Page 1
Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x First Published: 2014-03-15 Last Modified: 2017-01-22 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
Adding a Switch to a Switch Profile Adding or Modifying Switch Profile Commands Importing a Switch Profile Importing Configurations in a vPC Topology Verifying Commands in a Switch Profile Isolating a Peer Switch Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 4
Guidelines and Limitations for CFS CFS Distribution CFS Distribution Modes Uncoordinated Distribution Coordinated Distribution Unrestricted Uncoordinated Distributions Verifying the CFS Distribution Status CFS Support for Applications CFS Application Requirements Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 5
Enabling CFS to Distribute FC Port Security Configurations Enabling CFS to Distribute FC Timer Configurations Enabling CFS to Distribute IVR Configurations Enabling CFS to Distribute NTP Configurations Enabling CFS to Distribute RADIUS Configurations Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 6
Guidelines and Limitations for User Accounts Configuring User Accounts Configuring SAN Admin Users Configuring RBAC Creating User Roles and Rules Creating Feature Groups Changing User Role Interface Policies Changing User Role VLAN Policies Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 7
Guidelines and Limitations for System Message Logging Default Settings for System Message Logging Configuring System Message Logging Configuring System Message Logging to Terminal Sessions Configuring System Message Logging to a File Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 8
Creating a Destination Profile Modifying a Destination Profile Associating an Alert Group with a Destination Profile Adding Show Commands to an Alert Group Configuring E-Mail Server Details Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x viii OL-31641-01...
Page 9
SNMP Functional Overview SNMP Notifications SNMPv3 Security Models and Levels for SNMPv1, v2, and v3 User-Based Security Model CLI and SNMP User Synchronization Group-Based SNMP Access Licensing Requirements for SNMP Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 10
Information About RMON RMON Alarms RMON Events Configuration Guidelines and Limitations for RMON Configuring RMON Configuring RMON Alarms Configuring RMON Events Verifying the RMON Configuration Default RMON Settings Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 11
Configuration Example for a SPAN ACL Configuration Example for SPAN-on-Latency Session Configuring ERSPAN C H A P T E R 1 7 Information About ERSPAN ERSPAN Source Sessions Monitored Traffic ERSPAN Types Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 12
Configuration Example for an ERSPAN SPAN-on-Drop Session Configuration Example for ERSPAN SPAN-on-Latency Session Additional References Related Documents Configuring NTP C H A P T E R 1 8 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 13
C H A P T E R 1 9 Information About Embedded Event Manager EEM Policies EEM Event Statement EEM Action Statements VSH Script Policies EEM Event Correlation EEM Virtualization Support EEM Licensing Requirements Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01 xiii...
Page 14
Prerequisites for OpenFlow Setting Up an OpenFlow Virtual Service Enabling OpenFlow Configuring the OpenFlow Switch Verifying OpenFlow Configuring NetFlow C H A P T E R 2 1 NetFlow Overview Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 15
Enabling the Switch to Perform a Soft Reload After a Process Crash Performing a Manual Soft Reload Configuration Examples for Soft Reload Verifying the Soft Reload Status Additional References for Soft Reload Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 16
Creating a Snapshot Entering Maintenance Mode Returning to Normal Mode Configuring the Maintenance Mode Profile File Verifying GIR Class-based Quality-of-Service MIB C H A P T E R 2 5 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 17
Adding and Activating Packages Committing the Active Package Set Deactivating and Removing Packages Displaying Installation Log Information Where to Go Next Additional References Feature Information for Performing Software Maintenance Upgrades Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01 xvii...
Page 18
Contents Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x xviii OL-31641-01...
Obtaining Documentation and Submitting a Service Request, page xxii Audience This publication is for network administrators who configure and maintain Cisco Nexus devices. Document Conventions As part of our constant endeavor to remodel our documents to meet our customers' requirements, we have Note modified the manner in which we document configuration tasks.
Page 20
Means reader take note. Notes contain helpful suggestions or references to material not covered in the Note manual. Means reader be careful. In this situation, you might do something that could result in equipment damage Caution or loss of data. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 21
Preface Related Documentation for Cisco Nexus 5600 Series NX-OS Software Related Documentation for Cisco Nexus 5600 Series NX-OS Software The entire Cisco NX-OS 5600 Series documentation set is available at the following URL: http://www.cisco.com/c/en/us/support/switches/nexus-5000-series-switches/ tsd-products-support-series-home.html Release Notes The release notes are available at the following URL: http://www.cisco.com/c/en/us/support/switches/nexus-5000-series-switches/products-release-notes-list.html...
What's New in Cisco Product Documentation. To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's New in Cisco Product Documentation RSS feed. RSS feeds are a free service.
FEXs. A FEX group is added to optimize the procedure to bring up or take down the FEX. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 24
Once maintenance on the switch is complete, you can bring the switch into full operational mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Pre-provisioning allows users to synchronize the configuration for an interface that is online with one peer but offline with another peer. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 26
System message logging is based on RFC 3164. For more information about the system message format and the messages that the device generates, see the Cisco NX-OS System Messages Reference. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 27
(sometimes called port mirroring or port monitoring) selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe, a Fibre Channel Analyzer, or other Remote Monitoring (RMON) probes. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 28
VLANs and forwards the traffic using routable GRE-encapsulated packets to the ERSPAN destination session. The ERSPAN destination session switches the traffic to the destinations. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Information About Switch Profiles Information About Switch Profiles Several applications require consistent configuration across Cisco Nexus Series switches in the network. For example, with a Virtual Port Channel (vPC), you must have identical configurations. Mismatched configurations can cause errors or misconfigurations that can result in service disruptions.
For example, the following command can only be configured in global configuration mode: switchport private-vlan association trunk primary-vlan secondary-vlan • Shutdown/no shutdown • System QoS Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Prerequisites for Switch Profiles Switch profiles have the following prerequisites: • You must enable Cisco Fabric Series over IP (CFSoIP) distribution over mgmt0 on both switches by entering the cfs ipv4 distribute command. • You must configure a switch profile with the same name on both peer switches by entering the config sync and switch-profile commands.
Page 33
You can then make necessary corrections and try the commit again. • We recommend that you enable preprovisioning for all Generic Expansion Modules (GEMs) and Cisco Nexus Fabric Extender modules whose interface configurations are synchronized using the configuration synchronization feature.
Follow these guidelines when adding switches: • Switches are identified by their IP address. • Destination IPs are the IP addresses of the switches that you want to synchronize. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 36
Displays the switch profile peer configuration. Example: switch# show switch-profile peer Step 6 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch# copy running-config startup-config Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
You can verify the commands that are included in a switch profile by entering the verify command in switch profile mode. Procedure Command or Action Purpose Step 1 config sync Enters configuration synchronization mode. Example: switch# config sync switch(config-sync)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The all-config option completely deletes the switch profile on both peer switches. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Deleting a Switch from a Switch Profile You can delete a switch from a switch profile. Procedure Command or Action Purpose Step 1 Enters configuration synchronization mode. config sync Example: switch# config sync switch(config-sync)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The following example shows how to display the switch profile buffer for a service profile called sp: switch# configure sync Enter configuration commands, one per line. End with CNTL/Z. switch(config-sync)# switch-profile sp Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Synchronizing Configurations After a Switch Reboot If a Cisco Nexus Series switch reboots while a new configuration is being committed on a peer switch using a switch profile, complete the following steps to synchronize the peer switches after reload:...
10.1.1.1 class-map type qos match-all c1 match cos 2 class-map type qos match-all c2 match cos 5 policy-map type qos p1 class c1 set qos-group 2 class c2 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Replacing a Cisco Nexus 5000 Series Switch When a Cisco Nexus 5000 Series switch has been replaced, perform the following configuration steps on the replacement switch to synchronize it with the existing Cisco Nexus 5000 Series switch. The procedure can be done in a hybrid Fabric Extender A/A topology and Fabric Extender Straight-Through topology.
Page 53
Step 4. 20 If you are using the configuration synchronization feature, enter the show switch-profile name status command to ensure both switches are synchronized. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 54
Configuring Switch Profiles Replacing a Cisco Nexus 5000 Series Switch Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Cisco Nexus 5600 Series Release Notes. Guidelines and Limitations Pre-provisioning has the following configuration guidelines and limitations: • When a module comes online, commands that are not applied are listed in the syslog. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Copies the running configuration to the startup configuration. Example: switch# copy running-config startup-config This example shows how to select slot 101 and the N2K-C2232P module to pre-provision. switch# configure terminal switch(config)# slot 101 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
N5K-M1404 switch(config-slot)# Verifying the Pre-Provisioned Configuration To display the pre-provisioned configuration, perform one of the following tasks: Command Purpose show module Displays module information. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Displays the startup configuration including the pre-provisioned configuration. Configuration Examples for Pre-Provisioning The following example shows how to enable pre-provisioning on slot 110 on the Cisco Nexus 2232P Fabric Extender and how to pre-provision interface configuration commands on the Ethernet 110/1/1 interface. switch# configure terminal...
Default Settings for CFS, page 49 Information About CFS Some features in the Cisco Nexus Series switch require configuration synchronization with other switches in the network to function correctly. Synchronization through manual configuration at each switch in the network can be a tedious and error-prone process.
Cisco Fabric Services over Ethernet The Cisco Fabric Services over Ethernet (CFSoE) is a reliable state transport mechanism that you can use to synchronize the actions of the vPC peer devices. CFSoE carries messages and packets for many features linked with vPC, such as STP and IGMP.
• CFS regions can be applied only to CFSoIP applications. CFS Distribution The CFS distribution functionality is independent of the lower layer transport. Cisco Nexus Series switches support CFS distribution over IP. Features that use CFS are unaware of the lower layer transport.
The changes in the temporary buffer are not applied if you do not perform the commit operation. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The configuration changes are held in a pending database by that application. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• None of the external switches report a successful state—The application considers this state a failure and does not apply the changes to any switch in the network. The network lock is not released. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Step 3 switch# show application-name status (Optional) Shows the current application state. switch# show ntp status Distribution : Enabled Last operational state: Fabric Locked switch# clear ntp session Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
CFS region, its configuration cannot be distributed within another CFS region. Managing CFS Regions Creating CFS Regions You can create a CFS region. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Enters global configuration mode. Step 2 switch(config)# cfs region region-id Enters CFS region configuration submode. Step 3 switch(config-cfs-region)# Indicates application(s) to be moved from one region into application another. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Step 2 switch(config)# no cfs region region-id Deletes the region. You see the, "All the applications in the Note region will be moved to the default region" warning. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Globally enables CFS over IPv6 for all applications on the switch. Step 3 switch(config)# no cfs ipv6 distribute (Optional) Disables (default) CFS over IPv6 on the switch. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
CFS is 239.255.70.83. Configuring IPv6 Multicast Address for CFS You can configure a CFS over IP multicast address value for IPv6. The default IPv6 multicast address is ff13:7743:4653. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Implicitly enabled with the first configuration change Application distribution Differs based on application Commit Explicit configuration is required CFS over IP Disabled IPv4 multicast address 239.255.70.83 IPv6 multicast address ff15::efff:4653 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Enabling CFS to Distribute Smart Call Home Configurations You can enable CFS to distribute Call Home configurations to all Cisco NX-OS devices in the network. The entire Call Home configuration is distributed except the device priority and the sysContact names.
Enabling CFS to Distribute DPVM Configurations You can enable CFS to distribute dynamic port VSAN membership (DPVM) configurations in order to consistently administer and maintain the DPVM database across all Cisco NX-OS devices in the fabric. Before You Begin Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe command.
You can enable CFS to distribute Fibre Channel (FC) domain configurations in order to synchronize the configuration across the fabric from the console of a single Cisco NX-OS device and to ensure consistency in the allowed domain ID lists on all devices in the VSAN.
[########################################] 100% Enabling CFS to Distribute FC Timer Configurations You can enable CFS to distribute Fibre Channel (FC) timer configurations for all Cisco NX-OS devices in the fabric. Before You Begin Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe command.
Enables CFS to distribute IVR configuration updates. You must enable IVR distribution on all Note IVR-enabled switches in the fabric. Step 3 switch(config)# show cfs application (Optional) Displays the CFS distribution status. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
[########################################] 100% Enabling CFS to Distribute NTP Configurations You can enable CFS to distribute NTP configurations to all Cisco NX-OS devices in the network. Before You Begin Make sure that you enable the NTP feature (using the feature ntp command).
Using Cisco Fabric Services Enabling CFS to Distribute RADIUS Configurations Enabling CFS to Distribute RADIUS Configurations You can enable CFS to distribute RADIUS configurations to all Cisco NX-OS devices in the network. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode.
[########################################] 100% Enabling CFS to Distribute TACACS+ Configurations You can enable CFS to distribute TACACS+ configurations to all Cisco NX-OS devices in the network. Before You Begin Make sure that you enable the TACACS+ feature (using the feature tacacs+ command).
Page 80
Using Cisco Fabric Services Enabling CFS to Distribute TACACS+ Configurations Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
PTP operates within a logical scope called a PTP domain. Starting from Cisco NXOS Release 6.0(2)A8(3), PTP supports configuring multiple PTP clocking domains, PTP grandmaster capability, PTP cost on interfaces for slave and passive election, and clock identity.
Messages that are related to synchronization and establishing the master-slave hierarchy terminate in the protocol engine of a boundary clock and are not forwarded. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• The master receives the delay-request message and notes the time it was received. • The master sends a delay-response message to the slave. The number of delay request messages should be equal to the number of delay response messages. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
PTP requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Step 3 switch(config) # [no] ptp source Configures the source IP address for all PTP packets. ip-address [vrf vrf] The ip-address can be in IPv4 or IPv6 format. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 86
PTP Device Type: Boundary clock Clock Identity : 0:22:55:ff:ff:79:a4:c1 Clock Domain: 0 Number of PTP ports: 0 Priority1 : 1 Priority2 : 1 Clock Quality: Class : 248 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Specifies the VLAN for the interface where PTP is being enabled. You can only enable PTP on one VLAN on an interface. The range is from 1 to 4094. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Verifying the PTP Configuration Use one of the following commands to verify the configuration: Table 3: PTP Show Commands Command Purpose Displays the PTP status. show ptp brief Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
PTP is a time synchronization protocol for nodes distributed across a network. Its hardware timestamp feature provides greater accuracy than other time synchronization protocols such as the Network Time Protocol (NTP). Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 90
Configuring PTP Feature History for PTP Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Configuring User Accounts Default Settings for the User Accounts and RBAC, page 82 Information About User Accounts and RBAC Cisco Nexus Series switches use role-based access control (RBAC) to define the amount of access that each user has when the user logs into the switch.
• Read-only access to all other configurations • Configuration and management of SAN features such as the following: ◦ FC-SP ◦ FC-PORT-SECURITY ◦ FCoE ◦ FCoE-NPV ◦ FPORT-CHANNEL-TRUNK ◦ PORT-TRACK ◦ FABRIC-BINDING Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
A command or group of commands defined in a regular expression. Feature Commands that apply to a function provided by the Cisco Nexus device. Enter the show role feature command to display the feature names available for this parameter. Feature group Default or user-defined group of features.
Page 94
Read and write permissions for port security-related commands Read and write permissions for Remote Domain Loopback (RDL)-related commands rmon Read and write permissions for RMON-related commands Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
If a command rule permits access to specific resources (interfaces, VLANs, or VSANs), the user is permitted to access these resources, even if the user is not listed in the user role policies associated with that user. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• xfs Caution The Cisco Nexus 5000 and 6000 Series switch does not support all numeric usernames, even if those usernames were created in TACACS+ or RADIUS. If an all numeric username exists on an AAA server and is entered during login, the switch rejects the login request.
(%), can be used in Cisco Nexus device passwords. If a password is trivial (such as a short, easy-to-decipher password), the Cisco Nexus device rejects the password. Be sure to configure a strong password for each user account. A strong password has the following characteristics: •...
Copies the running configuration to the startup startup-config configuration. The following example shows how to configure a user account: switch# configure terminal switch(config)# username NewUser password 4Ty18Rnt switch(config)# exit switch# show user-account Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Repeat this command for as many rules as needed. Step 7 switch(config-role)# description text (Optional) Configures the role description. You can include spaces in the description. Step 8 switch(config-role)# end Exits role configuration mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
This example shows how to create a feature group: switch# configure terminal switch(config) # role feature-group group1 switch(config) # exit switch# show role feature-group switch# copy running-config startup-config switch# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
2/1 switch(config-role-interface)# permit interface vfc 30/1 Changing User Role VLAN Policies You can change a user role VLAN policy to limit the VLANs that the user can access. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Repeat this command for as many VSANs as needed. Step 5 switch(config-role-vsan) # exit Exits role VSAN policy configuration mode. Step 6 switch# show role (Optional) Displays the role configuration. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The following table lists the default settings for user accounts and RBAC parameters. Table 5: Default User Accounts and RBAC Parameters Parameters Default User account password Undefined. User account expiry date None. Interface policy All interfaces are accessible. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 105
Configuring User Accounts Default Settings for the User Accounts and RBAC Parameters Default VLAN policy All VLANs are accessible. VFC policy All VFCs are accessible. VETH policy All VETHs are accessible. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 106
Configuring User Accounts and RBAC Configuring User Accounts Default Settings for the User Accounts and RBAC Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• Configuration session—Creates a list of commands that you want to implement in session manager mode. • Validation—Provides a basic semantic check on your configuration. Cisco NX-OS returns an error if the semantic check fails on any part of the configuration.
The name can be any alphanumeric string. Step 2 switch(config-s)# ip access-list name Creates an ACL. Step 3 switch(config-s-acl)# permit protocol source (Optional) destination Adds a permit statement to the ACL. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
(Optional) Saves the session to a file. The location can be in bootflash or volatile. Discarding a Session To discard a session, use the following command in session mode: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Displays the contents of the configuration session. show configuration session status [name] Displays the status of the configuration session. show configuration session summary Displays a summary of all the configuration sessions. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Online diagnostics provide verification of hardware components during switch bootup or reset, and they monitor the health of the hardware during normal switch operation. Cisco Nexus Series switches support bootup diagnostics and runtime diagnostics. Bootup diagnostics include disruptive tests and nondisruptive tests that run during system bootup and system reset.
Bootup diagnostics log any failures to the onboard failure logging (OBFL) system. Failures also trigger an LED display to indicate diagnostic test states (on, off, pass, or fail). You can configure Cisco Nexus device to either bypass the bootup diagnostics or run the complete set of bootup diagnostics.
Tests the forwarding engine ASICs. Forwarding engine port Tests the ports on the forwarding engine ASICs. Front port Tests the components (such as PHY and MAC) on the front ports. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The following example shows how to configure the bootup diagnostics level to trigger the complete diagnostics: switch# configure terminal switch(config)# diagnostic bootup level complete Verifying the Online Diagnostics Configuration Use the following commands to verify online diagnostics configuration information: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
System message logging is based on 3164. For more information about the system message format and the messages that the device generates, see the Cisco NX-OS System Messages Reference. By default, the Cisco Nexus device outputs messages to terminal sessions.
You can configure the Cisco Nexus Series switch to sends logs to up to eight syslog servers. To support the same configuration of syslog servers on all switches in a fabric, you can use Cisco Fabric Services (CFS) to distribute the syslog server configuration.
By default, logging is enabled for terminal sessions. Procedure Command or Action Purpose Step 1 switch# terminal monitor Copies syslog messages from the console to the current terminal session. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 120
If the severity level is not specified, the default of 2 is used. The configuration applies to Telnet and SSH sessions. Step 6 switch(config)# no logging (Optional) monitor [severity-level] Disables logging messages to Telnet and SSH sessions. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Configures the name of the log file used to store system logfile-name severity-level [size messages and the minimum severity level to log. You can bytes] Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The following example shows how to configure the severity level of module and specific facility messages: switch# configure terminal switch(config)# logging module 3 switch(config)# logging level aaa 2 Configuring Logging Timestamps You can configure the time-stamp units of messages logged by the Cisco Nexus Series switch. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode.
However, if management is configured, it will not be listed in the output of the show-running command because it is the default. If a Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
You can configure a syslog server on a UNIX or Linux system by adding the following line to the /etc/syslog.conf file: facility.level <five tab characters> action The following table describes the syslog fields that you can configure. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
$ kill -HUP ~cat /etc/syslog.pid~ Configuring syslog Server Configuration Distribution You can distribute the syslog server configuration to other switches in the network by using the Cisco Fabric Services (CFS) infrastructure. After you enable syslog server configuration distribution, you can modify the syslog server configuration and view the pending changes before committing the configuration for distribution.
Page 128
Displays information about the current state of the syslog info server distribution and the last action taken. Step 9 switch# copy running-config (Optional) startup-config Copies the running configuration to the startup configuration. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Displays the console logging configuration. Displays the logging configuration. show logging info show logging internal info Displays the syslog distribution information. show logging ip access-list cache Displays the IP access list cache. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The log message is displayed on a flow basis. The flow is identified using the combination of IP source address, destination address, Layer 4 protocol, and the Layer 4 source/destination ports on an interface. The log message is generated based on the following conditions: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 131
However, applying such an ACL to any of the interfaces/vlans can be prevented. Mgmt0 supports permit logging. In the Cisco Nexus device, CTS is not supported, therefore RBACL is not supported. ACL logging is not supported for IPv6 and MAC ACLs. It is supported on all interfaces where PACL, RACL, VACL and VTY can be applied, including FEX HIF interfaces.
• Create an IP access list with at least one access control entry (ACE) configured for logging. • Configure the ACL logging cache. • Configure the ACL log match level. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
This example shows how to create a VLAN access map for logging. switch# configure terminal switch(config)# vlan access-map vacl1 switch(config-access-map)# match ip address pacl1 switch(config-access-map)# action drop log switch(config-access-map)# exit switch(config)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
This example shows how to set the rate limiter to 1000 packets per second. switch# configure terminal switch(config)# hardware rate-limiter access-list-log packets 1000 Clearing ACL Logs You can clear the ACL logs. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
[detail] Displays the entries in cache and optionally additional details. Displays flow counts and rate limits show acllog status show acllog flows Displays the currently active logged flows. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 136
Configuring System Message Logging Verifying ACL Logging Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Technical Assistance Center (TAC). If you have a service contract directly with Cisco, you can register your devices for the Smart Call Home service. Smart Call Home provides fast resolution of system problems by analyzing Smart Call Home messages sent from your devices and providing background information and recommendations.
You can also configure a destination profile to allow periodic inventory update messages by using the inventory alert group that will send out periodic messages daily, weekly, or monthly. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Smart Call Home Alert Groups An alert group is a predefined subset of Smart Call Home alerts that are supported in all Cisco Nexus devices. Alert groups allow you to select the set of Smart Call Home alerts that you want to send to a predefined or custom destination profile.
0 (the switch sends all messages). Smart Call Home messages that are sent for syslog alert groups have the syslog severity level mapped to the Smart Call Home message level. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• Common fields for all full text and XML messages • Inserted fields for a reactive or proactive event message • Inserted fields for an inventory event message • Inserted fields for a user-generated test message Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 142
/aml/header/type reactive or proactive. Message group Name of alert group, such as /aml/header/group syslog. Severity level Severity level of message. /aml/header/level Source ID Product type for routing. /aml/header/source Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 143
ID by any support service. Site ID Optional user-configurable field /aml/ header/siteID used for Cisco-supplied site ID or other data meaningful to alternate support service. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 144
Chassis serial number of the unit. /aml/body/chassis/serialNo Chassis part number Top assembly number of the /aml/body/chassis/partNo chassis. Fields specific to a particular alert group message are inserted here. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 145
Table 21: Inserted Fields for an Inventory Event Message Data Item (Plain Text and XML) Description (Plain Text and XML) XML Tag (XML Only) Chassis hardware version Hardware version of the chassis. /aml/body/chassis/hwVersion Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• You must have access to contact name (SNMP server contact), phone, and street address information. • You must have IP connectivity between the switch and the e-mail server. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• Know the sMARTnet contract number for your switch • Know your e-mail address • Know your Cisco.com ID Procedure Step 1 In a browser, navigate to the Smart Call Home web page: http://www.cisco.com/go/smartcall/ Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The contract-number can be up to 255 alphanumeric characters. Step 8 switch(config-callhome)# (Optional) customer-id customer-number Configures the customer number for this switch from the service agreement. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
You must create a user-defined destination profile and configure the message format for that new destination profile. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• Message level—The Call Home message severity level for this destination profile. • Message size—The allowed length of a Call Home message sent to the e-mail addresses in this destination profile. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 151
5 switch(config-callhome)# destination-profile full-text-destination message-size 10000 switch(config-callhome)# What to Do Next Associate an alert group with a destination profile. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
You can assign a maximum of five user-defined show commands to an alert group. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode. Step 2 switch(config)# callhome Enters Smart Call Home configuration mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The following example shows how to add the show ip routing command to the Cisco-TAC alert group: switch# configuration terminal switch(config)# callhome switch(config-callhome)# alert-group Configuration user-def-cmd show ip routing...
The interval days range is from 1 to 30 days. [interval days] [timeofday time] The default is 7 days. The timeofday time is in HH:MM format. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The following example shows how to disable duplicate message throttling: switch# configuration terminal switch(config)# callhome switch(config-callhome)# no duplicate-message throttle switch(config-callhome)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Smart Call Home testing fails when the message level for the destination profile is set to 3 or higher. Important Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Displays the running configuration for Smart Call Home. show startup-config callhome Displays the startup configuration for Smart Call Home. Displays the technical support output for Smart Call show tech-support callhome Home. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 159
00:01:05: %SYS-5-CONFIG_I: Configured from memory by console 00:01:09: %SYS-5-RESTART: System restarted --Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_DBG-VM), Experimental Version 12.2(20070421:012711) Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Thu 26-Apr-07 15:54 by xxx Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 160
Cisco DCOS Software, c6slc Software (c6slc-SPDBG-VM), Experimental Version 4.0 (20080421:012711)Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 26-Apr-08 16:40 by username1 00:00:25: DFC1: Currently running ROMMON from F2 region Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 161
PFC and will perform at current system operating mode. 00:07:06: %OIR-SP-6-INSCARD: Card inserted in slot 8, interfaces are now online Router#]]> </aml-block:Data> </aml-block:Attachment> </aml-block:Attachments> </aml-block:Block> </soap-env:Body> </soap-env:Envelope> Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 162
Configuring Smart Call Home Sample Syslog Alert Notification in XML Format Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
You can create a checkpoint copy of the current running configuration at any time. Cisco NX-OS saves this checkpoint as an ASCII file which you can use to roll back the running configuration to the checkpoint configuration at a future time.
• Checkpoint names must be unique. You cannot overwrite previously saved checkpoints with the same name. • Checkpoints are not supported post upgrade or downgrade. • The Cisco NX-OS commands may differ from the Cisco IOS commands. Creating a Checkpoint You can create up to ten checkpoints of your configuration per switch.
Verifying the Rollback Configuration Use the following commands to verify the rollback configuration: Command Purpose show checkpoint name [ all] Displays the contents of the checkpoint name. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 166
| startup-config | file dest-file} show rollback log [exec | verify] Displays the contents of the rollback log. Use the clear checkpoint database command to delete all checkpoint files. Note Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
A name server may also store information about other parts of the domain tree. To map domain names to IP addresses in Cisco NX-OS, you must first identify the hostnames, then specify a name server, and enable the DNS service.
High Availability Cisco NX-OS supports stateless restarts for the DNS client. After a reboot or supervisor switchover, Cisco NX-OS applies the running configuration. Prerequisites for DNS Clients The DNS client has the following prerequisites: •...
VRF that you configured this domain name under. Cisco NX-OS uses each entry in the domain list to append that domain name to any hostname that does not contain a complete domain name before starting a domain-name lookup.
Page 170
The following example shows how to configure a default domain name and enable DNS lookup: switch# config t switch(config)# vrf context management switch(config)# ip domain-name mycompany.com switch(config)# ip name-server 172.68.0.10 switch(config)# ip domain-lookup Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• An SNMP agent—The software component within the managed device that maintains the data for the device and reports these data, as needed, to managing systems. The Cisco Nexus device supports the agent and MIB. To enable the SNMP agent, you must define the relationship between the manager and the agent.
The switch cannot determine if the trap was received. An SNMP manager that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the Cisco Nexus device never receives a response, it can send the inform request again.
HMAC-MD5 or HMAC-SHA algorithms. Provides Data Encryption Standard (DES) 56-bit encryption in addition to authentication based on the Cipher Block Chaning (CBC) DES (DES-56) standard. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• HMAC-MD5-96 authentication protocol • HMAC-SHA-96 authentication protocol Cisco NX-OS uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3 message encryption and conforms with RFC 3826. The priv option offers a choice of DES or 128-bit AES encryption for SNMP security encryption. The priv option and the aes-128 token indicates that this privacy password is for generating a 128-bit AES key #.The...
Licensing Requirements for SNMP This feature does not require a license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Enabled linkUp/Down notification type ietf-extended Configuring SNMP Configuring SNMP Users The commands used to configure SNMP users in Cisco NX-OS are different from those used to configure Note users in Cisco IOS. Procedure Command or Action Purpose Step 1 Enters global configuration mode.
You can configure SNMP to require authentication or encryption for incoming requests. By default, the SNMP agent accepts SNMPv3 messages without authentication and encryption. When you enforce privacy, Cisco NX-OS responds with an authorization error for any SNMPv3 PDU request that uses a security level parameter of either noAuthNoPriv or authNoPriv.
The ACL applies to both IPv4 and IPv6 over UDP and TCP. After creating the ACL, assign the ACL to the SNMP community. For more information about creating ACLs, see the NX-OS security configuration guide for the Cisco Nexus Series software that you are using.
Page 179
192.0.2.1 informs version 2c public The following example shows how to configure a host receiver for an SNMPv3 inform: switch(config)# snmp-server host 192.0.2.1 informs version 3 auth NMS Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Configuring SNMP Notification Receivers with VRFs Configuring SNMP Notification Receivers with VRFs You can configure Cisco NX-OS to use a configured VRF to reach the host receiver. SNMP adds entries into the cExtSnmpTargetVrfTable of the CISCO-SNMP-TARGET-EXT-MIB when you configure the VRF reachability and filtering options for an SNMP notification receiver.
2/1 This example shows how to configure a source interface to sending out SNMPv2c traps: switch# configure terminal switch(config) # snmp-server source-interface traps ethernet 2/1 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• Using SNMP v2 with context—The SNMP client needs to specify the context by specifying a community; for example, <community>@<context>. • Using SNMP v3—You can specify the context. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Enabling SNMP Notifications You can enable or disable notifications. If you do not specify a notification name, Cisco NX-OS enables all notifications. The snmp-server enable traps CLI command enables both traps and informs, depending on the configured Note notification host receivers.
Page 184
CISCO-FSPF-MIB snmp-server enable traps fspf CISCO-PSM-MIB snmp-server enable traps port-security CISCO-RSCN-MIB snmp-server enable traps rscn snmp-server enable traps rscn els snmp-server enable traps rscn ils Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
You can configure which linkUp/linkDown notifications to enable on a device. You can enable the following types of linkUp/linkDown notifications: • cieLinkDown—Enables the Cisco extended link state down notification. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Specifies the interface to be changed. Step 3 switch(config -if)# no snmp trap Disables SNMP link-state traps for the interface. link-status This feature is enabled by default. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
You can configure an SNMP context to map to a logical network entity, such as a protocol instance or VRF. Procedure Command or Action Purpose Step 1 switch# configuration terminal Enters global configuration mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Modifying the AAA Synchronization Time You can modify how long Cisco NX-OS holds the synchronized user configuration. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode.
Displays SNMP roles. Displays SNMP sessions. show snmp sessions show snmp trap Displays the SNMP notifications enabled or disabled. show snmp user Displays SNMPv3 users. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 190
Configuring SNMP Verifying the SNMP Configuration Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
You can use alarms with RMON events to generate a log entry or an SNMP notification when the RMON alarm triggers. RMON is disabled by default and no events or alarms are configured in Cisco Nexus devices. You can configure your RMON alarms and events by using the CLI or an SNMP-compatible network management station.
• Sample type—Absolute samples take the current snapshot of the MIB object value. Delta samples take two consecutive samples and calculate the difference between them. • Rising threshold—The value at which the Cisco Nexus device triggers a rising alarm or resets a falling alarm.
Use the following commands to verify the RMON configuration information: Command Purpose show rmon alarms Displays information about RMON alarms. Displays information about RMON events. show rmon events Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Information About SPAN SPAN Sources SPAN sources refer to the interfaces from which traffic can be monitored. The Cisco Nexus device supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VSANs and VLANs as SPAN sources. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources.
• The maximum number of SPAN sessions supported on the Nexus 5000 Series and Nexus 5500 Series switches is 4. • The maximum number of SPAN sessions supported on the Nexus 5600 Series and Nexus 6000 Series switches is 16.
Memory (TCAM) entries for interface SPAN sources are always programmed before the TCAM entries for VLAN SPAN sources. SPAN traffic is rate-limited as follows on Cisco Nexus devices to prevent a negative impact to production traffic: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x...
Page 201
• Span-on-Latency Source cannot be part of any other span session i.e. Local Span or Span-on-drop. • ACL based SOL is not supported. The following limitations apply to SPAN (local SPAN) session Access Control Lists (ACL) configurations: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 202
• SPAN has a HIF Port Channel (with one or more member HIF ports) as source with Rx only • The following guidelines apply when configuring local SPAN sessions with ACLs: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The following example shows how to configure a SPAN monitor session: switch# configure terminal switch(config) # monitor session 2 switch(config) # Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Configuring the Rate Limit for SPAN Traffic By configuring a rate limit for SPAN traffic to 1Gbps across the entire monitor session, you can avoid impacting the monitored production traffic. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The following example shows how to configure a virtual Fibre Channel SPAN source port: switch# configure terminal switch(config)# monitor session 2 switch(config-monitor)# source interface vfc 129 switch(config-monitor)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
2 switch(config-monitor)# source vsan 1 switch(config-monitor)# Configuring the Description of a SPAN Session For ease of reference, you can provide a descriptive name for a SPAN session. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Copies the running configuration to the startup configuration. This example shows how to configure an ACL filter for a SPAN session: switch# configure terminal switch(config) # monitor session 3 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
ID or a new session type. Step 6 description description Adds a description to the session configuration. Example: switch(config-span-on-latency)# description SPAN-on-Latency-session Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Opens the specified SPAN session or all session-number} shut sessions. The following example shows how to activate a SPAN session: switch# configure terminal switch(config) # no monitor session 3 shut Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Troubleshooting SPAN session with large number of source ports issues Table 28: Troubleshooting SPAN session with large number of source ports Problem Solution Recommendation Description Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The following example shows how to display SPAN session information: switch# show monitor SESSION STATE REASON DESCRIPTION ------- ----------- ---------------------- -------------------------------- The session is up down Session suspended down No hardware resource Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Additional References, page 217 Information About ERSPAN The Cisco NX-OS system supports the Encapsulated Remote Switching Port Analyzer (ERSPAN) feature on both source and destination ports. ERSPAN transports mirrored traffic over an IP network. The traffic is encapsulated at the source router and is transferred across the network. The packet is decapsulated at the destination router and then sent to the destination interface.
• For a source VLAN or source VSAN, the ERSPAN can monitor only ingress traffic. ERSPAN Types Cisco NX-OS Release 7.1(1)N1(1) supports two types of ERSPAN—ERSPAN Type II (default) and ERSPAN Type III. All previous Cisco NX-OS releases support only ERSPAN Type II.
• Destination ports do not participate in any spanning tree instance or any Layer 3 protocols. • Ingress and ingress learning options are not supported on monitor destination ports. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The default is no truncation so switches or routers receiving large ERSPAN packets might drop these oversized packets. Note Do not enable the truncated ERSPAN feature if the destination ERSPAN router is a Cisco Nexus 6001 or Cisco Nexus 6004 switch because the Cisco Nexus 6000 Series switch drops these truncated packets. ERSPAN with ACL With ERSPAN traffic the destination is remote and the overall impact of bandwidth congestion can be significant.
14 sessions. In such a scenario, an additional TCAM entry has to be programmed to handle egress multicast traffic on a Network Interface (NIF) port. • The maximum number of ports for each ERSPAN session is 128. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 220
• Due to system limitations, the extent to which an ACL associated to ERSPAN session can scale depends on the how the SPAN source is configured. The following table shows different scenarios and the corresponding maximum ACL size supported. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 221
ERSPAN has single HIF Ports as source with both Current Available TCAM Entries/3 Tx and Rx. ERSPAN has multiple HIF Ports as source with Current Available TCAM Entries/4 both Tx and Rx. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 222
(using the no filter access-group current acl name command), and then configure the new filter access group (using the filter access-group new acl name command). Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
1024. The same session number cannot be used more type erspan-source than once. switch(config-erspan-src)# The session IDs for source sessions are in the same global ID space, so each session ID is globally unique. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 224
Configures the VRF to use instead of the global routing table. You can use a VRF that you have specifically configured or the default VRF. Example: switch(config-erspan-src)# vrf default Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Configuring an ERSPAN Type III Source Session Procedure Command or Action Purpose Step 1 configuration terminal Enters global configuration mode. Example: switch# config t switch(config)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 226
Step 7 source interface { ethernet Associates the ERSPAN source session number with the source ports (1-255). slot/chassis number | portchannel number } Example: switch(config-erspan-src)# source interface eth 1/1 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 227
On Cisco Nexus 5000 Series switches, only two Example: ERSPAN source sessions can be running switch(config-erspan-src)# no shut simultaneously. On Cisco Nexus 5500 Series switches, up to four source sessions can be running simultaneously. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
ID or session type, use the no version of the command to remove the session and then re-create the session through the command with a new session ID or a new session type. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Example: switch(config)# interface ethernet switch(config-if)# Step 3 switchport Configures switchport parameters for the selected slot and port or range of ports. Example: switch(config-if)# switchport Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 230
You can configure only interfaces as a destination. slot/port[-port], [type slot/port [port]]] [port-channel channel-number]]} You can configure destination ports as Note trunk ports. Example: switch(config-erspan-dst)# destination interface ethernet 2/5 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Use the monitor session command to configure an ERSPAN SPAN-on-Drop session. Each session is identified by a unique session number. Note There can only be one active SPAN-on-Drop or SPAN-on-Drop ERSPAN session at any time. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Configuring an ERSPAN SPAN-on-Latency Session You can configure an MTU size for the ERSPAN traffic to reduce the amount of fabric or network bandwidth used in sending ERSPAN packets. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 233
Specifies the Ethernet interface to use as the source SPAN port. Example: You can configure multiple SPAN source Note switch(config-span-on-latency-erspan)# ports. source interface ethernet 1/3 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Because only a specific number of ERSPAN sessions can be running simultaneously, you can shut down a session to free hardware resources to enable another session. By default, ERSPAN sessions are created in the shut state. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 235
Example: switch(config-erspan-src)# monitor session 3 type erspan-destination Step 6 shut Shuts down the ERSPAN session. By default, the session is created in the shut state. Example: switch(config-erspan-src)# shut Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
{all | session-number | range Displays the ERSPAN session configuration. session-range} show running-config monitor Displays the running ERSPAN configuration. Displays the ERSPAN startup configuration. show startup-config monitor Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
This example shows how to configure an IP address as the source for an ERSPAN session: switch# configure terminal switch(config)# monitor erspan origin ip-address 192.0.2.1 switch(config)# exit switch(config)# copy running-config startup config Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Related Topic Document Title ERSPAN commands: complete command syntax, Cisco Nexus NX-OS System Management Command command modes, command history, defaults, usage Reference for your platform. guidelines, and examples Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 240
Configuring ERSPAN Related Documents Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• A stratum 1 time server is directly attached to an authoritative time source (such as a radio or atomic clock or a GPS time source). • A stratum 2 NTP server receives its time through NTP from a stratum 1 time server. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Before synchronizing, NTP compares the time reported by several network devices and does not synchronize with one that is significantly different, even if it is a stratum 1. Because Cisco NX-OS cannot connect to a radio or atomic clock and act as a stratum 1 server, we recommend that you use the public NTP servers available on the Internet.
• If you use CFS to distribute NTP, all devices in the network should have the same VRFs configured as you use for NTP. • If you configure NTP in a VRF, ensure that the NTP server and peers can reach each other through the configured VRFs. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Configuring NTP Default Settings for NTP • You must manually distribute NTP authentication keys on the NTP server and Cisco NX-OS devices across the network. • Use NTP broadcast or multicast associations when time accuracy and reliability requirements are modest, your network is localized, and the network has more than 20 clients.
This example shows how to configure the Cisco NX-OS device as an authoritative NTP server with a different stratum level: switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z.
Use the use-vrf keyword to configure the NTP peer to communicate over the specified VRF. The vrf-name argument can be default, management, or any case-sensitive alphanumeric string up to 32 characters. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The range for trusted keys is from 1 to 65535. This command provides protection against accidentally synchronizing the device to a time source that is not trusted. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• The peer keyword enables the device to receive time requests and NTP control queries and to synchronize itself to the servers specified in the access list. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The ip-address can be in IPv4 or IPv6 format. This example shows how to configure an NTP source IP address of 192.0.2.2. switch# configure terminal switch(config)# ntp source 192.0.2.2 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Displays the NTP logging configuration status. logging-status Step 4 switch(config)# copy running-config (Optional) startup-config Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
When you commit the NTP configuration changes, the effective database is overwritten by the configuration changes in the pending database and all the devices in the network receive the same configuration. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Discarding NTP Configuration Changes After making the configuration changes, you can choose to discard the changes instead of committing them. If you discard the changes, Cisco NX-OS removes the pending database changes and releases the CFS lock. Procedure Command or Action...
{ipaddr {ipv4-addr} | name peer-name}} show ntp status Displays the NTP CFS distribution status. show ntp trusted-keys Displays the configured NTP trusted keys. show running-config ntp Displays NTP information. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
10 permit ip host 10.1.1.1 any switch(config-acl)# 20 permit ip host 10.8.8.8 any Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 255
10 permit ip host 10.6.6.6 any switch(config-acl)# 20 permit ip host 10.7.7.7 any switch(config)# ip access-list query-only-acl switch(config-acl)# 10 permit ip host 10.2.2.2 any switch(config-acl)# 20 permit ip host 10.3.3.3 any Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 256
Configuring NTP Configuration Examples for NTP Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
EEM consists of three major components: • Event statements—Events to monitor from another Cisco NX-OS component that might require some action, workaround, or notification. • Action statements—An action that EEM can take, such as sending an e-mail, or disabling an interface, to recover from an event.
(the default option). EEM maintains event logs on the supervisor. Cisco NX-OS has a number of preconfigured system policies. These system policies define many common events and actions for the device. System policy names begin with two underscore characters (__).
If you want to allow the triggered event to process any default actions, you must configure the EEM policy Note to allow the event default action statement. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Boolean operators (and, or, andnot), with the count and time, you can define a combination of these events to trigger a custom action. For information about configuring EEM event correlation, see Defining a User Policy Using the CLI, on Note page 241. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
EEM Virtualization Support EEM Virtualization Support You configure EEM in the virtual device context (VDC) that you are logged into. By default, Cisco NX-OS places you in the default VDC. You must be in this VDC to configure policies for module-based events.
Enclose the string in quotation marks. Step 4 switch(config)# copy running-config (Optional) startup-config Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
[module policy. module-id] Step 8 switch(config-applet)# copy Saves the change persistently through reboots and restarts by copying the running configuration to the running-config startup-config startup configuration. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Triggers an event if a fan fails for more than the configured time, in seconds. The number range is Example: module dependent. The seconds range is from 10 to switch(config-applet)# event fanbad time 3000 64000. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 265
Triggers an event if the specified system manager major-percent minor minor-percent clear memory threshold is exceeded. The range for the clear-percent percentage is from 1 to 99. Example: switch(config-applet)# event sysmgr memory minor Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The action label is in the format number1.number2. Example: number can be any number up to 16 digits. The range switch(config-applet)# action 1.0 event-default for number2 is from 0 to 9. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command. Ensure that you are logged in with administrator privileges. Ensure that your script name is the same name as the script filename. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Overriding a Policy You can override a system policy. Before You Begin Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
1.0 syslog priority warnings msg "Link is flapping." switch(config-applet)# show event manager policy-state ethport switch(config-applet)# copy running-config startup-config Configuring the Syslog as an EEM Publisher You can monitor syslog messages from the switch. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 270
This example shows how to configure the syslog as an EEM publisher: switch# configure terminal switch(config)# event manager applet abc switch(config-applet)# event syslog occurs 10 switch(config-applet)# copy running-config startup-config Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Sample Tcl file (Vlan.tcl). Copy this file to the bootflash. Running the file creates 99 VLANs and names them. set i 1 while {$i<100} { cli configure terminal cli vlan $i cli name VLAN$i cli no shutdown Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
244. action-statementpython-filename Repeat Step 6 for multiple action statements. Step 7 switch(config-applet)# show event Displays information about the status of the configured manager policy-state name [module policy. module-id] Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Displays information about the policy state, including thresholds. show event manager script system [policy-name | Displays information about the script policies. all] show event manager system-policy [all] Displays information about the predefined system policies. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
“copy run start” switch(config-applet)# event syslog tag three pattern “hello” switch(config-applet)# tag one or two or three happens 1 in 120 switch(config-applet)# action 1.0 reload module 1 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Cisco ONE Platform Kit provides the ability to host Cisco internal or external third party applications on or adjacent to Cisco’s networking infrastructure, and enables programmatic access to networking services in a controlled and consistent manner.
OpenFlow Limitations OpenFlow Limitations The Cisco Nexus 5500 and Cisco Nexus 6000 switches do not support the OpenFlow action to rewrite the layer-2 destination MAC address. Therefore, the XNC controller use cases such as Topology Independent Forwarding and Latency Optimized Forwarding may not be work correctly on the Cisco Nexus 5500 and Cisco Nexus 6000 switches.
OpenFlow policies can be applied to the ACL-table and the MAC-table. OpenFlow relates tables by means of the ‘pipeline’ concept. The Cisco Nexus device supports two pipelines, 201 and 202. You can toggle the pipeline between 201and 202 by entering the pipeline id command in the openflow-agent logical switch configuration.
The OpenFlow agent requires the Cisco Nexus device to be configured with OpenFlow specific commands in order to support topology discovery and the installation of flows. The Cisco Nexus device works in a hybrid mode so that the default commands from the startup-config file are executed upon boot up. This might create an undesirable effect and therefore must be changed.
Setting Up an OpenFlow Virtual Service Template Based TCAM Carving for OpenFlow The Cisco Nexus device supports template-based TCAM carving. To configure OpenFlow on the device, you must make a number of changes to the TCAM carving regions using the template based TCAM carving commands.
Step 5 controller ipv4 ipv4-address port Establishes the connection with the controller over port-numbervrf vrf-name security {none | the specified VRF. tls} You can disable or enable the TLS. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Example: switch(config-ofa)# exit Verifying OpenFlow Use one of the following commands to verify the configuration: Command Purpose show running-config | section openflow Displays the OpenFlow running configuration information. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 282
Displays information about the OpenFlow agent flows. show openflow openflow-agent switch number ports Displays information about the OpenFlow agent port status. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Flexible NetFlow enables enhanced network anomalies and security detection. Flexible NetFlow allows you to define an optimal flow record for a particular application by selecting the keys from a large collection of predefined fields. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
NetFlow gathers for the flow. You can define a flow record with any combination of keys and fields of interest. Cisco NX-OS supports a rich set of keys. A flow record also defines the types of counters gathered per flow. You can configure 32-bit or 64-bit packet or byte counters. The key fields are specified with the match keyword.
Example: The match transport Note switch(config-flow-record)# match transport destination-port and the match ip destination-port protocol commands are required to export Layer 4 port data. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Example: that 64-bit counters are used. switch(config-flow-record)# switch(config-flow-record)# collect counter packets Collects the sampler identifier used for the collect flow sampler id flow. Example: switch(config-flow-record)# collect flow sampler Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The sampling mode supported is M out of N (M:N), where M packets are selected randomly out of every N packets for sampling, and only those packets can create flows. The lowest possible sampling rate on the Cisco Nexus 6000 series is 1:64K packets. The following table shows the different packet rates for different port...
• Define one or many flow exporters by specifying export format, protocol, destination and other parameters. • Define a flow monitor based on the above flow record and flow exporter(s). • Apply the flow monitor to an interface with a sampling method specified. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Example: switch(config)# flow record IPv4Flow Step 3 descriptionstring Describes this flow record. Example: switch(config-flow-record)# description Ipv4flow Step 4 matchtype Specifies the match key. Example: switch(config-flow-record)# match transport destination-port Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
VRF name. switch(config-flow-exporter)# destination 192.0.2.1 Step 4 source interface-type name/port Specifies the interface to use to reach the NetFlow collector at the configured destination. Example: switch(config-flow-exporter)# source ethernet 2/1 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 291
Step 13 copy running-config startup-config (Optional) Saves the change persistently through reboots and restarts by copying the running configuration Example: to the startup configuration. switch(config)# copy running-config startup-config Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Step 7 copy running-config startup-config (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to Example: the startup configuration. switch(config)# copy running-config startup-config Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Applying a Flow Monitor to an Interface You can not apply a flow monitor to an egress interface, only ingress Netflow is supported. Note Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Example: startup configuration. switch(config)# copy running-config startup-config Configuring Bridged NetFlow on a VLAN You can apply a flow monitor and a sampler to a VLAN. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
You can optionally configure global NetFlow timeouts that apply to all flows in the system. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
You can enter up to 63 alphanumeric characters for the sampler name. Displays information about NetFlow hardware IP show hardware ip flow flows. show running-config netflow Displays the NetFlow configuration that is currently on your device. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Soft Reload Debugging Syslogs are generated during various stages of a soft reload indicating the current health of a switch. The following syslogs can be used for debugging Soft Reload: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• A normal switch reload is attempted if a soft reload due to a process crash fails. • A soft reload is not triggered when the following scenarios occur: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
• After a soft reload, we recommend not making any configuration changes until a manual switch reload is done. Default Setting for Soft Reload Parameter Default Soft Reload Disabled Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
This example shows a verification command that displays the status of the soft reload, followed by the command to initiate a manual soft reload. show system soft-reload status Soft-reload is disabled Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Related Topic Document Title Command reference Cisco Nexus 5600 Series NX-OS System Management Command Reference Feature History for Soft Reload This table lists the release history for this feature. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 304
You can also use the soft-reload command to trigger a manual soft reload of the switch. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
In Cisco NX-OS Release 7.1(0)N1(1), the default mode for GIR is “shutdown”. When you place the switch in maintenance mode, all protocols are gracefully brought down and all physical ports are shut down. When normal mode is restored, all the protocols and ports are brought back up.
• Interfaces • FabricPath Starting with Cisco NX-OS Release 7.3(0)N1(1), the default mode for GIR is “isolate”. Use the system mode maintenance command to put all the enabled protocols in maintenance mode. The switch will use the isolate command to isolate the protocols from the network. The switch will then be isolated from the network but is not shut down.
GIR as in the Cisco NX-OS Release 7.1(0)N1(1). • When you cold boot a switch that has custom profile configured and is running a Cisco NX-OS Release 7.3(1)N1(1) image to any other Cisco NX-OS Release that does not support maintenance mode, the same configuration file cannot be used after write-erase reload.
The timer will then restart from that instant with the new timer value. Once the configured time elapses, the switch returns to normal mode automatically without using the no system mode maintenance mode command. Use the no system mode maintenance timeout command to disable the timer. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
You can then compare the new after_maintenance snapshot with the before_maintenance snapshot. Starting with Cisco NX-OS release 8.0(1), the [no] system mode maintenance command has been enhanced to execute a normal mode profile and activate a timer ensuring that sufficient time is provided for the switch to complete any hardware programming that may be going on before the after_maintenance snapshot is taken.
Page 310
Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
FEX Group GIR Functionality You can use GIR to perform maintenance and software upgrade of the Cisco Nexus 5000, 5500 and 6000 Series switches and the connected FEXs in a dual homed vPC topology. A FEX group is a logical grouping of FEXs.
• Snapshot information is not copied automatically to the standby supervisor in a dual supervisor system. • GIR may not provide zero application traffic loss for certain topologies and configurations. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Configuring GIR (Cisco NX-OS Release 7.3(0)N1(1)) Configuring Custom Maintenance Mode and Custom Normal Mode Profile • Starting with Cisco NX-OS Release 7.3(0)N1(1), we recommend not using the configure profile [maintenance-mode | normal-mode] type admin command and we strongly recommend using the configure maintenance profile [maintenance-mode | normal-mode] command.
In most cases, only the element-key1 argument needs to be specified to be able to distinguish among row entries. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Puts all enabled protocols in maintenance mode (using the isolate mode maintenance command). [always-use-custom-profile Use the dont-generate-profile and shutdown options to put the switch in maintenance mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 318
We recommend configuring the reset reason and saving it to the startup configuration. This enables the switch to go into the maintenance mode after a switch reloads due to any reason. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 319
Starting with Cisco NX-OS Release 8.0(1), a visible CLI indicator has been added to show that the system Note is in maintenance mode. For example, switch(config)# will appear as switch(maint-mode)(config)#.
Page 321
This example shows how to put the switch in maintenance mode without presenting any switch prompts: switch# configure terminal switch(config)# system mode maintenance non-interactive Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
150 Returning to Normal Mode Starting with Cisco NX-OS Release 8.0(1), a visible CLI indicator has been added to show that the system Note is in maintenance mode. For example, switch(config)# will appear as switch(maint-mode)(config)#.
Page 323
2016 Dec 5 06:20:23 switch %$ VDC-1 %$ %MMODE-2-MODE_CHANGED: System changed to "normal" mode. switch# show system mode System Mode: Normal This example shows how to return to normal mode from maintenance mode on a switch running the Cisco NX-OS Release 7.3(0)D1(1): switch# configure terminal switch(config)# no system mode maintenance...
Enter configuration commands, one per line. End with CNTL/Z. switch(config-mm-profile)# router bgp 100 switch(config-mm-profile-router)# isolate switch(config-mm-profile-router)# exit switch(config-mm-profile)# sleep instance 1 10 switch(config-mm-profile)# interface ethernet 1/1 switch(config-mm-profile-if-verify)# shutdown switch(config-mm-profile-if-verify)# end Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 325
660 address-family ipv6 unicast no shutdown router ospfv3 ospf_ipv6 no shutdown [Maintenance Mode] router ospfv3 ospf_ipv6 shutdown Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 326
1 shutdown This example shows how to use the isolate command to put all protocols into maintenance mode: switch(config)# system mode maintenance Following configuration will be applied: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 327
Applying : router isis 70 Applying : shutdown Applying : vpc domain 2 Applying : shutdown2016 Jan 15 11:10:36.080386 CP-BL26-N7K-1A %$ VDC-1 %$ %VPC-2-VPC_SHUTDOWN: vPC shutdown status is ON Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 328
Enter configuration commands, one per line. End with CNTL/Z. switch(config-mm-profile)# vpc domain 1 switch(config-mm-profile-vpc-domain)# shutdown switch(config-mm-profile-vpc-domain)# exit switch(config-mm-profile)# system interface shutdown switch(config-mm-profile)# end Exit maintenance profile mode. switch# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 329
This example shows how to create a maintenance mode profile and normal mode profile for upgrading vPC with FEX (refer topology below): N5K-1 configuration: switch# configure terminal switch(config)# configure maintenance profile maintenance-mode Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 330
Use route-map my-rmap-deny in maintenance mode configuration to exclude SVIs having tag 200 configuration. switch(config)# route-map my-rmap-deny deny 10 switch(config-route-map)# match tag 200 switch(config-route-map)# exit switch(config)# route-map my-rmap-deny permit 20 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
[maintenance-mode | Displays the details of the maintenance mode or normal mode profile. normal-mode] show maintenance snapshot-delay Displays the after_maintenance snapshot-delay timer value. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
BGP attributes information Number of attribute entries HWM of attribute entries Bytes used by entries : 100 Entries pending delete HWM of entries pending delete BGP paths per attribute HWM Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 333
Metric-style : advertise(wide), accept(narrow, wide) Area address(es) : Process is up and running (isolate) VRF ID: 1 Stale routes during non-graceful controlled restart Interfaces supported by IS-IS : Ethernet1/2 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Graceful Insertion and Removal 7.1(0)N1(1) This feature was introduced. The (GIR) default mode for GIR is “shutdown”. Refer Configuring GIR (Cisco NX-OS Release 7.1(0)N1(1)). Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
When normal mode is restored, all the protocols and ports are brought back up. The following protocols are supported: • Border Gateway Protocol (BGP) • BGPv6 • Enhanced Interior Gateway Routing Protocol (EIGRP) • EIGRPv6 • Intermediate System-to-Intermediate System (ISIS) Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Step 3 Take a snapshot before entering maintenance mode. Creating a Snapshot, on page 316. Step 4 Put the switch into maintenance mode. Entering Maintenance Mode, on page 317 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
This example shows how to create a normal mode custom profile file: switch# configure terminal switch(config)# configure profile normal-mode type admin switch(config-profile)# router bgp 65501 switch(config-profile-router)# no shutdown Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Executing show ipv6 eigrp topology summary... Done Executing show vpc... Done Executing show ip ospf vrf all... Done Feature 'ospfv3' not enabled, skipping... Executing show isis vrf all... Done Snapshot 'snap1' created switch# Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Executes a previously created normal mode profile file or a maintenance dynamically created normal mode profile file. The [dont-generate-profile] dont-generate-profile option suppresses the creation of the normal mode profile file. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Verifying GIR Use one of the following commands to verify the configuration: Command Purpose show system mode Displays current system mode. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 342
Snapshot Name --------------------------------------------------------------------------------------- snapshot_before_maintenance Wed Sep 10 20:19:31 2014 system-internal-snapshot snapshot_after_maintenance Wed Sep 10 20:29:54 2014 system-internal-snapshot snap1 Wed Sep 10 20:36:15 2014 For testing Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 343
100 no shutdown router eigrp 101 no shutdown router isis 102 no set-overload-bit always router bgp 103 no shutdown vpc domain 20 no shutdown no system interface shutdown Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 344
Configuring GIR (Cisco NX-OS Release 7.1(0)N1(1)) Verifying GIR Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Licensing Requirements for Class-based Quality-of-Service MIB This feature does not require a license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Configures the service policy for a class-map. class-map-name Step 12 switch(config-pmap-c-qos) # set Assigns the QoS group identifier for a class of qos-group qos-group-value traffic in a type qos policy map. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Command or Action Purpose Step 1 $ snmpwalk -v2c -c community-name Displays class-map and policy-map configuration and statistics. ip-address oid Use the snmpwalk command on an Note SNMP-enabled server. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 349
Use the snmpwalk command on the Objects Table: $ snmpwalk -v2c -c public A.B.C.D cbQosObjects Objects Table (QoS only table) corresponding to the policy-map, class-map, match & set Statements CISCO-CLASS-BASED-QOS-MIB::cbQosConfigIndex.285212681.285212681 = Gauge32: 285212836 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 350
Use the snmpwalk command on the Set Action Table: $ snmpwalk -v2c -c public A.B.C.D cbQosSetCfg Set Action Table (QoS only table) corresponding to the set statement configured above Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 351
All CoPP configurations are available by default. The sample snmpwalk outputs below display the cbQosMatchStmtStats and cbQosClassMapStats tables that are supported by the QoS policies starting from Cisco NX-OS Release 7.3(0)N1(1): $ snmpwalk -v2c -c public A.B.C.D cbQosMatchStmtStats CISCO-CLASS-BASED-QOS-MIB::cbQosMatchPrePolicyPkt64.285212681.285212683 = Counter64: 10 //The config indices match the objects displayed in the Objects Table above CISCO-CLASS-BASED-QOS-MIB::cbQosMatchPrePolicyPkt64.285212681.285212684 = Counter64: 4...
Class-based 7.3(0)N1(1) The following cbQoSMIB Quality-of-Service MIB tables are supported by QoS Phase 2 policies: cbQosClassMapStats, cbQosMatchStmtStats and cbQosQueueingStats Class-based 7.1(1) N1(1) This feature was introduced. Quality-of-Service MIB Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 354
Class-based Quality-of-Service MIB Feature History for Class-based Quality-of-Service MIB Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
A software maintenance upgrade (SMU) is a package file that contains fixes for specific defects. SMUs are created to respond to immediate issues and do not include new features. This module describes how to perform software maintenance upgrades (SMUs) on Cisco Nexus 5600 Series devices.
• Each CLI install request is assigned a request ID, which can be used later to review the events. • SMUs are dependent on your physical device. So, an SMU for the Cisco Nexus 6000 Series switch will not work for the Cisco Nexus 5000 Series switch and vice versa.
When you activate packages, use the test option to test the effects of a command without impacting the running system. After the activation process completes, enter the show install log command to display the process results. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
This example shows how to display the active packages for the entire system. Use this information to determine if a software change is required. switch# show install active Boot Images: Kickstart Image: bootflash:/n6000-uk9-kickstart.7.2.1.N1.1.bin System Image: bootflash:/n6000-uk9.7.2.1.N1.1.bin Active Packages: Active Packages on Module #1: Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Go to the Download Software page at this URL: http://software.cisco.com/download/navigator.html Step 3 In the Select a Product list, choose Switches > Data Center Switches > Cisco Nexus 5000/6000 Series Switches > model. Step 4 Choose the appropriate SMU file for your device and click Download.
(SCP). • SSH File Transfer Protocol—SFTP is part of the SSHv2 feature in the security package and provides for secure file transfers. For more information, see the Cisco Nexus 6000 Series NX-OS Security Configuration Guide.
Page 361
• directory-path—The network file server path that leads to the package file to be added. • filename—The name of the package file that you want to add. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 362
“/” following the server address. • filename—The name of the package file that you want to add. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Ensure that you meet all of the prerequisites for the activation of packages. Complete the procedure described in Copying the Package File to a Local Storage Device or Network Server. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 364
After the activation process finishes, enter the show install log command to display the process results. Step 6 Repeat Step 5 until all packages are Activates additional packages as required. activated. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
The package files can be reactivated later, or they can be removed from the disk. The Cisco NX-OS software also provides the flexibility to roll back the selected package set to a previously saved package set. If you find that you prefer a previous package set over the currently active package set, you can use the install deactivate and install commit commands to deactivate the current package and install active and install commit commands to activate the previous package.
The installation log provides information on the history of the installation operations. Each time an installation operation is run, a number is assigned to that operation. • Use the show install log command to display information about both successful and failed installation operations. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 368
Patch sync done to standby Tue Oct 13 06:08:05 2015 The following package is now available to be activated: n6000-uk9.7.2.1.N1.1.CSCuw28765.bin Install operation 1 file exist at Tue Oct 13 06:08:05 2015 Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Kickstart Image: bootflash:/n6000-uk9-kickstart.7.2.1.N1.0.328.bin System Image: bootflash:/n6000-uk9.7.2.1.N1.0.328.bin ----------------------------------------------------------- n6000-uk9.7.2.1.N1.1.CSCuw28765.bin Active Modules ----------------------------------------------------------- switch# Where to Go Next For information about configuring control policies, see the "Configuring ISG Control Policies" module. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
SMUs are created to respond to immediate issues and do not include new features. Note No SMUs have been released for the Cisco Nexus 5000 and 6000 Series switches. Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01...
Page 371
NTP source IP address distributing NTP configurations rate limiter for ACL logging distributing RADIUS configurations SPAN-on-Drop distributing Smart Call Home configurations syslog as EEM publisher distributing TACACS+ configurations virtual service Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01 IN-1...
Page 372
89, 90, 91, 92 configuring monitored traffic default settings prerequisites expansion modules related documents health monitoring sessions runtime multiple Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x IN-2 OL-31641-01...
Page 373
10, 62, 75, 97, 124, 153, 221, 239 SNMP system message logging for NTP licensing requirements ERSPAN smart call home limitations 254, 265 SNMP NetFlow switch profiles OpenFlow Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01 IN-3...
Page 374
SNMP user role VLAN policies, changing NTP configurations user role VSAN policies, changing using CFS to distribute Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x IN-4 OL-31641-01...
Page 375
IDs default settings description disabling session manager 85, 87, 88 filtering requests committing a session functional overview configuring an ACL session (example) group-based access Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01 IN-5...
Page 376
SPAN-on-drop verifying SPAN-on-Drop sessions user role VLAN policies, changing SPAN-on-Latency 178, 188, 192 RBAC configuration example user role VSAN policies, changing VLANs, configuring VSANs, configuring Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x IN-6 OL-31641-01...
Page 377
NTP configuration RBAC OpenFlow users RBAC description smart call home user accounts VRFs configuring SNMP notification receivers with filtering SNMP notifications VSH script policies Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x OL-31641-01 IN-7...
Page 378
Index Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x IN-8 OL-31641-01...