan)# end switch# Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 14-5 OL-16597-01...
Page 232: Verifying Igmp Snooping Configuration
IGMP Snooping information for vlan 1 IGMP snooping enabled IGMP querier none Switch-querier disabled Explicit tracking enabled Fast leave disabled Report suppression enabled Router port detection using PIM Hellos, IGMP Queries Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 14-6 OL-16597-01...
Page 233 Switch-querier enabled, address 172.16.24.1, currently running Explicit tracking enabled Fast leave enabled Report suppression enabled Router port detection using PIM Hellos, IGMP Queries Number of router-ports: 1 Number of groups: 1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 14-7 OL-16597-01...
Page 234 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 235: Information About Traffic Storm Control
C H A P T E R Configuring Traffic Storm Control This chapter describes how to configure traffic storm control on the Cisco Nexus 5000 Series switch. This chapter includes the following sections: Information About Traffic Storm Control, page 15-1 •...
Page 236: Guidelines And Limitations
For example, a higher threshold allows more packets to pass through. Traffic storm control on the Cisco Nexus 5000 Series switch is implemented in the hardware. The traffic storm control circuitry monitors packets that pass from a Layer 2 interface to the switching bus. Using...
Page 237: Configuring Traffic Storm Control
Displays the traffic storm control configuration. switch# show running-config interface Displaying Traffic Storm Control Counters You can display the counters the Cisco Nexus 5000 Series switch maintains for traffic storm control activity. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 238: Traffic Storm Control Example Configuration
40 Default Settings Table 15-1 lists the default settings for traffic storm control parameters. Table 15-1 Default Traffic Storm Control Parameters Parameters Default Traffic storm control Disabled Threshold percentage Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 15-4 OL-16597-01...
Page 239: Switch Security Features
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m A R T Switch Security Features...
Page 240 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m...
Page 241: Configuring Aaa
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Configuring AAA This chapter describes how to configure authentication, authorization, and accounting (AAA) on Cisco Nexus 5000 Series switches. This chapter includes the following sections: Information About AAA, page 16-1 •...
Page 242: Benefits Of Using Aaa
The accounting log feature does not log the show commands, For example, the feature does not log the show version or show module commands. The Cisco NX-OS software supports authentication, authorization, and accounting independently. For Note example, you can configure authentication and authorization without configuring accounting.
Page 243: Remote Aaa Services
• Specified server groups—Uses specified RADIUS or TACACS+ server groups for authentication. • Local—Uses the local username or password database for authentication. • None—Uses only the user name. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-3 OL-16597-01...
Page 244: Authentication And Authorization Process For User Login
If the Nexus 5000 Series switches successfully authenticate you through a remote AAA server, then the following possibilities apply: If the AAA server protocol is RADIUS, then user roles specified in the cisco-av-pair attribute are downloaded with an authentication response.
Page 245: Prerequisites For Remote Aaa
The Nexus 5000 Series switch is configured as a client of the AAA servers. • The preshared secret key is configured on the Nexus 5000 Series switch and on the remote AAA servers. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-5 OL-16597-01...
Page 246: Aaa Guidelines And Limitations
Using AAA Server VSAs with Nexus 5000 Series Switches, page 16-11 • Configuring Console Login Authentication Methods This section describes how to configure the authentication methods for the console login. The authentication methods include the following: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-6 OL-16597-01...
Page 247 The following example shows how to configure authentication methods for the console login: switch# configure terminal switch(config)# aaa authentication login console group radius switch(config)# exit switch# show aaa authentication switch# copy running-config startup-config Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-7 OL-16597-01...
Page 248: Configuring Default Login Authentication Methods
If you have enabled the displaying of login failure messages, the following message is displayed : Remote AAA servers unreachable; local authentication done. Remote AAA servers unreachable; local authentication failed. To enable login authentication failure messages, perform this task: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-8 OL-16597-01...
Page 249: Enabling Mschap Authentication
Step 4 (Optional) Displays the MS-CHAP configuration. switch# show aaa authentication login mschap Step 5 (Optional) Copies the running configuration to the switch# copy running-config startup-config startup configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-9 OL-16597-01...
Page 250: Configuring Aaa Accounting Default Methods
The default method is local, which is used when no server groups are configured or when all the configured server group do not respond. Step 3 Exits configuration mode. switch(config)# exit Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-10 OL-16597-01...
Page 251: Using Aaa Server Vsas With Nexus 5000 Series Switches
The Cisco RADIUS implementation supports one vendor-specific option using the format recommended in the specification. The Cisco vendor ID is 9, and the supported option is vendor type 1, which is named cisco-av-pair. The value is a string with the following format:...
Page 252: Displaying And Clearing The Local Aaa Accounting Log
PDUs. Specifying Cisco Nexus 5000 Series Switch User Roles and SMNPv3 Parameters on AAA Servers You can use the VSA cisco-av-pair on AAA servers to specify user role mapping for the Nexus 5000 Series switch using this format: shell:roles="roleA roleB …"...
Page 253: Verifying Aaa Configuration
Default AAA Parameters Parameters Default Console authentication method local Default authentication method local Login authentication failure messages Disabled MSCHAP authentication Disabled Default accounting method local Accounting log display length 250 KB Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-13 OL-16597-01...
Page 254 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 255: Information About Radius
The RADIUS distributed client/server system allows you to secure networks against unauthorized access. In the Cisco implementation, RADIUS clients run on the Nexus 5000 Series of switches and send authentication and accounting requests to a central RADIUS server that contains all user authentication and network service access information.
Page 256: Radius Operation
Point-to-Point Protocol (PPP), Serial Line Internet Protocol (SLIP), or EXEC services. Connection parameters, including the host or client IPv4 or IPv6 address, access list, and user • timeouts. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-2 OL-16597-01...
Page 257: Radius Server Monitoring
The value is a string with the following format: protocol : attribute separator value * The protocol is a Cisco attribute for a particular type of authorization, the separator is an equal sign (=) for mandatory attributes, and an asterisk ( ) indicates optional attributes.
Page 258: Prerequisites For Radius
If needed, configure any of the following optional parameters: Step 4 Dead-time interval • See the “The following example shows how to configure periodic RADIUS server monitoring:” section on page 17-12. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-4 OL-16597-01...
Page 259: Configuring Radius Server Hosts
Exits configuration mode. switch(config)# exit Step 4 (Optional) Displays the RADIUS server configuration. switch# show radius-server Step 5 (Optional) Copies the running configuration to the switch# copy running-config startup-config startup configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-5 OL-16597-01...
Page 260: Configuring Global Preshared Keys
Nexus 5000 Series switch and the RADIUS server host. To configure radius server preshared keys, obtain the preshared key values for the remote RADIUS servers and perform this task: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-6 OL-16597-01...
Page 261: Configuring Radius Server Groups
RADIUS server group configuration submode for that group. The group-name argument is a case-sensitive alphanumeric string with a maximum length of 127 characters. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-7 OL-16597-01...
Page 262: Allowing Users To Specify A Radius Server At Login
Allows users to specify a RADIUS server to send the switch(config)# switch(config)# radius-server directed-request authentication request when logging in. The default is disabled. Step 3 Exits configuration mode. switch(config)# exit Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-8 OL-16597-01...
Page 263: Configuring The Global Radius Transmission Retry Count And Timeout Interval
You can also set a timeout interval that the Nexus 5000 Series switch waits for responses from RADIUS servers before declaring a timeout failure. To configure RADIUS transmission retry count and timeout interval for a server, perform this task: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-9 OL-16597-01...
Page 264: Configuring Accounting And Authentication Attributes For Radius Servers
(Optional) Specifies that the specified RADIUS switch(config)# radius-server host {ipv4-address | ipv6-address | host-name} server it to be used only for accounting purposes. accounting The default is both accounting and authentication. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-10 OL-16597-01...
Page 265: Configuring Periodic Radius Server Monitoring
The default idle timer value is 0 minutes. When the idle time interval is 0 minutes, the Nexus 5000 Series Note switch does not perform periodic RADIUS server monitoring. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-11 OL-16597-01...
Page 266: Configuring The Dead-Time Interval
Enters configuration mode. switch# configure terminal Step 2 Configures the dead-time interval. The default value is #switch(config)# radius-server deadtime 0 minutes. The range is from 1 to 1440 minutes. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-12 OL-16597-01...
Page 267: Manually Monitoring Radius Servers Or Groups
[directed-request | groups | sorted parameters. | statistics] For detailed information about the fields in the output from this command, refer to the Cisco Nexus 5000 Series Command Reference. Displaying RADIUS Server Statistics To display the statistics the Cisco Nexus 5000 Series switch maintains for RADIUS server activity,...
Page 268: Example Radius Configuration
Authentication and accounting Dead timer interval 0 minutes Retransmission count Retransmission timer interval 5 seconds Idle timer interval 0 minutes Periodic server monitoring username test Periodic server monitoring password test Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-14 OL-16597-01...
Page 269: Information About Tacacs
This section includes the following topics: TACACS+ Advantages, page 18-2 • User Login with TACACS+, page 18-2 • Default TACACS+ Server Encryption Type and Preshared Key, page 18-3 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-1 OL-16597-01...
Page 270: Tacacs+ Advantages
EXEC or NETWORK session for that user and determines the services that the user can access. Services include the following: Telnet, rlogin, Point-to-Point Protocol (PPP), Serial Line Internet Protocol (SLIP), or EXEC • services Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-2 OL-16597-01...
Page 271: Default Tacacs+ Server Encryption Type And Preshared Key
The monitoring interval for alive servers and dead servers are different and can be configured by the user. Note The TACACS+ server monitoring is performed by sending a test authentication request to the TACACS+ server. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-3 OL-16597-01...
Page 272: Prerequisites For Tacacs
“Enabling TACACS+” section on page 18-5. Step 2 Establish the TACACS+ server connections to the Nexus 5000 Series switch. See the “Configuring TACACS+ Server Hosts” section on page 18-5. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-4 OL-16597-01...
Page 273: Enabling Tacacs
“Configuring Global Preshared Keys” section on page 18-6 and the “Configuring TACACS+ Server Preshared Keys” section on page 18-7). Before you configure TACACS+ server hosts, you should do the following: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-5 OL-16597-01...
Page 274: Configuring Global Preshared Keys
Use the show running-config command to display the encrypted preshared keys. Step 5 (Optional) Copies the running configuration to the switch# copy running-config startup-config startup configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-6 OL-16597-01...
Page 275: Configuring Tacacs+ Server Preshared Keys
You can configure these server groups at any time but they only take effect when you apply them to an AAA service. For information on AAA services, see the “Remote AAA Services” section on page 16-2. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-7 OL-16597-01...
Page 276: Specifying A Tacacs+ Server At Login
AAA authentication method. If you enable this option, the user can log in as username@hostname, where hostname is the name of a configured RADIUS server. User specified logins are only supported for Telnet sessions. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-8 OL-16597-01...
Page 277: Configuring The Global Tacacs+ Timeout Interval
The timeout interval determines how long the Nexus 5000 Series switch waits for responses from a TACACS+ server before declaring a timeout failure. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-9 OL-16597-01...
Page 278: Configuring Tcp Ports
The following example shows how to configure TCP ports: switch# configure terminal switch(config)# tacacs-server host 10.10.1.1 port 2 switch(config)# exit switch# show tacacs-server switch# copy running-config startup-config Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-10 OL-16597-01...
Page 279: Configuring Periodic Tacacs+ Server Monitoring
The following example shows how to configure periodic TACACS+ server monitoring: switch# configure terminal switch(config)# tacacs-server host 10.10.1.1 test username user1 password Ur2Gd2BH idle-time 3 switch(config)# tacacs-server dead-time 5 switch(config)# exit switch# show tacacs-server switch# copy running-config startup-config Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-11 OL-16597-01...
Page 280: Configuring The Dead-Time Interval
10.10.1.1 user1 Ur2Gd2BH switch# test aaa group TacGroup user2 As3He3CI Disabling TACACS+ You can disable TACACS+. When you disable TACACS+, all related configurations are automatically discarded. Caution Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-12 OL-16597-01...
Page 281: Displaying Tacacs+ Statistics
Displays the TACACS+ statistics. switch# show tacacs-server statistics {hostname|ipv4-address|ipv6-address} For detailed information about the fields in the output from this command, see the Cisco Nexus 5000 Series Command Reference. Verifying TACACS+ Configuration To display TACACS+ configuration information, perform one of the following tasks:...
Page 282: Default Settings
Default TACACS+ Parameters Parameters Default TACACS+ Disabled Dead timer interval 0 minutes Timeout interval 5 seconds Idle timer interval 0 minutes Periodic server monitoring username test Periodic server monitoring password test Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-14 OL-16597-01...
Page 283: Information About Ssh And Telnet
SSH clients. The user authentication mechanisms supported for SSH are RADIUS, TACACS+, and the use of locally stored user names and passwords. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19-1 OL-16597-01...
Page 284: Ssh Client
Prerequisites for SSH SSH has the following prerequisites: You have configured IP on a Layer 3 interface, out-of-band on the mgmt 0 interface or inband on an • Ethernet interface. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19-2 OL-16597-01...
Page 285: Guidelines And Limitations
The following example shows how to generate an SSH server key: switch# configure terminal switch(config)# ssh key rsa 2048 switch(config)# exit switch# show ssh key switch# copy running-config startup-config Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19-3 OL-16597-01...
Page 286: Specifying The Ssh Public Keys For User Accounts
Downloads the file containing the SSH key in switch# copy server-file bootflash:filename IETF SECSH format from a server. The server can be FTP, SCP, SFTP, or TFTP. Step 2 Enters configuration mode. switch# configure terminal Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19-4 OL-16597-01...
Page 287 The following example shows how to specify the SSH public keys in PEM-formatted public key certificate form: switch# copy tftp://10.10.1.1/cert.pem bootflash:cert.pem switch# configure terminal switch# show user-account switch# copy running-config startup-config Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19-5 OL-16597-01...
Page 288: Starting Ssh Sessions To Remote Devices
You can delete SSH server keys after you disable the SSH server. To reenable SSH, you must first generate an SSH server key (see “Generating SSH Server Keys” section Note on page 19-3). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19-6 OL-16597-01...
Page 289: Clearing Ssh Sessions
By default, the Telnet server is enabled. To disable the Telnet server on your Nexus 5000 Series switch, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configure terminal Step 2 Disables the Telnet server. The default is switch(config)# telnet server disable enabled. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19-7 OL-16597-01...
Page 290: Starting Telnet Sessions To Remote Devices
To clear Telnet sessions from the Nexus 5000 Series switch, perform this task: Command Purpose Step 1 Displays user session information. switch# show users Step 2 Clears a user Telnet session. switch(config)# clear line vty-line Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19-8 OL-16597-01...
Page 291: Verifying The Ssh And Telnet Configuration
************************************** Specify the SSH public key in Open SSH format. Step 4 switch(config)# username User1 sshkey ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAy19oF6QaZl9G+3f1 XswK3OiW4H7YyUyuA50rv7gsEPjhOBYmsi6PAVKui1nIf/DQhum+lJNqJP/eLowb7ubO+lVKRXFY/G+lJNIQW3g9ig G30c6k6+XVn+NjnI1B7ihvpVh7dLddMOXwOnXHYshXmSiH3UD/vKyziEh5S4Tplx8= Save the configuration. Step 5 switch(config)# copy running-config startup-config Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19-9 OL-16597-01...
Page 292: Default Settings
SSH parameters. Table 19-1 Default SSH Parameters Parameters Default SSH server Enabled SSH server key RSA key generated with 1024 bits RSA key bits for generation 1024 Telnet server Enabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19-10 OL-16597-01...
Page 293: Configuring Acls
• IP ACL Types and Applications The Cisco Nexus 5000 Series switch supports IPv4, IPv6 and MAC ACLs for security traffic filtering. The switch allows you to use IP ACLs as port ACLs and VLAN ACLs, as shown in Table 20-1.
Page 294: Rules
ACLs allow you to identify traffic by protocol. For your convenience, you can specify some protocols by name. For example, in an IPv4 ACL, you can specify ICMP by name. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-2...
Page 295 ACL, you can add a second instance of the rule using the sequence number that positions it correctly, and then you can remove the original instance of the rule. This action allows you to move the rule without disrupting traffic. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-3 OL-16597-01...
Page 296: Configuring Ip Acls
Applying an IP ACL as a Port ACL, page 20-7 Applying an IP ACL as a VACL, page 20-8 • Verifying IP ACL Configurations, page 20-8 • Displaying and Clearing IP ACL Statistics, page 20-9 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-4 OL-16597-01...
Page 297: Creating An Ip Acl
If you need to add more rules between existing rules than the current sequence numbering allows, you can use the resequence command to reassign sequence numbers. For more information, see the “Changing Sequence Numbers in an IP ACL” section on page 20-7. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-5 OL-16597-01...
Page 298: Removing An Ip Acl
The switch allows you to remove ACLs that are currently applied. Removing an ACL does not affect the configuration of interfaces where you have applied the ACL. Instead, the switch considers the removed ACL to be empty. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-6 OL-16597-01...
Page 299: Changing Sequence Numbers In An Ip Acl
Step 2 Enters interface configuration mode for the switch(config)# interface ethernet slot/port specified interface. Enters interface configuration mode for a port switch(config)# interface port-channel channel-number channel. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-7 OL-16597-01...
Page 300: Applying An Ip Acl As A Vacl
Displays the configuration of an interface to which you have applied an ACL. For detailed information about the fields in the output from these commands, refer to the Cisco Nexus 5000 Series Command Reference. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 301: Displaying And Clearing Ip Acl Statistics
Clears statistics for all IP ACLs or for a specific IP ACL. For detailed information about these commands, refer to the Cisco Nexus 5000 Series Command Reference. Configuring MAC ACLs This section includes the following topics: Creating a MAC ACL, page 20-10 •...
Page 302: Creating A Mac Acl
To change a MAC ACL, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configure terminal Step 2 Enters ACL configuration mode for the ACL that switch(config)# mac access-list name you specify by name. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-10 OL-16597-01...
Page 303: Removing A Mac Acl
ACLs that are current applied. Removing an ACL does not affect the configuration of interfaces where you have applied the ACL. Instead, the switch considers the removed ACL to be empty. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-11...
Page 304: Changing Sequence Numbers In A Mac Acl
Be sure that the ACL that you want to apply exists and is configured to filter traffic as necessary for this application. For more information about configuring MAC ACLs, see the “Configuring IP ACLs” section on page 20-4. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-12 OL-16597-01...
Page 305: Applying A Mac Acl As A Vacl
Displaying and Clearing MAC ACL Statistics Use the show mac access-lists command to display statistics about a MAC ACL, including the number of packets that have matched each rule. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-13 OL-16597-01...
Page 306: Information About Vlan Acls
In access map configuration mode, you use the action command to specify one of the following actions: Forward—Sends the traffic to the destination determined by normal operation of the switch. • Drop—Drops the traffic. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-14 OL-16597-01...
Page 307: Statistics
VACL is applied. Note The Cisco Nexus 5000 Series switch does not support interface-level VACL statistics. For each VLAN access map that you configure, you can specify whether the switch maintains statistics for that VACL. This allows you to turn VACL statistics on or off as needed to monitor traffic filtered by a VACL or to help troubleshoot VLAN access-map configuration.
Page 308: Removing A Vacl
Applying a VACL to a VLAN You can apply a VACL to a VLAN. The VACL drop-down list appears in the Advanced Settings section. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-16 OL-16597-01...
Page 309: Verifying Vacl Configuration
This example shows how to configure a VACL to forward traffic permitted by an IP ACL named acl-ip-01 and how to apply the VACL to VLANs 50 through 82: configure terminal vlan access-map acl-ip-map match ip address acl-ip-01 action forward vlan filter acl-ip-map vlan-list 50-82 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-17 OL-16597-01...
Page 310: Default Settings
Table 20-4 Default VACL Parameters Parameters Default VACLs No IP ACLs exist by default. ACL rules Implicit rules apply to all ACLs. See the “Implicit Rules” section on page 20-3. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-18 OL-16597-01...
Page 311: System Management
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m A R T System Management...
Page 312 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m...
Page 313: Information About Cfs
CFS has the ability to discover CFS capable switches in the network and discovering feature capabilities in all CFS capable switches. Cisco Nexus 5000 Series switches support CFS message distribution over Fibre Channel, IPv4 or IPv6 networks. If the switch is provisioned with Fibre Channel ports, CFS over Fibre Channel is enabled by default.
Page 314: Cfs Distribution
(when two independent SAN fabrics merge). CFS Distribution The CFS distribution functionality is independent of the lower layer transport. Cisco Nexus 5000 Series switches support CFS distribution over IP and CFS distribution over Fibre Channel. Features that use CFS are unaware of the lower layer transport.
Page 315: Enabling/Disabling Cfs Distribution On A Switch
Globally disables CFS distribution (CFS over Fibre Channel or IP) for all applications on the switch. Enables (default) CFS distribution on the switch. switch(config)# cfs distribute Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-3 OL-16597-01...
Page 316: Verifying Cfs Distribution Status
Note Keepalive mechanism to detect network topology changes using a configurable multicast address. • Compatibility with Cisco MDS 9000 Family switches running release 2.x or later. • Figure 21-1 shows a network with both Fibre Channel and IP connections. Node A forwards an event to node B over Fibre Channel.
Page 317: Cfs Distribution Over Fibre Channel
(0x77434653) protocol for all CFS packets. CFS packets are sent to or from the switch domain controller addresses. CFS Distribution Scopes Different applications on the Cisco Nexus 5000 Series switches need to distribute the configuration at various levels. The following levels are available when using CFS distribution over Fibre Channel: VSAN level (logical scope) •...
Page 318: Cfs Merge Support
When you commit the changes, the pending database overwrites the configuration database (also known as the active database or the effective database). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-6 OL-16597-01...
Page 319: Enabling Cfs For An Application
CFS, merge capability (if it has registered with CFS for merge support), and lastly the distribution scope. switch# show cfs application name fscm Enabled : Yes Timeout : 100s Merge Capable : No Scope : Physical-fc Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-7 OL-16597-01...
Page 320: Locking The Network
CLI/SNMP v3 Total number of entries = 1 Committing Changes A commit operation saves the pending database for all application peers and releases the lock for all switches. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-8 OL-16597-01...
Page 321: Discarding Changes
Caution The CISCO-CFS-MIB contains SNMP configuration information for any CFS-related functions. Refer to the Cisco Nexus 5000 Series MIB Quick Reference for more information on this MIB. Clearing a Locked Session You can clear locks held by an application from any switch in the network to recover from situations where locks are acquired and not released.
Page 322: About Cfs Regions
Assigning Applications to CFS Regions, page 21-11 • Moving an Application to a Different CFS Region, page 21-11 Removing an Application from a Region, page 21-11 • Deleting CFS Regions, page 21-12 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-10 OL-16597-01...
Page 323 Step 2 Enters CFS region configuration submode. switch(config)# cfs region region-id Step 3 Removes application(s) that belong to the region. switch(config-cfs-region)# no ntp switch(config-cfs-region)# no callhome Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-11 OL-16597-01...
Page 324: Configuring Cfs Over Ip
Step 2 Globally enables CFS over IPv6 for all applications switch(config)# cfs ipv6 distribute on the switch. Disables (default) CFS over IPv6 on the switch. switch(config)# no cfs ipv6 distribute Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-12 OL-16597-01...
Page 325: Verifying The Cfs Over Ip Configuration
Reverts to the default IPv6 multicast address for CFS switch(config)# no cfs ipv6 mcast-address ipv6-address distribution over IPv6. The default IPv6 multicast address for CFS over IP is ff15::efff:4653. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-13 OL-16597-01...
Page 326: Verifying Ip Multicast Address Configuration For Cfs Over Ip
The command uses the specified application name to display the merge status based on the application scope. switch# show cfs merge status name ntp Physical Merge Status: Failed Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-14 OL-16597-01...
Page 327 Total number of entries = 2 Scope : Logical [VSAN 3] ----------------------------------------------------------- Domain Switch WWN IP Address ----------------------------------------------------------- 20:00:00:44:22:00:4a:9e 172.22.92.27 [Local] 20:00:00:05:30:01:1b:c2 172.22.92.215 Total number of entries = 2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-15 OL-16597-01...
Page 328: Default Settings
Implicitly enabled with the first configuration change. Application distribution Differs based on application. Commit Explicit configuration is required. CFS over IP Disabled. IPv4 multicast address 239.255.70.83. IPv6 multicast address ff15::efff:4653. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-16 OL-16597-01...
Page 329: Information About User Accounts And Rbac
The following words are reserved and cannot be used to configure users: bin, daemon, adm, lp, sync, shutdown, halt, mail, news, uucp, operator, games, gopher, ftp, nobody, nscd, mailnull, rpc, rpcuser, xfs, gdm, mtsuser, ftpuser, man, and sys. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-1 OL-16597-01...
Page 330: Characteristics Of Strong Passwords
You can also limit access to specific VSANs, VLANs and interfaces. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-2 OL-16597-01...
Page 331: About Rules
If a command rule permits access to specific resources (interfaces, VLANs or VSANs), the user is permitted to access these resources, even if they are not listed in the user role policies associated with that user. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-3 OL-16597-01...
Page 332: Guidelines And Limitations
Nexus 5000 Series switch. The expire date option format is YYYY-MM-DD. The default is no expiry date. Step 4 Exits global configuration mode. switch(config)# exit Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-4 OL-16597-01...
Page 333: Configuring Rbac
Specifies a user role and enters role configuration switch(config)# role name role-name mode. The role-name argument is a case-sensitive, alphanumeric character string with a maximum length of 16 characters. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-5 OL-16597-01...
Page 334 L3 switch(config-role)# description This role does not allow users to use clear commands switch(config-role)# exit switch(config)# show role switch(config)# copy running-config startup-config Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-6 OL-16597-01...
Page 335: Creating Feature Groups
Exits role interface policy configuration mode. switch(config-role-interface)# exit Step 7 (Optional) Displays the role configuration. switch(config-role)# show role Step 8 (Optional) Copies the running configuration to the switch(config-role)# copy running-config startup-config startup configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-7 OL-16597-01...
Page 336: Changing User Role Vlan Policies
Specifies a range of VSANs that the role can access. switch(config-role-vsan)# permit vsan vsan-list Repeat this command for as many VSANs as needed. Step 6 Exits role VSAN policy configuration mode. switch(config-role-vsan)# exit Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-8 OL-16597-01...
Page 337: Verifying User Accounts And Rbac Configuration
1 deny command clear * The following example shows how to configure a user role feature group: role feature-group name Security-features feature radius feature tacacs feature aaa feature acl feature access-list Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-9 OL-16597-01...
Page 338: Default Settings
User account expiry date. None. Interface policy All interfaces are accessible. VLAN policy All VLANs are accessible. VFC policy All VFCs are accessible. VETH policy All VETHs are accessible. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-10 OL-16597-01...
Page 339: Chapter 23 Configuring Session Manager
• Verification—Verifies the configuration as a whole, based on the existing hardware and software configuration and resources. Cisco NX-OS returns an error if the configuration does not pass this verification phase. Commit—Cisco NX-OS verifies the complete configuration and implements the changes atomically •...
Page 340: Creating A Session
Step 5 Adds a port access group to the interface. switch(config-s-if)# ip port access-group name in Step 6 (Optional) Displays the contents of the session. switch# show configuration session [name] Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 23-2 OL-16597-01...
Page 341: Verifying A Session
Ethernet 1/4 switch(config-s-ip)# ip port access-group acl2 in switch(config-s-ip)# exit switch(config-s)# verify switch(config-s)# exit switch# show configuration session test2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 23-3 OL-16597-01...
Page 342: Verifying Session Manager Configuration
[name] Displays the status of the configuration session. switch# show configuration session status [name] Displays a summary of all the configuration sessions. switch# show configuration session summary Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 23-4 OL-16597-01...
Page 343: Information About Online Diagnostics
Expansion Module Diagnostics, page 24-3 • Online Diagnostics Overview Cisco Nexus 5000 Series switches support bootup diagnostics and runtime diagnostics. Bootup diagnostics include disruptive tests and nondisruptive tests that run during system bootup and system reset. Runtime diagnostics (also known as health monitoring diagnostics) include nondisruptive tests that run in the background during normal operation of the switch.
Page 344: Health Monitoring Diagnostics
Bootup diagnostics log any failures to the onboard failure logging (OBFL) system. Failures also trigger an LED display to indicate diagnostic test states (on, off, pass, or fail). You can configure Cisco Nexus 5000 Series switches to either bypass the bootup diagnostics, or run the complete set of bootup diagnostics. See the “Configuring Online Diagnostics”...
Page 345: Expansion Module Diagnostics
Table 24-5 Expansion Module Health Monitoring Diagnostics Diagnostic Description Monitors port and system status LEDs. Temperature Sensor Monitors temperature sensor readings. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 24-3 OL-16597-01...
Page 346: Configuring Online Diagnostics
Displays the bootup diagnostics level. show diagnostic result module slot Displays the results of the diagnostics tests. Default Settings Table 24-6 lists the default settings for online diagnostics parameters. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 24-4 OL-16597-01...
Page 347 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Table 24-6 Default Online Diagnostics Parameters Parameters Default Bootup diagnostics level complete Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 24-5 OL-16597-01...
Page 348 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 349: Chapter 25 Configuring System Message Logging
System unusable 1 – alert Immediate action needed 2 – critical Critical condition 3 – error Error condition 4 – warning Warning condition 5 – notification Normal but significant condition Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 25-1 OL-16597-01...
Page 350: Syslog Servers
“Configuring syslog Servers” section on page 25-5. To support the same configuration of syslog servers on all switches in a fabric, you can use the Cisco Fabric Services (CFS) to distribute the syslog server configuration. For information about distributing the syslog server configuration, see the “Configuring syslog Server Configuration Distribution”...
Page 351: Configuring System Message Logging To A File
For information about displaying and clearing log files, see the “Displaying and Clearing Log Files” section on page 25-8. To configure the switch to log system messages to a file, perform this task: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 25-3 OL-16597-01...
Page 352: Configuring Module And Facility Messages Logged
5 is used. Disables module log messages. switch(config)# no logging module [severity-level] Step 3 switch(config)# show logging module (Optional) Displays the module logging configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 25-4 OL-16597-01...
Page 353: Configuring Syslog Servers
Server Configuration Distribution” section on page 25-7. You can configure a syslog server on a UNIX or Linux system by adding the following line to the /etc/syslog.conf file: facility.level <five tab characters> action Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 25-5 OL-16597-01...
Page 354 Repeat Step 2 for up to three syslog servers. Step 4 (Optional) Displays the syslog server configuration. switch(config)# show logging server Step 5 (Optional) Copies the running configuration to the switch(config)# copy running-config startup-config startup configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 25-6 OL-16597-01...
Page 355: Configuring Syslog Server Configuration Distribution
Configuring syslog Server Configuration Distribution You can distribute the syslog server configuration to other switches in the network by using the Cisco Fabric Services (CFS) infrastructure. For more information about CFS, see the “Information About CFS”...
Page 356: Displaying And Clearing Log Files
The following example shows how to display or clear messages in a log file: switch# show logging last 40 switch# show logging logfile start-time 2007 nov 1 15:10:0 switch# show logging nvram last 10 switch# clear logging logfile switch# clear logging nvram Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 25-8 OL-16597-01...
Page 357: Verifying System Message Logging Configuration
6 logging module 3 logging level aaa 2 logging timestamp milliseconds logging distribute logging server 172.28.254.253 logging server 172.28.254.254 5 local3 logging commit copy running-config startup-config Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 25-9 OL-16597-01...
Page 358: Default Settings
Enabled to log:messages at severity level 5 Module logging Enabled at severity level 5 Facility logging Enabled; Time-stamp units Seconds syslog server logging Disabled syslog server configuration distribution Disabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 25-10 OL-16597-01...
Page 359: Information About Call Home
XML-based automated parsing applications. You can use this feature to page a network support engineer, e-mail a Network Operations Center, or use Cisco Smart Call Home services to automatically generate a case with the Technical Assistance Center.
Page 360: Destination Profiles
– Messaging Language (AML) XML schema definition (XSD). The AML XSD is published on the Cisco.com web site at http://www.cisco.com/. The XML format enables communication with the Cisco Systems Technical Assistance Center. Multiple concurrent message destinations. You can configure up to 50 e-mail destination addresses •...
Page 361 This alert is show license usage considered a noncritical event, and the show inventory information is used for status and show sprom all entitlement. show system uptime Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-3 OL-16597-01...
Page 362: Call Home Message Levels
Warning (4) Warning conditions. Notification Notice (5) Basic notification and informational messages. Possibly independently insignificant. Normal Information (6) Normal event signifying return to normal state. Debugging Debug (7) Debugging messages. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-4 OL-16597-01...
Page 363: Obtaining Smart Call Home
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Obtaining Smart Call Home If you have a service contract directly with Cisco Systems, you can register your devices for the Smart Call Home service. Smart Call Home provides fast resolution of system problems by analyzing Call Home messages sent from your devices and providing background information and recommendations.
Page 364: Configuring Call Home
To configure contact information, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configuration terminal Step 2 Configures the SNMP sysContact. switch(config)# snmp-server contact sys-contact Step 3 Enters callhome configuration mode. switch(config)# callhome Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-6 OL-16597-01...
Page 365 This example shows how to configure the contact information for Call Home: switch# configuration terminal switch(config)# snmp-server contact personname@companyname.com switch(config)# callhome switch(config-callhome)# email-contact admin@Mycompany.com switch(config-callhome)# phone-contact +1-800-123-4567 switch(config-callhome)# street-address 123 Anystreet st. Anytown,AnyWhere Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-7 OL-16597-01...
Page 366: Creating A Destination Profile
To modify the attributes for a destination profile, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configuration terminal Step 2 Enters callhome configuration mode. switch(config)# callhome Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-8 OL-16597-01...
Page 367: Associating An Alert Group With A Destination Profile
| System | Test} Step 4 (Optional) Displays information about one or more switch(config-callhome)# show callhome destination-profile [profile name] destination profiles. Step 5 (Optional) Saves this configuration change. switch(config)# copy running-config startup-config Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-9 OL-16597-01...
Page 368: Adding Show Commands To An Alert Group
Step 5 (Optional) Saves this configuration change. switch(config)# copy running-config startup-config This example shows how to add the show ip routing command o the Cisco-TAC alert group: switch# configuration terminal switch(config)# callhome switch(config-callhome)# alert-group Configuration user-def-cmd “show ip routing” Configuring E-Mail You must configure the SMTP server address for the Call Home functionality to work.
Page 369: Configuring Periodic Inventory Notification
This example shows how to configure the periodic inventory messages to generate every 20 days: switch# configuration terminal switch(config)# callhome switch(config-callhome)# periodic-inventory notification interval 20 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-11 OL-16597-01...
Page 370: Disabling Duplicate Message Throttle
To commit Call Home configuration changes and distribute using CFS in the callhome configuration mode, perform this task: Command Purpose Commits Call Home configuration changes and switch(config-callhome)# commit distributes the changes to call CFS-enabled devices. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-12 OL-16597-01...
Page 371: Testing Call Home Communications
Displays the Call Home status. show callhome status Displays the e-mail configuration for Call Home. show callhome transport-email Displays CLI commands added to any alert show callhome user-def-cmds groups. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-13 OL-16597-01...
Page 372: Call Home Example Configuration
Home. Call Home Example Configuration The following example uses CFS to create a destination profile called Noc101, associate the Cisco-TAC alert group to that profile, configure contact and e-mail information, and distribute those changes to all CFS-enabled devices: configure terminal snmp-server contact person@company.com...
Page 373: Additional References
Name of alert group, such as syslog. /aml/header/group Severity level Severity level of message (see “Call Home Message Levels” /aml/header/level section on page 26-4). Source ID Product type for routing. Specifically Catalyst 6500. /aml/header/source Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-15 OL-16597-01...
Page 374 Model name of the device (the specific model as part of a /aml/body/chassis/name product family name). Serial number Chassis serial number of the unit. /aml/body/chassis/serialNo Chassis part number Top assembly number of the chassis. /aml/body/chassis/partNo Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-16 OL-16597-01...
Page 375 XML Tag (Plain Text and XML) (Plain Text and XML) (XML Only) Chassis hardware Hardware version of the chassis. /aml/body/chassis/hwVersion version Supervisor module Top-level software version. /aml/body/chassis/swVersion software version Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-17 OL-16597-01...
Page 376: Sample Syslog Alert Notification In Full-Text Format
Street Address:#1234 Picaboo Street, Any city, Any state, 12345 Event Description:2006 Oct 8 11:10:44 10.76.100.177 %PORT-5-IF_TRUNK_UP: %$VLAN 1%$ Interface e2/5, vlan 1 is up syslog_facility:PORT start chassis information: Affected Chassis:WS-C6509 Affected Chassis Serial Number:FG@07120011 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-18 OL-16597-01...
Page 377: Sample Syslog Alert Notification In Xml Format
<ch:Call Home xmlns:ch="http://www.example.com/2005/05/callhome" version="1.0"> <ch:EventTime>2007-04-25 14:19:55 GMT+00:00</ch:EventTime> <ch:MessageDescription>03:29:29: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console</ch:MessageDescription> <ch:Event> <ch:Type>syslog</ch:Type> <ch:SubType></ch:SubType> <ch:Brand>Cisco Systems</ch:Brand> <ch:Series>Catalyst 6500 Series Switches</ch:Series> </ch:Event> <ch:CustomerData> <ch:UserData> <ch:Email>user@example.com</ch:Email> Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-19 OL-16597-01...
Page 378 Firmware compiled 11-Apr-07 03:34 by integ Build [100] 00:01:01: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch 00:01:01: %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure console debugging output. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-20 OL-16597-01...
Page 379 00:00:26: DFC2: Currently running ROMMON from F2 region 00:04:56: %DIAG-SP-6-RUN_MINIMUM: Module 4: Running Minimal Diagnostics... 00:00:09: DaughterBoard (Distributed Forwarding Card 3) Firmware compiled 11-Apr-08 03:34 by integ Build [100] Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-21 OL-16597-01...
Page 380 00:06:59: %OIR-SP-6-DOWNGRADE_EARL: Module 8 DFC installed is not identical to system PFC and will perform at current system operating mode. 00:07:06: %OIR-SP-6-INSCARD: Card inserted in slot 8, interfaces are now online Router#]]></aml-block:Data> </aml-block:Attachment> </aml-block:Attachments> </aml-block:Block> </soap-env:Body> </soap-env:Envelope> Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-22 OL-16597-01...
Page 381: Information About Snmp
An SNMP agent—The software component within the managed device that maintains the data for • the device and reports these data, as needed, to managing systems. The Cisco Nexus 5000 Series switch supports the agent and MIB. To enable the SNMP agent, you must define the relationship between the manager and the agent.
Page 382: Snmp Notifications
An SNMP manager that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the Cisco Nexus 5000 Series switch never receives a response, it can send the inform request again.
Page 383 HMAC-MD5-96 authentication protocol • HMAC-SHA-96 authentication protocol • Cisco NX-OS uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3 message encryption and conforms with RFC 3826. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 27-3...
Page 384 SNMPv3 user management can be centralized at the Access Authentication and Accounting (AAA) server level. This centralized user management allows the SNMP agent in Cisco NX-OS to leverage the user authentication service of the AAA server. Once user authentication is verified, the SNMP PDUs are processed further.
Page 385: Configuring Snmp Users
You can configure SNMP to require authentication or encryption for incoming requests. By default the SNMP agent accepts SNMPv3 messages without authentication and encryption. When you enforce privacy, Cisco NX-OS responds with an authorization Error for any SNMPv3 PDU request using securityLevel parameter of either noAuthNoPriv or authNoPriv.
Page 386: Assigning Snmpv3 Users To Multiple Roles
Creates an SNMP community string. switch(config)# snmp-server community name group {ro | rw} Configuring SNMP Notification Receivers You can configure Cisco NX-OS to generate SNMP notifications to multiple host receivers. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 27-6 OL-16597-01...
Page 387: Configuring The Notification Target User
You must configure a notification target user on the device to send SNMPv3 inform notifications to a notification host receiver. The Cisco Nexus 5000 Series switch uses the credentials of the notification target user to encrypt the SNMPv3 inform notification messages to the configured notification host receiver.
Page 388: Enabling Snmp Notifications
NMS auth sha abcd1234 priv abcdefgh enginID 00:00:00:63:00:01:00:a1:ac:15:10:03 Enabling SNMP Notifications You can enable or disable notifications. If you do not specify a notification name, Cisco NX-OS enables all notifications. The snmp-server enable traps CLI command enables both traps and informs, depending on the Note configured notification host receivers.
Page 389: Configuring Linkup/Linkdown Notifications
• defined in IF-MIB), if ifLinkUpDownTrapEnable (defined in IF-MIB) is enabled for that interface. Cisco NX-OS adds additional varbinds specific to Cisco Systems in addition to the varbinds defined in the IF-MIB. This is the default setting. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 390: Disabling Up/ Down Notifications On An Interface
(cieLinkUp, cieLinkDown) defined in CISCO-IF-EXTENSION-MIB.my, if ifLinkUpDownTrapEnable (defined in IF-MIB) is enabled for that interface. Cisco NX-OS adds additional varbinds specific to Cisco Systems in addition to the varbinds defined in the IF-MIB for the linkUp and linkDown notifications.
Page 391: Assigning Snmp Switch Contact And Location Information
Displays SNMPv3 users. show snmp user SNMP Example Configuration This example configures the Cisco Nexus 5000 Series switch to send the Cisco linkUp/linkDown notifications to one notification host receiver and defines two SNMP users, Admin and NMS: configuration terminal snmp-server contact Admin@company.com...
Page 392: Default Settings
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Default Settings Table 27-3 lists the default settings for SNMP parameters. Table 27-3 Default SNMP Parameters Parameters Default license notifications enabled linkUp/Down notification type ietf-extended Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 27-12 OL-16597-01...
Page 393: Information About Rmon
You can use alarms with RMON events to generate a log entry or an SNMP notification when the RMON alarm triggers. RMON is disabled by default and no events or alarms are configured in Cisco Nexus 5000 Series. You can configure your RMON alarms and events by using the CLI or an SNMP-compatible network...
Page 394: Rmon Events
• samples take two consecutive samples and calculate the difference between them. • Rising threshold—The value at which the Cisco Nexus 5000 Series switch triggers a rising alarm or resets a falling alarm. • Falling threshold—The value at which the Cisco Nexus 5000 Series switch triggers a falling alarm or resets a rising alarm.
Page 395: Configuring Rmon
Taking delta samples, last value was 0 Rising threshold is 5, assigned to event 1 Falling threshold is 0, assigned to event 0 On startup enable rising or falling alarm Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 28-3 OL-16597-01...
Page 396: Configuring Rmon Events
This example creates a delta rising alarm on ifOutOctets and associates a notification event with this alarm: configure terminal rmon alarm 1 1.3.6.1.2.1.2.2.1.17.83886080 5 delta rising-threshold 5 1 falling-threshold 0 owner test rmon event 1 trap public Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 28-4 OL-16597-01...
Page 397: Default Settings
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Default Settings Table 28-1 lists the default settings for RMON parameters. Table 28-1 Default RMON Parameters Parameters Default Alarms None configured. Events None configured. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 28-5 OL-16597-01...
Page 398 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 399: Fibre Channel Over Ethernet
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m A R T Fibre Channel over Ethernet...
Page 400 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m...
Page 401: Configuring Fcoe
• Ethernet Frame Formats, page 29-4 • Licensing Requirements On Cisco Nexus 5000 Series switches, FCoE capability is included in the Storage Protocol Services License. Before using FCoE capabilities, ensure that: The correct license is installed (N5010SS or N5020SS). •...
Page 402: Converged Network Adapters
To reduce configuration errors and simplify administration. you can configure the switch to distribute the configuration data to all the connected adapters. DCBX Capabilities The DCBX capabilities supported by Cisco Nexus 5000 Series switches are described in the following topics: FCoE, page 29-2 •...
Page 403: Dce Bridging Capability Exchange Protocol
For flexibility, parameters are coded in a type-length-value (TLV) format. DCBX runs on the physical Ethernet link between the Cisco Nexus 5000 Series switch and the converged network adapter on the server. By default, DCBX is enabled on Ethernet interfaces. When an Ethernet interface is brought up, the switch automatically starts to communicate with the adapter.
Page 404: Ethernet Frame Formats
• If the adapter does not implement DCBX, all capabilities remain disabled. The Cisco Nexus 5000 Series switch provides CLI commands to manually override the results of the Note negotiation with the adapter. On a per-interface basis, you can force capabilities to be enabled or disabled.
Page 405: Enabling Fcoe
2008 Nov 11 20:43:38 switch %$ VDC-1 %$ %PFMA-2-FC_LICENSE_DESIRED: FCoE/FC feature will be enabled after the configuration is saved followed by a reboot After you enable the FCoE capability, you must reboot the Cisco Nexus 5000 Series switch before you Note can use the features.
Page 406: Configuring Priority Flow Control
By default, link-level flow control capability on Ethernet interfaces is disabled. Only enable the link-level flow control capability if PFC is disabled on the interface. To configure link-level flow control, see the “Configuring IEEE 802.3x Link-Level Flow Control” section on page 31-8. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 29-6 OL-16597-01...
Page 407: Configuring Lldp
15 To reset LLDP settings, perform this task: Command Purpose Reset the LLDP values to their defaults. switch(config)# no lldp {holdtime | reinit | timer} Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 29-7 OL-16597-01...
Page 408: Configuring Interface Lldp Commands
The following example shows how to display LLDP interface information: switch# show lldp interface ethernet 1/2 tx_enabled: TRUE rx_enabled: TRUE dcbx_enabled: TRUE Port MAC address: 00:0d:ec:a3:5f:48 Remote Peers Information Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 29-8 OL-16597-01...
Page 409 The following example shows how to display LLDP timer information: switch# show lldp timers LLDP Timers holdtime 120 seconds reinit 2 seconds msg_tx_interval 30 seconds The following example shows how to display LLDP counters: switch# show lldp traffic Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 29-9 OL-16597-01...
Page 410 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 411: Chapter 30 Configuring Virtual Interfaces
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Configuring Virtual Interfaces This section describes the configuration of virtual interfaces on the Cisco Nexus 5000 Series switches. It includes the following sections: Information About Virtual Interfaces, page 30-1 •...
Page 412: Configuring Virtual Interfaces
Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 Enters VLAN configuration mode. VLAN number is in switch(config)# vlan vlan-id the range of 1 to 4096. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 30-2 OL-16597-01...
Page 413: Deleting A Virtual Fibre Channel Interface
Deletes a virtual Fibre Channel interface. switch(config)# no interface vfc vfc-id The following example shows how to delete a virtual Fibre Channel interface: switch# configure terminal switch(config)# no interface vfc 4 switch(config-if)# exit Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 30-3 OL-16597-01...
Page 414: Verifying Virtual Interface Information
Channel ------------------------------------------------------------------------------- Ethernet1/1 hwFailure 1500 Ethernet1/2 hwFailure 1500 Ethernet1/3 10000 1500 Ethernet1/39 sfpIsAbsen -- 1500 Ethernet1/40 sfpIsAbsen -- 1500 ------------------------------------------------------------------------------- Interface Status IP Address Speed ------------------------------------------------------------------------------- mgmt0 172.16.24.41 1500 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 30-4 OL-16597-01...
Page 415 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Interface Vsan Admin Admin Status Oper Oper Port Mode Trunk Mode Speed Channel Mode (Gbps) ------------------------------------------------------------------------------- vfc 1 down Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 30-5 OL-16597-01...
Page 416 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 417: Quality Of Service
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m A R T Quality of Service...
Page 418 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m...
Page 419: Configuring Qos
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Configuring QoS This chapter describes how to configure the quality of service (QoS) features on the Cisco Nexus 5000 Series switch. This chapter includes the following sections: Information About QoS, page 31-1 •...
Page 420: Mqc
QoS for Traffic Directed to the CPU, page 31-6 • The Cisco Modular QoS CLI (MQC) provides a standard set of commands for configuring QoS. You can use MQC to define additional traffic classes and to configure QoS policies for the whole system and for individual Ethernet interfaces.
Page 421: Default System Classes
The transmit and receive directions are separately configurable. By default, link-level flow control is disabled for both directions. On the Cisco Nexus 5000 Series switch, Ethernet interfaces do not auto-detect the link-level flow control capability. You must configure the capability explicitly on the Ethernet interfaces.
Page 422: Mtu
If PFC is not enabled on an interface, you can enable IEEE 802.3X link-level pause. By default, link-level pause is disabled. The Cisco Nexus 5000 Series switch is a Layer 2 switch, and it does not support packet fragmentation. MTU configuration mismatch between ingress and egress interfaces may result in packets being truncated.
Page 423: Ingress Policies
The optimized multicast feature achieves better throughput for multicast frames and improves performance for multicast frames. Optimized multicast is supported on the BF and later versions of the Cisco Nexus 5020 switch. To verify Note the model version, enter the show module 1 command. The model version is the last two characters of the model number.
Page 424: Policy For Fibre Channel Interfaces
If priority flow control is enabled on an Ethernet interface, pause will never be applied to traffic with • a drop system class. PFC does not apply pause to drop classes and the link-level pause feature is never enabled on an interface with PFC. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-6 OL-16597-01...
Page 425: Configuring Pfc And Llc
• Configuring PFC and LLC Cisco Nexus 5000 Series switches support PFC and LLC on Ethernet interfaces. The Ethernet interface can operate in two different modes: FCoE mode or standard Ethernet mode. If the interface is operating in FCoE mode, the Ethernet link is connected at the server port using a converged network adapter (CNA).
Page 426: Configuring Ieee 802.3X Link-Level Flow Control
Configuring Class Maps, page 31-9 • Configuring Policy Maps, page 31-9 • Creating the System Service Policy, page 31-11 System Class Example, page 31-11 • Enabling Jumbo MTU, page 31-11 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-8 OL-16597-01...
Page 427: Configuring Class Maps
QoS parameters for each class. You can use the same policy map to modify the configuration of the default classes. Before creating the policy map, define a class map for each new system class. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-9 OL-16597-01...
Page 428 The following example shows how to create a policy map with a no-drop Ethernet class: switch(config)# class-map ethCoS4 switch(config-cmap)# match cos 4 switch(config-cmap)# exit switch(config)# policy-map ethNoDrop switch(config-pmap)# class ethCoS4 switch(config-pmap-c)# pause no-drop Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-10 OL-16597-01...
Page 429: Creating The System Service Policy
Enabling Jumbo MTU To enable jumbo MTU for the whole switch, set the MTU to its maximum size (9216 bytes) in the policy map for the default Ethernet system class (class-default). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-11 OL-16597-01...
Page 430: Verifying Jumbo Mtu
Tx Packets from 65 to 127 bytes: 8288443 Tx Packets from 128 to 255 bytes: 16596457 Tx Packets from 256 to 511 bytes: 33177999 Tx Packets from 512 to 1023 bytes: 66363944 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-12 OL-16597-01...
Page 431: Configuring Qos On Interfaces
Associates the ingress class with this policy and enters switch(config-pmap)# class class-name configuration mode for the class. Step 5 (Optional) Specifies the guaranteed percentage of switch(config-pmap-c) bandwidth percent percentage bandwidth allocated to incoming traffic of this class. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-13 OL-16597-01...
Page 432: Configuring Egress Policies
| port-channel channel-number} Note The service policy on a port channel applies to all member interfaces. Step 8 Applies the policy map to the interface. switch(config-if)# service-policy output policy-name Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-14 OL-16597-01...
Page 433 5 switch(config)# policy-map policy1-egress switch(config-pmap)# class best-effort-drop-class switch(config-pmap-c)# bandwidth percent 20 switch(config)# interface ethernet 1/1 switch(config-if)# service-policy output policy1-egress Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-15 OL-16597-01...
Page 434 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 435: San Switching
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m A R T SAN Switching...
Page 436 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m...
Page 437: Information About Fibre Channel Interfaces
Buffer-to-Buffer Credits, page 32-7 • Licensing Requirements On Cisco Nexus 5000 Series switches, Fibre Channel capability is included in the Storage Protocol Services license. Ensure that you have the correct license installed (N5010SS or N5020SS) before using Fibre Channel interfaces and capabilities.
Page 438: Physical Fibre Channel Interfaces
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Physical Fibre Channel Interfaces Cisco Nexus 5000 Series switches provide up to eight physical Fibre Channel uplinks. The Fibre Channel interfaces are supported on optional expansion modules. The Fibre Channel plus Ethernet expansion module contains four Fibre Channel interfaces.
Page 439 N ports. E ports support class 3 and class F service. An E port connected to another switch may also be configured to form a SAN port channel (see Chapter 36, “Configuring SAN Port Channels”). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-3 OL-16597-01...
Page 440 (host or disk), it operates in F port mode. If the interface is attached to a third-party switch, it operates in E port mode. If the interface is attached to another switch in the Cisco Nexus 5000 Series or Cisco MDS 9000 Family, it may become operational in TE port mode (see Chapter 35, “Configuring...
Page 441: Interface States
Status Reason Code None. Down Down Administratively down. If you administratively configure an interface as down, you disable the interface. No traffic is received or transmitted. Down Table 32-4. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-5 OL-16597-01...
Page 442 Isolation because limit of The interface is isolated because the switch is already active port channels is configured with the maximum number of active SAN exceeded. port channels. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-6 OL-16597-01...
Page 443: Buffer-To-Buffer Credits
BB_credits are negotiated on a per-hop basis. In Cisco Nexus 5000 Series switches, the BB_credit mechanism is used on Fibre Channel interfaces but not on virtual Fibre Channel interfaces. Virtual Fibre Channel interfaces provide flow control based on capabilities of the underlying physical Ethernet interface.
Page 444: Configuring A Fibre Channel Interface
When a Fibre Channel interface is configured, it Note is automatically assigned a unique world wide name (WWN). If the interface’s operational state is up, it is also assigned a Fibre Channel ID (FC ID). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-8 OL-16597-01...
Page 445: Setting The Interface Administrative State
To configure the interface mode, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configuration terminal Step 2 Selects a Fibre Channel interface and enters interface switch(config)# interface {fc slot/port}|{vfc vfc-id} configuration mode. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-9 OL-16597-01...
Page 446: Configuring The Interface Description
To configure the port speed of the interface, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configuration terminal Step 2 Selects the specified interface and enters interface switch(config)# interface fc slot/port configuration mode. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-10 OL-16597-01...
Page 447: Configuring Sd Port Frame Encapsulation
The bit error rate threshold is used by the switch to detect an increased error rate before performance degradation seriously affects traffic. The bit errors can occur for the following reasons: • Faulty or bad cable. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-11 OL-16597-01...
Page 448: Configuring Buffer-To-Buffer Credits
To configure BB_credits for a Fibre Channel interface, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configuration terminal Step 2 Selects a Fibre Channel interface and enters interface switch(config)# interface fc slot/port configuration mode. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-12 OL-16597-01...
Page 449: Configuring Global Attributes For Fibre Channel Interfaces
To configure switch port attributes, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configuration terminal Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-13 OL-16597-01...
Page 450: About N Port Identifier Virtualization
You must globally enable NPIV for all VSANs on the switch to allow the NPIV-enabled applications to use multiple N port identifiers. All of the N port identifiers are allocated in the same VSAN. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-14 OL-16597-01...
Page 451: Verifying Fibre Channel Interfaces
The small form-factor pluggable (SFP) hardware transmitters are identified by their acronyms when displayed in the show interface brief command. If the related SFP has a Cisco-assigned extended ID, then the show interface and show interface brief commands display the ID instead of the transmitter type.
Page 452 2000 interface fc3/5 switchport mode E interface fc3/5 channel-group 11 force no shutdown The following example shows the interface display when showing the running configuration for a specific interface: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-16 OL-16597-01...
Page 453: Verifying Bb_Credit Information
Fibre Channel interface parameters. Table 32-6 Default Virtual Fibre Channel Interface Parameters Parameters Default Interface mode Auto Interface speed Administrative state Shutdown (unless changed during initial setup) Trunk mode Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-17 OL-16597-01...
Page 454 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Table 32-6 Default Virtual Fibre Channel Interface Parameters (continued) Parameters Default Trunk-allowed VSANs Interface VSAN Default VSAN (1) EISL encapsulation Data field size Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-18 OL-16597-01...
Page 455: Chapter 33 Configuring Domain Parameters
Fabric reconfiguration—This phase guarantees a resynchronization of all switches in the fabric to • ensure they simultaneously restart a new principal switch selection phase. Figure 33-1 for an example fcdomain configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-1 OL-16597-01...
Page 456 Disabling or Reenabling fcdomains, page 33-5 • Configuring Fabric Names, page 33-5 • About Incoming RCFs, page 33-5 • Rejecting Incoming RCFs, page 33-6 • About Autoreconfiguring Merged Fabrics, page 33-6 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-2 OL-16597-01...
Page 457: About Domain Restart
VSAN, and together take at least 15 seconds to complete. To reduce the time required for the domain manager to select a new principal link, you can enable the domain manager fast restart feature. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-3 OL-16597-01...
Page 458: Enabling Domain Manager Fast Restart
VSAN vsan-id switch in the specified VSAN. Reverts the priority to the factory default (128) switch(config)# no fcdomain priority number VSAN vsan-id in the specified VSAN. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-4 OL-16597-01...
Page 459: About Fcdomain Initiation
No fcdomain restart is required. You do not need to configure the RFC reject option on virtual Fibre Channel interfaces, because these Note interfaces operate only in F port mode. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-5 OL-16597-01...
Page 460: Rejecting Incoming Rcfs
Domain IDs uniquely identify a switch in a VSAN. A switch may have different domain IDs in different VSANs. The domain ID is part of the overall FC ID. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-6 OL-16597-01...
Page 461: About Domain Ids
The local switch sends a configured domain ID request to the principal switch. The principal switch assigns the requested domain ID if available. Otherwise, it assigns another available domain ID. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-7 OL-16597-01...
Page 462 ID lists currently configured in the VSAN. Alternatively, you can also configure zero-preferred domain ID. You must enter the fcdomain restart command if you want to apply the configured domain changes to Caution the runtime domain. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-8 OL-16597-01...
Page 463: Specifying Static Or Preferred Domain Ids
Use allowed domain ID lists to design your VSANs with nonoverlapping domain IDs. This helps you in the future if you need to implement IVR without the NAT feature. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-9 OL-16597-01...
Page 464: Configuring Allowed Domain Id Lists
About CFS Distribution of Allowed Domain ID Lists You can enable the distribution of the allowed domain ID list configuration information to all Cisco SAN switches in the fabric using the Cisco Fabric Services (CFS) infrastructure. This feature allows you to synchronize the configuration across the fabric from the console of a single switch.
Page 465: Locking The Fabric
To discard pending domain configuration changes and release the lock, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configuration terminal switch(config)# Step 2 Discards the pending domain configuration changes. switch(config)# fcdomain abort vsan vsan-id Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-11 OL-16597-01...
Page 466: Clearing A Fabric Lock
Assigned or unallowed domain IDs: 24,100. [User] configured allowed domain IDs: 1-239. Pending Configured Allowed Domains ---------------------------------- VSAN 10 Assigned or unallowed domain IDs: 1-9,24,100,231-239. [User] configured allowed domain IDs: 10-230. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-12 OL-16597-01...
Page 467: Displaying Session Status
VSAN. FC IDs When an N port logs into a Cisco Nexus 5000 Series switch, it is assigned an FC ID. By default, the persistent FC ID feature is enabled. If this feature is disabled, the following situations can occur: An N port logs into a Cisco Nexus 5000 Series switch.
Page 468: About Persistent Fc Ids
FCID(s) persistent feature is enabled. IDs in the specified VSAN. Disables the FC ID persistency feature switch(config)# no fcdomain fcid persistent vsan vsan-id in the specified VSAN. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-14 OL-16597-01...
Page 469: Persistent Fc Id Configuration Guidelines
(11:22:11:22:33:44:33:44) with the FC IDs 0x070100 through 0x701FF in the specified VSAN. To secure the entire area for this Note fcdomain, assign 00 as the last two characters of the FC ID. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-15 OL-16597-01...
Page 470: About Unique Area Fc Ids For Hbas
FC ID. Cisco Nexus 5000 Series switches facilitate this requirement with the FC ID persistence feature. You can use this feature to preassign an FC ID with a different area to either the storage port or the HBA port.
Page 471: About Persistent Fc Id Selective Purging
Assign a new FC ID with a different area allocation. In this example, we replace 77 with ee. Step 5 switch# configuration terminal switch(config)# fcdomain fcid database switch(config-fcid-db)# vsan 3 wwn 50:05:08:b2:00:71:c8:c2 fcid 0x6fee00 area Enable the HBA interface in the Cisco Nexus 5000 Series switch. Step 6 switch# configuration terminal switch(config)# interface vfc20/1 switch(config-if)# no shutdown...
Page 472: Purging Persistent Fc Ids
The following example shows how to display all existing, persistent FC IDs for a specified VSAN. You can also specify the unused option to view only persistent FC IDs that are still not in use. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-18...
Page 473: Default Settings
Preferred auto-reconfigure option Disabled contiguous-allocation option Disabled Priority Allowed list 1 to 239 Fabric name 20:01:00:05:30:00:28:df rcf-reject Disabled Persistent FC ID Enabled Allowed domain ID list configuration distribution Disabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-19 OL-16597-01...
Page 474 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 475: Chapter 34 Configuring N Port Virtualization
• NPV Overview By default, Cisco Nexus 5000 Series switches operate in fabric mode. In this mode, the switch provides standard Fibre Channel switching capability and features. In fabric mode, each switch that joins a SAN is assigned a domain ID. Each SAN (or VSAN) supports a maximum of 239 domain IDs, so the SAN has a limit of 239 switches.
Page 476: Npv Mode
Server interfaces are automatically distributed among the NP uplinks to the core switch. All of the end devices connected to a server interface are mapped to the same NP uplink. In Cisco Nexus 5000 Series switches, server interfaces can be physical or virtual Fibre Channel interfaces.
Page 477: Np Uplinks (External Interfaces)
In the switch CLI configuration commands and output displays, NP uplinks are called External Note Interfaces. In Cisco Nexus 5000 Series switches, NP uplink interfaces must be native Fibre Channel interfaces. FLOGI Operation When an NP port becomes operational, the switch first logs itself in to the core switch by sending a FLOGI request (using the port WWN of the NP port).
Page 478: Npv Traffic Management
For additional information about zoning, see the “Information About Zoning” section on page 38-1. NPV Traffic Management Cisco Nexus 5000 Series switches provide NPV traffic management features. This section describes NPV traffic management and includes the following topics: • Automatic Uplink Selection, page 34-4 •...
Page 479: Npv Traffic Management Guidelines
All the end device pWWNs must also be in the port security database. – Edge switches can connect to multiple core switches. In other words, different NP ports can be • connected to different core switches. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 34-5 OL-16597-01...
Page 480: Configuring Npv
NPV mode. A write-erase is performed during the Note initialization. Step 3 Disables NPV mode, which results in a reload of switch(config-npv)# no npv enable switch(config)# the switch. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 34-6 OL-16597-01...
Page 481: Configuring Npv Interfaces
NP uplinks. If a server interface is already mapped to an NP uplink, you should include this mapping in the traffic Note map configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 34-7 OL-16597-01...
Page 482: Verifying Npv
Verifying NPV To display information about NPV, perform the following task: Command Purpose Displays the NPV configuration. switch# show npv flogi-table [all] Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 34-8 OL-16597-01...
Page 483: Verifying Npv Traffic Management
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m To display a list of devices on a server interface and their assigned NP uplinks, enter the show npv flogi-table command on the Cisco Nexus 5000 Series switch: switch# show npv flogi-table...
Page 484 To display the disruptive load-balancing status, enter the show npv status command: switch# show npv status npiv is enabled disruptive load balancing is enabled External Interfaces: ==================== Interface: fc2/1, VSAN: 2, FCID: 0x1c0000, State: Up Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 34-10 OL-16597-01...
Page 485: Chapter 35 Configuring Vsan Trunking
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Configuring VSAN Trunking This chapter describes the VSAN trunking feature provided in Cisco Nexus 5000 Series switches. This chapter includes the following sections: Information About VSAN Trunking, page 35-1 •...
Page 486: Vsan Trunking Mismatches
Third-Party Switch VSAN Mismatch VSAN 2 and VSAN 3 are effectively merged with overlapping entries in the name server and the zone applications. The Cisco MDS 9000 Fabric Manager helps detect such topologies. VSAN Trunking Protocol The trunking protocol is important for E-port and TE-port operations. It supports the following capabilities: Dynamic negotiation of operational trunk mode.
Page 487: Configuring Vsan Trunking
Switch 2 Trunking State Port Mode Auto or on Trunking (EISL) TE port Auto, on, or off No trunking (ISL) E port Auto Auto No trunking (ISL) E port Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 35-3 OL-16597-01...
Page 488: Configuring Trunk Mode
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m The preferred configuration on the Cisco Nexus 5000 Series switches is that one side of the trunk is set to auto and the other is set to on.
Page 489 The ISL between switch 3 and switch 1 includes VSAN 1, 2, and 5. • Consequently, VSAN 2 can only be routed from switch 1 through switch 3 to switch 2. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 35-5 OL-16597-01...
Page 490: Configuring An Allowed-Active List Of Vsans
TE port. Without any arguments, this command displays the information for all of the configured interfaces in the switch. The following example shows how to display the trunk mode of a Fibre Channel interface: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 35-6 OL-16597-01...
Page 491: Default Settings
Table 35-2 Default Trunk Configuration Parameters Parameters Default Switch port trunk mode Allowed VSAN list 1 to 4093 user-defined VSAN IDs Trunking protocol Enabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 35-7 OL-16597-01...
Page 492 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 493: Chapter 36 Configuring San Port Channels
The routing tables are not affected by link failure. Cisco Nexus 5000 Series switches support a maximum of four SAN port channels (with eight interfaces per port channel). A port channel number refers to the unique (within each switch) identifier associated with each channel group.
Page 494: Understanding Port Channels And Vsan Trunking
Understanding Load Balancing, page 36-2 • Understanding Port Channels and VSAN Trunking Switches in the Cisco Nexus 5000 Series implement VSAN trunking and port channels as follows: A SAN port channel enables several physical links to be combined into one aggregated logical link. •...
Page 495 For exchange 1, no frame uses link 2. For the next exchange, link 2 is chosen by the hash algorithm. Now all frames in exchange 2 use link 2. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-3...
Page 496: Configuring San Port Channels
Valid SAN Port Channel Configurations Channel Group 10 Channel Group 20 Channel Group 10 Channel Group 20 Switch A Switch B Switch A Switch B Channel Group 1 Channel Group 2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-4 OL-16597-01...
Page 497: San Port Channel Configuration Guidelines
If you misconfigure SAN port channels, you may receive a misconfiguration message. If you receive this message, the port channel’s physical links are disabled because an error has been detected. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-5...
Page 498: Creating A San Port Channel
On mode behavior. The Active port channel mode allows automatic recovery without explicitly enabling and disabling the port channel member ports at either end. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-6 OL-16597-01...
Page 499: About San Port Channel Deletion
(active and on) used, the ports at either end are gracefully brought down, indicating that no frames are lost when the interface is going down (see the “Setting the Interface Administrative State” section on page 32-9). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-7 OL-16597-01...
Page 500: Deleting San Port Channels
• Forcing an Interface Addition, page 36-10 • About Interface Deletion from a SAN Port Channel, page 36-10 • Deleting an Interface from a SAN Port Channel, page 36-11 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-8 OL-16597-01...
Page 501: About Interface Addition To A San Port Channel
Step 3 Adds the Fibre Channel interface to the switch(config-if)# channel-group channel-number specified channel group. If the channel group does not exist, it is created. The port is shut down. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-9 OL-16597-01...
Page 502: Forcing An Interface Addition
You must explicitly enable those ports again. • If you use the Active mode, then the port channel ports automatically recover from the deletion. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-10 OL-16597-01...
Page 503: Deleting An Interface From A San Port Channel
The port channel protocol is enabled by default. The port channel protocol expands the port channel functional model in Cisco SAN switches. It uses the exchange peer parameters (EPP) services to communicate across peer ports in an ISL. Each switch uses the information received from the peer ports along with its local configuration and operational values to decide if it should be part of a SAN port channel.
Page 504: About Channel Group Creation
Member ports cannot participate in autocreation None of these ports are members of a of channel groups. The autocreation feature user-configured channel group. cannot be configured. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-12 OL-16597-01...
Page 505: Autocreation Guidelines
If autocreation of channel groups is enabled for an interface, you must first disable autocreation • before downgrading to earlier software versions or before configuring the interface in a manually configured channel group. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-13 OL-16597-01...
Page 506: Enabling And Configuring Autocreation
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m When enabling autocreation in any switch in the Cisco Nexus 5000 Series, we recommend that you retain at least one interconnected port between the switches without any autocreation configuration.
Page 507: Verifying San Port Channel Configuration
Hardware is Fibre Channel, FCOT is short wave laser Port WWN is 20:0a:00:0b:5f:3b:fe:80 Receive data field Size is 2112 Beacon is turned off Port-channel auto creation is enabled Belongs to port-channel 123 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-15 OL-16597-01...
Page 508: Default Settings
SAN port channels. Table 36-3 Default SAN Port Channel Parameters Parameters Default Port channels FSPF is enabled by default. Create port channel Administratively up. Default port channel mode Autocreation Disabled. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-16 OL-16597-01...
Page 509: Chapter 37 Configuring And Managing Vsans
The same Fibre Channel IDs (FC IDs) can be assigned to a host in another VSAN, which increases VSAN scalability. Every instance of a VSAN runs all required protocols such as FSPF, domain manager, and zoning. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-1 OL-16597-01...
Page 510 The application servers or storage arrays can be connected to the switch using Fibre Channel or virtual Fibre Channel interfaces. A VSAN can include a mixture of Fibre Channel and virtual Fibre Channel interfaces. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-2 OL-16597-01...
Page 511: Vsan Advantages
Backup traffic on separate VSANs – Replicating data from user traffic – VSANs can meet the needs of a particular department or application. • VSAN Advantages VSANs offer the following advantages: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-3 OL-16597-01...
Page 512: Vsans Versus Zones
Channel standards. In VSAN 7, two zones are defined: zone A and zone D. No zone crosses the VSAN boundary. Zone A defined in VSAN 2 is different and separate from zone A defined in VSAN 7. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-4...
Page 513: Configuring Vsans
(src-dst-id) or the originator exchange OX ID (src-dst-ox-id, the default) for load-balancing path selection. This section describes how to create and configure VSANs and includes the following topics: About VSAN Creation, page 37-6 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-5 OL-16597-01...
Page 514: About Vsan Creation
Step 6 Negates the suspend command issued in the switch(config-vsan-db)# no vsan vsan-id suspend previous step. Step 7 Returns you to EXEC mode. switch(config-vsan-db)# end switch# Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-6 OL-16597-01...
Page 515: About Port Vsan Membership
Dynamically—Assigning VSANs based on the device WWN. This method is referred to as dynamic port VSAN membership (DPVM). Cisco Nexus 5000 Series switches do not support DPVM. VSAN trunking ports have an associated list of VSANs that are part of an allowed list (see Chapter 35, “Configuring VSAN...
Page 516: About The Default Vsan
About the Default VSAN The factory settings for switches in the Cisco Nexus 5000 Series have only the default VSAN 1 enabled. We recommend that you do not use VSAN 1 as your production environment VSAN. If no VSANs are configured, all devices in the fabric are considered part of the default VSAN.
Page 517: Operational State Of A Vsan
Any commands for a nonconfigured VSAN are rejected. For example, if VSAN 10 is not configured in the system, then a command request to move a port to VSAN 10 is rejected. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-9...
Page 518: Deleting Static Vsans
Step 6 Negates the suspend command entered in the switch(config-vsan-db)# no vsan vsan-id suspend previous step. Step 7 Returns you to EXEC mode. switch(config-vsan-db)# end switch# Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-10 OL-16597-01...
Page 519: About Interop Mode
Default VSAN VSAN 1. State Active state. Name Concatenation of VSAN and a four-digit string representing the VSAN ID. For example, VSAN 3 is VSAN0003. Load-balancing attribute OX ID (src-dst-ox-id). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-11 OL-16597-01...
Page 520 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 521: Chapter 38 Configuring And Managing Zones
Zoning is described in the following topics: • Zoning Features, page 38-2 Zoning Example, page 38-3 • Zone Implementation, page 38-4 • Active and Full Zone Set Configuration Guidelines, page 38-4 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-1 OL-16597-01...
Page 522: Zoning Features
This membership is also referred to as interface-based zoning. Interface and domain ID—Specifies the interface of a switch identified by the domain ID. – Domain ID and port number—Specifies the domain ID of a Cisco switch domain and – additionally specifies a port belonging to a non-Cisco switch.
Page 523: Zoning Example
You can configure up to 8000 zones per VSAN and a maximum of 8000 zones for all VSANs on the switch. Note Interface-based zoning only works with Cisco SAN switches. Interface-based zoning does not work for VSANs configured in interop mode. Zoning Example Figure 38-1 shows a zone set with two zones, zone 1 and zone 2, in a fabric.
Page 524: Zone Implementation
Fabric with Three Zones Zone 1 Fabric Zone 3 Zone 2 Zone Implementation Cisco Nexus 5000 Series switches automatically support the following basic zone features (no additional configuration is required): Zones are contained in a VSAN. • Hard zoning cannot be disabled. •...
Page 525 You do not need to explicitly deactivate the currently active zone set before activating a new zone set. Figure 38-3 shows a zone being added to an activated zone set. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-5 OL-16597-01...
Page 526 Zone C Zone C Zone E Zone D Zone D Active Zone set Z1 zone set Zone A Zone B Zone C Zone D After activating Zone set Z1 again Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-6 OL-16597-01...
Page 527: Configuring Zones
Use the show wwn switch command to retrieve the sWWN. If you do not provide a sWWN, the software automatically uses the local sWWN. The following examples show how to configure zone members: switch(config)# zone name MyZone vsan 2 pWWN example: switch(config-zone)# member pwwn 10:00:00:23:45:67:89:ab Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-7 OL-16597-01...
Page 528: Zone Sets
• About FC Alias Creation, page 38-10 • Creating FC Aliases, page 38-11 • Creating Zone Sets and Adding Member Zones, page 38-12 • • Zone Enforcement, page 38-13 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-8 OL-16597-01...
Page 529: Activating A Zone Set
Step 2 Activates the specified zone set. switch(config)# zoneset activate name zoneset-name vsan vsan-id Deactivates the specified zone set. switch(config)# no zoneset activate name zoneset-name vsan vsan-id Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-9 OL-16597-01...
Page 530: About The Default Zone
• fWWN—The WWN of the fabric port name is in hex format (for example, • 10:00:00:23:45:67:89:ab). FC ID—The N port ID is in 0xhhhhhh format (for example, 0xce00d1). • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-10 OL-16597-01...
Page 531: Creating Fc Aliases
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Domain ID—The domain ID is an integer from 1 to 239. A mandatory port number of a non-Cisco •...
Page 532: Creating Zone Sets And Adding Member Zones
You do not have to copy the running configuration to the startup configuration to store the active zone set. However, you need to copy the running configuration to the startup configuration to explicitly store full zone sets. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-12 OL-16597-01...
Page 533: Zone Enforcement
Hard zoning enforces zoning restrictions on every frame, and prevents unauthorized access. Note Cisco Nexus 5000 Series switches support both hard and soft zoning. Zone Set Distribution You can distribute full zone sets using one of two methods: one-time distribution using the zoneset distribute vsan command at the EXEC mode level or full zone set distribution using the zoneset distribute full vsan command at the configuration mode level.
Page 534: Enabling Full Zone Set Distribution
Enabling Full Zone Set Distribution All switches in the Cisco Nexus 5000 Series distribute active zone sets when new E port links come up or when a new zone set is activated in a VSAN. The zone set distribution takes effect while sending merge requests to the adjacent switch or while activating a zone set.
Page 535: Importing And Exporting Zone Sets
VSANs. Perform the import and export operations from a single switch. Importing from one switch and exporting Note from another switch can lead to isolation again. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-15 OL-16597-01...
Page 536: Zone Set Duplication
Clearing the Zone Server Database, page 38-17 Copying Zone Sets On Cisco Nexus 5000 Series switches, you cannot edit an active zone set. However, you can copy an active zone set to create a new zone set that you can edit.
Page 537: Cloning Zones, Zone Sets, Fc Aliases, And Zone Attribute Groups
Clearing a zone set only erases the full zone database, not the active zone database. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-17 OL-16597-01...
Page 538: Verifying Zone Information
About Enhanced Zoning, page 38-19 • Changing from Basic Zoning to Enhanced Zoning, page 38-20 • Changing from Enhanced Zoning to Basic Zoning, page 38-20 • Enabling Enhanced Zoning, page 38-20 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-18 OL-16597-01...
Page 539: About Enhanced Zoning
• Verifying Enhanced Zone Information, page 38-24 • About Enhanced Zoning Table 38-4 lists the advantages of the enhanced zoning feature in all switches in the Cisco Nexus 5000 Series. Table 38-4 Advantages of Enhanced Zoning Basic Zoning Enhanced Zoning...
Page 540: Changing From Basic Zoning To Enhanced Zoning
Changing from Enhanced Zoning to Basic Zoning Cisco SAN switches allow you to change from enhanced zoning to basic zoning to enable you to downgrade and upgrade to other Cisco NX-OS releases. To change to the basic zoning mode from the enhanced mode, perform this task:...
Page 541: Modifying The Zone Database
If session locks remain on remote switches after using the no zone commit vsan command, you can use the clear zone lock vsan command on the remote switches. switch# clear zone lock vsan 2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-21 OL-16597-01...
Page 542: Merging The Database
If the setting is restrict, the active zone set and the full zone set should be identical. Otherwise, the link is isolated. If the setting is allow, then the merge rules are used to perform the merge. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-22 OL-16597-01...
Page 543: Configuring Zone Merge Control Policies
Because VSAN 1 is the default VSAN and is always present on the switch, the system default zone Note commands have no effect on VSAN 1. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-23 OL-16597-01...
Page 544: Verifying Enhanced Zone Information
The following example shows how to display active zoning analysis: switch# show zone analysis active vsan 1 See the Cisco Nexus 5000 Series Switch Command Reference for the description of the information displayed in the command output. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 545: Default Settings
Table 38-6 Default Basic Zone Parameters Parameters Default Default zone policy Denied to all members. Full zone set distribute The full zone set(s) is not distributed. Enhanced zoning Disabled. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-25 OL-16597-01...
Page 546 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 547: Chapter 39 Distributing Device Alias Services
When the port WWN (pWWN) of a device must be specified to configure features (for example, zoning, DPVM, or port security) in a Cisco Nexus 5000 Series switch, you must assign the correct device name each time you configure these features. An inaccurate device name may cause unexpected results. You can circumvent this problem if you define a user-friendly name for a pWWN and use this name in all the configuration commands as required.
Page 548: Device Alias Requirements
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m The device alias application uses the Cisco Fabric Services (CFS) infrastructure to enable efficient •...
Page 549: Creating Device Aliases
Renames an existing device alias with a new name. switch(config-device-alias-db)# device-alias rename old-device-name new-device-name To display the device alias configuration, use the show device-alias name command: switch# show device-alias name x device-alias name x pwwn 21:01:00:e0:8b:2e:80:93 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 39-3 OL-16597-01...
Page 550: Device Alias Modes
If a device alias name is mapped to a new HBA’s pWWN, then the application’s enforcement • changes accordingly. In this case, the zone server automatically enforces zoning based on the new HBA’s pWWN. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 39-4 OL-16597-01...
Page 551: Configuring Device Alias Modes
Once you lock the fabric, the following situations apply: • No other user can make any configuration changes to this feature. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 39-5 OL-16597-01...
Page 552: Committing Changes
To display the status of the discard operation, use the show device alias status command. switch# show device-alias status Fabric Distribution: Enabled Database:- Device Aliases 24 Status of the last CFS operation issued from this switch: ========================================================== Operation: Abort Status: Success Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 39-6 OL-16597-01...
Page 553: Fabric Lock Override
The following example shows the device alias display when distribution is disabled: switch# show device-alias status Fabric Distribution: Disabled Database:- Device Aliases 24 Status of the last CFS operation issued from this switch: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 39-7 OL-16597-01...
Page 554: About Legacy Zone Alias Configuration
Verify that the combined number of device aliases in both databases does not exceed 8K (8191 • device aliases) in fabrics running Cisco MDS SAN-OS Release 3.0 (x) and earlier, and 20K in fabrics running Cisco MDS SAN-OS Release 3.1(x) and later.
Page 555: Verifying Device Alias Configuration
- device-alias name Doc pwwn 21:01:02:03:00:01:01:01 + device-alias name SampleName pwwn 21:00:00:e0:8b:0b:66:56 Where available, device aliases are displayed regardless of a member being configured using a device-alias command or a zone-specific member pwwn command. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 39-9 OL-16597-01...
Page 556: Default Settings
Device alias distribution Enabled. Device alias mode Basic. Database in use Effective database. Database to accept changes Pending database. Device alias fabric lock state Locked with the first device alias task. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 39-10 OL-16597-01...
Page 557: Chapter 40 Configuring Fibre Channel Routing Services And Protocols
Fabric Shortest Path First (FSPF) is the standard path selection protocol used by Fibre Channel fabrics. The FSPF feature is enabled by default on the E mode and TE mode Fibre Channel interfaces on Cisco Nexus 5000 Series switches. Except in configurations that require special consideration, you do not need to configure any FSPF services.
Page 558: Fspf Examples
Figure 40-2 shows this arrangement. Because switches in the Cisco Nexus 5000 Series support port channels, each pair of physical links can appear to the FSPF protocol as one single logical link. By bundling pairs of physical links, FSPF efficiency is considerably improved by the reduced database size and the frequency of link updates.
Page 559: Fspf Global Configuration
FSPF Global Configuration By default, FSPF is enabled on switches in the Cisco Nexus 5000 Series. Some FSPF features can be globally configured in each VSAN. By configuring a feature for the entire VSAN, you do not have to specify the VSAN number for every command. This global configuration feature also reduces the chance of typing errors or other minor configuration errors.
Page 560: About Link State Records
If the specified time is shorter, the routing is Note faster. However, the processor consumption increases accordingly. Step 5 Configures the autonomous region for this VSAN and switch-config-(fspf-config)# region region-id specifies the region ID. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-4 OL-16597-01...
Page 561: Resetting Fspf To The Default Configuration
• About Hello Time Intervals, page 40-6 • Configuring Hello Time Intervals, page 40-6 • • About Dead Time Intervals, page 40-7 • Configuring Dead Time Intervals, page 40-7 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-5 OL-16597-01...
Page 562: About Fspf Link Cost
This value must be the same in the ports at both ends of the ISL. Note Configuring Hello Time Intervals To configure the FSPF Hello time interval, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configuration terminal Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-6 OL-16597-01...
Page 563: About Dead Time Intervals
The integer value to specify retransmit intervals can range from 1 to 65,535 seconds. This value must be the same on the switches on both ends of the interface. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-7 OL-16597-01...
Page 564: Configuring Retransmitting Intervals
You can disable the FSPF protocol for selected interfaces. By default, FSPF is enabled on all E ports and TE ports. This default can be disabled by setting the interface as passive. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-8...
Page 565: Clearing Fspf Counters For An Interface
ID 3) in the switch with domain ID 1 (see Figure 40-3). Figure 40-3 Fibre Channel Routes Domain ID 7 fc1/1 Domain ID 1 Domain ID 3 FC ID 111211 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-9 OL-16597-01...
Page 566: Configuring Fibre Channel Routes
Some Fibre Channel protocols or applications cannot handle out-of-order frame delivery. In these cases, switches in the Cisco Nexus 5000 Series preserve frame ordering in the frame flow. The source ID (SID), destination ID (DID), and optionally the originator exchange ID (OX ID) identify the flow of the frame.
Page 567: About Reordering Network Frames
When a link change occurs in a SAN port channel, the frames for the same exchange or the same flow can switch from one path to another faster path. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-11 OL-16597-01...
Page 568: About Enabling In-Order Delivery
We recommend that you only enable this feature when devices that cannot handle any out-of-order frames are present in the switch. Load-balancing algorithms within the Cisco Nexus 5000 Series switch ensure that frames are delivered in order during normal fabric operation. The load-balancing algorithms based on source FC ID, destination FC ID, and exchange ID are enforced in hardware without any performance degradation.
Page 569: Enabling In-Order Delivery For A Vsan
3452 inorder delivery:guaranteed Configuring the Drop Latency Time You can change the default latency time for a network, a specified VSAN in a network, or for the entire switch. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-13 OL-16597-01...
Page 570: Displaying Latency Information
About Flow Statistics, page 40-15 • Counting Aggregated Flow Statistics, page 40-15 • Counting Individual Flow Statistics, page 40-15 Clearing FIB Statistics, page 40-15 • Displaying Flow Statistics, page 40-16 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-14 OL-16597-01...
Page 571: About Flow Statistics
1 The following example clears the flow counters for source and destination FC IDs: switch# clear fcflow stats index 1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-15 OL-16597-01...
Page 572: Displaying Flow Statistics
20 seconds. Dead interval 80 seconds. Distribution tree information Derived from the principal switch (root node). Routing table FSPF stores up to 16 equal cost paths to a given destination. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-16 OL-16597-01...
Page 573 10. Remote destination switch If the remote destination switch is not specified, the default is direct. Multicast routing Uses the principal switch to compute the multicast tree. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-17 OL-16597-01...
Page 574 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 575: Chapter 41 Managing Flogi, Name Server, Fdmi, And Rscn Databases
This chapter describes the fabric login (FLOGI) database, the name server features, the Fabric-Device Management Interface (FDMI), and Registered State Change Notification (RSCN) information provided in Cisco Nexus 5000 Series switches. It includes the following sections: Information About Fabric Login, page 41-1 •...
Page 576: Name Server Proxy
You can prevent malicious or accidental log in using another device’s pWWN by enabling the reject-duplicate-pwwn option. If you disable this option, these pWWNs are allowed to log in to the fabric and replace the first device in the name server database. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 41-2 OL-16597-01...
Page 577: Rejecting Duplicate Pwwns
21:00:00:20:37:a6:be:14 (Seagate) scsi-fcp Total number of entries = 4 The following example shows how to display the name server database details for all VSANs: switch# show fcns database detail Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 41-3 OL-16597-01...
Page 578: Fdmi
FDMI Cisco Nexus 5000 Series switches provide support for the Fabric-Device Management Interface (FDMI) functionality, as described in the FC-GS-4 standard. FDMI enables management of devices such as Fibre Channel host bus adapters (HBAs) through in-band communications. This addition complements the existing Fibre Channel name server and management server functions.
Page 579: About Rscn Information
IDs (in this case, both D1 and D2). Some Nx ports may not support multi-pid RSCN payloads. If so, disable the RSCN multi-pid option. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 41-5 OL-16597-01...
Page 580: Configuring The Multi-Pid Option
GMAL and GIELN commands to the switch that initiated the domain format SW-RSCN to determine what changed. Domain format SW-RSCNs can cause problems with some non-Cisco SAN switches. For additional information, see the Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide, available at the following location: http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/interoperability/guide/intopgd.html...
Page 581: Configuring The Rscn Timer
You verify the RSCN timer configuration using the show rscn event-tov vsan command. The following example shows how to clear the RSCN statistics for VSAN 10: switch# show rscn event-tov vsan 10 Event TOV : 1000 ms Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 41-7 OL-16597-01...
Page 582: Rscn Timer Configuration Distribution
This means different N-ports in a network can receive RSCNs at different times. Cisco Fabric Services (CFS) infrastructure alleviates this situation by automatically distributing the RSCN timer configuration information to all switches in a fabric. This also reduces the number of SW-RSCNs.
Page 583 Displaying RSCN Configuration Distribution Information The following example shows how to display the registration status for RSCN configuration distribution: switch# show cfs application name rscn Enabled : Yes Timeout : 5s Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 41-9 OL-16597-01...
Page 584: Default Settings
Table 41-1 lists the default settings for RSCN. Table 41-1 Default RSCN Settings Parameters Default RSCN timer value 2000 milliseconds for Fibre Channel VSANs RSCN timer configuration distribution Disabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 41-10 OL-16597-01...
Page 585: Information About Scsi Lun Discovery
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Discovering SCSI Targets This chapter describes the SCSI LUN discovery feature provided in switches in the Cisco Nexus 5000 Series. It includes the following sections: Information About SCSI LUN Discovery, page 42-1 •...
Page 586: Starting Scsi Lun Discovery
Adds the specified entry to the custom list. switch# discover custom-list add vsan vsan-id domain domain-id Deletes the specified domain ID from the custom list. switch# discover custom-list delete vsan vsan-id domain domain-id Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 42-2 OL-16597-01...
Page 587: Displaying Scsi Lun Information
The following example displays the port WWN that is assigned to each operating system (Windows, AIX, Solaris, Linux, or HPUX): switch# show scsi-target pwwn Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 42-3 OL-16597-01...
Page 588 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 589: Fibre Channel Timeout Values
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Advanced Fibre Channel Features and Concepts This chapter describes the advanced Fibre Channel features provided in Cisco Nexus 5000 Series switches. It includes the following sections: Fibre Channel Timeout Values, page 43-1 •...
Page 590: Timer Configuration Across All Vsans
Configures the D_S_TOV timeout value (in switch(config#)# fctimer D_S_TOV timeout vsan vsan-id milliseconds) for the specified VSAN. Suspends the VSAN temporarily. You have the option to end this command, if required. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 43-2 OL-16597-01...
Page 591: About Fctimer Distribution
About fctimer Distribution You can enable per-VSAN fctimer fabric distribution for all Cisco SAN switches in the fabric. When you perform fctimer configurations, and distribution is enabled, that configuration is distributed to all the switches in the fabric.
Page 592: Discarding Fctimer Changes
The number of pending fctimer configuration operations cannot be more than 15. After 15 operations, Note you must commit or abort the pending configurations before performing any more operations. See the “CFS Merge Support” section on page 21-6 for additional information. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 43-4 OL-16597-01...
Page 593: Verifying Configured Fctimer Values
WWN to a single device. The principal switch selection and the allocation of domain IDs rely on the WWN. Cisco Nexus 5000 Series switches support three network address authority (NAA) address formats (see Table 43-1).
Page 594: Verifying Wwn Information
Please enter the mac address RANGE again: 64 From now on WWN allocation would be based on new MACs. Are you sure? (yes/no) no You entered: no. Secondary MAC NOT programmed Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 43-6 OL-16597-01...
Page 595: Fc Id Allocation For Hbas
Fibre Channel standards require a unique FC ID to be allocated to an N port attached to an F port in any switch. To conserve the number of FC IDs used, Cisco Nexus 5000 Series switches use a special allocation scheme.
Page 596: Verifying The Company Id Configuration
You can also view or obtain the company IDs in a specific WWN by entering the show fcid-allocation company-id-from-wwn command. Some WWN formats do not support company IDs. In these cases, you many need to configure the FC ID persistent entry. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 43-8 OL-16597-01...
Page 597: Switch Interoperability
Mode 3—Brocade native mode (Core PID 1). Mode 4—McData native mode. • For information about configuring interop modes 2, 3, and 4, see the Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide, available at the following location: http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/interoperability/guide/intopgd.html Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 598 Domain IDs can either be static or preferred, which operate as follows: Static: Cisco switches accept only one domain ID; if a switch does not get • that domain ID it isolates itself from the fabric.
Page 599: Configuring Interop Mode 1
100 preferred vsan 1 In Cisco Nexus 5000 Series switches, the default is to request an ID from the principal switch. If the preferred option is used, Cisco Nexus 5000 Series switches request a specific ID, but still join the fabric if the principal switch assigns a different ID.
Page 600: Verifying Interoperating Status
This section highlights the commands used to verify if the fabric is up and running in interoperability mode. To verify the resulting status of entering the interoperability command in any switch in the Cisco Nexus 5000 Series, perform this task: Verify the software version.
Page 601 6.1.1.96 255.255.255.0 switchport encap default no shutdown vsan database vsan 1 interop boot system bootflash:/nx5000-system-23e.bin boot kickstart bootflash:/nx5000-kickstart-23e.bin callhome fcdomain domain 100 preferred vsan 1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 43-13 OL-16597-01...
Page 602 Step 6 switch# show fcdomain domain-list vsan 1 Number of domains: 5 Domain ID --------- ----------------------- 0x61(97) 10:00:00:60:69:50:0c:fe 0x62(98) 20:01:00:05:30:00:47:9f 0x63(99) 10:00:00:60:69:c0:0c:1d 0x64(100) 20:01:00:05:30:00:51:1f [Local] 0x65(101) 10:00:00:60:69:22:32:91 [Principal] --------- ----------------------- Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 43-14 OL-16597-01...
Page 603: Default Settings
0x651500 10:00:00:e0:69:f0:43:9f (JNI) Total number of entries = 12 The Cisco switch name server shows both local and remote entries, and does not time out the entries. Note Default Settings Table 43-3 lists the default settings for the features included in this chapter.
Page 604 Default Settings for Advanced Features (continued) Parameters Default Remote capture connection mode Passive Local capture frame limits 10 frames FC ID allocation mode Auto mode Loop monitoring Disabled Interop mode Disabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 43-16 OL-16597-01...
Page 605: Information About Fabric Authentication
Diffie-Hellman Challenge Handshake Authentication Protocol (DHCHAP) is an FC-SP protocol that provides authentication between Cisco Nexus 5000 Series switches and other devices. DHCHAP consists of the CHAP protocol combined with the Diffie-Hellman exchange.
Page 606: Dhchap
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series switches support authentication features to address physical security (see Figure 44-1).
Page 607: Dhchap Compatibility With Fibre Channel Features
Displaying Protocol Security Information, page 44-9 • DHCHAP Compatibility with Fibre Channel Features This section identifies the impact of configuring the DHCHAP feature along with existing Cisco NX-OS features: SAN port channel interfaces—If DHCHAP is enabled for ports belonging to a SAN port channel, •...
Page 608: About Enabling Dhchap
• About Enabling DHCHAP By default, the DHCHAP feature is disabled in all Cisco Nexus 5000 Series switches. You must explicitly enable the DHCHAP feature to access the configuration and verification commands for fabric authentication. When you disable this feature, all related configurations are automatically discarded.
Page 609: Configuring The Dhchap Mode
Note as setting it to zero (0). About the DHCHAP Hash Algorithm Cisco SAN switches support a default hash algorithm priority list of MD5 followed by SHA-1 for DHCHAP authentication. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 44-5...
Page 610: Configuring The Dhchap Hash Algorithm
SHA-1 hash algorithm. About the DHCHAP Group Settings All Cisco Nexus 5000 Series switches support all DHCHAP groups specified in the standard: 0 (null DH group, which does not perform the Diffie-Hellman exchange), 1, 2, 3, or 4.
Page 611: Configuring Dhchap Passwords For The Local Switch
We recommend using RADIUS or TACACS+ for fabrics with more than five switches. If you need to use a local password database, you can continue to do so using Configuration 3 and using the Cisco MDS 9000 Family Fabric Manager to manage the password database.
Page 612: Configuring Dhchap Passwords For Remote Devices
00:11:22:33:55:aa:bb:cc password 7 asdflkjh About the DHCHAP Timeout Value During the DHCHAP protocol exchange, if the Cisco Nexus 5000 Series switch does not receive the expected DHCHAP message within a specified time interval, authentication failure is assumed. The time ranges from 20 (no authentication is performed) to 1000 seconds.
Page 613: Configuring Dhchap Aaa Authentication
This section provides the steps to configure the example illustrated in Figure 44-2. Figure 44-2 Sample DHCHAP Authentication Password sent by NX-5000 to MDS-9509 int fc 1/6 int fc 4/5 Oregon Password sent by MDS-9509 to NX5000 MDS-9509 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 44-9 OL-16597-01...
Page 614 To configure the authentication setup shown in Figure 44-2, perform this task: Obtain the device name of the Cisco Nexus 5000 Series switch in the fabric. The Cisco Nexus 5000 Step 1 Series switch in the fabric is identified by the switch WWN.
Page 615: Default Settings
A priority list of MD5 followed by SHA-1 for DHCHAP authentication DHCHAP authentication mode Auto-passive DHCHAP group default priority 0, 4, 1, 2, and 3, respectively exchange order DHCHAP timeout value 30 seconds Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 44-11 OL-16597-01...
Page 616 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 617: Configuring Port Security
C H A P T E R Configuring Port Security Cisco Nexus 5000 Series switches provide port security features that reject intrusion attempts and report these intrusions to the administrator. Port security is supported on virtual Fibre Channel ports and physical Fibre Channel ports.
Page 618: Port Security Enforcement
You can instruct the switch to automatically learn (auto-learn) the port security configurations over a specified period. This feature allows any Cisco Nexus 5000 Series switch to automatically learn about devices and switches that connect to it. Use this feature when you activate the port security feature for the first time as it saves tedious manual configuration for each port.
Page 619: Port Security Activation
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Port Security Activation By default, the port security feature is not activated in Cisco Nexus 5000 Series switches. When you activate the port security feature, the following operations occur: Auto-learning is also automatically enabled, which means: •...
Page 620 Copy the running configuration to the startup configuration, which saves the port security configuration Step 6 database to the startup configuration. Repeat Step 1 through Step 6 for all switches in the fabric. Step 7 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-4 OL-16597-01...
Page 621: Enabling Port Security
Step 1 through Step 5 for all switches in the fabric. Enabling Port Security By default, the port security feature is disabled in Cisco Nexus 5000 Series switches. To enable port security, perform this task: Command Purpose Step 1 Enters configuration mode.
Page 622: Activating Port Security
Enters configuration mode. switch# configuration terminal switch(config)# Step 2 Forces the port security database to switch(config)# port-security activate vsan vsan-id force activate for the specified VSAN even if conflicts occur. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-6 OL-16597-01...
Page 623: Database Reactivation
This section includes the following topics: About Enabling Auto-Learning, page 45-8 • Enabling Auto-Learning, page 45-8 • Disabling Auto-Learning, page 45-8 • Auto-Learning Device Authorization, page 45-8 • Authorization Scenario, page 45-9 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-7 OL-16597-01...
Page 624: About Enabling Auto-Learning
Authorized Auto-Learning Device Requests Condition Device (pWWN, nWWN, sWWN) Requests Connection to Authorization Configured with one or more switch A configured switch port Permitted ports Any other switch port Denied Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-8 OL-16597-01...
Page 625: Authorization Scenario
P1, N4, F5 Denied P1 is bound to F1. P5, N1, F5 Denied N1 is only allowed on F2. P3, N3, F4 Permitted No conflict. S1, F10 Permitted No conflict. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-9 OL-16597-01...
Page 626: Port Security Manual Configuration
Permitted Wildcard ( * ) match for N3. Port Security Manual Configuration To configure port security on a Cisco Nexus 5000 Series switch, perform this task: Identify the WWN of the ports that need to be secured. Step 1 See the “Adding Authorized Port Pairs”...
Page 627: Adding Authorized Port Pairs
This example configures the specified pWWN to log in through the specified interface in the specified switch: switch(config-port-security)# pwwn 20:11:33:11:00:2a:4a:66 swwn 20:00:00:0c:85:90:3e:80 interface fc 3/2 This example configures any WWN to log in through the specified interface in any switch: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-11 OL-16597-01...
Page 628 Port Security Configuration Distribution The port security feature uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database management, provide a single point of configuration for the entire fabric in the VSAN, and enforce the port security policies throughout the fabric (see Chapter 21, “Using Cisco Fabric...
Page 629: Committing The Changes
After the commit, the active database on all switches are identical and learning can be disabled. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-13 OL-16597-01...
Page 630 Verify that the activation status and the auto-learning status is the same in both fabrics. • • Verify that the combined number of configurations for each VSAN in both databases does not exceed 2000. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-14 OL-16597-01...
Page 631: Database Interaction
Clearing the Port Security Database, page 45-18 • Database Scenarios Figure 45-1 illustrates various scenarios showing the active database and the configuration database status based on port security configurations. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-15 OL-16597-01...
Page 632 <pwwn2, fwwn2> are not saved <pwwn3, fwwn3>s <pwwn3, fwwn3> in the startup <pwwn4, fwwn4> configuration. <pwwn5, fwwn5> Saving the configuration (copy running start) Copying active database to config database Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-16 OL-16597-01...
Page 633: Copying The Port Security Database
(and consequently a fabric lock) of the configuration database. If you lock the fabric, you need to commit the changes to the configuration databases in all the switches. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-17 OL-16597-01...
Page 634: Deleting The Port Security Database
Use the port-security clear vsan command to clear the pending session in the VSAN from any switch in the VSAN. switch# clear port-security session vsan 5 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-18 OL-16597-01...
Page 635 Table 45-5 Default Security Settings Parameters Default Auto-learn Enabled if port security is enabled. Port security Disabled. Distribution Disabled. Enabling distribution enables it on all VSANs in the switch. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-19 OL-16597-01...
Page 636 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 637: Information About Fabric Binding
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Configuring Fabric Binding This chapter describes the fabric binding feature provided in Cisco Nexus 5000 Series switches. It includes the following sections: Information About Fabric Binding, page 46-1 •...
Page 638: Port Security Versus Fabric Binding
For a Fibre Channel VSAN, the fabric binding feature requires all sWWNs connected to a switch to be part of the fabric binding active database. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 46-2...
Page 639: Configuring Fabric Binding
The fabric binding feature must be enabled in each switch in the fabric that participates in the fabric binding. By default, this feature is disabled in Cisco Nexus 5000 Series switches. The configuration and verification commands for the fabric binding feature are only available when fabric binding is enabled on a switch.
Page 640: About Switch Wwn Lists
For example, one of the already logged in switches may be denied login by the config database. You can choose to forcefully override these situations. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 46-4 OL-16597-01...
Page 641: Activating Fabric Binding
Use the fabric-binding database diff active vsan command to view the differences between the • active database and the config database. This command can be used when resolving conflicts. switch# fabric-binding database diff active vsan 1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 46-5 OL-16597-01...
Page 642: Clearing The Fabric Binding Statistics
The following example displays the active fabric binding information for VSAN 4: switch# show fabric-binding database active vsan 4 The following example displays fabric binding violations: switch# show fabric-binding violations ------------------------------------------------------------------------------- Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 46-6 OL-16597-01...
Page 643: Default Settings
4 Default Settings Table 46-2 lists the default settings for the fabric binding feature. Table 46-2 Default Fabric Binding Settings Parameters Default Fabric binding Disabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 46-7 OL-16597-01...
Page 644 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 645: Information About Fcs
Each object has its own set of attributes and values. A null value may also be defined for some attributes. In the Cisco Nexus 5000 Series switch environment, a fabric may consist of multiple VSANs. One instance of the FCS is present per VSAN.
Page 646: Fcs Characteristics
SNMP manager can query FCSs for all IEs, ports, and platforms in the fabric. FCS Name Specification You can specify if the unique name verification is for the entire fabric (globally) or only for locally (default) registered platforms. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 47-2 OL-16597-01...
Page 647: Displaying Fcs Information
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Set this command globally only if every switch in the fabric belong to the Cisco MDS 9000 Family or Note Cisco Nexus 5000 Series of switches.
Page 648: Default Settings
20:51:00:05:30:00:16:de vsan 24 Default Settings Table 47-1 lists the default FCS settings. Table 47-1 Default FCS Settings Parameters Default Global checking of the platform name Disabled Platform node type Unknown Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 47-4 OL-16597-01...
Page 649: Information About Port Tracking
C H A P T E R Configuring Port Tracking Cisco Nexus 5000 Series switches offer the port tracking feature on physical Fibre Channel interfaces (but not on virtual Fibre Channel interfaces). This feature uses information about the operational state of the link to initiate a failure in the link that connects the edge device.
Page 650: Configuring Port Tracking
Configuring Port Tracking Before configuring port tracking, consider the following guidelines: Verify that the tracked ports and the linked ports are on the same Cisco switch. • Be aware that the linked port is automatically brought down when the tracked port goes down.
Page 651: Enabling Port Tracking
• Enabling Port Tracking The port tracking feature is disabled by default in Cisco Nexus 5000 Series switches. When you enable this feature, port tracking is globally enabled for the entire switch. To configure port tracking, enable the port tracking feature and configure the linked ports for the tracked port.
Page 652: About Tracking Multiple Ports
48-2, only if both ISLs 2 and 3 fail, will the direct link 1 be brought down. Direct link 1 will not be brought down if either 2 or 3 are still functioning as desired. Figure 48-2 Traffic Recovery Using Port Tracking Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 48-4 OL-16597-01...
Page 653: Tracking Multiple Ports
1 vsan 2 Removes the VSAN association for the linked port. The SAN switch(config-if)# no port-track interface san-port-channel 1 port channel link remains in effect. vsan 2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 48-5 OL-16597-01...
Page 654 1 port-channel 1 is down (No operational members) Hardware is Fibre Channel Port WWN is 24:01:00:05:30:00:0d:de Admin port mode is auto, trunk mode is on Port vsan is 2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 48-6 OL-16597-01...
Page 655: Default Port Tracking Settings
Default Port Tracking Settings Table 48-1 lists the default settings for port tracking parameters. Table 48-1 Default Port Tracking Parameters Parameters Default Port tracking Disabled Operational binding Enabled along with port tracking Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 48-7 OL-16597-01...
Page 656 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 657: Troubleshooting
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m A R T Troubleshooting...
Page 658 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m...
Page 659: Span Sources
• SPAN Sources SPAN sources refer to the interfaces from which traffic can be monitored. The Cisco Nexus 5000 Series switch supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VLANs, and VSANs as SPAN sources. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources.
Page 660: Span Destinations
The switch supports a maximum of two egress SPAN source ports. • SPAN Destinations SPAN destinations refer to the interfaces that monitors source ports. The Cisco Nexus 5000 Series switch supports Ethernet and Fibre Channel interfaces as SPAN destinations. Source SPAN...
Page 661: Creating And Deleting A Span Session
Ethernet and Fibre Channel destination ports as described in the following topics: Configuring an Ethernet Destination Port, page 49-4 • Configuring Fibre Channel Destination Port, page 49-4 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 49-3 OL-16597-01...
Page 662 Reverts to global configuration mode. switch(config-if)# exit Step 6 Enters the monitor configuration mode. switch(config)# monitor session session-number Step 7 Configures the Fibre Channel destination port. switch(config-monitor)# destination interface fc slot/port Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 49-4 OL-16597-01...
Page 663: Configuring Source Ports
You can configure the source channels for a SPAN session. These ports can be port channels, SAN port channels, VLANs, and VSANs. The monitored direction can only be ingress and applies to all physical ports in the group. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 49-5 OL-16597-01...
Page 664 Applies a descriptive name to the SPAN session. switch(config-monitor)# description description The following example shows configuring a description of a SPAN session: switch# configure terminal switch(config)# monitor session 2 switch(config-monitor)# description monitoring ports fc2/2-fc2/4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 49-6 OL-16597-01...
Page 665: Suspending Or Activating A Span Session
{all | session-number} shut The Cisco Nexus 5000 Series switch supports two active SPAN sessions. When you configure more than Note two SPAN sessions, the first two sessions are active. During startup, the order of active sessions is reversed;...
Page 666 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m type : local state : up source intf : fc3/1 : fc3/1 both : fc3/1 source VLANs source VSANs destination ports : Eth3/1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 49-8 OL-16597-01...
Page 667: Recovering A Lost Password
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Troubleshooting This chapter describes basic troubleshooting methods used to resolve issues with a Cisco Nexus 5000 Series switch. This chapter includes the following sections: Recovering a Lost Password, page 50-1 •...
Page 668: Chapter 50 Troubleshooting
Establish a terminal session on the console port of the supervisor module. Step 2 Power cycle the switch. Step 3 Press the Ctrl-] key sequence from the console port session when the switch begins the Cisco NX-OS software boot sequence to enter the boot prompt mode. Ctrl-] switch(boot)# Reset the network administrator password.
Page 669: Using Ethanalyzer
Using Ethanalyzer Ethanalyzer is a Cisco NX-OS protocol analyzer tool based on the Wireshark (formerly Ethereal) open source code. Ethanalyzer is a command-line version of Wireshark that captures and decodes packets. You can use Ethanalyzer to troubleshoot your network and analyze the control-plane traffic.
Page 670: Using Ethanalyzer
[Bad : False] Source: 10.200.0.103 (10.200.0.103) Destination: 10.193.24.42 (10.193.24.42) Transmission Control Protocol, Src Port: 1288 (1288), Dst Port: telnet (23), Seq: 0, Ack: 0, Len: 0 Source port: 1288 (1288) Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-4 OL-16597-01...
Page 671: Troubleshooting Fibre Channel
If there is an E port in the path, the fctrace frame is dropped by that switch. Also, fctrace times out in the originator, and path discovery does not start. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-5...
Page 672: Troubleshooting Fibre Channel
10 seconds. Timestamp Invalid. 20:00:00:05:30:00:18:db(0xfffcd7) Invokes fctrace using the device alias of switch# fctrace device-alias disk1 v 1 Route present for : 22:00:00:0c:50:02:ce:f8 the destination N port. 20:00:00:05:30:00:31:1e(0xfffca9) Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-6 OL-16597-01...
Page 673 Retry the command a few seconds 5 frames sent, 5 frames received, 0 timeouts later. Round-trip min/avg/max = 364/784/1454 usec Verifying Switch Connectivity You can verify connectivity to a destination switch. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-7 OL-16597-01...
Page 674: Fcping
1.8 MB. However, you can zip this file using the gzip filename command. Copy the zipped file to the required location using the copy command and unzip the file using the gunzip command. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-8 OL-16597-01...
Page 675: Show Tech-Support Command
• show processes log details • show logging log • show license host-id • show license • show license usage • show system reset-reason • • show logging nvram Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-9 OL-16597-01...
Page 676: Show Tech-Support Brief Command
This example shows how to display a condensed view of the switch configurations: switch# show tech-support brief Switch Name : switch Switch Type Kickstart Image : 4.0(0) bootflash:///nuova-or-kickstart-nsg.4.0.0.001.bin Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-10 OL-16597-01...
Page 677 -- 1500 Ethernet1/29 sfpIsAbsen -- 1500 Ethernet1/30 sfpIsAbsen -- 1500 Ethernet1/31 sfpIsAbsen -- 1500 Ethernet1/32 sfpIsAbsen -- 1500 Ethernet1/33 sfpIsAbsen -- 1500 Ethernet1/34 sfpIsAbsen -- 1500 Ethernet1/35 10000 1500 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-11 OL-16597-01...
Page 678: Show Tech-Support Fc Command
1-4093 • show fcns statistics vsan 1-4093 show fcns statistics detail vsan 1-4093 • show fcns internal info vsan 1-4093 • show fcns internal event-history • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-12 OL-16597-01...
Page 679 1-4093 • show zone pending-diff vsan 1-4093 • show zone analysis active vsan 1-4093 • show zone analysis vsan 1-4093 • • show zone ess vsan 1-4093 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-13 OL-16597-01...
Page 680: Show Tech-Support Platform Command
• show platform fwm info pc all verbose • show platform fwm info ppf • show platform fwm info pss all show platform hardware fwm info vlan all • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-14 OL-16597-01...
Page 681 • show system internal fcfwd idxmap interface-to-port • show system internal fcfwd pcmap • show platform afm info global • • show platform afm info attachment brief Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-15 OL-16597-01...
Page 682 Number of frame sent by the fcping feature 5 frames Remote capture connection protocol Remote capture connection mode Passive Local capture frame limits 10 frames FC ID allocation mode Auto mode Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-16 OL-16597-01...
Page 683: Configuration Limits
The features supported by the Cisco Nexus 5000 Series Switch have maximum configuration limits. Some of these limits apply only when one or more Cisco Nexus 2000 Series Fabric Extender units are attached to the switch. For some of the features, we have verified configurations that support limits less that the maximum.
Page 684: Chapter 51 Configuration Limits
6. Only one SPAN session is supported for all the host interfaces on the same Fabric Extender. A Fabric Extender host interface cannot be configured as a SPAN destination. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 51-2 OL-16597-01...
Page 685 16-1 description 33-19 AAA accounting logs administrative speeds clearing 16-12 configuring 32-10 displaying 16-12 administrative states AAA authentication rules description 32-5 adding methods 16-1 setting 32-9 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-1 OL-16597-01...
Page 686 Cisco Nexus 2000 Series Fabric Extender 32-6 bit errors Cisco Nexus 2148T Fabric Extender reasons 32-11 Cisco Nexus 5010 bit error thresholds Cisco Nexus 5020 configuring CIST regional root, see MSTP. 32-11 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-2 OL-16597-01...
Page 687 44-8 description 38-9 default settings 44-11 interoperability 43-10 description 44-2 policies 38-10 displaying security information 44-9 destination IDs enabling 44-4 exchange based 36-3 group settings 44-6 flow based 36-3 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-3 OL-16597-01...
Page 688 32-7 ethanalyzer 50-3 drop latency time EtherChannel configuring 40-13 11-1 configuring for FSPF in-order delivery 40-13 examples displaying information 40-14 AAA configurations 16-12 Exchange Fabric Membership Data, see EFMD. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-4 OL-16597-01...
Page 689 46-4 enabling 33-5 verifying status 46-3 enabling autoreconfiguration 33-6 viewing active databases (procedure) 46-6 incoming RCFs 33-5 viewing EFMD statistics (procedure) 46-6 initiation 33-4 viewing violations (procedure) 46-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-5 OL-16597-01...
Page 690 50-5 40-15 FDMI description 40-14 description displaying 41-4 40-15 displaying database information 41-4 forward-delay time Fibre Channel MSTP 9-21 sWWNs for fabric binding F port mode 46-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-6 OL-16597-01...
Page 691 Hello time intervals resetting configuration 40-4 configuring for FSPF 40-6 resetting to defaults 40-4 description 40-6 retransmitting intervals 40-7 host ports routing services 40-1 kinds of topology examples 40-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-7 OL-16597-01...
Page 692 36-10 updating isolated states 36-9 licenses 1-Gigabit speed backing up configuring claim certificates options displaying information SFP types 32-15 evaluation suspended states 36-9 grace period alerts Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-8 OL-16597-01...
Page 693 See LUNs forward-delay time 9-21 LUNs hello time 9-21 displaying discovered SCSI targets 42-3 maximum aging time 9-22 maximum hop count 9-22 MST region 9-13 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-9 OL-16597-01...
Page 694 41-2 strong characteristics 22-2 registering proxies 41-2 persistent FC IDs rejecting duplicate pWWNs 41-2 configuring 33-14 Network Time Protocol. See NTP description 33-14 NPIV displaying 33-18 description 32-13 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-10 OL-16597-01...
Page 695 36-10 WWN identification 45-10 in-order guarantee 40-12 port security auto-learning interface states 36-9 authorization examples 45-8 interoperability 43-10 description 45-2 link changes 40-11 device authorization 45-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-11 OL-16597-01...
Page 696 17-12 community VLANs 7-2, 7-3 configuring hosts 17-5 end station access to configuring periodic monitoring 17-11 isolated VLANs 7-2, 7-3 configuring preshared keys 17-6 ports configuring timeout interval 17-9 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-12 OL-16597-01...
Page 697 23-1 default settings static routes 23-4 40-9 deleting a checkpoint file runtime diagnostics 23-1 description 23-1 information 24-2 example configuration 23-1 guidelines 23-1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-13 OL-16597-01...
Page 698 23-3 SPAN verifying configuration 23-4 egress sources 49-1 verifying the session 23-3 sources for monitoring 49-1 SFPs SPAN destination port mode, see SD port mode. displaying transmitter types 32-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-14 OL-16597-01...
Page 699 32-13 configuring timeout interval 18-9 switch priorities displaying statistics 18-13 configuring 33-4 field descriptions 18-13 default 33-4 manually monitoring 18-12 description 33-4 monitoring 18-3 switch priority verifying configuration 18-13 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-15 OL-16597-01...
Page 700 22-2 comparison with port channels 36-2 user login configuration guidelines 35-1 authentication process 16-4 configuring modes 35-3 authorization process 16-4 default settings 35-7 user logins Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-16 OL-16597-01...
Page 701 See WWNs 37-1 displaying configuration WWNs 37-11 displaying membership 37-7 configuring 43-5 displaying usage displaying information 37-11 43-5 domain ID automatic reconfiguration link initialization 33-6 43-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-17 OL-16597-01...
Page 702 See also active zone sets editing full zone databases 38-8 See also active zone sets;full zone sets 38-5 enforcing restrictions 38-13 See also zones;zoning 38-2 exporting databases 38-15 zoning features 38-1, 38-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-18 OL-16597-01...
Page 703 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m description 38-1 example 38-3 implementation 38-4 See also zones;zone sets 38-1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-19 OL-16597-01...
Page 704 S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...

This manual is also suitable for:

Nexus 5000 series