Page 1
VSAs 16-11 limitations 16-6 AAA services monitoring TACACS+ servers 18-3 configuration options 16-3 prerequisites 16-5 remote 16-2 TACACS+ server groups 17-15, 18-8, 18-14 security 16-1 user login process 16-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-1 OL-16597-01...
Page 2
26-4 description 32-4 format options 26-2 autosensing speed 32-10 call home notifications full-txt format for syslog 26-19 XML format for syslog 26-19 BB_credits configuring Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-2 OL-16597-01...
Page 3
RBAC 22-10 using 39-8 rollback 23-4 zone alias conversion 39-8 default users device IDs description call home format 26-16 default VSANs DHCHAP description 37-8 AAA authentication 44-9 default zones Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-3 OL-16597-01...
Page 7
FC ID allocations 43-6 in-order delivery 40-10 health monitoring diagnostics interoperability 43-11 information 24-2 link state record defaults 40-3 hello time reconvergence times 40-2 MSTP 9-21 redundant links 40-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-7 OL-16597-01...
Page 8
36-11 displaying information 32-15 licenses displaying SFP information backing up 32-16 forced addition to port channels claim certificates 36-11 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-8 OL-16597-01...
Page 9
37-10 hello time 9-21 port channels 36-1 maximum aging time 9-22 logical unit numbers. See LUNs maximum hop count 9-22 LUNs MST region 9-13 displaying discovered SCSI targets 42-3 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-9 OL-16597-01...
Page 10
33-19 rejecting duplicate pWWNs 41-2 enabling 33-15 Network Time Protocol. See NTP purging 33-18 NPIV PLOGI description 32-13 name server 41-3 enabling 32-14 Port Channel NP links 34-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-10 OL-16597-01...
Page 16
35-3 authentication process 16-4 default settings 35-7 authorization process 16-4 description 35-1 user logins displaying information 35-6 configuring AAA login authentication methods 16-8 interoperability 43-10 user roles Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-16 OL-16597-01...
Page 17
37-7 43-5 displaying usage displaying information 37-11 43-5 domain ID automatic reconfiguration 33-6 link initialization 43-6 FC IDs port security 37-1 45-10 FCS support secondary MAC addresses 47-1 43-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-17 OL-16597-01...
Page 18
See also active zone sets;full zone sets 38-5 enforcing restrictions 38-12 See also zones;zoning 38-2 exporting databases 38-14 zoning features 38-1, 38-4 description 38-1 importing databases 38-14 example 38-3 membership using pWWNs 37-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-18 OL-16597-01...
Page 19
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m implementation 38-4 See also zones;zone sets 38-1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-19 OL-16597-01...
Page 20
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 21
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Preface This preface describes the audience, organization, and conventions of the Cisco Nexus 5000 Series CLI Configuration Guide. It also provides information on how to obtain related documentation.
Means reader be careful. In this situation, you might do something that could result in equipment Caution damage or loss of data. Related Documentation Documentation for Cisco Cisco Nexus 5000 Series switches is available at the following URL: http://www.cisco.com/en/US/products/ps9670/tsd_products_support_series_home.html Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
Page 24
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
C H A P T E R Product Overview The Cisco Nexus 5000 Series is a family of top-of-rack switches for the data center. The Cisco Nexus 5000 Series offers high-speed Ethernet switching and supports Fibre Channel over Ethernet (FCoE) to provide data center I/O consolidation (IOC).
Page 26
Fibre Channel operational model is maintained. FCoE network management and configuration is similar to a native Fibre Channel network. Cisco Nexus 5000 Series switches use FCoE to carry Fibre Channel and Ethernet traffic on the same physical Ethernet connection between the switch and the server. At the server, the connection terminates to a converged network adapter (CNA) .
Ethernet interface. Logical Fibre Channel features (such as VSAN membership) are configured on the virtual Fibre Channel interfaces. Cisco Nexus 5000 Series Switch Hardware The Cisco Nexus 5000 Series includes the Nexus 5010 and Nexus 5020 switches. The Cisco Nexus 5000 Series switch hardware is described in the following topics: Chassis, page 1-3 •...
10/100/1000 Ethernet interface). Cisco Nexus 5000 Series Switch Software The Cisco Nexus 5000 Series switch is a Layer 2 device, which runs the Cisco Nexus operating system (NX-OS). The Cisco Nexus 5000 Series switch software is described in the following topics: Ethernet Switching, page 1-4 •...
• Licensing Cisco Nexus 5000 Series switches are shipped with the licenses installed. The switch provides commands to manage the licenses and install additional licenses. The Cisco Nexus 5000 Series switch provides quality of service (QoS) capabilities such as traffic prioritization and bandwidth allocation on egress interfaces.
(NOC), and employ Cisco AutoNotify services to directly generate a case with the Cisco Technical Assistance Center (TAC). This feature is a step toward autonomous system operation, which enables networking devices to inform IT when a problem occurs and helps to ensure that the problem is resolved quickly.
SNMP—SNMP allows you to configure switches using Management Information Bases (MIBs). Configuring with Cisco MDS Fabric Manager You can configure Cisco Nexus 5000 Series switches using the Fabric Manager client, which runs on a local PC and uses the Fabric Manager server.
In this example, the blade server rack incorporates blade switches that support 10-Gigabit Ethernet uplinks to the Cisco Nexus 5000 Series switch. The blade switches do not support FCoE, so there is no FCoE traffic and no Fibre Channel ports on the Cisco Nexus 5000 Series switch.
Nexus Switch The Cisco Nexus 5000 Series switch connects to the server ports using FCoE. Ports on the server require converged network adapters. For redundancy, each server connects to both switches. Dual-port CNA adapters can be used for this purpose. The CNA is configured in active-passive mode, and the server needs to support server-based failover.
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Supported Standards Table 1-1 lists the standards supported by the Cisco Nexus 5000 Series switches. Table 1-1 IEEE Compliance...
• Using CLI Command Modes Switches in the Cisco Nexus 5000 Series have two main command modes: user EXEC mode and configuration mode. The commands available to you depend on the mode you are in. To obtain a list of available commands in either mode, type a question mark (?) at the system prompt.
Most of the EXEC commands are one-time commands, such as show commands, which display the current configuration status. The following commands are available in EXEC mode: switch# ? callhome callhome commands Change current directory clear Reset functions CLI commands Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 38
Disable Debugging functions (See also debug) unmount unmount compact flash disk or usb drive update Update license write Write current configuration xml agent zone Execute Zone Server commands zoneset Execute zoneset commands Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
This form of help is called command syntax help because it reminds you which keywords or arguments are applicable based on the commands, keywords, and arguments you have already entered. switch# # configure ? <CR> terminal Configure the system from terminal input Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
When in configuration mode (or in any submode), enter the do command along with the required EXEC mode command. The command is executed at the EXEC level, and the prompt resumes its current mode level. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 42
Interface interface type slot/port switch(config-if)# configuration Line console line console switch(config-console) Virtual terminal line line vty switch(config-line)# Role role name switch(config-role)# VLAN vlan switch(config-vlan)# VSAN database vsan database switch(config-vsan-db)# Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Using CLI Variables The Cisco Nexus 5000 Series CLI parser supports the definition and use of variables in CLI commands. CLI variables can be used as follows: Entered directly on the command line. •...
| include up | include fc You can display the command aliases defined on the switch using the alias default command alias. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
Peer port WWN is 20:01:00:0d:ec:0d:d0:00 Admin port mode is auto, trunk mode is on snmp link state traps are enabled Port mode is TE Port vsan is 1 Speed is 2 Gbps Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
The following example shows how you can pass CLI session variable as arguments to a child run-script command process: switch# show file bootflash:test1.vsh show interface $(var1) $(var2) switch# run bootflash:test2.vsh var1="fc2/1" var2="brief" `show interface $(var1) $(var2)` Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-12 OL-16597-01...
When you execute the test-script command script, the switch software executes the discover scsi-target remote command, and then waits for 10 seconds before executing the show scsi-target disk command. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-13 OL-16597-01...
Page 48
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 49
Managing the Switch Configuration, page 1-21 • Using Switch File Systems, page 1-22 • Image Files on the Switch The Cisco Nexus 5000 Series switches have the following images: BIOS and loader images combined in one file • Kickstart image •...
Boot Sequence, page 1-2 • Starting the Switch A Cisco Nexus 5000 Series switch starts its boot process as soon as its power cord is connected to an A/C source. The switch does not have a power switch. Boot Sequence When the switch boots, the golden BIOS validates the checksum of the upgradeable BIOS.
7 switch(config-console)# exec-timeout 30 switch(config-console)# parity even switch(config-console)# stopbits 2 You cannot change the BIOS console settings. These are the same as the default console settings. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
To upgrade the software on the switch, follow these steps: Log in to the switch on the console port connection. Step 1 Log in to Cisco.com to access the Software Download Center. To log in to Cisco.com, go to the URL Step 2 http://www.cisco.com/ and click Log In at the top of the page.
Page 53
If there are compatibility issues, an error message is displayed and the installation does not proceed. Displays the compatibility check results and displays whether the installation is disruptive. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The procedure to downgrade the switch is identical to a switch upgrade, except that the image files to be loaded are for an earlier release than the image currently running on the switch. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Locate the image files you will use for the downgrade by entering the dir bootflash: command. Step 1 If the image files are not stored on the bootflash memory, download the files from Cisco.com (using steps 1 through 9 of the software upgrade procedure).
• Initial Setup The first time that you access a switch in the Cisco Nexus 5000 Series, it runs a setup program that prompts you for the IP address and other configuration information necessary for the switch to communicate over the Ethernet interface. This information is required to configure and manage the switch.
To configure the switch for first time, follow these steps: Ensure that the switch is on. Switches in the Cisco Nexus 5000 Series boot automatically. Step 1 Enter the new password for the administrator.
Page 58
Enter yes (yes is the default) to configure out-of-band management. Step 8 Continue with Out-of-band (mgmt0) management configuration? [yes/no]: yes Enter the mgmt0 IPv4 address. Mgmt0 IPv4 address: ip_address Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
Page 59
You see the new configuration. Review and edit the configuration that you have just entered. Step 20 Enter no (no is the default) if you are satisfied with the configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Serial console access—You can use a serial port connection to access the CLI. • Out-of-band access—You can use Telnet or SSH to access a Cisco Nexus 5000 Series switch or use • the Cisco MDS 9000 Fabric Manager application to connect to the switch using SNMP.
The assigned name is displayed in the command-line prompt. The switch name is limited to 20 alphanumeric characters. This guide refers to a switch in the Cisco Nexus 5000 Series switch as switch, and it uses the switch# Note prompt.
Adjusting for Daylight Saving Time or Summer Time You can configure your switch to adjust for daylight saving time (or summer time). By default, Cisco NX-OS does not automatically adjust for daylight saving time. You must manually configure the switch to adjust to the daylight saving time.
In a large enterprise network, having one time standard for all network devices is critical for management reporting and event logging functions when trying to correlate interacting events logged across multiple devices. Many enterprise customers with extremely mission-critical networks maintain their own stratum-1 NTP source. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-15 OL-16597-01...
Stratum-2 Stratum-2 Peer association Server-1 Server-2 Server Server association association Peer association Switch-1 Switch-2 In this configuration, the switches were configured as follows: Stratum 2 Server 1 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-16 OL-16597-01...
NTP CFS Distribution You can enable NTP fabric distribution for all Cisco Nexus 5000 Series switches in a fabric using the Cisco Fabric Services (CFS). When you perform NTP configurations, and distribution is enabled, the entire server or peer configuration is distributed to all the switches in the fabric.
• About the mgmt0 Interface The mgmt0 interface on Cisco NX-OS devices provides out-of-band management, which enables you to manage the device by its IPv4 or IPv6 address. The mgmt0 interface uses 10/100/1000 Ethernet. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
In some cases, a switch interface might be administratively shut down. You can check the status of an interface at any time by using the show interface mgmt 0 command. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-20...
EXEC prompt, enter the show running-config command. If the running configuration is different from the startup configuration, enter the show startup-config command to view the ASCII Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-21 OL-16597-01...
This example creates a directory called test in the bootflash: directory. switch# mkdir bootflash:test This example creates a directory called test at the current directory level. switch# mkdir test Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-23 OL-16597-01...
This example copies the file called samplefile from the root directory to the mystorage directory: switch# copy bootflash:samplefile bootflash:mystorage/samplefile This example copies a file from the current directory level: switch# copy samplefile mystorage/samplefile Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-24 OL-16597-01...
19443712 bytes free 20971520 bytes total switch# gzip volatile:Samplefile switch# dir 266069 Jul 04 00:51:03 2003 Samplefile.gz Usage for volatile:// 266240 bytes used 20705280 bytes free 20971520 bytes total Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-25 OL-16597-01...
Page 74
This example unzips the file that was compressed in the previous example: switch# gunzip samplefile switch# dir 1525859 Jul 04 00:51:03 2003 Samplefile Usage for volatile:// 1527808 bytes used 19443712 bytes free 20971520 bytes total Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-26 OL-16597-01...
C H A P T E R Managing Licenses This chapter describes how to manage licenses on a Cisco Nexus 5000 Series switch. Licensing allows you to access specified premium features on the switch after you install the appropriate license for that feature. This chapter contains information related to licensing types, options, procedures, installation, and management for the Cisco NX-OS software.
Table 1-1 lists the feature-based license packages. Any feature not included in the Storage Services license package is bundled with the Cisco NX-OS Note software and is provided with the switch hardware at no additional charge (See Base Services Package Table 1-1).
Contact your reseller or Cisco representative and request this service. Step 1 Note If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco Systems, contact Cisco Technical Support at this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml Your switch is shipped with the required licenses installed in the system.
The license key file is sent to you by e-mail. The license key file is digitally signed to only authorize use on the requested switch. The requested features are also enabled once the Cisco NX-OS software on the specified switch accesses the license key file.
Page 79
You can use the show license file command to display information about a specific license file installed on the switch. switch# show license file Enterprise.lic Enterprise.lic: SERVER this_host ANY VENDOR cisco INCREMENT ENTERPRISE_PKG cisco 1.0 permanent uncounted \ HOSTID=VDH=FOX0646S017 \ NOTICE=”<LicFileID></LicFileID><LicLineID>0</LicLineID> \ <PAK>dummyPak</PAK>” SIGN=EE9F91EA4B64 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Caution Identifying License Features in Use When a Cisco NX-OS software feature is enabled, it can activate a license grace period. To identify the features active for a specific license, use the show license usage license-name command. switch# show license usage FC_FEATURES_PKG...
Page 81
Enter yes (yes is the default) to continue with the license update. Do you want to continue? (y/n) y Clearing license ..done The FibreChannel.lic license key file is now uninstalled. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The Enterprise.lic license key file is now updated. Grace Period Alerts Cisco NX-OS gives you a 120-day grace period. This grace period starts or continues when you are evaluating a feature for which you have not installed a license. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
----------- ----------- The Cisco NX-OS license counter keeps track of all licenses on a switch. If you are evaluating a feature and the grace period has started, you will receive console messages, SNMP traps, system messages, and Call Home messages on a daily basis.
Displays information for a specific license file. switch# show license file Displays the host ID for the physical switch. switch# show license host-id Displays the usage information for installed licenses. switch# show license usage Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
Page 85
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Configuring Ethernet Interfaces This section describes the configuration of the Ethernet interfaces on a Cisco Nexus 5000 Series switch. It includes the following sections: Information About Ethernet Interfaces, page 1-1 •...
Page 86
Layer 1. A Cisco Nexus 5000 Series switch periodically transmits UDLD frames to neighbor devices on LAN ports with UDLD enabled. If the frames are echoed back within a specific time frame and they lack a specific acknowledgment (echo), the link is flagged as unidirectional and the LAN port is shut down.
Page 87
One side of a link remains up while the other side of the link is down • In these cases, the UDLD aggressive mode disables one of the ports on the link, which prevents traffic from being discarded. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Interface Speed A Cisco Nexus 5000 Series switch has a number of fixed 10-Gigabit ports, each equipped with SFP+ interface adapters. The Nexus 5010 switch has 20 fixed ports, the first eight of which are switchable 1-Gigabit/10-Gigabit ports.
1-Gigabit/10-Gigabit ports. The default interface speed is 10-Gigabit. To configure these ports for 1-Gigabit Ethernet, insert a 1-Gigabit Ethernet SFP transceiver into the applicable port then set its speed with the speed command. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 90
1000 you will get this error. By default, all ports are 10-Gigabit. Configuring the CDP Parameter You can enable or disable the Cisco Discovery Protocol (CDP) for Ethernet interfaces. This protocol works only when you have it enabled on both interfaces on the same link.
Specifies the description for the interface. switch(config-if)# description test This example shows how to set the interface description to “Server 3 Interface”. switch# configure terminal switch(config)# interface ethernet 1/3 switch(config-if)# description Server 3 Interface Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
To restart an interface, perform this task: Command Purpose Restarts the interface. switch(config-if)# no shutdown The following example shows how to restart an Ethernet interface: switch# configure terminal switch(config)# interface ethernet 1/4 switch(config-if)# no shutdown Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
0 broadcast packets 0 jumbo packets 7618463256471 bytes 0 output CRC 0 ecc 0 underrun 0 if down drop 0 output error 0 collision 0 deferred 0 late collision 0 lost carrier 0 no carrier Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 94
SFP not inserted 10G(D) -- The following example shows how to display the link debounce status (some of the output has been removed for brevity): switch# show interface debounce -------------------------------------------------------------------------------- Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
Access Speed Auto (10000) 1. MTU cannot be changed per-physical Ethernet interface. You modify MTU by selecting maps of QoS classes. See Chapter 1, “Configuring QoS,” for additional information. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Page 96
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Creating, Deleting, and Modifying VLANs, page 1-3 Understanding VLANs VLAN Trunking Protocol (VTP) mode is OFF. VTP BPDUs are dropped on all interfaces of a Cisco Note Nexus 5000 Series switch, which partitions VTP domains if other switches have VTP turned on.
Understanding VLAN Ranges The Cisco Nexus 5000 Series switch supports VLAN numbers 1to 4094 in accordance with the IEEE 802.1Q standard. These VLANs are organized into ranges. You use each range slightly differently. The switch is physically limited in the number of VLANs it can support. The hardware also shares this available range with its VSANs.
Page 99
VLANs 3968 to 4047 and 4094 are reserved for internal use; these VLANs cannot be changed or used. Note Cisco NX-OS allocates a group of 80 VLAN numbers for those features, such as multicast and diagnostics, that need to use internal VLANs for their operation. By default, the system allocates VLANs numbered 3968 to 4047 for internal use.
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Commands entered in the VLAN configuration submode are immediately executed. Beginning with Note Cisco release 5.1 for Nexus 5000 series devices, you must exit the VLAN configuration submode for configuration changes to take effect. Note VLANs 3968 to 4047 and 4094 are reserved for internal use;...
VLAN, VLAN1, or VLANs 1006 to 4094. This example shows how to configure optional parameters for VLAN 5: switch# configure terminal switch(config)# vlan 5 switch(config-vlan)# name accounting switch(config-vlan)# state active Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- default active Eth1/1, Eth1/2, Eth1/3, Eth1/4 Eth1/5, Eth1/6, Eth1/7, Eth1/8 Eth1/9, Eth1/10, Eth1/11 Eth1/12, Eth1/15, Eth1/16 Eth1/17, Eth1/18, Eth1/19 Eth1/20, Eth1/21, Eth1/22 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 103
--------------- ------------------------------------------- The following example shows the VLAN settings summary: switch# show vlan summary Number of existing VLANs Number of existing VTP VLANs Number of existing extended VLANs : 0 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 104
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
VLANs. Note A PVLAN isolated port on a Cisco Nexus 5000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1q encapsulation and cannot be used as a trunk port. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Community VLANs—Ports within a community VLAN can communicate with each other but • cannot communicate with ports in other community VLANs or in any isolated VLANs at the Layer 2 level. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
VLAN in the private VLAN. Figure 1-2 shows the traffic flows within a private VLAN, along with the types of VLANs and types of ports. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 108
For an association to be operational, the following conditions must be met: The primary VLAN must exist and be configured as a primary VLAN. • • The secondary VLAN must exist and be configured as either an isolated or community VLAN. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Configuring a Private VLAN Note You must have already created the VLAN before you can assign the specified VLAN as a private VLAN, This section includes the following topics: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Disables the private VLAN feature on the switch. switch(config)# no feature private-vlan You cannot disable private VLANs if there are Note operational ports on the switch that are in private VLAN mode. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Each item can be a single secondary VLAN ID or a hyphenated range of secondary VLAN IDs. The secondary-vlan-list parameter can contain multiple community and isolated VLAN IDs. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
You can configure an interface as a private VLAN host port. In private VLANs, host ports are part of the secondary VLANs, which are either community VLANs or isolated VLANs. You then associate the host port with both the primary and secondary VLANs. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Step 1 Enters configuration mode. switch# configure terminal Step 2 Selects the port to configure as a private VLAN switch(config)# interface type slot/port promiscuous port. A physical interface is required. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Primary Secondary Type Ports ------- --------- --------------- ------------------------------------------- community community Eth1/12, veth1/1 community community isolated Eth1/2 switch# show vlan private-vlan type Vlan Type ---- ----------------- primary Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
Page 115
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m community community community community isolated The following example shows how to display enabled features: switch# show system internal clis feature 7 pvlan enabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Page 116
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
STP-blocked state. The topology on an active switched network is determined by the following: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
“Configuring the Rapid PVST+ Bridge Priority of a VLAN” section on page 1-22). In Cisco NX-OS, the extended system ID is always enabled; you cannot be disable the extended system Note Extended System ID A 12-bit extended system ID field is part of the bridge ID (see Figure 1-1).
The unique bridge ID of the switch that the transmitting switch determines is the root bridge • The STP path cost to the root • The bridge ID of the transmitting bridge • Message age • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 121
(lowering the numerical value) of the ideal switch so that it becomes the root bridge, you force an STP recalculation to form a new spanning tree topology with the ideal switch as the root. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
VLAN has a single root switch. You can enable and disable STP on a per-VLAN basis when you are running Rapid PVST+. Rapid PVST+ is the default STP mode for the switch. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 123
(This immediate transition was previously a Cisco-proprietary feature named PortFast.) You should only configure on ports that connect to a single end station as edge ports. Edge ports do not generate topology changes when the link changes.
1-4, switch A is connected to switch B through a point-to-point link, and all of the ports are in the blocking state. Assume that the priority of switch A is a smaller numerical value than the priority of switch B. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 125
This proposal/agreement handshake is initiated only when a non-edge port moves from the blocking to the forwarding state. The handshaking process then proliferates step-by-step throughout the topology. Protocol Timers Table 1-2 describes the protocol timers that affect the Rapid PVST+ performance. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 126
A port with the root or a designated port role is included in the active topology. A port with the alternate or backup port role is excluded from the active topology (see Figure 1-5). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
Learning—The LAN port prepares to participate in frame forwarding. • Forwarding—The LAN port forwards frames. Disabled—The LAN port does not participate in STP and is not forwarding frames. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Page 128
A LAN port in the forwarding state performs as follows: Forwards frames received from the attached segment. • Forwards frames switched from another port for forwarding. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-12 OL-16597-01...
Rapid PVST+ forces a port to synchronize with root information and the port does not satisfy any of the above conditions, its port state is set to blocking. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-13...
Page 130
Detecting Unidirectional Link Failure The software checks the consistency of the port role and state in the received BPDUs to detect unidirectional link failures that could cause bridging loops. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-14 OL-16597-01...
Page 131
On access ports, you assign port cost by the port. On trunk ports, you assign the port cost by the VLAN; you can configure the same port cost to all the VLANs on a trunk port. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-15...
When you connect a Cisco switch to a non-Cisco switch through an 802.1Q trunk, the Cisco switch combines the STP instance of the 802.1Q VLAN of the trunk with the STP instance of the non-Cisco 802.1Q switch. However, all per-VLAN STP information that is maintained by Cisco switches is separated by a cloud of non-Cisco 802.1Q switches.
Once you enable Rapid PVST+ on the switch, you must enable Rapid PVST+ on the specified VLANs (see “Enabling Rapid PVST+ per VLAN” section on page 1-18). Rapid PVST+ is the default STP mode. You cannot simultaneously run MST and Rapid PVST+. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-17 OL-16597-01...
The vlan-range value can be 2 through 4094 (except reserved VLAN values. See Chapter 1, “Configuring VLANs.” This example shows how to enable STP on VLAN 5: switch# configure terminal switch(config)# spanning-tree vlan 5 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-18 OL-16597-01...
With the switch configured as the root bridge, do not manually configure the hello time, forward-delay Note time, and maximum-age time using the spanning-tree mst hello-time, spanning-tree mst forward-time, and spanning-tree mst max-age global configuration commands. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-19 OL-16597-01...
The hello-time can be from 1 to 10 seconds, and the default value is 2 seconds. This example shows how to configure the switch as the secondary root bridge for VLAN 5 with a network diameter of 4: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-20 OL-16597-01...
32768. This example shows how to configure the priority of VLAN 5 on Gigabit Ethernet port 1/4 to 8192: switch# configure terminal switch(config)# spanning-tree vlan 5 priority 8192 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-22 OL-16597-01...
Configuring the Rapid PVST+ Maximum Age Time for a VLAN You can configure the maximum age time per VLAN when using Rapid PVST+. To configure the maximum age time for a VLAN in Rapid PVST+, perform this task: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-23 OL-16597-01...
This example shows how to configure the link type as a point-to-point link: switch# configure terminal switch (config)# interface ethernet 1/4 switch(config-if)# spanning-tree link-type point-to-point You can only apply this command to a physical Ethernet interface. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-24 OL-16597-01...
Page 142
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 143
Hop Count, page 1-7 • Boundary Ports, page 1-7 • Detecting Unidirectional Link Failure, page 1-8 • Port Cost and Port Priority, page 1-8 • Interoperability with IEEE 802.1D, page 1-9 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
“IST, CIST, and CST” section on page 1-4 more information on the IST.) The MST region appears as a single bridge to adjacent MST regions and to other Rapid PVST+ regions and 802.1D spanning tree protocols. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
(0) and last element (4095) set to 0. The value of element number X represents the instance to which VLAN X is mapped. When you change the VLAN-to-MSTI mapping, the system restarts MST. Caution Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
CST outside a region. For more information, see the “Spanning Tree Operation Within an MST Region” section on page 1-5 and the “Spanning Tree Operations Between MST Regions” section on page 1-5. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 147
1 (A) is also the CIST root. The CIST regional root for region 2 (B) and the CIST regional root for region 3 (C) are the roots for their respective subtrees within the CIST. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 148
MST region. An MST region looks like a single switch to the CIST. The CIST external root path cost is the root path cost calculated between these virtual switches and switches that do not belong to any region. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The system uses port priorities to break ties among ports with the same cost. A lower number indicates a higher priority. The default port priority is 128. You can configure the priority to values between 0 and 224, in increments of 32. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
LAN, the designated switch of which is either a single spanning tree switch or a switch with a different MST configuration. MST interoperates with the Cisco prestandard MSTP whenever it receives prestandard MSTP on an MST Note port; no explicit configuration is necessary.
You must enable MST; Rapid PVST+ is the default. Changing the spanning tree mode disrupts traffic because all spanning tree instances are stopped for the Note previous mode and started for the new mode. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
VLAN-to-instance mapping, and MST revision number. Each command reference line creates its pending regional configuration in MST configuration mode. In Note addition, the pending region configuration starts with the current region configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
You configure a region name on the bridge. For two or more bridges to be in the same MST region, they must have the identical MST name, VLAN-to-instance mapping, and MST revision number. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-12...
IEEE 802.1w RSTP BPDUs. There is no limit to the number of MST regions in a network, but each region can support only up to 65 MST instances. You can assign a VLAN to only one MST instance at a time. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-13 OL-16597-01...
Page 156
1 vlan 10-20 switch(config-mst)# name region1 switch(config-mst)# revision 1 switch(config-mst)# show pending Pending MST configuration Name [region1] Revision Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-14 OL-16597-01...
To unmap VLAN to MST instances, perform this task: Command Purpose Deletes the specified instance and returns the VLANs switch(config-mst)# no instance instance-id vlan vlan-range to the default MSTI, which is the CIST. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-15 OL-16597-01...
With the switch configured as the root bridge, do not manually configure the hello time, forward-delay time, and maximum-age time using the spanning-tree mst hello-time, spanning-tree mst forward-time, and spanning-tree mst max-age global configuration commands. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-16 OL-16597-01...
You can execute this command on more than one switch to configure multiple backup root bridges. Enter the same network diameter and hello-time values that you used when you configured the primary root bridge with the spanning-tree mst root primary global configuration command. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-17 OL-16597-01...
Exercise care when using this command. For most situations, we recommend that you enter the Note spanning-tree mst root primary and the spanning-tree mst root secondary global configuration commands to modify the switch priority. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-20 OL-16597-01...
1 to 10, and the default is 2 seconds. This example shows how to configure the hello time of the switch to 1 second: switch# configure terminal switch(config)# spanning-tree mst hello-time 1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-21 OL-16597-01...
(TTL) mechanism. You configure the maximum hops inside the region and apply it to the IST and all MST instances in that region. The hop count achieves the same result as the message-age information (triggers a reconfiguration). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-22 OL-16597-01...
Rapid PVST+-enabled port. This port remains in the inconsistent state until the port stops receiving BPDUs, and then the port resumes the normal STP transition process. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-23 OL-16597-01...
If the link type is shared, the STP reverts to 802.1D. The default is auto, which sets the link type based on the duplex setting of the interface. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-24 OL-16597-01...
The following example shows how to display current MST configuration: switch# show spanning-tree mst configuration % Switch is not in mst mode Name [mist-attempt] Revision Instances configured 2 Instance Vlans mapped -------- --------------------------------------------------------------------- 1-12,14-41,43-4094 13,42 ------------------------------------------------------------------------------- Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-25 OL-16597-01...
Page 168
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
C H A P T E R Configuring STP Extensions Cisco has added extensions to the Spanning Tree Protocol (STP) that make convergence more efficient. In some cases, even though similar functionality may be incorporated into the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) standard, we recommend using these extensions.
Edge ports, which are connected to hosts, can be either an access port or a trunk port. The edge port interface immediately transitions to the forwarding state, without moving through the blocking or learning states. (This immediate transition was previously configured as the Cisco-proprietary feature PortFast.) Interfaces that are connected to hosts should not receive STP Bridge Protocol Data Units (BPDUs).
BPDU that it receives and go to forwarding. If the port configuration is not set to default BPDU Filtering, then the edge configuration will not affect BPDU Filtering. Table 1-1 lists all the BPDU Filtering combinations. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
You can enable Loop Guard on a per-port basis. When you enable Loop Guard on a port, it is automatically applied to all of the active instances or VLANs to which that port belongs. When you disable Loop Guard, it is disabled for the specified ports. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Loop Guard does not run on spanning tree edge ports. • Enabling Loop Guard on ports that are not connected to a point-to-point link will not work. • You cannot enable Loop Guard if Root Guard is enabled. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
This example shows how to configure all ports connected to switches or bridges as spanning tree network ports: switch# configure terminal switch(config)# spanning-tree port type network default Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Configuring Spanning Tree Network Ports on Specified Interfaces You can configure spanning tree network ports on specified interfaces. Bridge Assurance runs only on spanning tree network ports. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
We recommend that you enable BPDU Guard on all edge ports. Note Before you configure this feature, you should do the following: Ensure that STP is configured. • Ensure that you have configured some spanning tree edge ports. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Ethernet interfaces. This example shows how to explicitly enable BPDU Guard on the Ethernet edge port 1/4: switch# configure terminal switch (config)# interface ethernet 1/4 switch(config-if)# spanning-tree bpduguard enable Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
You can apply BPDU Filtering to specified interfaces. When enabled on an interface, that interface does not send any BPDUs and drops all BPDUs that it receives. This BPDU Filtering functionality applies to the entire interface, whether trunking or not. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
Page 179
Enables BPDU Filtering on the interface if the switch(config-if)# no spanning-tree bpdufilter interface is an operational spanning tree edge port and if you enter the spanning-tree port type edge bpdufilter default command. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Entering the Loop Guard command for the specified interface overrides the global Loop Guard Note command. Before you configure this feature, you should do the following: Ensure that STP is configured. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-12 OL-16597-01...
Displays the current status of spanning tree on the switch# show running-config spanning-tree [all] switch Displays selected detailed information for the current switch# show spanning-tree [options] spanning tree configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-13 OL-16597-01...
Page 182
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 183
For example, if you configure Spanning Tree Protocol (STP) parameters on the port channel, the Cisco NX-OS applies those parameters to each interface in the port channel. You can use static port channels, with no associated protocol, for a simplified configuration. For more efficient use of the port channel, you can use the Link Aggregation Control Protocol (LACP), which is defined in IEEE 802.3ad.
Cisco NX-OS creates a matching port channel automatically if the port channel does not already exist. You can also create the port channel first. In this instance, Cisco NX-OS creates an empty channel group with the same channel number as the port channel and takes the default configuration.
Load Balancing Using Port Channels The Cisco NX-OS load balances traffic across all operational interfaces in a port channel by reducing part of the binary pattern formed from the addresses in the frame to a numerical value that selects one of the links in the channel.
Page 187
Port channel Individual link With LACP, you can bundle up to eight interfaces in a channel group. When you delete the port channel, Cisco NX-OS automatically deletes the associated channel group. All Note member interfaces revert to their previous configuration.
Page 188
A port in active mode can form a port channel successfully with another port that is in active mode. • A port in active mode can form a port channel with another port in passive mode. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Configuring the LACP Port Priority, page 1-11 • Creating a Port Channel You can create a port channel before creating a channel group. Cisco NX-OS automatically creates the associated channel group. Enable LACP if you want LACP-based port channels (see the “Enabling LACP”...
Adding a Port to a Port Channel You can add a port to a new channel group or to a channel group that already contains ports. Cisco NX-OS creates the port channel associated with this channel group if the port channel does not already exist.
To restore the default load-balancing algorithm of source-dest-mac for non-IP traffic and source-dest-ip for IP traffic, perform this task: Command Purpose Restores the default load-balancing algorithm. switch(config)# no port-channel load-balance ethernet Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Before release 4.0(1a)N1 of Cisco NX-OS, the source-dest-ip, source-dest-mac, and source-dest-port...
When you enable LACP, you can configure each link in the LACP port channel for the port priority. To configure the LACP link mode and port priority, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configure terminal Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Page 194
Displays the range of used and unused channel numbers. switch# show port-channel usage Displays information on current running of the switch# show port-channel database port-channel feature. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-12 OL-16597-01...
Page 195
A trunk port can have two or more VLANs configured on the interface; it can carry traffic for several • VLANs simultaneously. Figure 1-1 show how you can use trunk ports in the network. The trunk port carries traffic for two or more VLANs. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
VLANs to traverse the same port and maintain traffic separation between the VLANs. The encapsulated VLAN tag also allows the trunk to move traffic end-to-end through the network on the same VLAN. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
MAC source address. Understanding the Native VLAN ID for Trunk Ports Native VLAN ID numbers must match on both ends of the trunk. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Sets the interface to be an access host port, which switch(config-if)# switchport host immediately moves to the spanning tree forwarding state and disables port channeling on this interface. Apply this command only to end stations. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
If you do not configure this parameter, the trunk port uses the default VLAN as the native VLAN ID. To configure native VLAN for a 802.1Q trunk port, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configure terminal Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
This example shows how to add VLANs 15 to 20 to the list of allowed VLANs on the Ethernet 3/1 Ethernet trunk port: switch# configure terminal switch(config)# interface ethernet 3/1 switch(config-if)# switchport trunk allow vlan 15-20 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Displays the interface configuration switch# show interface Displays information for all Ethernet interfaces, switch# show interface switchport including access and trunk interfaces. Displays interface configuration information. switch# show interface brief Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
This section includes the following topics: • Configuring a Static MAC Address, page 1-2 • Configuring the Aging Time for the MAC Table, page 1-2 • Clearing Dynamic Addresses from the MAC Table, page 1-3 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
You can configure the amount of time that an entry (the packet source MAC address and port that packet ingresses) remain in the MAC table. You can also configure MAC aging time in interface configuration mode or VLAN configuration mode. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
This example shows how to display the MAC address table: switch# show mac-address-table VLAN MAC Address Type Port ---------+-----------------+-------+---------+------------------------------ 0018.b967.3cd0 dynamic 10 Eth1/3 001c.b05a.5380 dynamic 200 Eth1/3 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 206
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Total MAC Addresses: 2 This example shows how to display the current aging time: switch# show mac-address-table aging-time Vlan Aging Time ----- ---------- Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Layer 2 forwarding decisions. Cisco NX-OS supports IGMPv2 and IGMPv3. IGMPv2 supports IGMPv1, and IGMPv3 supports IGMPv2. Although not all features of an earlier version of IGMP are supported, the features related to membership query and membership report messages are supported for all IGMP versions.
Cisco NX-OS ignores the configuration of last member query interval when you enable the fast leave Note feature because it does not check for remaining hosts.
IGMP Forwarding The control plane of the Cisco Nexus 5000 Series switch is able to detect IP addresses but forwarding occurs using the MAC address only. When a host connected to the switch wants to join an IP multicast group, it sends an unsolicited IGMP join message, specifying the IP multicast group to join.
Note If the global setting is disabled, then all VLANs are treated as disabled, whether they are enabled or not. Step 3 Enters VLAN configuration mode. switch(config)# vlan vlan-id Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 211
1/10 switch(config-vlan)# ip igmp snooping static-group 230.0.0.1 interface ethernet 1/10 switch(config-vlan)# end switch# Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
IGMP Snooping information for vlan 1 IGMP snooping enabled IGMP querier none Switch-querier disabled Explicit tracking enabled Fast leave disabled Report suppression enabled Router port detection using PIM Hellos, IGMP Queries Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 213
Switch-querier enabled, address 172.16.24.1, currently running Explicit tracking enabled Fast leave enabled Report suppression enabled Router port detection using PIM Hellos, IGMP Queries Number of router-ports: 1 Number of groups: 1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 214
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 215
C H A P T E R Configuring Traffic Storm Control This chapter describes how to configure traffic storm control on the Cisco Nexus 5000 Series switch. This chapter includes the following sections: Information About Traffic Storm Control, page 1-1 •...
For example, a higher threshold allows more packets to pass through. Traffic storm control on the Cisco Nexus 5000 Series switch is implemented in the hardware. The traffic storm control circuitry monitors packets that pass from a Layer 2 interface to the switching bus. Using...
Displays the traffic storm control configuration. switch# show running-config interface Displaying Traffic Storm Control Counters You can display the counters the Cisco Nexus 5000 Series switch maintains for traffic storm control activity. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
40 Default Settings Table 1-1 lists the default settings for traffic storm control parameters. Table 1-1 Default Traffic Storm Control Parameters Parameters Default Traffic storm control Disabled Threshold percentage Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 219
The AAA feature allows you to verify the identity of, grant access to, and track the actions of users managing Nexus 5000 Series switches. The Nexus 5000 Series switches support Remote Access Dial-In User Service (RADIUS) or Terminal Access Controller Access Control device Plus (TACACS+) protocols.
Series switches. This process is based on the user ID and password combination provided by the entity trying to access the Nexus 5000 switch. The Nexus 5000 Series switches allow you to perform local authentication (using the local lookup database) or remote authentication (using one or more RADIUS or TACACS+ servers).
If all the AAA servers in the server group fail to respond, then that server group option is considered a failure. If required, you can specify multiple server groups. If a Nexus 5000 Series switch encounters errors from the servers in the first group, it tries the servers in the next server group.
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m If the method is for all RADIUS servers, instead of a specific server group, the Nexus 5000 Series...
Page 223
“No more server groups left” means that there is no response from any server in all server groups. Note “No more servers left” means that there is no response from any server within this server group. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
RADIUS, or created locally, and do not create local users with all numeric names. If an all numeric username exists on an AAA server and is entered during login, the Nexus 5000 Series switch will log in the user.
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m If you are familiar with the Cisco IOS CLI, be aware that the Nexus 5000 Series commands for this Note feature might differ from the Cisco IOS commands that you would use.
The default login method is local, which is used when no methods are configured or when all of the configured methods do not respond. Step 3 Exits configuration mode. switch(config)# exit Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Enabling MSCHAP Authentication Microsoft Challenge Handshake Authentication Protocol (MSCHAP) is the Microsoft version of CHAP. You can use MSCHAP for user logins to a Nexus 5000 Series switch through a remote authentication server (RADIUS or TACACS+). By default, the Nexus 5000 Series switch uses Password Authentication Protocol (PAP) authentication between the Nexus 5000 Series switch and the remote server.
(AV) pairs and is stored on the AAA server. When you activate AAA accounting, the Nexus 5000 Series switch reports these attributes as accounting records, which are then stored in an accounting log on the security server.
Using AAA Server VSAs with Nexus 5000 Series Switches You can use vendor-specific attributes (VSAs) to specify the Nexus 5000 Series user roles and SNMPv3 parameters on AAA servers. This section includes the following topics: About VSAs, page 1-11 •...
Page 230
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m implementation supports one vendor-specific option using the format recommended in the specification. The Cisco vendor ID is 9, and the supported option is vendor type 1, which is named cisco-av-pair. The value is a string with the following format:...
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Displaying and Clearing the Local AAA Accounting Log The Nexus 5000 Series switch maintains a local log for the AAA accounting activity. To display this log and clear it, perform this task:...
The RADIUS distributed client/server system allows you to secure networks against unauthorized access. In the Cisco implementation, RADIUS clients run on the Nexus 5000 Series of switches and send authentication and accounting requests to a central RADIUS server that contains all user authentication and network service access information.
Networks already using RADIUS. • You can add a Nexus 5000 Series switch with RADIUS to the network. This action might be the first step when you make a transition to a AAA server. Networks that require resource accounting.
The value is a string with the following format: protocol : attribute separator value * The protocol is a Cisco attribute for a particular type of authorization, the separator is an equal sign (=) for mandatory attributes, and an asterisk ( ) indicates optional attributes.
Obtain IPv4 or IPv6 addresses or host names for the RADIUS servers. • Obtain preshared keys from the RADIUS servers. • Ensure that the Nexus 5000 Series switch is configured as a RADIUS client of the AAA servers. • Guidelines and Limitations RADIUS has the following guidelines and limitations: You can configure a maximum of 64 RADIUS servers on the Nexus 5000 Series switch.
Manually Monitoring RADIUS Servers or Groups, page 1-14 • Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use. Configuring RADIUS Server Hosts You must configure the IPv4 or IPv6 address or the host name for each RADIUS server that you want to use for authentication.
Page 238
Configuring Global Preshared Keys You can configure preshared keys at the global level for all servers used by the Nexus 5000 Series switch. A preshared key is a shared secret text string between the Nexus 5000 Series switch and the RADIUS server hosts.
You can configure preshared keys for a RADIUS server. A preshared key is a shared secret text string between the Nexus 5000 Series switch and the RADIUS server host. To configure radius server preshared keys, obtain the preshared key values for the remote RADIUS...
Step 7 (Optional) Copies the running configuration to the switch(config)# copy running-config startup-config startup configuration. The following example shows how to configure a RADIUS server group: switch# configure terminal Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
By default, the Nexus 5000 Series switch forwards an authentication request based on the default AAA Note authentication method. You can configure the Nexus 5000 Series switch to allow the user to specify a VRF and RADIUS server to send the authenticate request by enabling the directed-request option. If you enable this option, the user can log in as username@hostname, where hostname is the name of a configured RADIUS server.
Page 242
You can increase this number up to a maximum of five retries per server. You can also set a timeout interval that the Nexus 5000 Series switch waits for responses from RADIUS servers before declaring a timeout failure.
The test idle timer specifies the interval during which a RADIUS server receives no requests before the Nexus 5000 Series switch sends out a test packet. The default idle timer value is 0 minutes. When the idle time interval is 0 minutes, the Nexus 5000 Series Note switch does not perform periodic RADIUS server monitoring.
Page 245
You can configure the dead-time interval for all RADIUS servers. The dead-time interval specifies the time that the Nexus 5000 Series switch waits after declaring a RADIUS server is dead, before sending out a test packet to determine if the server is now alive. The default value is 0 minutes.
[directed-request | groups | sorted parameters. | statistics] For detailed information about the fields in the output from this command, refer to the Cisco Nexus 5000 Series Command Reference. Displaying RADIUS Server Statistics To display the statistics the Cisco Nexus 5000 Series switch maintains for RADIUS server activity,...
Authentication and accounting Dead timer interval 0 minutes Retransmission count Retransmission timer interval 5 seconds Idle timer interval 0 minutes Periodic server monitoring username test Periodic server monitoring password test Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-15 OL-16597-01...
Page 248
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 249
The TACACS+ security protocol provides centralized validation of users attempting to gain access to a Nexus 5000 Series switch. TACACS+ services are maintained in a database on a TACACS+ daemon typically running on a UNIX or Windows NT workstation. You must have access to and must configure a TACACS+ server before the configured TACACS+ features on your Nexus 5000 Series switch are available.
The RADIUS protocol only encrypts passwords. User Login with TACACS+ When a user attempts a Password Authentication Protocol (PAP) login to a Nexus 5000 Series switch using TACACS+, the following actions occur: When the Nexus 5000 Series switch establishes a connection, it contacts the TACACS+ daemon to obtain the username and password.
Page 251
AAA requests. The Nexus 5000 Series switch marks unresponsive TACACS+ servers as dead and does not send AAA requests to any dead TACACS+ servers. A Nexus 5000 Series switch periodically monitors dead TACACS+ servers and brings them to the alive state once they are responding.
• Disabling TACACS+, page 1-13 • If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature Note might differ from the Cisco IOS commands that you would use. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
“Configuring Periodic TACACS+ Server Monitoring” section on page 1-11. Enabling TACACS+ By default, the TACACS+ feature is disabled on the Nexus 5000 Series switch. To explicitly enable the TACACS+ feature to access the configuration and verification commands for authentication, perform this task:...
Page 254
Configuring Global Preshared Keys You can configure preshared keys at the global level for all servers used by the Nexus 5000 Series switch. A preshared key is a shared secret text string between the Nexus 5000 Series switch and the TACACS+ server hosts.
Page 255
Configuring TACACS+ Server Preshared Keys You can configure preshared keys for a TACACS+ server. A preshared key is a shared secret text string between the Nexus 5000 Series switch and the TACACS+ server host. To configure the TACACS+ preshared keys, perform this task:...
Page 256
0 minutes. The range is from 0 through 1440. If the dead-time interval for a TACACS+ Note server group is greater than zero (0), that value takes precedence over the global dead-time value. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 257
You can configure the switch to allow the user to specify which TACACS+ server to send the authenticate request by enabling the directed-request option. By default, a Nexus 5000 Series switch forwards an authentication request based on the default AAA authentication method. If you enable this option, the user can log in as username@hostname, where hostname is the name of a configured RADIUS server.
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Configuring the Global TACACS+ Timeout Interval You can set a global timeout interval that the Nexus 5000 Series switch waits for responses from all TACACS+ servers before declaring a timeout failure. The timeout interval determines how long the Nexus 5000 Series switch waits for responses from TACACS+ servers before declaring a timeout failure.
The idle timer specifies the interval in which a TACACS+ server receives no requests before the Nexus 5000 Series switch sends out a test packet.You can configure this option to test servers periodically, or you can run a one-time only test.
Page 260
You can configure the dead-time interval for all TACACS+ servers. The dead-time interval specifies the time that the Nexus 5000 Series switch waits, after declaring a TACACS+ server is dead, before sending out a test packet to determine if the server is now alive.
When you disable TACACS+, all related configurations are automatically discarded. Caution To disable TACACS+, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configure terminal Step 2 Enables TACACS+. switch(config)# feature tacacs+ Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-13 OL-16597-01...
Page 262
Displays the TACACS+ statistics. switch# show tacacs-server statistics {hostname|ipv4-address|ipv6-address} For detailed information about the fields in the output from this command, see the Cisco Nexus 5000 Series Command Reference. Verifying TACACS+ Configuration To display TACACS+ configuration information, perform one of the following tasks:...
Page 263
Default TACACS+ Parameters Parameters Default TACACS+ Disabled Dead timer interval 0 minutes Timeout interval 5 seconds Idle timer interval 0 minutes Periodic server monitoring username test Periodic server monitoring password test Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-15 OL-16597-01...
Page 264
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
The SSH server feature enables a SSH client to make a secure, encrypted connection to a Nexus 5000 Series switch. SSH uses strong encryption for authentication. The SSH server in the Nexus 5000 Series switch will interoperate with publicly and commercially available SSH clients.
The SSH client enables a Nexus 5000 Series switch to make a secure, encrypted connection to another Nexus 5000 Series switch or to any other device running the SSH server. This connection provides an outbound connection that is encrypted. With authentication and encryption, the SSH client allows for a secure communication over an insecure network.
The Nexus 5000 Series switch supports only SSH version 2 (SSHv2). • If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature Note might differ from the Cisco IOS commands that you would use.
The following example shows how to specify an SSH public keys in open SSH format: switch# configure terminal switch(config)# switch(config)# username User1 sshkey ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAy19oF6QaZl9G+3f1XswK3OiW4H7YyUyuA50rv7gsEPjhOBYmsi6PAVKui1nIf/ DQhum+lJNqJP/eLowb7ubO+lVKRXFY/G+lJNIQW3g9igG30c6k6+XVn+NjnI1B7ihvpVh7dLddMOXwOnXHYshXmSiH 3UD/vKyziEh5S4Tplx8= switch(config)# exit switch# show user-account switch# copy running-config startup-config Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 269
Enters configuration mode. switch# configure terminal Step 3 (Optional) Displays the user account switch# show user-account configuration. Step 4 (Optional) Copies the running configuration to switch# copy running-config startup-config the startup configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Starting SSH Sessions to Remote Devices You can start SSH sessions to connect to remote devices from your Nexus 5000 Series switch. Command Purpose Step 1 Creates an SSH session to a remote device. The...
Clearing SSH Sessions, page 1-7 • Enabling the Telnet Server By default, the Telnet server is enabled. To disable the Telnet server on your Nexus 5000 Series switch, perform this task: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Enable the Telnet server on the Nexus 5000 Series switch. • Enable the Telnet server on the remote device. • To start Telnet sessions to connect to remote devices from your Nexus 5000 Series switch, perform this task: Command Purpose Step 1 Creates a Telnet session to a remote device.
• IP ACL Types and Applications The Cisco Nexus 5000 Series switch supports IPv4, IPv6 and MAC ACLs for security traffic filtering. The switch allows you to use IP ACLs as port ACLs and VLAN ACLs, as shown in Table 1-1.
Page 276
ACLs allow you to identify traffic by protocol. For your convenience, you can specify some protocols by name. For example, in an IPv4 ACL, you can specify ICMP by name. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
ACL, you can add a second instance of the rule using the sequence number that positions it correctly, and then you can remove the original instance of the rule. This action allows you to move the rule without disrupting traffic. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
235 to the new rule. In addition, the Nexus 5000 Series switch allows you to reassign sequence numbers to rules in an ACL. Resequencing is useful when an ACL has rules numbered contiguously, such as 100 and 101, and you need to insert one or more rules between those rules.
If you need to add more rules between existing rules than the current sequence numbering allows, you can use the resequence command to reassign sequence numbers. For more information, see the “Changing Sequence Numbers in an IP ACL” section on page 1-7. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The switch allows you to remove ACLs that are currently applied. Removing an ACL does not affect the configuration of interfaces where you have applied the ACL. Instead, the switch considers the removed ACL to be empty. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
You can apply an IPv4 ACL to a physical Ethernet interface or a port channel. ACLs applied to these interface types are considered port ACLs. To apply an IP ACL, perform this task: Command Purpose Step 1 Enters global configuration mode. switch# configure terminal Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
192.168.2.0/24 any interface ethernet 2/1 ip access-group acl-01 in Applying an IP ACL as a VACL For information about configuring VACLs, see “Configuring VACLs” section on page 1-15. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Displays the configuration of an interface to which you have applied an ACL. For detailed information about the fields in the output from these commands, refer to the Cisco Nexus 5000 Series Command Reference. Displaying and Clearing IP ACL Statistics Use the show ip access-lists command to display statistics about an IP ACL, including the number of packets that have matched each rule.
In an existing MAC ACL, you can add and remove rules. You cannot change existing rules. Instead, to change a rule, you can remove it and recreate it with the desired changes. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10...
ACLs that are current applied. Removing an ACL does not affect the configuration of interfaces where you have applied the ACL. Instead, the switch considers the removed ACL to be empty. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11...
Be sure that the ACL that you want to apply exists and is configured to filter traffic as necessary for this application. For more information about configuring MAC ACLs, see the “Configuring IP ACLs” section on page 1-4. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-12 OL-16597-01...
Displaying and Clearing MAC ACL Statistics Use the show mac access-lists command to display statistics about a MAC ACL, including the number of packets that have matched each rule. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-13 OL-16597-01...
In access map configuration mode, you use the action command to specify one of the following actions: Forward—Sends the traffic to the destination determined by normal operation of the switch. • Drop—Drops the traffic. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-14 OL-16597-01...
VACL is applied. Note The Cisco Nexus 5000 Series switch does not support interface-level VACL statistics. For each VLAN access map that you configure, you can specify whether the switch maintains statistics for that VACL. This allows you to turn VACL statistics on or off as needed to monitor traffic filtered by a VACL or to help troubleshoot VLAN access-map configuration.
Applying a VACL to a VLAN You can apply a VACL to a VLAN. The VACL drop-down list appears in the Advanced Settings section. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-16 OL-16597-01...
This example shows how to configure a VACL to forward traffic permitted by an IP ACL named acl-ip-01and how to apply the VACL to VLANs 50 through 82: configure terminal vlan access-map acl-ip-map match ip address acl-ip-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-17 OL-16597-01...
Page 292
Table 1-4 Default VACL Parameters Parameters Default VACLs No IP ACLs exist by default. ACL rules Implicit rules apply to all ACLs. See the “Implicit Rules” section on page 1-3. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-18 OL-16597-01...
CFS has the ability to discover CFS capable switches in the network and discovering feature capabilities in all CFS capable switches. Cisco Nexus 5000 Series switches support CFS message distribution over Fibre Channel, IPv4 or IPv6 networks. If the switch is provisioned with Fibre Channel ports, CFS over Fibre Channel is enabled by default.
(when two independent SAN fabrics merge). CFS Distribution The CFS distribution functionality is independent of the lower layer transport. Cisco Nexus 5000 Series switches support CFS distribution over IP and CFS distribution over Fibre Channel. Features that use CFS are unaware of the lower layer transport.
Channel or IP) for all applications on the switch. Enables (default) CFS distribution on the switch. switch(config)# cfs distribute Verifying CFS Distribution Status The show cfs status command displays the status of CFS distribution on the switch. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Keepalive mechanism to detect network topology changes using a configurable multicast address. • • Compatibility with Cisco MDS 9000 Family switches running release 2.x or later. Figure 1-1 shows a network with both Fibre Channel and IP connections. Node A forwards an event to node B over Fibre Channel.
(0x77434653) protocol for all CFS packets. CFS packets are sent to or from the switch domain controller addresses. CFS Distribution Scopes Different applications on the Cisco Nexus 5000 Series switches need to distribute the configuration at various levels. The following levels are available when using CFS distribution over Fibre Channel: VSAN level (logical scope) •...
All switches in the network must be CFS capable. Switches that are not CFS capable do not receive distributions and result in part of the network not receiving the intended distribution. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Total number of entries = 2 The show cfs lock name command displays the lock details for the specified application: switch# show cfs lock name ntp Scope : Physical -------------------------------------------------------------------- Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 301
Caution The CISCO-CFS-MIB contains SNMP configuration information for any CFS-related functions. Refer to the Cisco Nexus 5000 Series MIB Quick Reference for more information on this MIB. Clearing a Locked Session You can clear locks held by an application from any switch in the network to recover from situations where locks are acquired and not released.
CFS region at a time to distribute the configuration for a given feature. Once you assign a feature to a CFS region, its configuration cannot be distributed within another CFS region. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
NTP and Call Home applications are moved to Region 2. If you try adding an application to the same region more than once, you see the error message, Note “Application already present in the same region.” Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
• Verifying IP Multicast Address Configuration for CFS over IP, page 1-14 Enabling CFS Over IP CFS cannot distribute over both IPv4 and IPv6 from the same switch. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-12 OL-16597-01...
You can configure a CFS over IP multicast address value for either IPv4 or IPv6. The default IPv4 multicast address is 239.255.70.83 and the default IPv6 multicast address is ff13:7743:4653. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-13...
VSANs on the switch. The command output shows the merge status as one of the following: Success, Waiting, or Failure or In Progress. In case of a successful merge, all the switches in Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-14...
Page 307
The show cfs peers command output displays all the switches in the physical network in terms of the switch WWN and the IP address. The local switch is indicated as Local. switch# show cfs peers Physical Fabric ------------------------------------------------- Switch WWN IP Address ------------------------------------------------- 20:00:00:05:30:00:6b:9e 10.76.100.167 [Local] Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-15 OL-16597-01...
Page 308
CFS distribution on the switch Enabled. Database changes Implicitly enabled with the first configuration change. Application distribution Differs based on application. Commit Explicit configuration is required. CFS over IP Disabled. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-16 OL-16597-01...
Page 309
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Table 1-1 Default CFS Parameters (continued) Parameters Default IPv4 multicast address 239.255.70.83. IPv6 multicast address ff15::efff:4653. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-17 OL-16597-01...
Page 310
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
The following words are reserved and cannot be used to configure users: bin, daemon, adm, lp, sync, shutdown, halt, mail, news, uucp, operator, games, gopher, ftp, nobody, nscd, mailnull, rpc, rpcuser, xfs, gdm, mtsuser, ftpuser, man, and sys. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
($) or the percent sign (%), are not allowed. If a password is trivial (such as a short, easy-to-decipher password), the Nexus 5000 Series switch will reject your password configuration. Be sure to configure a strong password as shown in the sample configuration.
• Command—A command or group of commands defined in a regular expression. Feature—Commands that apply to a function provided by the Nexus 5000 Series switch. • Enter the show role feature command to display the feature names available for this parameter.
Cisco IOS commands that you would use. A user account must have at least one user role. Note Configuring User Accounts You can create a maximum of 256 user accounts on a Nexus 5000 Series switch. User accounts have the following attributes: Username •...
Step 2 Specifies a user role and enters role configuration switch(config)# role name role-name mode. The role-name argument is a case-sensitive, alphanumeric character string with a maximum length of 16 characters. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 316
L3 switch(config-role)# description This role does not allow users to use clear commands switch(config-role)# exit switch(config)# show role switch(config)# copy running-config startup-config Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Repeat this command for as many interfaces as needed. For this command, you can specify Ethernet interfaces, Fibre Channel interfaces and virtual Fibre Channel interfaces. Step 6 Exits role interface policy configuration mode. switch(config-role-interface)# exit Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
You can change a user role VSAN policy to limit the VSANs that the user can access. To change a user role VSAN policy to limit the VSANs that the user can access, perform this task: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The following example shows how to configure a user role: role name UserA rule 3 permit read feature l2nac rule 2 permit read feature dot1x rule 1 deny command clear * Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 320
User account expiry date. None. Interface policy All interfaces are accessible. VLAN policy All VLANs are accessible. VFC policy All VFCs are accessible. VETH policy All VETHs are accessible. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
• Verification—Verifies the configuration as a whole, based on the existing hardware and software configuration and resources. Cisco NX-OS returns an error if the configuration does not pass this verification phase. Commit—Cisco NX-OS verifies the complete configuration and implements the changes atomically •...
Step 5 Adds a port access group to the interface. switch(config-s-if)# ip port access-group name in Step 6 (Optional) Displays the contents of the session. switch# show configuration session [name] Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Displays the contents of the configuration session. show configuration session [name] Displays the status of the configuration session. show configuration session status [name] Displays a summary of all the configuration session. show configuration session summary Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 325
Expansion Module Diagnostics, page 1-3 • Online Diagnostics Overview Cisco Nexus 5000 Series switches support bootup diagnostics and runtime diagnostics. Bootup diagnostics include disruptive tests and nondisruptive tests that run during system bootup and system reset. Runtime diagnostics (also known as health monitoring diagnostics) include nondisruptive tests that run in the background during normal operation of the switch.
Bootup diagnostics log any failures to the onboard failure logging (OBFL) system. Failures also trigger an LED display to indicate diagnostic test states (on, off, pass, or fail). You can configure Cisco Nexus 5000 Series switches to either bypass the bootup diagnostics, or run the complete set of bootup diagnostics. See the “Configuring Online Diagnostics”...
Table 1-5 Expansion Module Health Monitoring Diagnostics Diagnostic Description Monitors port and system status LEDs. Temperature Sensor Monitors temperature sensor readings. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Displays the results of the diagnostics tests. Default Settings Table 1-6 lists the default settings for online diagnostics parameters. Table 1-6 Default Online Diagnostics Parameters Parameters Default Bootup diagnostics level complete Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 329
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 330
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
“Configuring syslog Servers” section on page 1-5. To support the same configuration of syslog servers on all switches in a fabric, you can use the Cisco Fabric Services (CFS) to distribute the syslog server configuration. For information about distributing the syslog server configuration, see the “Configuring syslog Server Configuration Distribution”...
For information about displaying and clearing log files, see the “Displaying and Clearing Log Files” section on page 1-8. To configure the switch to log system messages to a file, perform this task: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
You can configure a syslog server on a UNIX or Linux system by adding the following line to the /etc/syslog.conf file: facility.level <five tab characters> action Table 1-2 describes the syslog fields that you can configure. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 336
Repeat Step 2 for up to three syslog servers. Step 4 (Optional) Displays the syslog server configuration. switch(config)# show logging server Step 5 (Optional) Copies the running configuration to the switch(config)# copy running-config startup-config startup configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Configuring syslog Server Configuration Distribution You can distribute the syslog server configuration to other switches in the network by using the Cisco Fabric Services (CFS) infrastructure. For more information about CFS, see the “Information About CFS”...
The following example shows how to display or clear messages in a log file: switch# show logging last 40 switch# show logging logfile start-time 2007 nov 1 15:10:0 switch# show logging nvram last 10 switch# clear logging logfile switch# clear logging nvram Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
XML-based automated parsing applications. You can use this feature to page a network support engineer, e-mail a Network Operations Center, or use Cisco Smart Call Home services to automatically generate a case with the Technical Assistance Center.
Call Home Alert Groups An alert group is a predefined subset of Call Home alerts that are supported in all Nexus 5000 Series switches. Alert groups allow you to select the set of Call Home alerts that you want to send to a predefined or custom destination profile.
Page 343
1000 show module show tech-support platform callhome show version Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 344
Call Home maps the syslog severity level to the corresponding Call Home severity level for syslog port group messages (see the “Call Home Message Levels” section on page 1-5). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Debugging messages. Obtaining Smart Call Home If you have a service contract directly with Cisco Systems, you can register your devices for the Smart Call Home service. Smart Call Home provides fast resolution of system problems by analyzing Call Home messages sent from your devices and providing background information and recommendations.
Call Home message. • Operates with any SMTP server. Configuring Call Home This section includes the following topics: Guidelines for Configuring Call Home, page 1-7 • Configuring Contact Information, page 1-7 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 348
Home alerts of the same severity from each switch. Step 11 (Optional) Displays a summary of the Call Home switch(config-callhome)# show callhome configuration. Step 12 (Optional) Saves this configuration change. switch(config)# copy running-config startup-config Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Message size—The allowed length of a Call Home message sent to the e-mail addresses in this • destination profile. See the “Associating an Alert Group with a Destination Profile” section on page 1-10 for information on configuring an alert group for a destination profile. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
5 switch(config-callhome)# destination-profile full-text-destination message-size 10000 Associating an Alert Group with a Destination Profile To associate one or more alert groups with a destination profile, perform this task: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
Environmental | Inventory | License | the show command in double quotes. Only valid show Linecard-Hardware | Supervisor-Hardware commands are accepted. | Syslog-group-port | System | Test} user-def-cmd show-cmd Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Page 352
Step 5 (Optional) Saves this configuration change. switch(config)# copy running-config startup-config This example shows how to add the show ip routing command o the Cisco-TAC alert group: switch# configuration terminal switch(config)# callhome switch(config-callhome)# alert-group Configuration user-def-cmd “show ip routing” Configuring E-Mail You must configure the SMTP server address for the Call Home functionality to work.
30 messages within a 2-hour time frame, then the switch discards further messages for that alert type. To disable duplicate message throttling in Call Home configuration mode, perform this task: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-13 OL-16597-01...
Sends a test message to all configured switch# callhome test destinations. callhome test and callhome test inventory commands are supported. [Optional] switch# callhome test inventory Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-14 OL-16597-01...
Home. Call Home Example Configuration The following example uses CFS to create a destination profile called Noc101, associate the Cisco-TAC alert group to that profile, and configure contact and e-mail information to all CFS-enabled devices. configure terminal snmp-server contact person@company.com...
Date/time stamp Time stamp of the triggering event Error isolation message Plain English description of triggering event Alarm urgency level Error level such as that applied to system message Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-16 OL-16597-01...
Page 357
Name of person to contact for issues associated with the node that /aml/body/sysContact experienced the event. Contact e-mail E-mail address of person identified as the contact for this unit. /aml/body/sysContactEmail Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-17 OL-16597-01...
Page 358
Serial number of the affected FRU. /aml/body/fru/serialNo number Affected FRU part Part number of the affected FRU. /aml/body/fru/partNo number FRU slot Slot number of the FRU that is generating the event message. /aml/body/fru/slot Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-18 OL-16597-01...
Page 359
Process exception Exception or reason code. /aml/body/process/exception Sample syslog Alert Notification in Full-Text Format This sample shows the full-text format for a syslog port alert-group notification: source:MDS9000 Switch Priority:7 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-19 OL-16597-01...
Page 362
00:04:14: %OIR-SP-6-INSCARD: Card inserted in slot 7, interfaces are now online 00:04:35: %DIAG-SP-6-DIAG_OK: Module 9: Passed Online Diagnostics 00:04:37: %OIR-SP-6-INSCARD: Card inserted in slot 9, interfaces are now online Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-22 OL-16597-01...
Page 363
00:06:59: %OIR-SP-6-DOWNGRADE_EARL: Module 8 DFC installed is not identical to system PFC and will perform at current system operating mode. 00:07:06: %OIR-SP-6-INSCARD: Card inserted in slot 8, interfaces are now online Router#]]></aml-block:Data> </aml-block:Attachment> </aml-block:Attachments> </aml-block:Block> </soap-env:Body> </soap-env:Envelope> Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-23 OL-16597-01...
Page 364
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 365
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Configuring SNMP This chapter describes how to configure the SNMP feature in Cisco Nexus 5000 Series of switches. This chapter includes the following sections: Information About SNMP, page 1-1 •...
Cisco Nexus 5000 Series switch cannot determine if the trap was received. An SNMP manager that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the Cisco Nexus 5000 Series switch never receives a response, it can send the inform request again.
Page 367
Message confidentiality—Ensures that information is not made available or disclosed to • unauthorized individuals, entities, or processes. SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 368
HMAC-SHA-96 authentication protocol • Cisco Nexus 5000 Series uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3 message encryption and conforms with RFC 3826. The priv option offers a choice of DES or 128-bit AES encryption for SNMP security encryption. The priv option along with the aes-128 token indicates that this privacy password is for generating a 128-bit AES key.The AES priv password can have a minimum of eight characters.
Page 369
Assigning SNMP Switch Contact and Location Information, page 1-12 • If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature Note might differ from the Cisco IOS commands that you would use.
You can configure SNMP to require authentication or encryption for incoming requests. By default the SNMP agent accepts SNMPv3 messages without authentication and encryption. When you enforce privacy, Cisco Nexus 5000 Series responds with an authorization Error for any SNMPv3 PDU request using securityLevel parameter of either noAuthNoPriv or authNoPriv.
{ro | rw} Configuring SNMP Notification Receivers You can configure Cisco Nexus 5000 Series to generate SNMP notifications to multiple host receivers. To configure a host receiver for SNMPv1 traps in a global configuration mode, perform this task: Command Purpose Configures a host receiver for SNMPv1 traps.
You must configure a notification target user on the device to send SNMPv3 inform notifications to a notification host receiver. The Cisco Nexus 5000 Series switch uses the credentials of the notification target user to encrypt the SNMPv3 inform notification messages to the configured notification host receiver.
Page 373
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Table 1-2 lists the CLI commands that enable the notifications for Cisco Nexus 5000 Series MIBs. The snmp-server enable traps CLI command enables both traps and informs, depending on the Note configured notification host receivers.
Page 374
IEFT extended—Cisco Nexus 5000 Series sends only the IETF-defined notifications (linkUp, linkDown defined in IF-MIB), if ifLinkUpDownTrapEnable (defined in IF-MIB) is enabled for that interface. Cisco Nexus 5000 Series adds additional varbinds specific to Cisco Systems in addition to the varbinds defined in the IF-MIB. This is the default setting.
Page 375
To enable one-time authentication for SNMP over TCP in global configuration mode, perform this task: Command Purpose Enables a one-time authentication for SNMP over switch(config)# snmp-server tcp-session [auth] a TCP session. Default is disabled. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Displays SNMP roles. show snmp group Displays SNMP sessions. show snmp sessions Displays the SNMP notifications enabled or show snmp trap disabled. Displays SNMPv3 users. show snmp user Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-12 OL-16597-01...
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m SNMP Example Configuration This example configures Cisco Nexus 5000 Series to send the Cisco linkUp/linkDown notifications to one notification host receiver and defines two SNMP users, Admin and NMS: configuration terminal snmp-server contact Admin@company.com...
Page 378
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
You can use alarms with RMON events to generate a log entry or an SNMP notification when the RMON alarm triggers. RMON is disabled by default and no events or alarms are configured in Cisco Nexus 5000 Series. You can configure your RMON alarms and events by using the CLI or an SNMP-compatible network...
• samples take two consecutive samples and calculate the difference between them. • Rising threshold—The value at which the Cisco Nexus 5000 Series switch triggers a rising alarm or resets a falling alarm. • Falling threshold—The value at which the Cisco Nexus 5000 Series switch triggers a falling alarm or resets a rising alarm.
• Configuring RMON Events, page 1-4 • If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature Note might differ from the Cisco IOS commands that you would use. Configuring RMON Alarms You can configure RMON alarms on any integer-based SNMP MIB object.
Step 2 Configures an RMON event. The description string switch(config)# rmon event index [description string] [log] [trap] [owner and owner name can be any alphanumeric string. name] Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
See the following related topics: • Configuring SNMP, page 1-5. Default Settings Table 1-1 lists the default settings for RMON parameters. Table 1-1 Default RMON Parameters Parameters Default Alarms None configured events None configured Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 384
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 385
• Ethernet Frame Formats, page 1-4 • Licensing Requirements On Cisco Nexus 5000 Series switches, FCoE capability is included in the Storage Protocol Services License. Before using FCoE capabilities, ensure that: The correct license is installed (N5010SS or N5020SS). •...
To reduce configuration errors and simplify administration. you can configure the switch to distribute the configuration data to all the connected adapters. DCBX Capabilities The DCBX capabilities supported by Cisco Nexus 5000 Series switches are described in the following topics: FCoE, page 1-2 •...
For flexibility, parameters are coded in a type-length-value (TLV) format. DCBX runs on the physical Ethernet link between the Cisco Nexus 5000 Series switch and the converged network adapter on the server. By default, DCBX is enabled on Ethernet interfaces. When an Ethernet interface is brought up, the switch automatically starts to communicate with the adapter.
• If the adapter does not implement DCBX, all capabilities remain disabled. The Cisco Nexus 5000 Series switch provides CLI commands to manually override the results of the Note negotiation with the adapter. On a per-interface basis, you can force capabilities to be enabled or disabled.
Disables FCoE capability for this interface. switch(config-if)# no fcoe mode [auto | This example shows how to disable FCoE for an Ethernet interface: switch# configure terminal switch(config)# interface ethernet 1/4 switch(config-if)# no fcoe mode auto Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 390
This section shows how to configure LLDP both globally and on individual interfaces. This section includes the following topics: Configuring Global LLDP Commands, page 1-7 • Configuring Interface LLDP Commands, page 1-7 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
[no] lldp {receive | transmit} transmit. The no form of the command disables the LLDP transmit or receive. The following example shows how to set an interface to transmit LLDP packets: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The following example shows how to display LLDP timer information: switch# show lldp timers LLDP Timers holdtime 120 seconds reinit 2 seconds msg_tx_interval 30 seconds The following example shows how to display LLDP counters: switch# show lldp traffic Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Configuring Virtual Interfaces This section describes the configuration of virtual interfaces on the Cisco Nexus 5000 Series switches. It includes the following sections: Information About Virtual Interfaces, page 1-1 •...
To create a mapping between a VSAN and its associated VLAN, perform this task: Command Purpose Step 1 switch# configure terminal Enters configuration mode. Step 2 Enters VLAN configuration mode. VLAN number is in switch(config)# vlan vlan-id the range of 1 to 4096. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Deletes a virtual Fibre Channel interface. switch(config)# no interface vfc vfc-id The following example shows how to delete a virtual Fibre Channel interface: switch# configure terminal switch(config)# no interface vfc 4 switch(config-if)# exit Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Port Channel ------------------------------------------------------------------------------- Ethernet1/1 hwFailure 1500 Ethernet1/2 hwFailure 1500 Ethernet1/3 10000 1500 Ethernet1/39 sfpIsAbsen -- 1500 Ethernet1/40 sfpIsAbsen -- 1500 ------------------------------------------------------------------------------- Interface Status IP Address Speed ------------------------------------------------------------------------------- mgmt0 172.16.24.41 1500 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 397
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Interface Vsan Admin Admin Status Oper Oper Port Mode Trunk Mode Speed Channel Mode (Gbps) ------------------------------------------------------------------------------- vfc 1 down Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 398
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Configuring QoS This chapter describes how to configure the quality of service (QoS) features on the Cisco Nexus 5000 Series switch. This chapter includes the following sections: Information About QoS, page 1-1 •...
QoS for Traffic Directed to the CPU, page 1-6 • The Cisco Modular QoS CLI (MQC) provides a standard set of commands for configuring QoS. You can use MQC to define additional traffic classes and to configure QoS policies for the whole system and for individual Ethernet interfaces.
The transmit and receive directions are separately configurable. By default, link-level flow control is disabled for both directions. On the Cisco Nexus 5000 Series switch, Ethernet interfaces do not auto-detect the link-level flow control capability. You must configure the capability explicitly on the Ethernet interfaces.
If PFC is not enabled on an interface, you can enable IEEE 802.3X link-level pause. By default, link-level pause is disabled. The Cisco Nexus 5000 Series switch is a Layer 2 switch, and it does not support packet fragmentation. MTU configuration mismatch between ingress and egress interfaces may result in packets being truncated.
The optimized multicast feature achieves better throughput for multicast frames and improves performance for multicast frames that are less than 256 bytes long. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Optimized multicast is supported on the BF and later versions of the Cisco Nexus 5020 switch. To verify Note the model version, enter the show module 1 command.
Configuring PFC and LLC Cisco Nexus 5000 Series switches support PFC and LLC on Ethernet interfaces. The Ethernet interface can operate in two different modes: FCoE mode or standard Ethernet mode. If the interface is operating in FCoE mode, the Ethernet link is connected at the server port using a converged network adapter (CNA).
Page 406
Specifies the interface to be changed. switch(config)# interface type slot/port Step 3 Enables IEEE 802.3x link-level flow control for the switch(config-if)# flowcontrol [receive {on|off}] [transmit {on|off}] selected interface. Set receive and/or transmit on or off. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The FCoE system class has a default CoS value of 3. You can add a match cos configuration to the FCoE system class to set a different CoS value. PFC Pause will be applied to traffic that matches the new value. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The operation for drop policy is simple tail Note drop, where arriving packets will be dropped if the queue increases to its allocated size Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
Specifies the policy-map to use as the service policy switch(config-sys-qos)# service-policy name for the system. The following example sets a no-drop Ethernet policy map as the system class: switch(config)# class-map ethCoS4 switch(config-cmap)# match cos 4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Verifying Jumbo MTU To verify that jumbo MTU is enabled, enter the show interface ethernet slot/port command for an Ethernet interface that carries traffic with jumbo MTU. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-12 OL-16597-01...
QoS parameters that can be configured on Ethernet and port channel interfaces are described in the following topics: Configuring Untagged CoS, page 1-14 • Configuring Ingress Policies, page 1-14 • Configuring Egress Policies, page 1-15 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-13 OL-16597-01...
The following example shows that the system class best-effort-drop-class is guaranteed 20 percent of the bandwidth on interface eth1/1: switch(config)# class-map best-effort-drop-class switch(config-cmap)# match cos 5 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-14 OL-16597-01...
The following example shows that the system class best-effort drop class is guaranteed 20 percent of the bandwidth on interface eth1/1: switch(config)# class-map best-effort-drop-class switch(config-cmap)# match cos 5 switch(config)# policy-map policy1-egress switch(config-pmap)# class best-effort-drop-class switch(config-pmap-c)# bandwidth percent 20 switch(config)# int eth1/1 switch(config-if)# service-policy output policy1-egress Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-15 OL-16597-01...
Page 414
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 415
Buffer-to-Buffer Credits, page 1-7 • Licensing Requirements On Cisco Nexus 5000 Series switches, Fibre Channel capability is included in the Storage Protocol Services license. Ensure that you have the correct license installed (N5010SS or N5020SS) before using Fibre Channel interfaces and capabilities.
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Physical Fibre Channel Interfaces Cisco Nexus 5000 Series switches provide up to eight physical Fibre Channel uplinks. The Fibre Channel interfaces are supported on optional expansion modules. The Fibre Channel plus Ethernet expansion module contains four Fibre Channel interfaces.
Page 417
N ports. E ports support class 3 and class F service. An E port connected to another switch may also be configured to form a SAN port channel (see Chapter 1, “Configuring SAN Port Channels”). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 418
(host or disk), it operates in F port mode. If the interface is attached to a third-party switch, it operates in E port mode. If the interface is attached to another switch in the Cisco Nexus 5000 Series or Cisco MDS 9000 Family, it may become operational in TE port mode (see Chapter 1, “Configuring...
Configuration Status Reason Code None. Down Down Administratively down. If you administratively configure an interface as down, you disable the interface. No traffic is received or transmitted. Down Table 1-4. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 420
Isolation because limit of The interface is isolated because the switch is already active port channels is configured with the maximum number of active SAN exceeded. port channels. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 421
BB_credits are negotiated on a per-hop basis. In Cisco Nexus 5000 Series switches, the BB_credit mechanism is used on Fibre Channel interfaces but not on virtual Fibre Channel interfaces. Virtual Fibre Channel interfaces provide flow control based on capabilities of the underlying physical Ethernet interface.
When a Fibre Channel interface is configured, it Note is automatically assigned a unique world wide name (WWN). If the interface’s operational state is up, it is also assigned a Fibre Channel ID (FC ID). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
To configure the port speed of the interface, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configuration terminal Step 2 Selects the specified interface and enters interface switch(config)# interface fc slot/port configuration mode. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
256 to 2112 bytes. Understanding Bit Error Thresholds The bit error rate threshold is used by the switch to detect an increased error rate before performance degradation seriously affects traffic. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Page 426
To configure BB_credits for a Fibre Channel interface, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configuration terminal Step 2 Selects a Fibre Channel interface and enters interface switch(config)# interface fc slot/port configuration mode. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-12 OL-16597-01...
You must globally enable NPIV for all VSANs on the switch to allow the NPIV-enabled applications to use multiple N port identifiers. All of the N port identifiers are allocated in the same VSAN. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-14 OL-16597-01...
The small form-factor pluggable (SFP) hardware transmitters are identified by their acronyms when displayed in the show interface brief command. If the related SFP has a Cisco-assigned extended ID, then the show interface and show interface brief commands display the ID instead of the transmitter type.
Page 430
The following example shows the interface display when showing the running configuration for all interfaces: switch# show running configuration interface fc3/5 switchport speed 2000 interface fc3/5 switchport mode E interface fc3/5 channel-group 11 force no shutdown Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-16 OL-16597-01...
Fabric reconfiguration—This phase guarantees a resynchronization of all switches in the fabric to • ensure they simultaneously restart a new principal switch selection phase. Figure 1-1 for an example fcdomain configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Step 2 Forces the VSAN to reconfigure without traffic switch(config)# fcdomain restart vsan vsan-id disruption. Forces the VSAN to reconfigure with data switch(config)# fcdomain restart disruptive vsan vsan-id traffic disruption. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The priority configuration is applied to runtime when the fcdomain is restarted (see the “About Domain Restart” section on page 1-3). This configuration is applicable to both disruptive and nondisruptive restarts. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
About Incoming RCFs You can configure the rcf-reject option on a per-interface, per-VSAN basis. By default, the rcf-reject option is disabled (that is, RCF request frames are not automatically rejected). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
(RCF) will occur. A disruptive reconfiguration may affect data traffic. You can nondisruptively reconfigure the fcdomain by changing the configured domains on the overlapping links and eliminating the domain overlap. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The configured domain ID can be preferred or static. By default, the configured domain ID is 0 (zero) and the configured type is preferred. The 0 (zero) value can be configured only if you use the preferred option. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 440
The operation of a subordinate switch changes based on three factors: The allowed domain ID lists. • The configured domain ID. • The domain ID that the principal switch has assigned to the requesting switch. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
(some switches with static domain types and others with preferred), you may experience link isolation. To specify a static or preferred domain ID, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configuration terminal switch(config)# Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
About CFS Distribution of Allowed Domain ID Lists You can enable the distribution of the allowed domain ID list configuration information to all Cisco SAN switches in the fabric using the Cisco Fabric Services (CFS) infrastructure. This feature allows you to synchronize the configuration across the fabric from the console of a single switch.
Displaying CFS Distribution Status You can display the status of CFS distribution for allowed domain ID lists using the show fcdomain status command. switch# show fcdomain status CFS distribution is enabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-12 OL-16597-01...
If the contiguous domain assignment is disabled in the principal switch, the principal switch assigns • the available domains to the subordinate switch. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-13 OL-16597-01...
VSAN. FC IDs When an N port logs into a Cisco Nexus 5000 Series switch, it is assigned an FC ID. By default, the persistent FC ID feature is enabled. If this feature is disabled, the following situations can occur: An N port logs into a Cisco Nexus 5000 Series switch.
• If the software detects a domain mismatch, the command is rejected. Verify that the port field of the FC ID is 0 (zero) when configuring an area. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-15 OL-16597-01...
FC ID. Cisco Nexus 5000 Series switches facilitate this requirement with the FC ID persistence feature. You can use this feature to preassign an FC ID with a different area to either the storage port or the HBA port.
Page 449
If this feature is disabled, continue with this procedure to enable the persistent FC ID. If this feature is already enabled, skip to Step Step 4 Enable the persistent FC ID feature in the Cisco Nexus 5000 Series switch. switch# configuration terminal switch(config)# fcdomain fcid persistent vsan 1 switch(config)# end switch# Assign a new FC ID with a different area allocation.
1 VSAN Statistics Number of Principal Switch Selections: 5 Number of times Local Switch was Principal: 0 Number of 'Build Fabric's: 3 Number of 'Fabric Reconfigurations': 0 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-19 OL-16597-01...
Page 452
Preferred auto-reconfigure option Disabled contiguous-allocation option Disabled Priority Allowed list 1 to 239 Fabric name 20:01:00:05:30:00:28:df rcf-reject Disabled Persistent FC ID Enabled Allowed domain ID list configuration distribution Disabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-20 OL-16597-01...
• NPV Overview By default, Cisco Nexus 5000 Series switches operate in fabric mode. In this mode, the switch provides standard Fibre Channel switching capability and features. In fabric mode, each switch that joins a SAN is assigned a domain ID. Each SAN (or VSAN) supports a maximum of 239 domain IDs, so the SAN has a limit of 239 switches.
Server interfaces are automatically distributed among the NP uplinks to the core switch. All of the end devices connected to a server interface are mapped to the same NP uplink. In Cisco Nexus 5000 Series switches, server interfaces can be physical or virtual Fibre Channel interfaces.
In the switch CLI configuration commands and output displays, NP uplinks are called External Note Interfaces. In Cisco Nexus 5000 Series switches, NP uplink interfaces must be native Fibre Channel interfaces. FLOGI Operation When an NP port becomes operational, the switch first logs itself in to the core switch by sending a FLOGI request (using the port WWN of the NP port).
For additional information about zoning, see the “Information About Zoning” section on page 1-1. NPV Traffic Management Cisco Nexus 5000 Series switches provide NPV traffic management features. This section describes NPV traffic management and includes the following topics: • Automatic Uplink Selection, page 1-4 •...
All the end device pWWNs must also be in the port security database. – Edge switches can connect to multiple core switches. In other words, different NP ports can be • connected to different core switches. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
NPV mode. A write-erase is performed during the Note initialization. Step 3 Disables NPV mode, which results in a reload of switch(config-npv)# no npv enable switch(config)# the switch. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
NP uplinks. If a server interface is already mapped to an NP uplink, you should include this mapping in the traffic Note map configuration. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Verifying NPV To display information about NPV, perform the following task: Command Purpose Displays the NPV configuration. switch# show npv flogi-table [all] Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m To display a list of devices on a server interface and their assigned NP uplinks, enter the show npv flogi-table command on the Cisco Nexus 5000 Series switch: switch# show npv flogi-table...
Page 462
To display the disruptive load-balancing status, enter the show npv status command: switch# show npv status npiv is enabled disruptive load balancing is enabled External Interfaces: ==================== Interface: fc2/1, VSAN: 2, FCID: 0x1c0000, State: Up Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
Page 463
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Configuring VSAN Trunking This chapter describes the VSAN trunking feature provided in Cisco Nexus 5000 Series switches. This chapter includes the following sections: Information About VSAN Trunking, page 1-1 •...
Switch 3 VSAN 2 and VSAN 3 are effectively merged with overlapping entries in the name server and the zone applications. The Cisco MDS 9000 Fabric Manager helps detect such topologies. VSAN Trunking Protocol The trunking protocol is important for E-port and TE-port operations. It supports the following capabilities: Dynamic negotiation of operational trunk mode.
Table 1-1 Trunk Mode Status Between Switches Your Trunk Mode Configuration Resulting State and Port Mode Switch 1 Switch 2 Trunking State Port Mode Auto or on Trunking (EISL) TE port Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Auto No trunking (ISL) E port The preferred configuration on the Cisco Nexus 5000 Series switches is that one side of the trunk is set to auto and the other is set to on. Note When connected to a third-party switch, the trunk mode configuration has no effect. The ISL is always in a trunking disabled state.
Page 467
The ISL between switch 3 and switch 1 includes VSAN 1, 2, and 5. • Consequently, VSAN 2 can only be routed from switch 1 through switch 3 to switch 2. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The show interface command is invoked from the EXEC mode and displays VSAN trunking configurations for a TE port. Without any arguments, this command displays the information for all of the configured interfaces in the switch. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 469
Table 1-2 Default Trunk Configuration Parameters Parameters Default Switch port trunk mode Allowed VSAN list 1 to 4093 user-defined VSAN IDs Trunking protocol Enabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 470
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 471
The routing tables are not affected by link failure. Cisco Nexus 5000 Series switches support a maximum of four SAN port channels (with eight interfaces per port channel). A port channel number refers to the unique (within each switch) identifier associated with each channel group.
Understanding Load Balancing, page 1-3 • Understanding Port Channels and VSAN Trunking Switches in the Cisco Nexus 5000 Series implement VSAN trunking and port channels as follows: A SAN port channel enables several physical links to be combined into one aggregated logical link. •...
Frame 1 Frame 2 Link 2 Frame 3 SID1, DID1, Exchange 2 Frame n Frame 1 Link 1 Frame 2 Link 2 Frame 3 SID2, DID2 Exchange 1 Frame n Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 474
Frame 1 Frame 2 Link 2 Frame 3 SID1, DID1, Exchange 1 Frame n Link 1 Frame 1 Frame 2 Link 2 Frame 3 SID1, DID1, Exchange 2 Frame n Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 475
Assuming that the links are brought up in the 1, 2, 3, 4 sequence, links 3 and 4 will be operationally down as the fabric is misconfigured. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
If you misconfigure SAN port channels, you may receive a misconfiguration message. If you receive this message, the port channel’s physical links are disabled because an error has been detected. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
On mode behavior. The Active port channel mode allows automatic recovery without explicitly enabling and disabling the port channel member ports at either end. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
(active and on) used, the ports at either end are gracefully brought down, indicating that no frames are lost when the interface is going down (see the “Setting the Interface Administrative State” section on page 1-9). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
• • Forcing an Interface Addition, page 1-11 • About Interface Deletion from a SAN Port Channel, page 1-11 • Deleting an Interface from a SAN Port Channel, page 1-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Step 3 Adds the Fibre Channel interface to the switch(config-if)# channel-group channel-number specified channel group. If the channel group does not exist, it is created. The port is shut down. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
You must explicitly enable those ports again. • If you use the Active mode, then the port channel ports automatically recover from the deletion. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
The port channel protocol is enabled by default. The port channel protocol expands the port channel functional model in Cisco SAN switches. It uses the exchange peer parameters (EPP) services to communicate across peer ports in an ISL. Each switch uses the information received from the peer ports along with its local configuration and operational values to decide if it should be part of a SAN port channel.
The channel group numbers are assigned dynamically (when the channel group is formed). The channel group number may change across reboots for the same set of port channels depending on the initialization order of the ports. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-13 OL-16597-01...
You cannot change the membership or delete an autocreated SAN port channel. • When you disable autocreation, all member ports are removed from the autocreated SAN port • channel. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-14 OL-16597-01...
When enabling autocreation in any switch in the Cisco Nexus 5000 Series, we recommend that you retain at least one interconnected port between the switches without any autocreation configuration. If all ports...
Database is consistent The following example shows how to display details of the used and unused port channel numbers: switch# show san-port-channel usage Totally 3 port-channel numbers used =================================== Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-16 OL-16597-01...
Page 487
SAN port channels. Table 1-3 Default SAN Port Channel Parameters Parameters Default Port channels FSPF is enabled by default. Create port channel Administratively up. Default port channel mode Autocreation Disabled. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-17 OL-16597-01...
Page 488
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
The same Fibre Channel IDs (FC IDs) can be assigned to a host in another VSAN, which increases VSAN scalability. Every instance of a VSAN runs all required protocols such as FSPF, domain manager, and zoning. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 490
The application servers or storage arrays can be connected to the switch using Fibre Channel or virtual Fibre Channel interfaces. A VSAN can include a mixture of Fibre Channel and virtual Fibre Channel interfaces. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 491
Low and high security requirements – Backup traffic on separate VSANs – Replicating data from user traffic – VSANs can meet the needs of a particular department or application. • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Channel standards. In VSAN 7, two zones are defined: zone A and zone D. No zone crosses the VSAN boundary. Zone A defined in VSAN 2 is different and separate from zone A defined in VSAN 7. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
(src-dst-id) or the originator exchange OX ID (src-dst-ox-id, the default) for load-balancing path selection. This section describes how to create and configure VSANs and includes the following topics: About VSAN Creation, page 1-6 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Step 6 Negates the suspend command issued in the switch(config-vsan-db)# no vsan vsan-id suspend previous step. Step 7 Returns you to EXEC mode. switch(config-vsan-db)# end switch# Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Dynamically—Assigning VSANs based on the device WWN. This method is referred to as dynamic port VSAN membership (DPVM). Cisco Nexus 5000 Series switches do not support DPVM. VSAN trunking ports have an associated list of VSANs that are part of an allowed list (see Chapter 1, “Configuring VSAN...
About the Default VSAN The factory settings for switches in the Cisco Nexus 5000 Series have only the default VSAN 1 enabled. We recommend that you do not use VSAN 1 as your production environment VSAN. If no VSANs are configured, all devices in the fabric are considered part of the default VSAN.
Any commands for a nonconfigured VSAN are rejected. For example, if VSAN 10 is not configured in the system, then a command request to move a port to VSAN 10 is rejected. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Step 6 Negates the suspend command entered in the switch(config-vsan-db)# no vsan vsan-id suspend previous step. Step 7 Returns you to EXEC mode. switch(config-vsan-db)# end switch# Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
Page 499
Default VSAN VSAN 1. State Active state. Name Concatenation of VSAN and a four-digit string representing the VSAN ID. For example, VSAN 3 is VSAN0003. Load-balancing attribute OX ID (src-dst-ox-id). Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Page 500
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Zoning is described in the following topics: • Zoning Features, page 1-2 Zoning Example, page 1-3 • Zone Implementation, page 1-4 • Active and Full Zone Set Configuration Guidelines, page 1-5 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
This membership is also referred to as interface-based zoning. Interface and domain ID—Specifies the interface of a switch identified by the domain ID. – Domain ID and port number—Specifies the domain ID of a Cisco switch domain and – additionally specifies a port belonging to a non-Cisco switch.
You can configure up to 8000 zones per VSAN and a maximum of 8000 zones for all VSANs on the switch. Note Interface-based zoning only works with Cisco SAN switches. Interface-based zoning does not work for VSANs configured in interop mode. Zoning Example Figure 1-1 shows a zone set with two zones, zone 1 and zone 2, in a fabric.
Fabric with Three Zones Zone 1 Fabric Zone 3 Zone 2 Zone Implementation Cisco Nexus 5000 Series switches automatically support the following basic zone features (no additional configuration is required): Zones are contained in a VSAN. • Hard zoning cannot be disabled. •...
You do not need to explicitly deactivate the currently active zone set before activating a new zone set. Figure 1-3 shows a zone being added to an activated zone set. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 506
Zone C Zone C Zone E Zone D Zone D Active Zone set Z1 zone set Zone A Zone B Zone C Zone D After activating Zone set Z1 again Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Use the show wwn switch command to retrieve the sWWN. If you do not provide a sWWN, the software automatically uses the local sWWN. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Configuring the Default Zone Access Permission, page 1-10 • About FC Alias Creation, page 1-10 • Creating FC Aliases, page 1-11 • Creating Zone Sets and Adding Member Zones, page 1-12 • • Zone Enforcement, page 1-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Step 2 Activates the specified zone set. switch(config)# zoneset activate name zoneset-name vsan vsan-id Deactivates the specified zone set. switch(config)# no zoneset activate name zoneset-name vsan vsan-id Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
• fWWN—The WWN of the fabric port name is in hex format (for example, • 10:00:00:23:45:67:89:ab). FC ID—The N port ID is in 0xhhhhhh format (for example, 0xce00d1). • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Domain ID—The domain ID is an integer from 1 to 239. A mandatory port number of a non-Cisco •...
Hard zoning is enforced by the hardware on each frame sent by an N port. As frames enter the switch, source-destination IDs are compared with permitted combinations to allow the frame at wire speed. Hard zoning is applied to all forms of zoning. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-12 OL-16597-01...
Enabling Full Zone Set Distribution All switches in the Cisco Nexus 5000 Series distribute active zone sets when new E port links come up or when a new zone set is activated in a VSAN. The zone set distribution takes effect while sending merge requests to the adjacent switch or while activating a zone set.
Export the current database to the neighboring switch. • Manually resolve the conflict by editing the full zone set, activating the corrected zone set, and then • bringing up the link. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-14 OL-16597-01...
The active zone set is not part of the full zone set. You cannot make changes to an existing zone set and activate it if the full zone set is lost or is not propagated. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-15...
Clearing the Zone Server Database, page 1-17 Copying Zone Sets On Cisco Nexus 5000 Series switches, you cannot edit an active zone set. However, you can copy an active zone set to create a new zone set that you can edit.
The following example shows how to display the configured zone sets for a range of VSANs: switch# show zoneset vsan 2-3 The following example shows how to display the members of a specific zone: switch# show zone name Zone1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-17 OL-16597-01...
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m About Enhanced Zoning Table 1-2 lists the advantages of the enhanced zoning feature in all switches in the Cisco Nexus 5000 Series. Table 1-2...
All switches in the fabric then move to basic zoning mode. Enabling Enhanced Zoning By default, the enhanced zoning feature is disabled in all switches in the Cisco Nexus 5000 Series. To enable enhanced zoning in a VSAN, perform this task:...
We recommend using the no zone commit vsan command first to release the session lock in the fabric. Note If that fails, use the clear zone lock vsan command on the remote switches where the session is still locked. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-21 OL-16597-01...
Defaults to using the allow merge control setting switch(config)# no zone merge-control restrict vsan vsan-id for this VSAN. Commits the changes made to the specified VSAN. switch(config)# zone commit vsan vsan-id Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-22 OL-16597-01...
The following example shows how to display the zone status for a specified VSAN: switch# show zone status vsan 2 Compacting the Zone Database You can delete excess zones and compact the zone database for the VSAN. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-23 OL-16597-01...
1 The following example shows how to display active zoning analysis: switch# show zone analysis active vsan 1 See the Cisco Nexus 5000 Series Switch Command Reference for the description of the information displayed in the command output. Default Settings Table 1-4 lists the default settings for basic zone parameters.
When the port WWN (pWWN) of a device must be specified to configure features (for example, zoning, DPVM, or port security) in a Cisco Nexus 5000 Series switch, you must assign the correct device name each time you configure these features. An inaccurate device name may cause unexpected results. You can circumvent this problem if you define a user-friendly name for a pWWN and use this name in all the configuration commands as required.
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m The device alias application uses the Cisco Fabric Services (CFS) infrastructure to enable efficient •...
Removes the device name for the device that switch(config-device-alias-db)# no device-alias name device-name is identified by its pWWN. Renames an existing device alias with a new switch(config-device-alias-db)# device-alias rename old-device-name new-device-name name. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
If a device alias name is mapped to a new HBA’s pWWN, then the application’s enforcement • changes accordingly. In this case, the zone server automatically enforces zoning based on the new HBA’s pWWN. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Database:- Device Aliases 25 Status of the last CFS operation issued from this switch: ========================================================== Operation: Commit Status: Failed (Reason: Operation is not permitted as the fabric distribution is currently disabled.) Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 530
To display the status of the discard operation, use the show device alias status command. switch# show device-alias status Fabric Distribution: Enabled Database:- Device Aliases 24 Status of the last CFS operation issued from this switch: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 531
<-Lock holder’s user name and switch ID Locked By:-User “Test” SWWN 20:00:00:0c:cf:f4:02:83 Pending Database:- Device Aliases 24 Status of the last CFS operation issued from this switch: ========================================================== Operation: Enable Fabric Distribution Status: Success Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Verify that the combined number of device aliases in both databases does not exceed 8K (8191 • device aliases) in fabrics running Cisco MDS SAN-OS release 3.0 (x) and earlier, and 20K in fabrics running Cisco MDS SAN-OS release 3.1(x) and later.
- device-alias name Doc pwwn 21:01:02:03:00:01:01:01 + device-alias name SampleName pwwn 21:00:00:e0:8b:0b:66:56 Where available, device aliases are displayed regardless of a member being configured using a device-alias command or a zone-specific member pwwn command. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 534
Device alias distribution Enabled. Device alias mode Basic. Database in use Effective database. Database to accept changes Pending database. Device alias fabric lock state Locked with the first device alias task. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
Fabric Shortest Path First (FSPF) is the standard path selection protocol used by Fibre Channel fabrics. The FSPF feature is enabled by default on the E mode and TE mode Fibre Channel interfaces on Cisco Nexus 5000 Series switches. Except in configurations that require special consideration, you do not need to configure any FSPF services.
Figure 1-2 shows this arrangement. Because switches in the Cisco Nexus 5000 Series support port channels, each pair of physical links can appear to the FSPF protocol as one single logical link. By bundling pairs of physical links, FSPF efficiency is considerably improved by the reduced database size and the frequency of link updates.
FSPF Global Configuration By default, FSPF is enabled on switches in the Cisco Nexus 5000 Series. Some FSPF features can be globally configured in each VSAN. By configuring a feature for the entire VSAN, you do not have to specify the VSAN number for every command. This global configuration feature also reduces the chance of typing errors or other minor configuration errors.
If the specified time is shorter, the Note routing is faster. However, the processor consumption increases accordingly. Step 5 Configures the autonomous region for this switch-config-(fspf-config)# region region-id VSAN and specifies the region ID. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
About Hello Time Intervals, page 1-6 • • Configuring Hello Time Intervals, page 1-6 • About Dead Time Intervals, page 1-7 • Configuring Dead Time Intervals, page 1-7 About Retransmitting Intervals, page 1-7 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
This value must be the same in the ports at both ends of the ISL. Note Configuring Hello Time Intervals To configure the FSPF Hello time interval, perform this task: Command Purpose Step 1 Enters configuration mode. switch# configuration terminal switch(config)# Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The integer value to specify retransmit intervals can range from 1 to 65,535 seconds. This value must be the same on the switches on both ends of the interface. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
You can disable the FSPF protocol for selected interfaces. By default, FSPF is enabled on all E ports and TE ports. This default can be disabled by setting the interface as passive. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
ID 3) in the switch with domain ID 1 (see Figure 1-3). Figure 1-3 Fibre Channel Routes Domain ID 7 fc1/1 Domain ID 1 Domain ID 3 FC ID 111211 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Some Fibre Channel protocols or applications cannot handle out-of-order frame delivery. In these cases, switches in the Cisco Nexus 5000 Series preserve frame ordering in the frame flow. The source ID (SID), destination ID (DID), and optionally the originator exchange ID (OX ID) identify the flow of the frame.
When a link change occurs in a SAN port channel, the frames for the same exchange or the same flow can switch from one path to another faster path. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Page 546
We recommend that you only enable this feature when devices that cannot handle any out-of-order frames are present in the switch. Load-balancing algorithms within the Cisco Nexus 5000 Series switch ensure that frames are delivered in order during normal fabric operation. The load-balancing algorithms based on source FC ID, destination FC ID, and exchange ID are enforced in hardware without any performance degradation.
Flow statistics to count the traffic for a source and destination ID pair in a VSAN. This section includes the following topics: About Flow Statistics, page 1-15 • Counting Aggregated Flow Statistics, page 1-15 • Counting Individual Flow Statistics, page 1-15 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-14 OL-16597-01...
Use the clear fcflow stats command to clear the aggregated flow counter. The following example clears the aggregated flow counters: switch# clear fcflow stats aggregated index 1 The following example clears the flow counters for source and destination FC IDs: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-15 OL-16597-01...
Dynamic. SPF hold time Backbone region Acknowledgment interval (RxmtInterval) 5 seconds. Refresh time (LSRefreshTime) 30 minutes. Maximum age (MaxAge) 60 minutes. Hello interval 20 seconds. Dead interval 80 seconds. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-16 OL-16597-01...
Page 551
10. Remote destination switch If the remote destination switch is not specified, the default is direct. Multicast routing Uses the principal switch to compute the multicast tree. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-17 OL-16597-01...
Page 552
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
This chapter describes the fabric login (FLOGI) database, the name server features, the Fabric-Device Management Interface (FDMI), and Registered State Change Notification (RSCN) information provided in Cisco Nexus 5000 Series switches. It includes the following sections: Information About Fabric Login, page 1-1 •...
You can prevent malicious or accidental log in using another device’s pWWN by enabling the reject-duplicate-pwwn option. If you disable this option, these pWWNs are allowed to log in to the fabric and replace the first device in the name server database. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
0xec0001 21:00:00:20:37:a6:be:14 (Seagate) scsi-fcp Total number of entries = 4 The following example shows how to display the name server database details for all VSANs: switch# show fcns database detail Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
FDMI Cisco Nexus 5000 Series switches provide support for the Fabric-Device Management Interface (FDMI) functionality, as described in the FC-GS-4 standard. FDMI enables management of devices such as Fibre Channel host bus adapters (HBAs) through in-band communications. This addition complements the existing Fibre Channel name server and management server functions.
IDs (in this case, both D1 and D2). Some Nx ports may not support multi-pid RSCN payloads. If so, disable the RSCN multi-pid option. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
GMAL and GIELN commands to the switch that initiated the domain format SW-RSCN to determine what changed. Domain format SW-RSCNs can cause problems with some non-Cisco SAN switches. For additional information, see the Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide, available at the following location: http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/interoperability/guide/intopgd.html...
You verify the RSCN timer configuration using the show rscn event-tov vsan command. The following example shows how to clear the RSCN statistics for VSAN 10: switch# show rscn event-tov vsan 10 Event TOV : 1000 ms Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
This means different N-ports in a network can receive RSCNs at different times. Cisco Fabric Services (CFS) infrastructure alleviates this situation by automatically distributing the RSCN timer configuration information to all switches in a fabric. This also reduces the number of SW-RSCNs.
To use administrative privileges and release a locked DPVM session, use the clear rscn session vsan command in EXEC mode. The following example shows how to clear the RSCN session for VSAN 10: switch# clear rscn session vsan 10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Discovering SCSI Targets This chapter describes the SCSI LUN discovery feature provided in switches in the Cisco Nexus 5000 Series. It includes the following sections: Information About SCSI LUN Discovery, page 1-1 •...
The following example displays the port WWN that is assigned to each operating system (Windows, AIX, Solaris, Linux, or HPUX): switch# show scsi-target pwwn Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 566
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Advanced Fibre Channel Features and Concepts This chapter describes the advanced Fibre Channel features provided in Cisco Nexus 5000 Series switches. It includes the following sections: Fibre Channel Timeout Values, page 1-1 •...
Configures the D_S_TOV switch(config#)# fctimer D_S_TOV timeout vsan vsan-id timeout value (in milliseconds) for the specified VSAN. Suspends the VSAN temporarily. You have the option to end this command, if required. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
About fctimer Distribution You can enable per-VSAN fctimer fabric distribution for all Cisco SAN switches in the fabric. When you perform fctimer configurations, and distribution is enabled, that configuration is distributed to all the switches in the fabric.
The number of pending fctimer configuration operations cannot be more than 15. After 15 operations, Note you must commit or abort the pending configurations before performing any more operations. See the “CFS Merge Support” section on page 1-6 for additional information. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
WWN to a single device. The principal switch selection and the allocation of domain IDs rely on the WWN. Cisco Nexus 5000 Series switches support three network address authority (NAA) address formats (see Table 1-1).
Please enter the mac address RANGE again: 64 From now on WWN allocation would be based on new MACs. Are you sure? (yes/no) no You entered: no. Secondary MAC NOT programmed Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Fibre Channel standards require a unique FC ID to be allocated to an N port attached to an F port in any switch. To conserve the number of FC IDs used, Cisco Nexus 5000 Series switches use a special allocation scheme.
* - Explicitly deleted company ids from default list. You can implicitly derive the default entries shipped with a specific release by combining the list of Company IDs displayed without any identification with the list of deleted entries. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
• • Mode 4—McData native mode. For information about configuring interop modes 2, 3, and 4, see the Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide, available at the following location: http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/interoperability/guide/intopgd.html Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 576
Domain IDs can either be static or preferred, which operate as follows: Static: Cisco switches accept only one domain ID; if a switch does not get • that domain ID it isolates itself from the fabric.
100 preferred vsan 1 In Cisco Nexus 5000 Series switches, the default is to request an ID from the principal switch. If the preferred option is used, Cisco Nexus 5000 Series switches request a specific ID, but still join the fabric if the principal switch assigns a different ID.
This section highlights the commands used to verify if the fabric is up and running in interoperability mode. To verify the resulting status of entering the interoperability command in any switch in the Cisco Nexus 5000 Series, perform this task: Verify the software version.
Page 580
Domain ID --------- ----------------------- 0x61(97) 10:00:00:60:69:50:0c:fe 0x62(98) 20:01:00:05:30:00:47:9f 0x63(99) 10:00:00:60:69:c0:0c:1d 0x64(100) 20:01:00:05:30:00:51:1f [Local] 0x65(101) 10:00:00:60:69:22:32:91 [Principal] --------- ----------------------- Verify the next hop and destination for the switch. Step 7 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-14 OL-16597-01...
Page 581
0x651500 10:00:00:e0:69:f0:43:9f (JNI) Total number of entries = 12 The Cisco switch name server shows both local and remote entries, and does not time out the entries. Note Default Settings Table 1-3 lists the default settings for the features included in this chapter.
Page 582
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Table 1-3 Default Settings for Advanced Features (continued) Parameters Default Local capture frame limits 10 frames FC ID allocation mode Auto mode Loop monitoring Disabled Interop mode Disabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-16 OL-16597-01...
Diffie-Hellman Challenge Handshake Authentication Protocol (DHCHAP) is an FC-SP protocol that provides authentication between Cisco Nexus 5000 Series switches and other devices. DHCHAP consists of the CHAP protocol combined with the Diffie-Hellman exchange.
Page 584
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series switches support authentication features to address physical security (see Figure 1-1).
Displaying Protocol Security Information, page 1-9 • DHCHAP Compatibility with Fibre Channel Features This section identifies the impact of configuring the DHCHAP feature along with existing Cisco NX-OS features: SAN port channel interfaces—If DHCHAP is enabled for ports belonging to a SAN port channel, •...
• About Enabling DHCHAP By default, the DHCHAP feature is disabled in all Cisco Nexus 5000 Series switches. You must explicitly enable the DHCHAP feature to access the configuration and verification commands for fabric authentication. When you disable this feature, all related configurations are automatically discarded.
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Table 1-1 identifies switch-to-switch authentication between two Cisco switches in various modes. Table 1-1...
SHA-1 hash algorithm. About the DHCHAP Group Settings All Cisco Nexus 5000 Series switches support all DHCHAP groups specified in the standard: 0 (null DH group, which does not perform the Diffie-Hellman exchange), 1, 2, 3, or 4.
We recommend using RADIUS or TACACS+ for fabrics with more than five switches. If you need to use a local password database, you can continue to do so using Configuration 3 and using the Cisco MDS 9000 Family Fabric Manager to manage the password database.
00:11:22:33:55:aa:bb:cc password 7 asdflkjh About the DHCHAP Timeout Value During the DHCHAP protocol exchange, if the Cisco Nexus 5000 Series switch does not receive the expected DHCHAP message within a specified time interval, authentication failure is assumed. The time ranges from 20 (no authentication is performed) to 1000 seconds.
The following example shows how to display the DHCHAP local password database: switch# show fcsp dhchap database Use the ASCII representation of the device WWN to configure the switch information on RADIUS and TACACS+ servers. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
To configure the authentication setup shown in Figure 1-2, perform this task: Obtain the device name of the Cisco Nexus 5000 Series switch in the fabric. The Cisco Nexus 5000 Step 1 Series switch in the fabric is identified by the switch WWN.
Page 593
A priority list of MD5 followed by SHA-1 for DHCHAP authentication DHCHAP authentication mode Auto-passive DHCHAP group default priority 0, 4, 1, 2, and 3, respectively exchange order DHCHAP timeout value 30 seconds Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Page 594
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 595
C H A P T E R Configuring Port Security Cisco Nexus 5000 Series switches provide port security features that reject intrusion attempts and report these intrusions to the administrator. Port security is supported on virtual Fibre Channel ports and physical Fibre Channel ports.
You can instruct the switch to automatically learn (auto-learn) the port security configurations over a specified period. This feature allows any Cisco Nexus 5000 Series switch to automatically learn about devices and switches that connect to it. Use this feature when you activate the port security feature for the first time as it saves tedious manual configuration for each port.
Page 597
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Port Security Activation By default, the port security feature is not activated in Cisco Nexus 5000 Series switches. When you activate the port security feature, the following operations occur: Auto-learning is also automatically enabled, which means: •...
Page 598
Copy the running configuration to the startup configuration, which saves the port security configuration Step 6 database to the startup configuration. Repeat Step 1 through Step 6 for all switches in the fabric. Step 7 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Step 1 through Step 5 for all switches in the fabric. Enabling Port Security By default, the port security feature is disabled in Cisco Nexus 5000 Series switches. To enable port security, perform this task: Command Purpose Step 1 Enters configuration mode.
Enters configuration mode. switch# configuration terminal switch(config)# Step 2 Forces the port security database to switch(config)# port-security activate vsan vsan-id force activate for the specified VSAN even if conflicts occur. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
This section includes the following topics: About Enabling Auto-Learning, page 1-8 • Enabling Auto-Learning, page 1-8 • Disabling Auto-Learning, page 1-8 • Auto-Learning Device Authorization, page 1-8 • Authorization Scenario, page 1-9 • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 602
Authorized Auto-Learning Device Requests Condition Device (pWWN, nWWN, sWWN) Requests Connection to Authorization Configured with one or more switch A configured switch port Permitted ports Any other switch port Denied Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
P1, N4, F5 Denied P1 is bound to F1. P5, N1, F5 Denied N1 is only allowed on F2. P3, N3, F4 Permitted No conflict. S1, F10 Permitted No conflict. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Permitted Wildcard ( * ) match for N3. Port Security Manual Configuration To configure port security on a Cisco Nexus 5000 Series switch, perform this task: Identify the WWN of the ports that need to be secured. Step 1 See the “Adding Authorized Port Pairs”...
This example configures the specified pWWN to log in through the specified interface in the specified switch: switch(config-port-security)# pwwn 20:11:33:11:00:2a:4a:66 swwn 20:00:00:0c:85:90:3e:80 interface fc 3/2 This example configures any WWN to log in through the specified interface in any switch: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-11 OL-16597-01...
Port Security Configuration Distribution The port security feature uses the Cisco Fabric Services (CFS) infrastructure to enable efficient database management, provide a single point of configuration for the entire fabric in the VSAN, and enforce the port security policies throughout the fabric (see Chapter 1, “Using Cisco Fabric...
After the commit, the active database on all switches are identical and learning can be disabled. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-13 OL-16597-01...
Page 608
Verify that the activation status and the auto-learning status is the same in both fabrics. • • Verify that the combined number of configurations for each VSAN in both databases does not exceed 2000. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-14 OL-16597-01...
<pwwn2, fwwn2> are not saved <pwwn3, fwwn3>s <pwwn3, fwwn3> in the startup <pwwn4, fwwn4> configuration. <pwwn5, fwwn5> Saving the configuration (copy running start) Copying active database to config database Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-16 OL-16597-01...
(and consequently a fabric lock) of the configuration database. If you lock the fabric, you need to commit the changes to the configuration databases in all the switches. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-17 OL-16597-01...
Use the port-security clear vsan command to clear the pending session in the VSAN from any switch in the VSAN. switch# clear port-security session vsan 5 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-18 OL-16597-01...
Table 1-5 Default Security Settings Parameters Default Auto-learn Enabled if port security is enabled. Port security Disabled. Distribution Disabled. Enabling distribution enables it on all VSANs in the switch. Note Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-19 OL-16597-01...
Page 614
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Page 615
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Configuring Fabric Binding This chapter describes the fabric binding feature provided in Cisco Nexus 5000 Series switches. It includes the following sections: Information About Fabric Binding, page 1-1 •...
For a Fibre Channel VSAN, the fabric binding feature requires all sWWNs connected to a switch to be part of the fabric binding active database. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The fabric binding feature must be enabled in each switch in the fabric that participates in the fabric binding. By default, this feature is disabled in Cisco Nexus 5000 Series switches. The configuration and verification commands for the fabric binding feature are only available when fabric binding is enabled on a switch.
For example, one of the already logged in switches may be denied login by the config database. You can choose to forcefully override these situations. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Use the fabric-binding database diff active vsan command to view the differences between the • active database and the config database. This command can be used when resolving conflicts. switch# fabric-binding database diff active vsan 1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
The following example displays the active fabric binding information for VSAN 4: switch# show fabric-binding database active vsan 4 The following example displays fabric binding violations: switch# show fabric-binding violations ------------------------------------------------------------------------------- Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 621
4 Default Settings Table 1-2 lists the default settings for the fabric binding feature. Table 1-2 Default Fabric Binding Settings Parameters Default Fabric binding Disabled Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 622
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Each object has its own set of attributes and values. A null value may also be defined for some attributes. In the Cisco Nexus 5000 Series switch environment, a fabric may consist of multiple VSANs. One instance of the FCS is present per VSAN.
SNMP manager can query FCSs for all IEs, ports, and platforms in the fabric. FCS Name Specification You can specify if the unique name verification is for the entire fabric (globally) or only for locally (default) registered platforms. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 625
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Set this command globally only if every switch in the fabric belong to the Cisco MDS 9000 Family or Note Cisco Nexus 5000 Series of switches.
C H A P T E R Configuring Port Tracking Cisco Nexus 5000 Series switches offer the port tracking feature on physical Fibre Channel interfaces (but not on virtual Fibre Channel interfaces). This feature uses information about the operational state of the link to initiate a failure in the link that connects the edge device.
Page 628
Configuring Port Tracking Before configuring port tracking, consider the following guidelines: Verify that the tracked ports and the linked ports are on the same Cisco switch. • Be aware that the linked port is automatically brought down when the tracked port goes down.
• Enabling Port Tracking The port tracking feature is disabled by default in Cisco Nexus 5000 Series switches. When you enable this feature, port tracking is globally enabled for the entire switch. To configure port tracking, enable the port tracking feature and configure the linked ports for the tracked port.
2 or 3 are still functioning as desired. Figure 1-2 Traffic Recovery Using Port Tracking Port Channel WAN or FC 2/4 FC 3/2 WAN or Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
1 vsan 2 Removes the VSAN association for the linked port. The SAN switch(config-if)# no port-track interface san-port-channel 1 port channel link remains in effect. vsan 2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
1 port-channel 1 is down (No operational members) Hardware is Fibre Channel Port WWN is 24:01:00:05:30:00:0d:de Admin port mode is auto, trunk mode is on Port vsan is 2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Default Port Tracking Settings Table 1-1 lists the default settings for port tracking parameters. Table 1-1 Default Port Tracking Parameters Parameters Default Port tracking Disabled Operational binding Enabled along with port tracking Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 634
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
• SPAN Sources SPAN sources refer to the interfaces from which traffic can be monitored. The Cisco Nexus 5000 Series switch supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VLANs, and VSANs as SPAN sources. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources.
The switch supports a maximum of two egress SPAN source ports. • SPAN Destinations SPAN destinations refer to the interfaces that monitors source ports. The Cisco Nexus 5000 Series switch supports Ethernet and Fibre Channel interfaces as SPAN destinations. Source SPAN...
SPAN sessions. To delete SPAN sessions, perform this task: Command Purpose Deletes the configuration of the specified SPAN switch(config)# no monitor session {all | session-number} session or all sessions. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
SD Step 4 Sets the interface speed to 1000. The auto speed switch(config-if)# switchport speed 1000 option is not allowed. Step 5 Reverts to global configuration mode. switch(config-if)# exit Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
You can configure the source channels for a SPAN session. These ports can be port channels, SAN port channels, VLANs, and VSANs. The monitored direction can only be ingress and applies to all physical ports in the group. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Applies a descriptive name to the SPAN session. switch(config-monitor)# description description The following example shows configuring a description of a SPAN session: switch# configure terminal switch(config)# monitor session 2 switch(config-monitor)# description monitoring ports fc2/2-fc2/4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
{all | session-number} shut The Cisco Nexus 5000 Series switch supports two active SPAN sessions. When you configure more than Note two SPAN sessions, the first two sessions are active. During startup, the order of active sessions is reversed;...
Page 642
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m type : local state : up source intf : fc3/1 : fc3/1 both : fc3/1 source VLANs source VSANs destination ports : Eth3/1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
S e n d f e e d b a c k t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m C H A P T E R Troubleshooting This chapter describes basic troubleshooting methods used to resolve issues with a Cisco Nexus 5000 Series switch. This chapter includes the following sections: Recovering a Lost Password, page 1-1 •...
Step 1 Step 2 Power cycle the switch. Step 3 Press the Ctrl-B key sequence from the console port session when the switch begins the Cisco NX-OS software boot sequence to enter the boot prompt mode. Ctrl-B switch(boot)# Cisco Nexus 5000 Series Switch CLI Software Configuration Guide...
Using Ethanalyzer Ethanalyzer is a Cisco NX-OS protocol analyzer tool based on the Wireshark (formerly Ethereal) open source code. Ethanalyzer is a command-line version of Wireshark that captures and decodes packets. You can use Ethanalyzer to troubleshoot your network and analyze the control-plane traffic.
Page 646
Opens a captured data file and analyzes it. ethanalyzer local read file Ethanalyzer does not capture data traffic that Cisco NX-OS forwards in the hardware. Ethanalyzer uses the same capture filter syntax as tcpdump. For more information, see the following URL: http://www.tcpdump.org/tcpdump_man.html...
Trace the route followed by data traffic. • Compute inter-switch (hop-to-hop) latency. • You can invoke fctrace by providing the FC ID, the N port WWN, or the device alias of the destination. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 648
10 seconds. Timestamp Invalid. 20:00:00:05:30:00:18:db(0xfffcd7) Invokes fctrace using the device alias of switch# fctrace device-alias disk1 v 1 Route present for : 22:00:00:0c:50:02:ce:f8 the destination N port. 20:00:00:05:30:00:31:1e(0xfffca9) Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 649
N port. 28 bytes from 21:00:00:20:37:6f:db:dd time = 1454 usec Retry the command a few seconds 5 frames sent, 5 frames received, 0 timeouts later. Round-trip min/avg/max = 364/784/1454 usec Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Explicitly set the terminal length command to 0 (zero) to disable auto-scrolling and enable manual Note scrolling. Use the show terminal command to view the configured the terminal size. After obtaining the output of this command, remember to reset your terminal length as required. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 651
• show monitor session all • show accounting log show process • show process cpu • show process log • show process memory • show processes log details • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...
Page 652
The show tech-support brief command is useful when collecting information about the switch for troubleshooting purposes. The output of this command can be provided to technical support representatives when reporting a problem. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-10 OL-16597-01...
Page 654
• show san-port-channel summary • show san-port-channel consistency detail • show tech-support device-alias • show fcdomain domain-list • show tech-support fcns • • show fcns database vsan 1-4093 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-12 OL-16597-01...
Page 655
1-4093 • show zone policy vsan 1-4093 • show zoneset pending active vsan 1-4093 • show zoneset pending vsan 1-4093 • • show zone pending vsan 1-4093 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-13 OL-16597-01...
Page 656
• show platform fwm info pif all verbose • show platform fwm info lif all verbose show platform fwm info vlan all verbose • Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-14 OL-16597-01...
Page 657
• show system internal liod state • show system internal liod time_db • show system internal rib domain • • show system internal rib system-attributes Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-15 OL-16597-01...
Page 658
Number of frame sent by the fcping feature 5 frames Remote capture connection protocol Remote capture connection mode Passive Local capture frame limits 10 frames FC ID allocation mode Auto mode Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-16 OL-16597-01...
C H A P T E R Configuration Limits The features supported by the Cisco Nexus 5000 Series Switch have maximum configuration limits. For some of the features, we have verified configurations that support limits less that the maximum. Table 1-1 lists the Cisco verified limits and maximum limits for switches running Cisco NX-OS Release 4.0.
Page 660
8. Each ASIC supports 256 counters to be shared among policers (ACL accounting, Fibre Channel Flow, etc.) Each counter can be configured to count either bytes or packets. A system-wide limit of 32 accounting entries for VACL or PACL is enforced. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01...