Cisco Nexus7000 Fundamentals Config Guide 8x
Cisco Nexus7000 Fundamentals Config Guide 8x
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Contents
CONTENTS
CHAPTER 2 Overview 3
Serviceability 5
Switched Port Analyzer 5
Ethanalyzer 5
Call Home 5
Online Diagnostics 6
Embedded Event Manager 6
NetFlow 6
Consistency Checker 6
Network Security 23
Cisco TrustSec 23
CHAPTER 11 Using the Device File Systems, Directories, and Files 139
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com
go trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any
other company. (1721R)
© 2017 Cisco Systems, Inc. All rights reserved.
Preface
This preface describes the audience, organization and conventions of the Cisco Nexus 7706 Hardware
Installation Guide. It also provides information on how to obtain related documentation.
• Preface, on page xiii
Preface
This preface describes the audience, organization, and conventions of the Book Title. It also provides
information on how to obtain related documentation.
This chapter includes the following topics:
Audience
This publication is for experienced network administrators who configure and maintain Cisco NX-OS on
Cisco Nexus 7000 Series Platform switches.
Document Conventions
Note • As part of our constant endeavor to remodel our documents to meet our customers' requirements, we
have modified the manner in which we document configuration tasks. As a result of this, you may find
a deviation in the style used to describe these tasks, with the newly included sections of the document
following the new format.
• The Guidelines and Limitations section contains general guidelines and limitations that are applicable
to all the features, and the feature-specific guidelines and limitations that are applicable only to the
corresponding feature.
Convention Description
bold Bold text indicates the commands and keywords that you enter literally
as shown.
Convention Description
Italic Italic text indicates arguments for which the user supplies the values.
variable Indicates a variable for which you supply values, in context where italics
cannot be used.
string A nonquoted set of characters. Do not use quotation marks around the
string or the string will include the quotation marks.
Convention Description
screen font Terminal sessions and information the switch displays are in screen font.
boldface screen font Information you must enter is in boldface screen font.
italic screen font Arguments for which you supply values are in italic screen font.
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual.
Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or
loss of data.
Related Documentation
Documentation for Cisco Nexus 7000 Series Switches is available at:
• Configuration Guides
http://www.cisco.com/c/en/us/support/switches/nexus-7000-series-switches/
products-installation-and-configuration-guides-list.html
• Command Reference Guides
http://www.cisco.com/c/en/us/support/switches/nexus-7000-series-switches/
products-command-reference-list.html
• Release Notes
http://www.cisco.com/c/en/us/support/switches/nexus-7000-series-switches/products-release-notes-list.html
• Install and Upgrade Guides
http://www.cisco.com/c/en/us/support/switches/nexus-7000-series-switches/
products-installation-guides-list.html
• Licensing Guide
http://www.cisco.com/c/en/us/support/switches/nexus-7000-series-switches/
products-licensing-information-listing.html
Documentation for Cisco Nexus 7000 Series Switches and Cisco Nexus 2000 Series Fabric Extenders is
available at the following URL:
http://www.cisco.com/c/en/us/support/switches/nexus-2000-series-fabric-extenders/
products-installation-and-configuration-guides-list.html
Documentation Feedback
To provide technical feedback on this document, or to report an error or omission, please send your comments
to [email protected]. We appreciate your feedback.
Network Plug and Play Network plug and play (PnP) is a software 8.2(1)
application that runs on a Cisco Nexus 7000
switch. The PnP feature provides a simple,
secure, unified, and integrated offering to ease
new branch or campus roll-outs, and for
provisioning updates to an existing network.
This feature provides a unified approach to
provision networks that comprise different
devices with a near zero-touch deployment
experience.
63 character hostname and switch name Supports 63 characters for hostname and 7.3(0)D1(1)
switch name
PowerOn Auto Provisioning (POAP) support Automates the process of upgrading software 6.1(2)
images and installing configuration files on
Cisco Nexus switches
Software Compatibility
The Cisco NX-OS software interoperates with Cisco products that run any variant of the Cisco IOS software.
The Cisco NX-OS software also interoperates with any networking operating system that conforms to the
IEEE and RFC compliance standards.
This figure shows an overview of the Cisco NX-OS software in the data
cene.tr
Serviceability
The Cisco NX-OS software has serviceability functions that allow the device to respond to network trends
and events. These features help you with network planning and improving response times.
Ethanalyzer
Ethanalyzer is a Cisco NX-OS protocol analyzer tool based on the Wireshark (formerly Ethereal) open source
code. Ethanalyzer is a command-line version of Wireshark for capturing and decoding packets. You can use
Ethanalyzer to troubleshoot your network and analyze the control-plane traffic. For more information about
Ethanalyzer, see the Cisco Nexus 7000 Series NX-OS Troubleshooting Guide.
Call Home
The Call Home feature continuously monitors hardware and software components to provide e-mail-based
notification of critical system events. A versatile range of message formats is available for optimal compatibility
with pager services, standard e-mail, and XML-based automated parsing applications. It offers alert grouping
capabilities and customizable destination profiles.You can use this feature, for example, to directly page a
network support engineer, send an e-mail message to a network operations center (NOC), and employ Cisco
AutoNotify services to directly generate a case with the Cisco Technical Assistance Center (TAC). For more
information about Call Home, see the Cisco Nexus 7000 Series NX-OS System Management Configuration
Guide.
Online Diagnostics
Cisco generic online diagnostics (GOLD) verify that hardware and internal data paths are operating as designed.
Boot-time diagnostics, continuous monitoring, and on-demand and scheduled tests are part of the Cisco GOLD
feature set. GOLD allows rapid fault isolation and continuous system monitoring. For information about
configuring GOLD, see the Cisco Nexus 7000 Series NX-OS System Management Configuration Guide.
NetFlow
The Cisco NX-OS NetFlow implementation supports version 5 and version 9 exports. It also supports the
Flexible NetFlow configuration model and hardware-based Sampled NetFlow for enhanced scalability. For
more information about NetFlow, see the Cisco Nexus 7000 Series NX-OS System Management Configuration
Guide.
Consistency Checker
Consistency Checker — Cisco NX-OS Release 8.2(1)
This section describes how to use the Consistency Checker CLIs to collect information on various table states
within the software and the hardware for Cisco NX-OS Release 8.2(1).
Consistency checker compares the software state of the supervisor, with the hardware state of supported I/O
modules. If there is any inconsistency, it flags the issue immediately. This helps to reduce increased
troubleshooting time at a later period. Consistency checker supplements basic troubleshooting, and helps to
identify scenarios where inconsistent state between software and hardware tables are causing issues in the
network, thereby reducing the mean time to resolve the issue.
Consistency Checker is a serviceability tool that performs the following functions:
• Checks for consistency between software and hardware tables.
• Alerts administrators upon finding any inconsistencies.
• Helps to speed up fault isolation.
The Consistency Checker feature verifies the consistency between the software and the hardware for the
following parameters in Cisco NX-OS Release 8.2(1). Except for Persistent Storage Service (PSS) consistency
checker, all other features are supported since Cisco NX-OS Release 8.0(1) and are enhanced in Cisco NX-OS
Release 8.2(1). Consistency checker is supported on M3 and F3 modules. Users can execute the show
consistency-checker all command to perform consistency check for all components/features.
The following consistency checker components are supported in Cisco NX-OS Release 8.2(1):
• FabricPath
• Interface-properties
• Layer 2 Unicast
• Layer 2 Multicast
• L3-Interface Tables
• Link-state
• Proxy Forwarding
• Spanning-Tree
• Persistent Storage Service (PSS)
FabricPath
The FabricPath Consistency Checker verifies the programming consistency for the following FabricPath
parameters:
• FTAG-state
• GPC-membership (Gateway Port-Channel, which is used internally for FabricPath forwarding, and this
does not refer to the user-configured port-channels).
Interface-properties
The Interface-properties Consistency Checker verifies the programming consistency between software and
hardware for EthPM tables (Ethernet Port Manager) including the following parameters:
• Link state
• Interface MTU
• Flow control
• FEX fabric port
• Native VLAN
Layer 2 Unicast
The Layer 2 Unicast Consistency Checker verifies the programming consistency between software and
hardware tables for classical Ethernet (CE) Layer 2 unicast mac address entries.
Layer 2 Multicast
The Layer 2 Multicast Consistency Checker verifies the programming consistency between software and
hardware tables for Layer 2 IGMP snooping entries in classical Ethernet (CE) topologies.
L3-Interface Tables
The L3-Interface Consistency Checker verifies the programming consistency between software and hardware
for Layer 3-interface ingress and egress forwarding tables.
L3-interace consistency checker is supported only on the M3 and F3 VDCs in Cisco NX-OS Release 8.2(1).
It is not supported on the VDC combination that contains a module other than M3 or F3.
Link-state
The Link-state Consistency Checker verifies the programming consistency between software and hardware
for the link-state status of the interfaces.
Spanning-Tree
The Spanning-Tree Consistency Checker verifies the programming consistency between software and hardware
tables for the Spanning-Tree state.
Persistent Storage Service (PSS)
The PSS Consistency Checker verifies the consistency between run-time data and data stored in PSS for the
following parameters:
• Spanning-Tree
• Various ingress and egress forwarding parameters for interfaces (ELTM)
• Interface state (ETHPM)
• VLAN information (Vlan-manager)
• vPC state (vPC manager)
PSS Consistency Checker checks the system state before and after system triggers (switch over, reload, and
ISSU). Invoke PSS consistency checker in steady state to avoid false alarms.
Guidelines and Limitations
• Consistency checkers are supported only on M3 and F3 Modules. Only F3 modules are supported in
Cisco NX-OS Release 8.0(x), and Cisco NX-OS Release 8.1(x) releases.
• If there is a configuration change or a table state change in the environment while a consistency checker
is running, it is possible to trigger false positives. In cases where false positives may be a concern, it is
recommended to run multiple iterations of that consistency checker.
• L3-interface consistency checker supports only L3 standalone, L3 port channel IPv4 and IPv6 interfaces,
and L3 FEX HIF interfaces. Logical interfaces such as OTV, NVE, and tunnel are not supported.
• Layer 2 multicast consistency checker supports only CE (classical Ethernet) IGMP Snooping entries.
VxLAN, OTV, and Fabricpath entries for example, are not supported. Layer 2 multicast consistency
checker cannot be used when unsupported features such as Fabricpath/ EVPN) is enabled on a VDC.
Command Purpose
show consistency-checker link-state Verifies the programming consistency between
software and hardware for the link-state status of the
interfaces.
show consistency-checker interface-properties Verifies the interface properties for all modules. Use
module [module number] the [module] keyword to verify the properties for a
specific module.
show consistency-checker stp-state Verifies the programming consistency between
software and hardware tables for the Spanning-Tree
state.
show consistency-checker l2mcast { vlan ID } { Verifies the layer-2 multicast consistency for L2
group address | source address } [all] [detail] IGMP Snooping entries between supervisor and I/O
modules
• Spanning Tree Protocol (STP)—Checks logical port-state consistency, either port or VLAN. Consistency
is checked against STP and PIXM components.
Note Currently, consistency is checked only against the STP internal database based
on the software port state and from the response provided by the PIXM on any
port-state request.
Note Currently, L2MCAST supports only Classical Ethernet (CE) mode and not
FabricPath.
--------------------------------------------------------------
Consistency checker started at 2017 Sep 29 20:54:09 .
Please run 'show consistency-checker all status' to see the status.
--------------------------------------------------------------
switch# show consistency-checker all status
--------------------------------------------------------------
Consistency checker was started at 2017 Sep 29 20:54:09 .
Consistency checker in progress !
--------------------------------------------------------------
switch# show consistency-checker all output
Consistency-checker result:
(VDC: 1 ,TIME: 2017 Sep 29 20:54:09)
-------------------------------------------------------------
Consistency Checker Result for Ftag CBL: SUCCESS
-------------------------------------------------------------
-------------------------------------------------------------
Consistency Checker Result for GPC: SUCCESS
-------------------------------------------------------------
Interface properties checks (Module 2):
NATIVE_VLAN: PASSED
FEX_STATUS: PASSED
SPEED: PASSED
FLOW_CONTROL: PASSED
MTU: PASSED
-------------------------------------------------------------
Module 2: PASSED.
-------------------------------------------------------------
Interface properties checks (Module 4):
NATIVE_VLAN: PASSED
FEX_STATUS: PASSED
SPEED: PASSED
FLOW_CONTROL: PASSED
MTU: PASSED
-------------------------------------------------------------
Module 4: PASSED.
-------------------------------------------------------------
Link State Checks :
-------------------------------------------------------------
Module 2: PASSED
-------------------------------------------------------------
Link State Checks :
-------------------------------------------------------------
Module 4: PASSED
-------------------------------------------------------------
-------------------------------------------------------------
Consistency Checker Result for RPC: SUCCESS
-------------------------------------------------------------
-------------------------------------------------------------
Consistency Checker Result for STP (VLAN CBL): SUCCESS
-------------------------------------------------------------
PSS CONSISTENCY CHECK RESULT FOR IFTMC ON VDC 1 MODULE 2: SUCCESS
==============================================================
PSS CONSISTENCY CHECK RESULT FOR IFTMC ON VDC 1 MODULE 4: SUCCESS
==============================================================
PSS CONSISTENCY CHECK RESULT FOR ELTM: FAILURE
---------------------------------------------------------------
ATTRIBUTE NAME : ELTM INTERFACE PSS
INCONSISTENT DATA : intf Vlan4040 (0x9010fc8)
Please collect the tech-support for eltm detail for more details.
==============================================================
PSS CONSISTENCY CHECK RESULT FOR ETHPM: SUCCESS
---------------------------------------------------------------
No inconsistency detected in ethpm persistent, runtime and shared data.
==============================================================
PSS CONSISTENCY CHECK RESULT FOR STP: SUCCESS
---------------------------------------------------------------
No inconsistency detected in STP CBL data
==============================================================
PSS CONSISTENCY CHECK RESULT FOR VLAN_MGR: SUCCESS
---------------------------------------------------------------
No inconsistency detected in vlan_mgr persistent, runtime and shared data.
==============================================================
PSS CONSISTENCY CHECK RESULT FOR vPC MGR: SUCCESS
---------------------------------------------------------------
No inconsistency detected in vPC persistent, runtime and shared data.
==============================================================
MTU: PASSED
-------------------------------------------------------------
Module 4: PASSED.
-------------------------------------------------------------
switch#
Consistency-Checker: Failure
Module 10 : Success
Module 1 : Success
Module 3 : Success
Module 2 : Success
Module 4 : Not Supported
Module 7 : Not Supported
Module 9 : Success
Module 8 : Success
Consistency Checker Status: Success
Output Examples for Consistency Checker Components – Cisco NX-OS Release 8.0(1)
Example: Link State Output
This example shows a link state output:
switch# show consistency-checker link-state
Link State Checks:
Consistency Check: FAILED
Inconsistencies found for following interfaces:
Ethernet1/12 hw_link_state(0) sw_link_state(1)
This example shows an STP output when the Consistency Checker result for STP failed:
switch# show consistency-checker stp-state
Consistency Checker Result for STP (VLAN CBL): FAILED
These examples show PIXM outputs when the Consistency Checker result for PIXM failed:
switch# show consistency-checker fabricpath ftag-state
Consistency Checker Result for Ftag CBL: FAILED
PIXM/HW FTag CBL mismatch (port Eth3/9):
INGRESS FORWARDING: (PIXM) 1-2, (HW) 1-2,30-35
EGRESS FORWARDING: (PIXM) 1-2, (HW) 1-2,30-35
These examples show L2MCAST outputs when the Consistency Checker result for L2MCAST failed:
switch(config)# show consistency-checker l2mcast 500 239.2.3.5
Consistency Checker Status: Failed
Inconsistency found in Layer 2 Multicast NextHop
Detailed logs can be found with "show consistency-checker l2mcast vlan group [source]” with
detail keyword.
--------------------------------------------
Route: ('500', '10.120.33.63', '239.2.3.5')
--------------------------------------------
B - Baseline
C - Route and Next-Hop Consistent
I - Next-Hop Inconsistent
M - Missing Route
IGMP: ( B ) set([u'Eth7/9/3'])
M2RIB: ( C ) set([u'Eth7/9/3'])
MFDM: ( C ) 0x7be4
PIXM: ( I ) set(['Eth7/9/3’, ‘Eth7/9/2’])
This example shows an L3 interface properties output when the Consistency Checker result for L3 interface
failed:
Note The custom YAML file name must be fault-mgmt.yaml in order to enable the file to overwrite the existing
YAML file.
applications:
vlan:
ts_name: vlan
group_ts_name: "private-vlan,ethpm"
max_msg_timeout: 30
ethpm:
ts_name: ethpm
group_ts_name: "vlan,lim"
max_msg_timeout: 30
auto_trigger_disable_eve_seq_failure: 1
"private-vlan":
ts_name: "private-vlan"
group_ts_name: "ethpm,vlan,stp"
max_msg_timeout: 30
"eltm detail":
ts_name: "eltm detail"
group_ts_name: "vlan,vni"
max_msg_timeout: 30
"vpc":
max_msg_timeout: 30
auto_trigger_disable_eve_seq_failure: 1
The following table provides information about semantics used in the YAML file:
Component Description
ts_name Specifies the technical support name for the given application.
max_msg_timeout Specifies the message and transaction service leak detection time,
in minutes.
auto_trigger_syslog_severity: severity Specifies syslog severity for the auto capture trigger. Severity level
level range is from 1 to 7. We do not recommend a severity level above
3.
Procedure
Procedure
Procedure
Step 2 switch(config)# system statistics mts sap Enables the Message and Transaction Service
sap-number | all [module module-number] Statistics feature.
Note The Message and Transaction
Service Statistics feature is enabled
by default.
Manageability
This section describes the manageability features in the Cisco NX-OS software.
Ethernet Switching
The Cisco NX-OS software supports high-density, high-performance Ethernet systems and provides the
following Ethernet switching features:
• IEEE 802.1D-2004 Rapid and Multiple Spanning Tree Protocols (802.1w and 802.1s)
• IEEE 802.1Q VLANs and trunks
• 16,000-subscriber VLANs
• IEEE 802.3ad link aggregation
• Private VLANs
• Cross-chassis private VLANs
• Unidirectional Link Detection (UDLD) in aggressive and standard modes
For more information, see the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release
5.xCisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 6.x and the Cisco Nexus 7000
Series NX-OS Layer 2 Switching Configuration Guide.
IP Routing
The Cisco NX-OS software supports IP version 4 (IPv4) and IP version 6 (IPv6) and the following routing
protocols:
• Open Shortest Path First (OSPF) Protocol Versions 2 (IPv4) and 3 (IPv6)
• Intermediate System-to-Intermediate System (IS-IS) Protocol
• Border Gateway Protocol (BGP)
• Enhanced Interior Gateway Routing Protocol (EIGRP)
• Routing Information Protocol Version 2 (RIPv2)
The Cisco NX-OS software implementations of these protocols are fully compliant with the latest standards
and include 4-byte autonomous system numbers (ASNs) and incremental shortest path first (SPF). All unicast
protocols support Non-Stop Forwarding Graceful Restart (NSF-GR). All protocols support all interface types,
including Ethernet interfaces, VLAN interfaces, subinterfaces, port channels, tunnel interfaces, and loopback
interfaces.
For more information, see the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide.
IP Services
The following IP services are available in the Cisco NX-OS software:
• Virtual Routing and Forwarding (VRF)
• Dynamic Host Configuration Protocol (DHCP) Helper
• Hot-Standby Routing Protocol (HSRP)
• Gateway Load Balancing Protocol (GLBP)
• Enhanced Object Tracking
• Policy-Based Routing (PBR)
• Unicast Graceful Restart for all protocols in IPv4 Unicast Graceful Restart for OPSFv3 in IPv6
For more information, see the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide.
IP Multicast
The Cisco NX-OS software includes the following multicast protocols and functions:
• Protocol Independent Multicast (PIM) Version 2 (PIMv2)
• Source Specific Multicast (SSM)
• PIM sparse mode (Any-Source Multicast [ASM] for IPv4 and IPv6)
Note The Cisco NX-OS software does not support PIM dense mode.
For more information, see the Cisco Nexus 7000 Series NX-OS Multicast Routing Configuration Guide.
Quality of Service
The Cisco NX-OS software supports quality of service (QoS) functions for classification, marking, queuing,
policing, and scheduling. Modular QoS CLI (MQC) supports all QoS features. You can use MQC to provide
uniform configurations across various Cisco platforms. For more information, see the Cisco Nexus 7000 Series
NX-OS Quality of Service Configuration Guide.
Network Security
This section describes the network security features support by the Cisco NX-OS software.
Cisco TrustSec
Cisco TrustSec security provides data confidentiality and integrity and supports standard IEEE 802.1AE
link-layer cryptography with 128-bit Advanced Encryption Standard (AES) cryptography. Link-layer
cryptography guarantees end-to-end data privacy while allowing the insertion of security service devices along
the encrypted path. Cisco TrustSec uses security group access control lists (SGACLs), which are based on
security group tags instead of IP addresses. SGACLs enable policies that are more concise and easier to
manage due to their topology independence. For more information, see the Cisco Nexus 7000 Series NX-OS
Security Configuration Guide.
For more information, see the Cisco Nexus 7000 Series NX-OS Security Configuration Guide.
Licensing
The Cisco NX-OS software licensing feature allows you to access premium features on the device after you
install the appropriate license for that feature. Any feature not included in a license package is bundled with
the Cisco NX-OS software and is provided to you at no extra charge.
You must purchase and install a license for each device.
Note can enable a feature without installing its license. The Cisco NX-OS software gives you a grace period that
allows you to try a feature before purchasing its license. You must install the Advanced Services license
package to enable the Cisco TrustSec feature.
For detailed information about Cisco NX-OS software licensing, see the Cisco NX-OS Licensing Guide.
Supported Standards
This table lists the IEEE compliance standards.
Standard Description
Standard Description
BGP
OSPF
Standard Description
RIP
IS-IS
Standard Description
IP Services
RFC 791 IP
IP-Multicast
Standard Description
This figure shows how to enter and exit the setup script.
You use the setup utility mainly for configuring the system initially, when no configuration is present. However,
you can use the setup utility at any time for basic device configuration. The setup utility keeps the configured
values when you skip steps in the script. For example, if you have already configured the mgmt0 interface,
the setup utility does not change that configuration if you skip that step. However, if there is a default value
for the step, the setup utility changes to the configuration using that default, not the configured value. Be sure
to carefully check the configuration changes before you save the configuration.
Note Be sure to configure the IPv4 route, the default network IPv4 address, and the default gateway IPv4 address
to enable SNMP access. If you enable IPv4 routing, the device uses the IPv4 route and the default network
IPv4 address. If IPv4 routing is disabled, the device uses the default gateway IPv4 address.
Procedure
Example:
Note If a password is trivial (such as a short, easy-to-decipher password), your password configuration
is rejected. Passwords are case sensitive. Be sure to configure a strong password that has at least
eight characters, both uppercase and lowercase letters, and numbers.
Example:
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
Would you like to enter the basic configuration dialog (yes/no): yes
Caution Usernames must begin with an alphanumeric character and can contain only these special
characters: ( + = . _ \ -). The # and ! symbols are not supported. If the username contains
characters that are not allowed, the specified user is unable to log in.
For information on the default user roles, see the Cisco Nexus 7000 Series NX-OS Security Configuration
Guide, Release 5.xCisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 6.x.
For information on SNMP, see the Cisco Nexus 7000 Series NX-OS System Management Configuration Guide,
Release 5.xCisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 6.x.
Step 7 Enter a name for the device (the default name is switch).
Example:
Example:
Step 9 Configure out-of-band management by entering yes. You can then enter the mgmt0 IPv4 address and subnet
mask.
Note You can only configure IPv4 address in the setup utility. For information on configuring IPv6, see
the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.xCisco Nexus
7000 Series NX-OS Unicast Routing Configuration Guide, Release 6.x.
Example:
Step 10 Configure the IPv4 default gateway (recommended) by entering yes. You can then enter its IP address.
Example:
Step 11 Configure advanced IP options such as the static routes, default network, DNS, and domain name by entering
yes.
Example:
Step 12 Configure a static route (recommended) by entering yes. You can then enter its destination prefix, destination
prefix mask, and next hop IP address.
Example:
Step 13 Configure the default network (recommended) by entering yes. You can then enter its IPv4 address.
Note The default network IPv4 address is the same as the destination prefix in the static route configuration.
Example:
Step 14 Configure the DNS IPv4 address by entering yes. You can then enter the address.
Example:
Step 15 Configure the default domain name by entering yes. You can then enter the name.
Example:
Step 17 Enable the SSH service by entering yes. You can then enter the key type and number of key bits. For more
information, see the Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 5.xCisco Nexus
7000 Series NX-OS Security Configuration Guide, Release 6.x.
Example:
Step 18 Configure the NTP server by entering yes. You can then enter its IP address. For more information, see the
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.xCisco Nexus 7000
Series NX-OS System Management Configuration Guide, Release 6.x.
Example:
Step 20 Enter the default switchport interface state (shutdown or no shutdown). A shutdown interface is in an
administratively down state. For more information, see the Cisco Nexus 7000 Series NX-OS Interfaces
Configuration Guide, Release 5.xCisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release
6.x.
Example:
Step 21 Enter the best practices profile for control plane policing (CoPP). For more information, see the Cisco Nexus
7000 Series NX-OS Security Configuration Guide, Release 5.xCisco Nexus 7000 Series NX-OS Security
Configuration Guide, Release 6.x.
Example:
Step 22 Configure CMP for the current supervisor, and then enter the IP address, netmask, and default gateway IP by
entering yes. For more information, see the Cisco Nexus 7000 Series Connectivity Management Processor
Configuration Guide.
Example:
Configure CMP processor on current sup (slot 5)? (yes/no) [y]: yes
cmp-mgmt IPv4 address : IP_address
cmp-mgmt IPv4 netmask : net_mask
IPv4 address of the default gateway : default_gateway
Step 23 Configure CMP for the redundant supervisor by entering yes. You can then enter the IP address, netmask,
and default gateway IP.
Example:
Configure CMP processor on standby sup (slot 5)? (yes/no) [y]: yes
cmp-mgmt IPv4 address : IP_address
cmp-mgmt IPv4 netmask : net_mask
IPv4 address of the default gateway : default_gateway
The system now summarizes the complete configuration and asks if you want to edit it.
Step 24 Continue to the next step by entering no. If you enter yes, the setup utility returns to the beginning of the
setup and repeats each step.
Example:
Step 25 Use and save this configuration by entering yes. If you do not save the configuration at this point, none of
your changes are part of the configuration the next time the device reboots. Enter yes to save the new
configuration. This step ensures that the boot variables for the kickstart and system images are also automatically
configured.
Example:
Caution If you do not save the configuration at this point, none of your changes are part of the configuration
the next time that the device reboots. Enter yes to save the new configuration to ensure that the
boot variables for the kickstart and system images are also automatically configured.
CMP Cisco Nexus 7000 Series Connectivity Management Processor Configuration Guide
SSH and Telnet Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 5.xCisco Nexus
7000 Series NX-OS Security Configuration Guide, Release 6.x
User roles Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release 5.xCisco Nexus
7000 Series NX-OS Security Configuration Guide, Release 6.x
IPv4 and IPv6 Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.xCisco
Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 6.x
SNMP and NTP Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release
5.xCisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release
6.x
Note The class type queuingnew-class-policy command in the running configuration causes a config-replace failure
in Cisco Nexus 7700 Series platform in Cisco NX-OS Release 8.2(1). It is recommended that you remove the
class type queuingnew-class-policy command from the running or target configuration to prevent the
config-replace failure.
Overview
The configuration replace feature leverages the current rollback infrastructure with operation steps as follows:
• Configuration replace intelligently calculates the difference between the current running-configuration
and the user-provided configuration in the Cisco Nexus switch and generates a patch file which is the
difference between the two files. You can view this patch file which includes a set of configuration
commands.
• Configuration replace applies the configuration commands from the patch file similarly to executing
commands.
Note Since the configuration replace feature is atomic, if there are any errors while
applying the configuration, it breaks at that point and then restores the switch to
the original running configuration.
• The configuration rolls back to or restores the previous running configuration under the following
situations:
• If there is a mismatch in the configuration after the patch file has been applied.
• If you perform the configuration operation with a commit timeout and the commit timer expires.
• You can view the exact configuration that caused a failure using the show config-replace log exec
command.
• Restore operations that fail while restoring the switch to the original configuration, are not interrupted.
The restore operation continues with the remaining configuration. Use the show config-replace log exec
command to list the commands that failed during the restore operation.
• If you enter the configure replace commit command before the timer expires, the commit timer stops
and the switch runs on the user provided configuration that has been applied through the configuration
replace feature.
• If the commit timer expires, roll back to the previous configuration is initiated automatically.
The differences between configuration replace and copying a file to the running-configuration are as follows:
The configure replace <target-url> command The copy <source-url> running-config command
removes the commands from the current is a merge operation which preserves all the
running-configuration that are not present in the commands from, both the source file and the current
replacement file. It also adds commands that need to running-configuration. This command does not
be added to the current running-configuration. remove the commands from the current
running-configuration that are not present in the
source file.
You must use a complete Cisco NX-OS configuration You can use a partial configuration file as a source
file as the replacement file for the configure replace file for the copy <source-url> running-config
<target-url> command. command.
5. Run the configure replace commit command to stop the commit timer. This step is necessary if you have
run the configuration replace operation with the commit-timeout feature.
6. CR will do pre-check which includes semantic validation of configuration, and in case of error CR exits.
The user can use show config-replace log verify command to see exact configurations that failed.
7. CR is atomic, in case of failure, the CR exits on the first failure and restores the switch to original
configuration. You can use show config-replace log exec command to get the error display.
8. Once patch is applied, CR triggers verification where it compares the running-configuration matches with
user configuration file, if there is mismatch it restores the switch. You can use show config-replace verify
command to see mismatched configurations.
9. It is recommended not to modify any configuration through other session when CR in progress.
Procedure
Step 3 configure replace [bootflash/scp/sftp] Replaces the configuration on the switch with
<user-configuration-file> verbose the new user configuration that is provided by
the user. Configuration replace is always
atomic.
Step 4 (Optional) configure replace Configures the commit time in seconds. The
bootflash/scp/sftp] <user-configuration-file> timer starts after the configuration replace
verbose commit-timeout time operation is successfully completed.
Step 5 (Optional) configure replace [commit ] Stops the commit timer and continues the
configuration replace configuration.
Note This step is applicable only if you
have configured the commit-timeout
feature.
Procedure
Step 2 show config-replace log exec Displays a log of all the configurations executed
and those that failed. In case of an error, it
displays an error message against that
configuration.
Step 3 show config-replace log verify Displays the configurations that failed, along
with an error message. It does not display
configurations that were successful.
Step 4 show config-replace status Displays the status of the configuration replace
operations, including in-progress, successful,
and failure. If you have configured the
commit-timeout feature, the commit and timer
status and the commit timeout time remaining
is also displayed.
• Use the configure replace bootflash: <file> verbose CLI command to replace the entire
running-configuration in the switch with the user-configuration.
switch(config)# configure replace bootflash:<file> verbose
Collecting Running-Config
Generating Rollback patch for switch profile
Rollback Patch is Empty
Note: Applying config parallelly may fail Rollback verification
Collecting Running-Config
#Generating Rollback Patch
Executing Rollback Patch
========================================================
config t
no role name abc
========================================================
Generating Running-config for verification
Generating Patch for verification
switch(config)#
• Use the show config-replace log exec CLI command to check all the configuration that is executed and
failures if any.
switch(config)# show config-replace log exec
Operation : Rollback to Checkpoint File
Checkpoint file name : .replace_tmp_28081
Scheme : tmp
Rollback done By : admin
Rollback mode : atomic
Verbose : enabled
Start Time : Wed, 06:39:34 25 Jan 2017
--------------------------------------------------------------------------------
Executing Patch:
----------------
switch#config t
switch#no role name abc
• Use the show config-replace log verify CLI command to check the failed configuration if any.
switch(config)# show config-replace log verify
Operation : Rollback to Checkpoint File
Checkpoint file name : .replace_tmp_28081
Scheme : tmp
Rollback done By : admin
Rollback mode : atomic
Verbose : enabled
Start Time : Wed, 06:39:34 25 Jan 2017
• Use the show config-replace status CLI command to check the status of configuration replace.
switch(config)# show config-replace status
Last operation : Rollback to file
Details:
Rollback type: atomic replace_tmp_28081
Start Time: Wed Jan 25 06:39:28 2017
End Time: Wed Jan 25 06:39:47 2017
Operation Status: Success
switch(config)#
Configure Replace might fail when the manually created configuration has been used instead of the
configuration generated from the switch. The reason for possible failures is the potential difference in the
default configuration that is not shown in the show running configuration. Refer to the following examples:
If the power redundant command is the default command, it does not get displayed in the default configuration.
But it is displayed when you use the show run all command. An example is given below.
switch# show run all
The power redundant command is not shown in the show running configuration command output. An example
is given below.
!Command: show running-config
!Running configuration last done at: Tue Nov 12 11:07:44 2019
!Time: Tue Nov 12 11:17:24 2019
When the power redundancy-mode ps-redundant command is added in the user configuration to be used
in configure replace; then the verification/commit might fail. An example is given below.
switch# show file bootflash:test
The power redundancy-mode ps-redundant command will not be shown in the show running command
output after the configure replace; therefore it will be considered as “missing” and the CR will fail. An example
is given below.
switch# config replace bootflash:test verify-and-commit
Collecting Running-Config
Generating Rollback patch for switch profile
Rollback Patch is Empty
Collecting Running-Config
.Generating Rollback Patch
Validating Patch
Patch validation completed successful
Executing Rollback Patch
During CR operation,will retain L3 configuration
when vrf member change on interface
Generating Running-config for verification
Generating Rollback Patch
Executing Rollback Patch
During CR operation,will retain L3 configuration
when vrf member change on interface
Generating Running-config for verification
Generating Patch for verification
Verification failed, Rolling back to previous configuration
Collecting Running-Config
Cleaning up switch-profile buffer
Generating Rollback patch for switch profile
Executing Rollback patch for switch profiles. WARNING - This will change the configuration
of switch profiles and will also affect any peers if configured
Collecting Running-Config
Generating Rollback Patch
Rollback Patch is Empty
Rolling back to previous configuration is successful
Configure replace failed. Use 'show config-replace log verify' or 'show config-replace log
exec' to see reasons for failure
Configure replace failed. Use 'show config-replace log verify' or 'show config-replace log
exec' to see reasons for failure
!!
Configuration To Be Added Missing in Running-config
===================================================
!
power redundancy-mode ps-redundant
Undo Log
--------------------------------------------------------------------------------
End Time: Tue, 11:21:32 12 Nov 2019
End Time UTC : Tue, 10:21:32 12 Nov 2019
Status : Success
brno#
In the above example, CR will consider the default commands that are missing and will therefore fail.
DPT provides information about flows traversing through the switch and the results of forwarding decisions
for identified flows such as- forward and drop.
The above listed filters are supported on the FabricPath network (this does not include DFA), however filtering
based on FTAG and FP TTL are not supported.
IP packet encapsulated in plain FabricPath header (this does not include DFA) is supported.
Only outer header filtering is supported. VXLAN/OTV/GRE inner IPv4/IPv6 filters are not supported. Filtering
of MPLS encapsulated packets is not supported.
Configuration
DPT can be configured by:
• NXOS CLI
• NXAPI JSON
• NXAPI XML
You use the setup utility mainly for configuring the system initially, when no configuration is present. However,
you can use the setup utility at any time for basic device configuration. The setup utility keeps the configured
values when you skip steps in the script. For example, if you have already configured the mgmt0 interface,
the setup utility does not change that configuration if you skip that step. However, if there is a default value
for the step, the setup utility changes to the configuration using that default, not the configured value. Be sure
to carefully check the configuration changes before you save the configuration.
• Current filtering capability supports only outer IP header filtering (packet encapsulated by OTV, VXLAN,
GRE or DFA cannot be captured), any filter on MPLS encapsulated packets are not supported.
• The DPT flows that are created, their results and status are not persistent and is cleared upon SSO or
upon the reload. All the created flows are cleared and need to be created and started again. Scheduled
flow needs to be rescheduled.
Procedure
Device(config)#feature dpt
Device(config)#
Device#
Device# show dpt ?
flow DPT flow
results Show results
status Status
Device#
Step 2 Create a flow; for example with a flow name, "first-flow" with a specific filter.
Example:
Maximum of 10 flow definitions can be created. Capture is performed only on the ingress side.
After the creation flow status is in initialized status. This means that the flow is created in the supervisor
database; however it is not installed in hardware. Multiple flows can be created.
It is recommended to use specific filters as much as possible; for example, use VLAN to capture traffic between
layer 2 interfaces or in the fabric path network.
In the above example, flow has been installed in the hardware ASIC but result collection has not started. The
state is similar to the ELAM when the trigger has been configured.
You can apply only one flow at a time in the hardware. You must release the old flow before applying a new
flow.
Device#
Device# show dpt status flow all
------------------------------------------------------------------------------------------------------------------------
Flow Statistics Lookup-result Status Start-time End-time
Interval Detail
------------------------------------------------------------------------------------------------------------------------
first-flow n/a n/a armed 2017-09-05 06:06:19
2017-09-05 10:06:19 10
Device#
DPT collects the results once the flow is started. Flow start and stop time can be specified in absolute calendar
values or delay seconds from the current time.
In above example, the results collection happens in 10 second interval. The default results collection interval
is 30 seconds, if not specified in the command. The capture time is limited to 4 hours by default from the start
time, if not specified in the command. You must specify the start and end time if you need to run the capture
for a longer time.
------------------------------------------------------------------------------------------------------------------------
Flow Statistics Lookup-result Status Start-time End-time
Interval Detail
------------------------------------------------------------------------------------------------------------------------
first-flow n/a n/a armed 2017-09-05 06:12:15 2017-09-05
10:12:15 10
You can apply only one flow at a time in hardware. You must stop and release the already captured flow
before applying a new flow.
| |reason|
|interface |Vlan |BD
|VNI |Rate |Count |interface
|Vlan |BD |VNI |Rate |Count
------------------------------------------------------------------------------------------------------------------------------------------------------------
2 fwd n/a 2017-09-05 11:53:00
Ethernet1/19/4 3000 n/a
n/a n/a 1 Ethernet1/19/3
0 n/a n/a n/a 1
1 fwd n/a 2017-09-05 11:52:50
Ethernet1/19/4 3000 n/a
n/a n/a 1 Ethernet1/19/3
0 n/a n/a n/a 1
0 fwd n/a 2017-09-05 11:52:40
Ethernet1/19/4 3000 n/a
n/a n/a 1 Ethernet1/19/3
0 n/a n/a n/a 1
---------------------------------------------------
Result details for flow ID: first-flow
---------------------------------------------------
Index 1
Timestamp 2017-09-21
22:21:55
Source Interface Ethernet1/30
Source MAC address
6c20.56e8.4f3c
Source IP address x.1.1.2
---------------------------------------------------
Index 0
Timestamp 2017-09-21
22:21:25
Source Interface Ethernet1/30
Source MAC address
6c20.56e8.4f3c
Source IP address x.1.1.2
IP Protocol 1
Source L4 port 0
Destination L4 port 0
Source Vlan ID 133
Destination Vlan ID 133
Source Bridge Domain n/a
Destination Bridge Domain n/a
Source VNI n/a
Destination VNI n/a
Procedure
In this example, the output interfaces are not listed as the traffic is forwarded to multiple destination ports;
only the internal port index (LTL) is specified.
The following example provides a list of specific interfaces:
Member info
------------------
IFIDX LTL
---------------------------------
Eth101/1/8 0x252c
Eth101/1/14 0x2532
Eth101/1/2 0x2526
Eth101/1/4 0x2528
...
Po101 0x0e00
Eth102/1/2 0x2586
Eth102/1/7 0x258b
Eth1/19/4 0x0bde
Eth102/1/8 0x258c
Eth102/1/9 0x258d
Drop reason decode is not supported in Cisco NX-OS Release 8.2(1). Perform a manual traffic forwarding
result analysis to determine the exact drop reason with the assistance of Cisco TAC.
-----------------------------------------------------------------------------
Flow ID: first-flow Start-time [2017-09-05 11:52:20] End-time [2017-09-05 15:52:20]
Interval [10]
-----------------------------------------------------------------------------------------------------------------------------------------
Idx |Result|Drop | Timestamp |Input
|Output
| |reason| |interface |Vlan |BD |VNI |Rate
|Count |interface |Vlan |BD |VNI |Rate |Count
-----------------------------------------------------------------------------------------------------------------------------------------
1 n/a n/a 2017-08-24 14:04:25 Ethernet1/19/3 0 n/a n/a n/a
1 LTL_0xccc 3000 n/a n/a n/a 1
Drop reason decode is not supported in Cisco NX-OS Release 8.2(1). Perform a manual traffic forwarding
result analysis to determine the exact drop reason with the assistance of Cisco TAC.
PnP uses a secure connection to communicate between the agent and the controller. This communication is
encrypted.
The PnP agent converge solutions that exist in a network into a unified agent and adds additional functionality
to enhance the current solutions. The main objectives of the PnP agent are:
• Provide consistent Day 0 deployment solution for all the deployment scenarios.
• Add new or required features to improve existing solutions.
• Provide Day 2 management framework mainly in the context of configuration and image upgrades.
Discovery Methods
A PnP agent discovers the PnP controller or server using one of the following methods:
• DHCP-based discovery
• DNS-based discovery
• PnP connect
After the discovery, the PnP agent writes the discovered information into a file, which is then used to handshake
with the PnP server (DNA controller/APIC-EM).
The following tasks are carried out by the agent in the PnP discovery phase:
DNS-Based Discovery
When the DHCP discovery fails to get the PnP server, the agent falls back to DNS-based discovery. To start
the DNS-based discovery, the following information is required from DHCP:
• IP address and netmask
• Default gateway
• DNS server IP
• Domain name
The agent obtains the domain name of the customer network from the DHCP response and constructs the
fully qualified domain name (FQDN). The following FQDN is constructed by the PnP agent using a preset
deployment server name and the domain name information for the DHCP response. The agent then looks up
the local name server and tries to resolve the IP address for the above FQDN.
Note The device reads domain name and creates predefined PnP server name as pnpserver.[domain name].com,
for example; pnpserver.cisco.com.
Note The PnP controller or server provides an optional checksum tag to be used in the image installation and
configuration upgrade service requests by the PnP agent. When the checksum is provided in a request, the
image install process compares the checksum against the current running image checksum.
If the checksums are same, the image being installed or upgraded is the same as the current image running
on the device. The image install process will not perform any other operation in this scenario.
If the checksums are not the same, the new image will be copied to the local file system, and the checksum
will be calculated again and compared with the checksum provided in the request. If they are the same, the
image install process continues to install the new image or upgrade the device to the new image. If the
checksums are not the same, the process exits with an error.
Backoff
A Cisco NX-OS device that supports PnP protocol, which uses HTTP transport, requires the PnP agent to
send the work request to the PnP server continuously. If the PnP server does not have any scheduled or
outstanding PnP service for the PnP agent to execute, the continuous no-operation work requests exhaust both
the network bandwidth and the device resources. This PnP backoff service allows the PnP server to inform
the PnP agent to rest for the specified time and call back later.
Capability
Capability service request is sent by the PnP server to the PnP agent on a device to query the supported services
by the agent. The server then sends an inventory service request to query the device's inventory information;
and then sends an image installation request to download an image and install it. After getting the response
from the agent, the list of supported PnP services and features are enlisted and returned back to the Server.
CLI Execution
Cisco NX-OS supports two modes of command execution, privileged EXEC mode and global configuration
mode. Most of the EXEC commands are one-time commands, such as show commands, which show the
current configuration status, and clear commands, which clear counters or interfaces. The EXEC commands
are not saved when a device reboots. Configuration mode commands allow user to make changes to the running
configuration. If you save the configuration, these commands are saved when a device reboots.
Configuration Upgrade
Two types of configuration upgrades takes place in a Cisco device—copying new configuration files to the
startup configuration and copying new configuration files to the running configuration.
Copying new configuration files to the startup configuration—A new configuration file is copied from the
file server to the device using the copy command, and the file check task is performed to check the validity
of the file. If the file is valid, the file is copied to the startup configuration. The previous configuration file is
backed up if enough disk space is available. The new configuration comes into effect when the device reloads
again.
Copying new configuration files to the running configuration—A new configuration file is copied from the
file server to the device using the copy command or configure replace command. Replace and rollback of
configuration files may leave the system in an unstable state if rollback is performed inefficiently. Therefore,
configuration upgrade by copying the files is preferred.
Device Information
The PnP agent provides the capability to extract device inventory and other important information to the PnP
server on request. The following device-profile request types are supported:
• all—Returns complete inventory information, which includes unique device identifier (UDI), image,
hardware, and file system inventory data.
• filesystem—Returns file system inventory information, which includes file system name and type, local
size (in bytes), free size (in bytes), read flag, and write flag.
• hardware—Returns hardware inventory information, which includes hostname, vendor string, platform
name, processor type, hardware revision, main memory size, I/O memory size, board ID, board rework
ID, processor revision, mid-plane revision, and location.
• image—Returns image inventory information, which includes version string, image name, boot variable,
return to ROMMON reason, bootloader variable, configuration register, configuration register on next
boot, and configuration variables.
• UDI—Returns the device UDI.
Certificate Install
Certificate install is a security service through which a PnP server requests the PnP agent on a device for trust
pool or trust point certificate installation or uninstallation. This service also specifies the agent about the
primary and backup servers for reconnection. The following prerequisites are required for a successful certificate
installation:
• The server from which the certificate or trust pool bundle needs to be downloaded should be reachable.
• There should not be any permission issues to download the certificate or the bundle.
• The PKI API should be available and accessible for the PnP agent so that the agent could call to download
and install the certificate or the bundle.
• There is enough memory on the device to save the downloaded certificate or bundle.
Image Install
The image install service enables a PnP-enabled device to perform image upgrade on receiving a request from
the PnP server.
An Image Install request can be made for the following types of devices:
• Standalone devices
• High-availability devices
• Stackable devices
• Cisco Nexus 7000 Series devices
Standalone Devices
When the PnP agent on a standalone device receives a request from the PnP server, the agent parses the XML
payload and identifies the request as an Image Upgrade request. The agent then creates an ImageInstall process,
which identifies the request as a standalone image install request.
High-Availability Devices
When the PnP agent is installed on a high-availability device, and the ImageInstall service gets the data
structure, the agent determines if the request is for a high-availability device. The active route processor (RP)
that is running the PnP agent performs all the tasks required to install the image on both the active and standby
devices.
Redirection
The Redirection service is used to redirect a device to another controller.
PnP Agent
The PnP agent is an embedded software component that is present in all Cisco network devices that support
simplified deployment architecture. The PnP agent understands and interacts only with a PnP server. The PnP
agent first tries to discover a PnP server, with which it can communicate. After a server is found and connection
established, the agent performs deployment-related activities such as configuration, image, license, and file
updates by communicating with the server. It also notifies the server of all interesting deployment-related
events such as out-of-band configuration changes and new device connections on an interface.
PnP Server
The PnP server is a central server that encodes the logic of managing and distributing deployment information
(images, configurations, files, and licenses) for the devices being deployed. The server communicates with
the agent on the device that supports the simplified deployment process using a specific deployment protocol.
Figure 6: Simplified Deployment Server
The PnP server also communicates with proxy servers such as deployment applications on smart phones and
PCs, or other PnP agents acting as Neighbor Assisted Provisioning Protocol (NAPP) servers, and other types
of proxy deployment servers such as VPN gateways.
The PnP server can redirect the PnP agent to another deployment server. A common example of redirection
is a PnP server redirecting a device to communicate with it directly after sending the bootstrap configuration
through a NAPP server. A PnP server can be hosted by an enterprise. This solution allows for a cloud-based
deployment service provided by Cisco. In this case, a device discovers and communicates with Cisco
cloud-based deployment service for initial deployment. After that, it can be redirected to the customer's
deployment server.
In addition to communicating with the devices, the server interfaces with a variety of external systems such
as authentication, authorizing, and accounting (AAA) systems, provisioning systems, and other management
applications.
PnP Agent Deployment
The following steps indicate the PnP agent deployment procedure on Cisco devices:
1. A Cisco device with a PnP agent contacts the PnP server, requesting for a task, that is, the PnP agent sends
UDI along with a request for work.
2. If the PnP server has a task for the device, for example, image installation, configuration, upgrade, and
so on, it sends a work request.
3. After the PnP agent receives the work request, it executes the task and sends back a reply to the PnP server
about the task status, that is whether it is successful or if an error has occurred, and the corresponding
information that is requested.
PnP Agent Network Topology
Figure 7: Network Topology of Cisco PnP Agent Deployment
• The PnP deployment method depends on the discovery process required for finding the PnP controller
or server.
• The discovery mechanism should be deployed, either as a DHCP server discovery process or a Domain
Name Server (DNS) discovery process, before launching PnP.
• The DHCP server or the DNS server should be configured before deploying PnP.
• The PnP server should communicate with the PnP agent.
• PnP connect does not require a DHCP or DNS configuration.
• PnP runs both the in-band and the management interfaces.
• IPv6 support for PnP is not available for Cisco Nexus 7000 Series devices.
• The kickstart and system images must be bundled into a tar file to update in APIC-EM.
• The bootflash should have enough space to download the image and configurations from APIC-EM.
Procedure
switch#configure terminal
Step 2 Configure the upstream switch to broadcast PnP VLAN over the Cisco Discovery Protocol (CDP):
Example:
Note To use a VLAN other than 1, adjacent upstream devices must configure the pnp startup-vlan
vlan-id command on the upstream device. This configuration must be performed to push this
command to the upcoming PnP device.
When you execute the pnp startup-vlan vlan-id command on an adjacent upstream device, the
VLAN membership change does not happen on that device. However, all the active interfaces on
the upcoming PnP device are changed to the specified VLAN.
Step 3 Exit global configuration mode and enter privileged EXEC mode:
Example:
switch(config)#end
PnP Status
Invalid Argument : 0
No Memory : 0API Failed : 0
Net L2 Reg Failed : 0
Device Discovey Failed : 0
Pump Failed : 0
Create Event Faild : 0
Tx Failed : 0
Timer Faild : 0
To work around this issue, you can configure the Link Aggregation Control Protocol (LACP) on the vPC
links so that the links do not incorrectly start forwarding traffic to the Cisco Nexus device that is being
bootstrapped using POAP.
• If you use POAP to bootstrap a Cisco Nexus device that is connected downstream to a Cisco Nexus 7000
Series device through a LACP port channel, the Cisco Nexus 7000 Series device defaults to suspend its
member port if it cannot bundle it as a part of a port channel. To work around this issue, configure the
Cisco Nexus 7000 Series device to not suspend its member ports using the no lacp suspend-individual
command from interface configuration mode.
• To support POAP to be more secure, ensure that DHCP snooping is enabled; and set the firewall rules
to block unintended or malicious DHCP servers.
• When you reload a system with Cisco NX-OS Release 8.3(1) and when you abort POAP using “Ctrl+C”
after a write-erase reload, POAP will crash.
• POAP with v6 is supported only with the IPv6 link-local address as the next-hop. This is a day-1 limitation.
• Important POAP updates are logged in the syslog and are available from the serial console.
• Critical POAP errors are logged to the bootflash. The filename format is date-time
_poap_PID_[init,1,2].log, where date-time is in the YYYYMMDD_hhmmss format and PID is the
process ID.
• Script logs are saved in the bootflash directory. The filename format is date-time_poap_PID_script.log,
where date-time is in the YYYYMMDD_hhmmss format and PID is the process ID.
You can configure the format of the script log file. Script file log formats are specified in the script. The
template of the script log file has a default format; however, you can choose a different format for the
script execution log file.
• The POAP feature does not require a license and is enabled by default. However for the POAP feature
to function, appropriate licenses must be installed on the devices in the network before the deployment
of the network.
Note To allow the POAP feature to function temporarily without the installation of the
appropriate licenses, you can specify the license grace-period command in the
configuration file.
This workaround allows you to install the appropriate licenses at a later time.
Note The DHCP information is used only during the POAP process.
• Downloads the software image (system and kickstart images) if the files do not already exist on the
switch. The software image is installed on the switch and is used at the next reboot.
• Schedules the downloaded configuration to be applied at the next switch reboot.
• Stores the configuration as the startup configuration.
Cisco has sample configuration scripts that were developed using the Python programming language and Tool
Command Language (Tcl). You can customize one of these scripts to meet the requirements of your network
environment.
For Cisco Nexus 7000 Series devices, the Python programming language uses two APIs that can execute CLI
commands. These APIs are described in the following table. The arguments for these APIs are strings of the
CLI commands.
API Description
clid() For CLI commands that support XML, this API puts
the command output in a Python dictionary.
This API can be useful to help search the output of
show commands.
POAP Process
The POAP process has the following phases:
1. Power up
2. USB discovery
3. DHCP discovery
4. Script execution
5. Post-installation reload
Within these phases, other process and decision points occur. The following illustration shows a flow diagram
of the POAP process.
Power-Up Phase
When you power up a switch for the first time, it loads the software image that is installed at manufacturing
and tries to find a configuration file from which to boot. When a configuration file is not found, POAP mode
starts.
During startup, a prompt appears asking if you want to abort POAP and continue with a normal setup. You
can choose to exit or continue with POAP.
Note No user intervention is required for POAP to continue. The prompt that asks if you want to abort POAP
remains available until the POAP process is complete.
If you exit POAP mode, you enter the normal interactive setup script. If you continue in POAP mode, all the
front-panel interfaces are set up in the default configuration.
When multiple DHCP offers that meet the requirement are received, an offer is randomly chosen. The device
completes the DHCP negotiation (request and acknowledgment) with the selected DHCP server, and the
DHCP server assigns an IP address to the switch. If a failure occurs in any of the subsequent steps in the
POAP process, the IP address is released back to the DHCP server.
If no DHCP offers meet the requirements, the switch does not complete the DHCP negotiation (request and
acknowledgment) and an IP address is not assigned.
Note If the switch loses connectivity, the script stops, and the switch reloads its original software images and bootup
variables.
Step 1 Modify the basic configuration script provided by Cisco or create your own script.
Step 2 (Optional) Put the POAP configuration script and any other desired software image and switch configuration
files on a USB device that is accessible to the switch.
Step 3 Deploy a DHCP server and configure it with the interface, gateway, and TFTP server IP addresses and a
bootfile with the path and name of the configuration script file. (This information is provided to the switch
when it first boots.)
You do not need to deploy a DHCP server if all software image and switch configuration files are on the USB
device.
Procedure
Step 3 (Optional) If you want to exit POAP mode and enter the normal interactive setup script, enter y (yes).
The switch boots, and the POAP process begins. For more information, see the "POAP Process" section.
What to do next
Verify the configuration.
Command Purpose
For detailed information about the fields in the output from these commands, see the Cisco Nexus command
reference for your device.
Note In normal operation, usernames are case sensitive. However, when you are connected to the device through
its console port, you can enter a login username in all uppercase letters regardless of how the username was
defined. As long as you provide the correct password, the device logs you in.
Command Modes
This section describes command modes in the Cisco NX-OS CLI.
Procedure
Procedure
Step 2 interface type number Specifies the interface that you want to
configure.
Example:
switch(config)# interface ethernet 2/2 The CLI places you into interface configuration
switch(config-if)# mode for the specified interface.
Note The CLI prompt changes to indicate
that you are in interface
configuration mode.
Procedure
Procedure
EXEC From the login prompt, enter To exit to the login prompt, use
switch#
your username and password. the exit command.
Global From EXEC mode, use the To exit to EXEC mode, use the
switch(config)#
configuration configure terminal command. end or exit command or press
Ctrl-Z.
Special Characters
This table lists the characters that have special meaning in Cisco NX-OS text strings and should be used only
in regular expressions or other special contexts.
Character Description
% Percent
... Ellipsis
| Vertical bar
[] Brackets
{} Braces
Keystroke Shortcuts
This table lists command key combinations that can be used in both EXEC and configuration modes.
Keystokes Description
Ctrl-B Moves the cursor one character to the left. When you enter a command that extends beyond
a single line, you can press the Left Arrow or Ctrl-B keys repeatedly to scroll back toward
the system prompt and verify the beginning of the command entry, or you can press the
Ctrl-A key combination.
Keystokes Description
Ctrl-G Exits to the previous command mode without removing the command string.
Ctrl-K Deletes all characters from the cursor to the end of the command line.
Ctrl-T Transposes the character under the cursor with the character located to the right of the
cursor. The cursor is then moved one character to the right.
Ctrl-U Deletes all characters from the cursor to the beginning of the command line.
Ctrl-V Removes any special meaning for the following keystroke. For example, press Ctrl-V
before entering a question mark (?) in a regular expression.
Ctrl-Y Recalls the most recent entry in the buffer (press keys simultaneously).
Right arrow key Moves your cursor through the command string, either forward or backward, allowing you
to edit the current command.
Left arrow key
Keystokes Description
Tab Completes the word for you after you enter the first characters of the word and then press
the Tab key. All options that match are presented.
Use tabs to complete the following items:
• Command names
• Scheme names in the file system
• Server names in the file system
• Filenames in the file system
Example:
switch(config)# c<Tab>
callhome class-map clock cts
cdp cli control-plane
switch(config)# cl<Tab>
class-map cli clock
switch(config)# cla<Tab>
switch(config)# class-map
Example:
switch# cd bootflash:<Tab>
bootflash: bootflash://sup-1/
bootflash:/// bootflash://sup-2/
bootflash://module-5/ bootflash://sup-active/
bootflash://module-6/ bootflash://sup-local/
Example:
switch# cd bootflash://mo<Tab>
bootflash://module-5/ bootflash://module-6/cv
switch# cd bootflash://module-
Abbreviating Commands
You can abbreviate commands and keywords by entering the first few characters of a command. The
abbreviation must include sufficient characters to make it unique from other commands or keywords. If you
are having trouble entering a command, check the system prompt and enter the question mark (?) for a list of
available commands. You might be in the wrong command mode or using incorrect syntax.
This table lists examples of command abbreviations.
Command Abbreviation
Command Abbreviation
When you use the command completion feature the CLI displays the full command name. The CLI does not
execute the command until you press the Return or Enter key. This feature allows you to modify the command
if the full command was not what you intended by the abbreviation. If you enter a set of characters that could
indicate more than one command, a list of matching commands displays.
For example, entering co<Tab> lists all commands available in EXEC mode beginning with co:
switch# co<Tab>
configure copy
switch# co
Note that the characters you entered appear at the prompt again to allow you to complete the command entry.
Procedure
username: admin
This example shows how to revert to the default value for a feature:
switch# configure terminal
switch(config)# banner motd #Welcome to the switch#
switch(config)# show banner motd
Welcome to the switch
This example shows how to use the no form of a command in EXEC mode:
switch# cli var name testinterface ethernet1/2
switch# show cli variables
SWITCHNAME="switch"
TIMESTAMP="2009-05-12-13.43.13"
testinterface="ethernet1/2"
Note The TIMESTAMP variable name is case sensitive. All letters must be uppercase.
Procedure
Step 2 (Optional) show cli variables Displays the CLI variable configuration.
Example:
switch# show cli variables
Procedure
Step 2 cli var name variable-name variable-text Configures the CLI persistent variable. The
variable name is a case-sensitive, alphanumeric
Example:
string and must begin with an alphabetic
switch(config)# cli var name character. The maximum length is 31 characters.
testinterface ethernet 2/1
Step 4 (Optional) show cli variables Displays the CLI variable configuration.
Example:
switch# show cli variables
Step 5 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config)# copy running-config
startup-config
Command Aliases
This section provides information about command aliases.
Procedure
Step 2 cli alias name alias-name alias-text Configures the command alias. The alias name
is an alphanumeric string that is not case
Example:
Step 5 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch# copy running-config
startup-config
Procedure
Command Scripts
This section describes how you can create scripts of commands to perform multiple tasks.
Note You cannot create the script files at the CLI prompt. You can create the script file on a remote device and
copy it to the bootflash:, slot0:, or volatile: directory on the Cisco NX-OS device.
Procedure
Formatting Description
Option
\c Removes the new line character at the end of the text string.
Procedure
Procedure
Context-Sensitive Help
The Cisco NX-OS software provides context-sensitive help in the CLI. You can use a question mark (?) at
any point in a command to list the valid input options.
CLI uses the caret (^) symbol to isolate input errors. The ^ symbol appears at the point in the command string
where you have entered an incorrect command, keyword, or argument.
This table shows example outputs of context sensitive help.
switch# clock set 13:32:00 ? Displays the additional arguments for the clock set
<1-31> Day of the month
command.
switch# clock set 13:32:00
Special Characters
You can also use other keyboard characters (such as ! or ~) as single-character patterns, but certain keyboard
characters have special meanings when used in regular expressions.
This table lists the keyboard characters that have special meanings.
_ Matches a comma (,), left brace ({), right brace (}), left parenthesis ( ( ), right parenthesis
(underscore) ( ) ), the beginning of the string, the end of the string, or a space.
Note The underscore is only treated as a regular expression for BGP related commands.
To use these special characters as single-character patterns, remove the special meaning by preceding each
character with a backslash (\). This example contains single-character patterns that match a dollar sign ($),
an underscore (_), and a plus sign (+), respectively:
\$ \_ \+
Multiple-Character Patterns
You can also specify a pattern that contains multiple characters by joining letters, digits, or keyboard characters
that do not have special meanings. For example, a4% is a multiple-character regular expression.
With multiple-character patterns, the order is important. The regular expression a4% matches the character a
followed by a 4 followed by a percent sign (%). If the string does not have a4%, in that order, pattern matching
fails. The multiple-character regular expression a. (the character a followed by a period) uses the special
meaning of the period character to match the letter a followed by any single character. With this example, the
strings ab, a!, or a2 are all valid matches for the regular expression.
You can remove the special meaning of a special character by inserting a backslash before it. For example,
when the expression a\. is used in the command syntax, only the string a. will be matched.
Anchoring
You can match a regular expression pattern against the beginning or the end of the string by anchoring these
regular expressions to a portion of the string using the special characters.
This table lists the special characters that you can use for anchoring.
Character Description
For example, the regular expression ^con matches any string that starts with con, and sole$ matches any
string that ends with sole.
Note The ^ symbol can also be used to indicate the logical function "not" when used in a bracketed range. For
example, the expression [^abcd] indicates a range that matches any single letter, as long as it is not a, b, c,
or d.
This table lists the keywords for filtering and searching the CLI output.
begin string Starts displaying at the line that contains the text that
matches the search string. The search string is case
Example:
sensitive.
show version | begin Hardware
cut [-d character] {-b | -c | -f | -s} Displays only part of the output lines. You can display
a number of bytes (-b), characters (-vcut [-d
Example:
character] {-b | -c | -f | -s}), or fields (-f). You can
show file testoutput | cut -b 1-10 also use the -d keyword to define a field delimiter
other than the tag character default. The -s keyword
suppresses the display of the lines that do not contain
the delimiter.
exclude string Displays all lines that do not include the search string.
The search string is case sensitive.
Example:
show interface brief | exclude down
head [lines lines] Displays the beginning of the output for the number
of lines specified. The default number of lines is 10.
Example:
show logging logfile | head lines 50
include string Displays all lines that include the search string. The
search string is case sensitive.
Example:
show interface brief | include up
last [lines] Displays the end of the output for the number of lines
specified. The default number of lines is 10.
Example:
show logging logfile | last 50
sscp SSH-connection-name filename Redirects the output using streaming secure copy
(sscp) to a named SSH connection. You can create
Example:
the SSH named connection using the ssh name
show version | sscp MyConnection command.
show_version_output
diff Utility
You can compare the output from a show command with the output from the previous invocation of that
command.
diff-clean [all-session] [all-users]
This table describes the keywords for the diff utility.
Keyword Description
all-sessions Removes diff temporary files from all sessions (past
and present sessions) of the current user.
all-users Removes diff temporary files from all sessions (past
and present sessions) of all users.
The Cisco NX-OS software creates temporary files for the most current output for a show command for all
current and previous users sessions. You can remove these temporary files using the diff-clean command.
diff-clean [all-sessions | all-users]
By default, the diff-clean command removes the temporary files for the current user's active session. The
all-sessions keyword removes temporary files for all past and present sessions for the current user. The
all-users keyword removes temporary files for all past and present sessions for the all users.
Parameter Description
line-number Specifies to display the line number before each matched line.
next lines Specifies the number of lines to display after a matched line. The default is 0. The range is
from 1 to 999.
prev lines Specifies the number of lines to display before a matched line. The default is 0. The range is
from 1 to 999.
less Utility
You can use the less utility to display the contents of the show command output one screen at a time. You
can enter less commands at the : prompt. To display all less commands you can use, enter h at the : prompt.
sed Utility
You can use the Stream Editor (sed) utility to filter and manipulate the show command output as follows:
sed command
The command argument contains sed utility commands.
sort Utility
You can use the sort utility to filter show command output.
The sort utility syntax is as follows:
sort [-M] [-b] [-d] [-f] [-g] [-i] [-k field-number[.char-position][ordering]] [-n] [-r] [-t delimiter] [-u]
This table describes the sort utility parameters.
Parameter Description
-M Sorts by month.
Parameter Description
Commands Description
[lines]<space> Displays output lines for either the specified number of lines or the current screen
size.
[lines]z Displays output lines for either the specified number of lines or the current screen
size. If you use the lines argument, that value becomes the new default screen
size.
[lines]<return> Displays output lines for either the specified number of lines or the current default
number of lines. The initial default is 1 line. If you use the optional lines argument,
that value becomes the new default number of lines to display for this command.
Commands Description
[lines]d or Scrolls through output lines for either the specified number of lines or the current
[lines]Ctrl+shift+D default number of lines. The initial default is 11 lines. If you use the optional lines
argument, that value becomes the new default number of lines to display for this
command.
[lines]s Skips forward in the output for either the specified number of lines or the current
default number of lines and displays a screen of lines. The default is 1 line.
[lines]f Skips forward in the output for either the specified number of screens or the
current default number of screens and displays a screen of lines. The default is 1
screen.
[count]/expression Skips to the line that matches the regular expression and displays a screen of
output lines. Use the optional count argument to search for lines with multiple
occurrences of the expression. This command sets the current regular expression
that you can use in other commands.
[count]n Skips to the next line that matches the current regular expression and displays a
screen of output lines. Use the optional count argument to skip past matches.
Recalling a Command
You can recall a command in the command history to optionally modify and enter again.
This example shows how to recall a command and reenter it:
You can also use the Ctrl-P and Ctrl-N keystroke shortcuts to recall commands.
Procedure
The example shows how to display only the commands in the command history without the command number
and timestamp:
Procedure
Procedure
This example shows how to filter module information on the supervisor module session:
loader>
For information on how to load the Cisco NX-OS software from the <loader> prompt, see the Cisco Nexus
troubleshooting guide for your device.
Command reference Cisco Nexus 7000 Series NX-OS Fundamentals Command Reference
Cisco Terminal setting configuration requires no license. Any feature not included in a license
NX-OS package is bundled with the Cisco NX-OS system images and is provided at no extra charge
to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS
Licensing Guide.
Console Port
The console port is an asynchronous serial port that allows you to connect to the device for initial configuration
through a standard RS-232 port with an RJ-45 connector. Any device connected to this port must be capable
of asynchronous transmission. You can configure the following parameters for the console port:
Data bits
Specifies the number of bits in an 8-bit byte that is used for data.
Inactive session timeout
Specifies the number of minutes a session can be inactive before it is terminated.
Parity
Specifies the odd or even parity for error detection.
Speed
Specifies the transmission speed for the connection.
Stop bits
Specifies the stop bits for an asynchronous line.
Configure your terminal emulator with 9600 baud, 8 data bits, 1 stop bit, and no parity.
COM1 Port
A COM1 port is an RS-232 port with a DB-9 interface that enables you to connect to an external serial
communication device such as a modem. You can configure the following parameters for the COM1 port:
Data bits
Specifies the number of bits in an 8-bit byte that is used for data.
Hardware flowcontrol
Enables the flow-control hardware.
Parity
Specifies the odd or even parity for error detection.
Speed
Specifies the transmission speed for the connection.
Stop bits
Specifies the stop bits for an asynchronous line.
Configure your terminal emulator with 9600 baud, 8 data bits, 1 stop bit, and no parity.
Virtual Terminals
You can use virtual terminal lines to connect to your Cisco NX-OS device. Secure Shell (SSH) and Telnet
create virtual terminal sessions. You can configure an inactive session timeout and a maximum sessions limit
for virtual terminals.
Modem Support
You can connect a modem to the COM1 or console ports only on the supervisor 1 module. The following
modems were tested on devices running the Cisco NX-OS software:
• MultiTech MT2834BA (http://www.multitech.com/en_us/support/families/multimodemii/)
• Hayes Accura V.92 (http://www.zoom.com/products/dial_up_external_serial.html#hayes)
Note Do not connect a modem when the device is booting. Only connect the modem when the device is powered
up.
The Cisco NX-OS software has the default initialization string (ATE0Q1&D2&C1S0=1\015) to detect
connected modems. The default string is defined as follows:
AT
Attention
E0 (required)
No echo
Q1
Result code on
&D2
Normal data terminal ready (DTR) option
&C1
Enable tracking the state of the data carrier
S0=1
Pick up after one ring
\015 (required)
Carriage return in octal
• Parity
• Speed
• Stop bits
Procedure
Step 3 databits bits Configures the number of data bits per byte.
The range is from 5 to 8. The default is 8.
Example:
switch(config-console)# databits 7
Step 5 parity {even | none | odd} Configures the parity. The default is none.
Example:
switch(config-console)# parity even
Step 6 speed {300 | 1200 | 2400 | 4800 | 9600 | 38400 Configures the transmit and receive speed. The
| 57600 | 115200} default is 9600.
Example:
switch(config-console)# speed 115200
Step 10 (Optional) copy running-config Copies the running configuration to the startup
startup-config configuration.
Example:
switch(config)# copy running-config
startup-config
Procedure
Step 3 databits bits Configures the number of data bits per byte.
The range is from 5 to 8. The default is 8.
Example:
switch(config-com1)# databits 7
Step 5 parity {even | none | odd} Configures the parity. The default is none.
Example:
switch(config-com1)# parity even
Step 6 speed {300 | 1200 | 2400 | 4800 | 9600 | 38400 Configures the transmit and receive speed. The
| 57600 | 115200} default is 9600.
Example:
switch(config-com1)# speed 115200
Step 9 (Optional) show line com1 Displays the COM1 port settings.
Example:
switch(config)# show line com1
Step 10 (Optional) copy running-config Copies the running configuration to the startup
startup-config configuration.
Example:
switch(config)# copy running-config
startup-config
Procedure
Step 5 (Optional) show running-config all | begin vty Displays the virtual terminal configuration.
Example:
switch(config)# show running-config all
| begin vty
Step 6 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config)# copy running-config
startup-config
Procedure
Step 5 (Optional) show running-config all | being vty Displays the virtual terminal configuration.
Example:
switch(config)# show running-config all
| begin vty
Step 6 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config)# copy running-config
startup-config
Procedure
Step 2 Enter one of the following commands: Enters COM1 configuration mode or console
Command Purpose configuration mode.
Example:
switch# line com1
switch(config-com1)#
Step 5 (Optional) show line Displays the console and COM1 settings.
Example:
switch(config)# show line
Step 6 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config)# copy running-config
startup-config
Procedure
Example:
switch# line com1
switch(config-com1)#
Step 3 modem init-string default Writes the default initialization string to the
modem.
Example:
switch(config-com1)# modem init-string
default
Step 5 (Optional) show line Displays the COM1 and console settings.
Example:
switch(config)# show line
Step 6 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config)# copy running-config
startup-config
Procedure
Example:
switch# line com1
switch(config-com1)#
Step 3 modem set-string user-input string Sets the user-specified initialization string for
the COM1 or console port. The initialization
Example:
string is alphanumeric and case sensitive, can
switch(config-com1)# modem set-string contain special characters, and has a maximum
user-input ATE0Q1&D2&C1S0=3\015
of 100 characters.
Note You must first set the user-input
string before initializing the string.
Step 6 (Optional) show line Displays the COM1 and console settings.
Example:
switch(config)# show line
Step 7 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch(config)# copy running-config
startup-config
Procedure
Related Topics
Enabling a Modem Connection, on page 122
Procedure
Step 2 clear line name Clears a terminal session on a specific line. The
line name is case sensitive.
Example:
switch# clear line pts/0
Command Purpose
Command Purpose
show running-config [all] Displays the user account configuration in the running configuration. The all
keyword displays the default values for the user accounts.
For detailed information about the fields in the output from these commands, see the Cisco Nexus command
reference guide for your device.
Parameter Default
Cisco Basic device management requires no license. Any feature not included in a license package
NX-OS is bundled with the Cisco NX-OS system images and is provided at no extra charge to you.
For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS
Licensing Guide.
Parameters Default
Device Hostname
You can change the device hostname displayed in the command prompt from the default (switch) to another
character string. When you give the device a unique hostname, you can easily identify the device from the
command-line interface (CLI) prompt.
Message-of-the-Day Banner
The message-of-the-day (MOTD) banner displays before the user login prompt on the device. This message
can contain any information that you want to display for users of the device.
EXEC Banner
Starting with the Cisco NX-OS Release 7.3(0)D1(1), the EXEC banner is displayed after a user logs in to a
switch. This banner can be used to post reminders to your network administrators.
Device Clock
If you do not synchronize your device with a valid outside timing mechanism, such as an NTP clock source,
you can manually set the clock time when your device boots.
Clock Manager
The Cisco Nexus chassis may contain clocks of different types that may need to be synchronized. These clocks
are a part of various components (such as the supervisor, LC processors, or line cards) and each may be using
a different protocol.
The clock manager provides a way to synchronize these different clocks.
User Sessions
You can display the active user session on your device. You can also send messages to the user sessions. For
more information about managing user sessions and accounts, see the Cisco Nexus security configuration
guide for your device.
Procedure
Step 4 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
Engineering2# copy running-config
startup-config
Procedure
Step 2 banner motd delimiting-character message Configures the MOTD banner. Do not use the
delimiting-character delimiting-character in the message text.
Example: Note Do not use " or % as a delimiting
switch(config)# banner motd #Welcome to character.
the Switch#
switch(config)#
Step 4 (Optional) show banner motd Displays the configured MOTD banner.
Example:
switch# show banner motd
Step 5 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch# copy running-config
startup-config
Procedure
Step 2 banner exec delimiting-character message Configures the EXEC banner. Do not use the
delimiting-character delimiting-character in the message text.
Example:
switch(config)# banner exec #Welcome to
the Test#
switch(config)#
Step 3 (Optional) no banner exec Resets the value of EXEC banner to the default
value.
Example:
switch(config)# no banner exec Note The default value of the EXEC
banner is blank.
Step 5 (Optional) show banner exec Displays the configured EXEC banner.
Example:
switch# show banner exec
Step 6 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch# copy running-config
startup-config
# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# banner exec #Unauthorized access to this device is prohibited!#
switch(config)# exit
switch# show banner exec
Unauthorized access to this device is prohibited!
Procedure
Step 2 clock timezone zone-name offset-hours Configures the time zone. The zone-name
offset-minutes argument is a 3-character string for the time
zone acronym (for example, PST or EST). The
Example:
offset-hours argument is the offset from the
switch(config)# clock timezone EST -5 0 UTC and the range is from –23 to 23 hours. The
range for the offset-minutes argument is from
0 to 59 minutes.
Step 4 (Optional) show clock Displays the time and time zone.
Example:
switch# show clock
Step 5 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch# copy running-config
startup-config
Procedure
Step 2 clock summer-time zone-name start-week Configures summer time or daylight saving
start-day start-month start-time end-week time.
end-day end-month end-time offset-minutes
The zone-name argument is a three character
Example: string for the time zone acronym (for example,
switch(config)# clock summer-time PDT PST and EST).
1 Sunday March 02:00 1 Sunday
November 02:00 60 The values for the start-day and end-day
arguments are Monday, Tuesday, Wednesday,
Thursday, Friday, Saturday, and Sunday.
The values for the start-month and end-month
arguments are January, February, March,
April, May, June, July, August, September,
October, November, and December.
The value for the start-time and end-time
arguments are in the format hh:mm.
The range for the offset-minutes argument is
from 0 to 1440 minutes.
Step 4 (Optional) show clock detail Displays the configured MOTD banner.
Example:
switch(config)# show clock detail
Step 5 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch# copy running-config
startup-config
Procedure
Related Topics
Configuring the Time Zone, on page 134
Procedure
Step 2 (Optional) show run clock_manager Displays the configuration of the clock
manager.
Example:
#show run clock_manager
Managing Users
You can display information about users logged into the device and send messages to those users.
Procedure
Procedure
Command Purpose
For detailed information about the fields in the output from these commands, see the Cisco Nexus command
reference for your device.
Cisco Using the file systems, directories, and files requires no license. Any feature not included in
NX-OS a license package is bundled with the Cisco NX-OS system images and is provided at no extra
charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco
NX-OS Licensing Guide.
File Systems
This topic provides information about the file system components supported on a Cisco MDS device. (The
syntax for specifying a local file system is filesystem:[//modules/]. )
This table describes the file system components that you can use on a Cisco MDS device.
Directories
You can create directories on bootflash: and external flash memory (slot0:, usb1:, and usb2:). You can create,
store, and access files from directories.
Files
You can create and access files from bootflash:, volatile:, slot0:, usb1:, and usb2: file systems. You can only
access files from the system: file system. Use the debug: file system to store the debug log files specified
using the debug logfile command.
You can download files, such as system image files, from remote servers using FTP, Secure Copy Protocol
(SCP), Secure File Transfer Protocol (SFTP), and TFTP. You can also copy files from an external server to
your device because your device can act as an SCP server.
Procedure
Procedure
Creating a Directory
You can create directories in the bootflash: and flash device file systems.
Procedure
Procedure
Deleting a Directory
You can remove directories from the file systems on your device.
Procedure
Step 2 (Optional) dir [filesystem Displays the contents of the current directory.
:[//module/][directory]] The file system, module, and directory names
are case sensitive.
Example:
switch# dir bootflash:test If the directory is not empty, you must delete
all the files before you can delete the directory.
Step 3 rmdir [filesystem :[//module/]]directory Deletes a directory. The file system and
directory name are case sensitive.
Example:
switch# rmdir test
Moving Files
You can move a file from one directory to another directory.
Caution If a file with the same name already exists in the destination directory, that file is overwritten by the moved
file.
You can use the move command to rename a file by moving the file within the same directory.
Procedure
Copying Files
You can make copies of files, either within the same directory or on another directory.
Note Use the dir command to ensure that enough space is available in the target file system. If enough space is not
available, use the delete command to remove unneeded files.
Procedure
Step 3 copy [filesystem:[//module/][directory/] | Copies a file. The file system, module, and
directory/]source-filename | directory names are case sensitive. The
{filesystem:[//module/][directory/]] | source-filename argument is alphanumeric, case
directory/}[target-filename] sensitive, and has a maximum of 64 characters.
Deleting Files
You can delete a file from a directory.
Procedure
Step 2 delete {filesystem:[//module/][directory/] | Deletes a file. The file system, module, and
directory/}filename directory names are case sensitive. The
source-filename argument is case sensitive.
Example:
switch# delete test old_tests/test1 Caution If you specify a directory, the delete
command deletes the entire directory
and all its contents.
Procedure
Procedure
Procedure
Procedure
Procedure
Finding Files
You can find the files in the current working directory and its subdirectories that have names that begin with
a specific character string.
Procedure
Step 3 find filename-prefix Finds all filenames in the default directory and
in its subdirectories beginning with the filename
Example:
prefix. The filename prefix is case sensitive.
switch# find bgp_script
• gzip
• Uncompressed
Procedure
Example
This example shows how to create a gzip compressed archive file:
switch# tar create bootflash:config-archive gz-compress bootflash:config-file
Procedure
Example
This example shows how to append a file to an existing archive file:
switch# tar append bootflash:config-archive.tar.gz bootflash:new-config
Procedure
Example
This example shows how to extract files from an existing archive file:
switch# tar extract bootflash:config-archive.tar.gz
To display the file names in an archive file, run the following command:
tar list {bootflash: | volatile:}archive-filename
Example:
Moving Files
This example shows how to move a file on an external flash device:
This example shows how to move a file in the default file system:
Copying Files
This example shows how to copy a file called samplefile from the root directory of the slot0: file system to
the mystorage directory:
switch# copy slot0:samplefile slot0:mystorage/samplefile
This example shows how to copy a file from the current directory:
switch# copy samplefile mystorage/samplefile
This example shows how to copy a file from an active supervisor module bootflash to a standby supervisor
module bootflash:
switch# copy bootflash:system_image bootflash://sup-2/system_image
Note You can also use the copy command to upload and download files from the slot0: or bootflash: file system
to or from an FTP, TFTP, SFTP, or SCP server.
Deleting a Directory
You can remove directories from the file systems on your device.
Procedure
Step 2 (Optional) dir [filesystem Displays the contents of the current directory.
:[//module/][directory]] The file system, module, and directory names
are case sensitive.
Example:
switch# dir bootflash:test If the directory is not empty, you must delete
all the files before you can delete the directory.
Step 3 rmdir [filesystem :[//module/]]directory Deletes a directory. The file system and
directory name are case sensitive.
Example:
switch# rmdir test
This example shows how to display the contents of a file that resides in the current directory:
switch# dir
1525859 Jul 04 00:51:03 2003 Samplefile
...
switch# gzip volatile:Samplefile
switch# dir
266069 Jul 04 00:51:03 2003 Samplefile.gz
...
switch# dir
266069 Jul 04 00:51:03 2003 Samplefile.gz
...
switch# gunzip samplefile
switch# dir
1525859 Jul 04 00:51:03 2003 Samplefile
...
This example shows how to direct the output to a file on external flash memory:
This example shows how to direct the output to a file on a TFTP server:
This example shows how to direct the output of the show tech-support command to a file:
Finding Files
This example shows how to find a file in the current default directory:
Parameter Default
Cisco Configuration files require no license. Any feature not included in a license package is bundled
NX-OS with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete
explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
system is booted (from the startup-config file) or when you enter commands at the CLI in a configuration
mode.
To change the startup configuration file, you can either save the running-configuration file to the startup
configuration using the copy running-config startup-config command or copy a configuration file from a
file server to the startup configuration.
Procedure
Step 2 copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch# copy running-config
startup-config
Procedure
Example
This example shows how to copy the configuration file to a remote server:
switch# copy running-config
tftp://10.10.1.1/sw1-run-config.bak
switch# copy startup-config
tftp://10.10.1.1/sw1-start-config.bak
Ensure that your Cisco NX-OS device has a route to the remote server. The Cisco NX-OS device and the
remote server must be in the same subnetwork if you do not have a router or a default gateway to route traffic
between subnets.
Check connectivity to the remote server using the ping or ping6 command.
Procedure
Step 3 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch# copy running-config
startup-config
Caution This procedure disrupts all traffic on the Cisco NX-OS device.
Ensure that your Cisco NX-OS device has a route to the remote server. The Cisco NX-OS device and the
remote server must be in the same subnetwork if you do not have a router or a default gateway to route traffic
between subnets.
Check connectivity to the remote server using the ping or ping6 command.
Procedure
Step 3 copy scheme://server/[url /]filename Downloads the running configuration file from
running-config a remote server.
Example: For the scheme argument, you can enter tftp:,
switch# copy tftp://10.10.1.1/my-config ftp:, scp:, or sftp:. The server argument is the
address or name of the remote server, and the
running-config url argument is the path to the source file on
the remote server.
The server, url, and filename arguments are
case sensitive.
Step 4 copy running-config startup-config Saves the running configuration file to the
startup configuration file.
Example:
switch# copy running-config
startup-config
Procedure
Step 2 copy running-config {slot0: | usb1: | Copies the running configuration to an external
usb2:}[directory/]filename flash memory device. The filename argument
is case sensitive.
Example:
switch# copy running-config
slot0:dsn-running-config.cfg
Step 3 copy startup-config {slot0: | usb1: | Copies the startup configuration to an external
usb2:}[directory/]filename flash memory device. The filename argument
is case sensitive.
Example:
switch# copy startup-config
slot0:dsn-startup-config.cfg
Procedure
Step 4 (Optional) copy running-config startup-config Copies the running configuration to the startup
configuration.
Example:
switch# copy running-config
startup-config
Procedure
Step 2 copy {slot0: | usb1: | usb2:}[directory Copies the startup configuration from an
/]filename startup-config external flash memory device. The filename
argument is case sensitive.
Example:
switch# copy slot0:dsn-config.cfg
startup-config
Procedure
Related Topics
Copying Files, on page 144
Note Each time that you enter a copy running-config startup-config command, a binary file is created and the
ASCII file is updated. A valid binary configuration file reduces the overall boot time significantly. A binary
file cannot be uploaded, but its contents can be used to overwrite the existing startup configuration. The write
erase command clears the binary file.
Procedure
Step 4 copy running-config startup-config Copies the running configuration to the start-up
configuration.
Example:
switch# copy running-config
startup-config
Note You can only remove the configuration for an empty slot in the chassis.
Procedure
Step 2 purge module slot running-config Removes the configuration for a missing
module from the running configuration.
Example:
switch# purge module 3 running-config
Erasing a Configuration
You can erase the configuration on your device to return to the factory defaults.
You can erase the following configuration files saved in the persistent memory on the device:
• Startup
• Boot
• Debug
The write erase command erases the entire startup configuration, except for the following:
• Boot variable definitions
• The IPv4 configuration on the mgmt0 interface, including the following:
• Address
• Subnet mask
Procedure
Procedure
Step 3 (Optional) show inactive-if-config log Displays the commands that were used to clear
the inactive configurations.
Example:
# show inactive-if-config log
Command Purpose
For detailed information about the fields in the output from these commands, see the Cisco Nexus command
reference for your device.
This example shows how to back up the startup configuration to the TFTP server (ASCII file):
switch# copy startup-config tftp://172.16.10.100/my-config
This example shows how to back up the running configuration to the bootflash: file system (ASCII file):
switch# copy running-config bootflash:my-config
Note By default, the reload command reloads the device from a binary version of the startup configuration.
Beginning with Cisco NX-OS 6.2(2), you can use the reload ascii command to copy an ASCII version of the
configuration to the start up configuration when reloading the device.
3. Copy the previously saved configuration file to the running configuration with the copy configuration_file
running-configuration command.
4. Copy the running configuration to the start-up configuration with the copy running-config startup-config
command.
Command
reference
switch-tcl#
Note In the above example, the Cisco NX-OS command help function is still available but the tcl puts command
returns an error from the help function.
Note The tclsh command history is not saved when you exit the interactive tcl shell.
In a tcl script, you must prepend Cisco NX-OS commands with the tcl cli command as shown in this example:
set x 1
cli show module $x | incl Mod
cli "show module $x | incl Mod"
If you use the following commands in your script, the script will fail and the tcl shell will display an error:
show module $x | incl Mod
"show module $x | incl Mod"
In an interactive tcl shell, you can also execute Cisco NX-OS commands directly without prepending the tcl
cli command:
switch-tcl# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Tcl Variables
You can use tcl variables as arguments to the Cisco NX-OS commands. You can also pass arguments into tcl
scripts. Tcl variables are not persistent.
This example shows how to use a tcl variable as an argument to a Cisco NX-OS command:
switch# tclsh
switch-tcl# set x loop10
switch-tcl# cli "configure terminal ; interface loopback 10 ; description $x"
switch(config-if-tcl)#
Tclquit
The tclquit command exits the tcl shell regardless of which Cisco NX-OS command mode is currently active.
You can also press Ctrl-C to exit the tcl shell. The exit and end commands change Cisco NX-OS command
modes. The exit command will terminate the tcl shell only from the EXEC command mode.
Tclsh Security
The tcl shell is executed in a sandbox to prevent unauthorized access to certain parts of the Cisco NX-OS
system. The system monitors CPU, memory, and file system resources being used by the tcl shell to detect
events such as infinite loops, excessive memory utilization, and so on.
You configure the intial tcl environment with the scripting tcl init init-file command.
You can define the looping limits for the tcl environment with the scripting tcl recursion-limit iterations
command. The default recursion limit is 1000 interations.
values in the output of a show command, perform switch configurations, run Cisco NX-OS commands in a
loop, or define EEM policies in a script.
This section describes how to run tcl scripts or run tcl interactively on Cisco NX-OS devices.
Note You cannot create a tcl script file at the CLI prompt. You can create the script file on a remote device and
copy it to the bootflash: directory on the Cisco NX-OS device.
Procedure
Example
This example shows an interactive tcl shell:
switch# tclsh
switch-tcl# set x 1
switch-tcl# cli show module $x | incl Mod
Mod Ports Module-Type Model Status
1 32 1/10 Gbps Ethernet Module N7K-F132XP-15 ok
Mod Sw Hw
Mod MAC-Address(es) Serial-Num
Mod Online Diag Status
Left ejector CLOSE, Right ejector CLOSE, Module HW does support ejector based shutdown.
switch-tcl# exit
switch#
Procedure
Step 2 configure terminal Runs a Cisco NX-OS command in the tcl shell,
changing modes.
Example:
switch-tcl# configure terminal Note The tcl prompt changes to indicate
switch(config-tcl)# the Cisco NX-OS command mode.
Example
This example shows how to change Cisco NX-OS modes from an interactive tcl shell:
switch# tclsh
switch-tcl# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config-tcl)# interface loopback 10
switch(config-if-tcl)# ?
description Enter description of maximum 80 characters
inherit Inherit a port-profile
ip Configure IP features
ipv6 Configure IPv6 features
logging Configure logging for interface
no Negate a command or set its defaults
Tcl References
The following titles are provided for your reference:
• Mark Harrison (ed), Tcl/Tk Tools, O'Reilly Media, ISBN 1-56592-218-2, 1997
• Mark Harrison and Michael McLennan, Effective Tcl/Tk Programming, Addison-Wesley, Reading, MA,
USA, ISBN 0-201-63474-0, 1998
• John K. Ousterhout, Tcl and the Tk Toolkit, Addison-Wesley, Reading, MA, USA, ISBN 0-201-63337-X,
1994.
• Brent B. Welch, Practical Programming in Tcl and Tk, Prentice Hall, Upper Saddle River, NJ, USA,
ISBN 0-13-038560-3, 2003.
• J Adrian Zimmer, Tcl/Tk for Programmers, IEEE Computer Society, distributed by John Wiley and Sons,
ISBN 0-8186-8515-8, 1998.