Cisco Nexus 5000 Series Configuration Manual

System management configuration guide

Hide thumbs Also See for Nexus 5000 Series:

Cli configuration manual (660 pages)

Configuration manual (334 pages)

Command reference manual (196 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

Table Of Contents

217

page of 217

/ 217
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual See also: Troubleshooting Manual, Configuration Manual

Cisco Nexus 5000 Series NX-OS System Management Configuration

Guide, Release 5.2(1)N1(1)

First Published: July 02, 2012

Last Modified: July 02, 2012

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Table of Contents

Summary of Contents for Cisco Nexus 5000 Series

Page 1 Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1) First Published: July 02, 2012 Last Modified: July 02, 2012 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
Page 2 HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. http:// Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks .
Page 3 Adding a Switch to a Switch Profile Adding or Modifying Switch Profile Commands Importing a Switch Profile Importing Configurations in a vPC Topology Verifying Commands in a Switch Profile Isolating a Peer Switch Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 4 Configuration Examples for Pre-Provisioning Using Cisco Fabric Services C H A P T E R 5 Information About CFS CFS Distribution CFS Distribution Modes Uncoordinated Distribution Coordinated Distribution Unrestricted Uncoordinated Distributions Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 5 Configuring IPv4 Multicast Address for CFS Configuring IPv6 Multicast Address for CFS Verifying the IP Multicast Address Configuration for CFS over IP Displaying CFS Distribution Information Default Settings for CFS Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 6 Changing User Role Interface Policies Changing User Role VLAN Policies Changing User Role VSAN Policies Verifying the User Accounts and RBAC Configuration Configuring User Accounts Default Settings for the User Accounts and RBAC Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 7 Configuring System Message Logging Configuring System Message Logging to Terminal Sessions Configuring System Message Logging to a File Configuring Module and Facility Messages Logging Configuring Logging Timestamps Configuring the ACL Logging Cache Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 8 Verifying the Smart Call Home Configuration Sample Syslog Alert Notification in Full-Text Format Sample Syslog Alert Notification in XML Format Configuring Rollback C H A P T E R 1 2 Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1) viii...
Page 9 Guidelines and Limitations for SNMP Default SNMP Settings Configuring SNMP Configuring SNMP Users Enforcing SNMP Message Encryption Assigning SNMPv3 Users to Multiple Roles Creating SNMP Communities Filtering SNMP Requests Configuring SNMP Notification Receivers Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 10 Information About SPAN SPAN Sources Characteristics of Source Ports SPAN Destinations Characteristics of Destination Ports Guidelines and Limitations for SPAN Creating or Deleting a SPAN Session Configuring an Ethernet Destination Port Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 11 Configuration Example for an ERSPAN Source Session Configuration Example for an IP Address as the Source for an ERSPAN Session Configuration Example for Truncated ERSPAN Additional References Related Documents Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 12 Contents Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 13: Document Conventions
• Obtaining Documentation and Submitting a Service Request, page xvii Audience This publication is for experienced network administrators who configure and maintain Cisco Nexus devices and Cisco Nexus 2000 Series Fabric Extenders. Document Conventions Command descriptions use the following conventions:...
Page 14: Related Documentation
Means reader be careful. In this situation, you might do something that could result in equipment damage Caution or loss of data. Related Documentation The entire Cisco NX-OS 5000 Series documentation set is available at the following URL: http://www.cisco.com/en/US/products/ps9670/tsd_products_support_series_home.html Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 15 • Security Configuration Guide • System Management Configuration Guide • Unicast Routing Configuration Guide Maintain and Operate Guides Cisco Nexus 5000 Series NX-OS Operations Guides for various features are available at http://www.cisco.com/ en/US/products/ps9670/prod_maintenance_guides_list.html. Installation and Upgrade Guides These guides are available at the following URL: http://www.cisco.com/en/US/products/ps9670/prod_installation_guides_list.html...
Page 16: Documentation Feedback
• TrustSec Command Reference • Unicast Routing Command Reference • vPC Command Reference Technical References The Cisco Nexus 5000 and Cisco Nexus 2000 MIBs Reference is available at http://www.cisco.com/en/US/ docs/switches/datacenter/nexus5000/sw/mib/reference/NX5000_MIBRef.html. Error and System Messages The Nexus 5000 Series NX-OS System Message Reference is available at http://www.cisco.com/en/US/docs/...
Page 17: Obtaining Documentation And Submitting A Service Request
Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
Page 18 Preface Obtaining Documentation and Submitting a Service Request Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1) xviii...
Page 19: Chapter
C H A P T E R New and Changed Information This chapter provides release-specific information for each new and changed feature in the Cisco Nexus 3000 Series NX-OS Fundamentals Configuration Guide. • New and Changed Information for this Release, page 1 New and Changed Information for this Release The following table provides an overview of the significant changes to this guide for this current release.
Page 20 New and Changed Information New and Changed Information for this Release Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 21: Chapter
Pre-provisioning allows users to synchronize the configuration for an interface that is online with one peer but offline with another peer. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 22 System message logging is based on RFC 3164. For more information about the system message format and the messages that the device generates, see the Cisco NX-OS System Messages Reference. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 23 (sometimes called port mirroring or port monitoring) selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe, a Fibre Channel Analyzer, or other Remote Monitoring (RMON) probes. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 24 The ERSPAN source session copies traffic from the source ports or source VLANs and forwards the traffic using routable GRE-encapsulated packets to the ERSPAN destination session. The ERSPAN destination session switches the traffic to the destinations. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 25: Configuring Switch Profiles
Displaying the Switch Profile Buffer, page 22 • Synchronizing Configurations After Switch Reboot, page 23 • Switch Profile Configuration show Commands, page 23 • Configuration Examples for Switch Profiles, page 24 Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 26: Information About Switch Profiles
Information About Switch Profiles Information About Switch Profiles Several applications require consistent configuration across Cisco Nexus Series switches in the network. For example, with a Virtual Port Channel (vPC), you must have identical configurations. Mismatched configurations can cause errors or misconfigurations that can result in service disruptions.
Page 27: Configuration Validation
For example, the following command can only be configured in global configuration mode: switchport private-vlan association trunk primary-vlan secondary-vlan • Shutdown/no shutdown • System QoS Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 28: Software Upgrades And Downgrades With Switch Profiles
Prerequisites for Switch Profiles Switch profiles have the following prerequisites: • You must enable Cisco Fabric Series over IP (CFSoIP) distribution over mgmt0 on both switches by entering the cfs ipv4 distribute command. • You must configure a switch profile with the same name on both peer switches by entering the config sync and switch-profile commands.
Page 29: Cisco Nexus 5000 Series Nx-Os System Management Configuration Guide, Release 5.2(1)N1(1
If there is a commit failure, the commands remain in the switch profile buffer. You can then make necessary corrections and try the commit again. • Cisco recommends that you enable pre-provisioning for all Generic Expansion Modules (GEMs) and Cisco Nexus Fabric Extender modules whose interface configurations are synchronized using the configuration synchronization feature.
Page 30: Configuring Switch Profiles
Example: switch(config-sync)# switch-profile abc switch(config-sync-sp)# Step 5 sync-peers destination IP-address Configures the peer switch. Example: switch(config-sync-sp)# sync-peers destination 10.1.1.1 switch(config-sync-sp)# Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 31: Adding A Switch To A Switch Profile
Follow these guidelines when adding switches: • Switches are identified by their IP address. • Destination IPs are the IP addresses of the switches that you want to synchronize. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 32: Cisco Nexus 5000 Series Nx-Os System Management Configuration Guide, Release 5.2(1)N1(1
Displays the switch profile peer configuration. Example: switch# show switch-profile peer Step 6 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch# copy running-config startup-config Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 33: Adding Or Modifying Switch Profile Commands
Example: switch(config-sync)# switch-profile abc switch(config-sync-sp)# Step 3 command argument Adds a command to the switch profile. Example: switch(config-sync-sp)# interface Port-channel100 switch(config-sync-sp-if)# speed 1000 switch(config-sync-sp-if)# interface Ethernet1/1 Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 34: Cisco Nexus 5000 Series Nx-Os System Management Configuration Guide, Release 5.2(1)N1(1
10.1.1.1 switch(config-sync-sp)# interface port-channel100 switch(config-sync-sp-if)# speed 1000 switch(config-sync-sp-if)# interface Ethernet1/1 switch(config-sync-sp-if)# speed 1000 switch(config-sync-sp-if)# channel-group 100 switch(config-sync-sp)# verify switch(config-sync-sp)# commit switch(config-sync-sp)# exit switch# Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 35: Importing A Switch Profile
Example: switch(config-sync)# switch-profile switch(config-sync-sp)# Step 3 import {interface port/slot | running-config Identifies the commands that you want to import [exclude interface ethernet]} and enters switch profile import mode. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 36: Cisco Nexus 5000 Series Nx-Os System Management Configuration Guide, Release 5.2(1)N1(1
Switch-Profile started, Profile ID is 1 switch(config-sync-sp)# show switch-profile buffer switch-profile : sp ---------------------------------------------------------- Seq-no Command ---------------------------------------------------------- switch(config-sync-sp)# import running-config exclude interface ethernet Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 37: Importing Configurations In A Vpc Topology
You can verify the commands that are included in a switch profile by entering the verify command in switch profile mode. Procedure Command or Action Purpose Step 1 config sync Enters configuration synchronization mode. Example: switch# config sync switch(config-sync)# Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 38: Isolating A Peer Switch
4 Undo the changes that were made to the switch profile in Step 2 and commit. 5 Add the peer switch back to the switch profile. Deleting a Switch Profile You can delete a switch profile by selecting the all-config or the local-config option: Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 39: Deleting A Switch From A Switch Profile
Copies the running configuration to the startup configuration. Example: switch# copy running-config startup-config Deleting a Switch from a Switch Profile You can delete a switch from a switch profile. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 40: Displaying The Switch Profile Buffer
Command or Action Purpose Step 1 switch# configure sync Enters configuration synchronization mode. Step 2 switch(config-sync) # switch-profile Enters switch profile synchronization configuration profile-name mode for the specified switch profile. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 41: Synchronizing Configurations After Switch Reboot
Synchronizing Configurations After Switch Reboot If a Cisco Nexus Series switch reboots while a new configuration is being committed on a peer switch using a switch profile, complete the following steps to synchronize the peer switches after reload: Procedure Step 1 Reapply configurations that were changed on the peer switch during the reboot.
Page 42: Configuration Examples For Switch Profiles
Displays the startup configuration for the switch profile on the local switch. For detailed information about the fields in the output from these commands, see the Cisco Nexus 5000 Series Command Reference. Configuration Examples for Switch Profiles...
Page 43: Cisco Nexus 5000 Series Nx-Os System Management Configuration Guide, Release 5.2(1)N1(1
View the buffered commands. Example: switch(config-sync-sp-if)# show switch-profile switch-profile buffer ---------------------------------------------------------- Seq-no Command ---------------------------------------------------------- class-map type qos match-all c1 match cos 2 class-map type qos match-all c2 match cos 5 Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 44: Verifying The Synchronization Status Example
Start-time: 804935 usecs after Mon Aug 23 06:41:10 2010 End-time: 956631 usecs after Mon Aug 23 06:41:20 2010 Profile-Revision: 2 Session-type: Commit Peer-triggered: No Profile-status: Sync Success Local information: ---------------- Status: Commit Success Error(s): Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 45: Displaying The Running Configuration
Start-time: 491815 usecs after Thu Aug 12 11:54:51 2010 End-time: 449475 usecs after Thu Aug 12 11:54:58 2010 Profile-Revision: 1 Session-type: Initial-Exchange Peer-triggered: No Profile-status: Sync Success Local information: ---------------- Status: Commit Success Error(s): Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 46: Displaying Verify And Commit On Local And Peer Switches
Start-time: 171513 usecs after Wed Aug 11 17:51:28 2010 End-time: 676451 usecs after Wed Aug 11 17:51:43 2010 Profile-Revision: 3 Session-type: Commit Peer-triggered: No Profile-status: Sync Success Local information: ---------------- Status: Commit Success Error(s): Peer information: Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 47: Successful And Unsuccessful Synchronization Examples
This example shows how to configure the switch profile buffer, the buffer-move configuration, and the buffer-delete configuration: switch# configure sync Enter configuration commands, one per line. End with CNTL/Z. switch(config-sync)# switch-profile sp Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 48: Importing Configurations
Enter configuration commands, one per line. End with CNTL/Z. switch(config-sync)# switch-profile sp Switch-Profile started, Profile ID is 1 switch(config-sync-sp)# import interface Ethernet1/3 switch(config-sync-sp-import)# show switch-profile sp buffer ---------------------------------------------------------- Seq-no Command Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 49: Cisco Nexus 5000 Series Nx-Os System Management Configuration Guide, Release 5.2(1)N1(1
18.2 switchport trunk allowed vlan 11-20 18.3 channel-group 31 mode active interface Ethernet1/10 19.1 switchport mode trunk 19.2 switchport trunk allowed vlan 11-20 19.3 channel-group 31 mode active Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 50: Cisco Nexus 5000 Series Nx-Os System Management Configuration Guide, Release 5.2(1)N1(1
---------------------------------------------------------- Seq-no Command ---------------------------------------------------------- port-profile type ethernet pp1 bandwidth 5000 bandwidth inherit speed 10000 state enabled switch(config-sync-sp-import-if)# verify Verification Successful switch(config-sync-sp-import)# commit Commit Successful switch(config-sync)# show running-config switch-profile Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 51: Sample Migrations Using The Import Command
Migrating Cisco NX-OS Release 5.0(2)N1(1) in a Fabric Extender A-A Topology Example This examples shows the tasks used to migrate to Cisco NX-OS Release 5.0(2)N1(1) in a Fabric Extender A-A topology. For details on the tasks, see the appropriate sections in this chapter.
Page 52: Cisco Nexus 5000 Series Nx-Os System Management Configuration Guide, Release 5.2(1)N1(1
Enter the sync-peers destination IP-address command to configure the peer switch on both switches. Step 8 Enter the show switch-profile name status command to ensure both switches are synchronized. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 53: Information About Module Pre-Provisioning
For more information about supported hardware for your software version, refer to the release notes. Upgrades and Downgrades When upgrading from Cisco NX-OS Release 4.2(1)N2(1) and earlier releases to Cisco NX-OS Release 5.0(2)N1(1), there are no configuration implications. When upgrading from a release that supports pre-provisioning to another release that supports the feature including InService Software Upgrades (ISSU), pre-provisioned configurations are retained across the upgrade.
Page 54: Guidelines And Limitations
Step 3 provision model model Selects the module that you want to pre-provision. Example: switch(config-slot)# provision model N2K-C2248T switch(config-slot)# Step 4 Exits slot configuration mode. exit Example: switch(config-slot)# exit switch# Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 55: Removing Module Pre-Provisioning
Step 4 exit Exits slot configuration mode. Example: switch(config-slot)# exit switch# Step 5 copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. Example: switch# copy running-config startup-config Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 56: Verifying The Pre-Provisioned Configuration
Displays the startup configuration including the pre-provisioned configuration. Configuration Examples for Pre-Provisioning The following example shows how to enable pre-provisioning on slot 110 on the Cisco Nexus 2232P Fabric Extender and how to pre-provision interface configuration commands on the Ethernet 110/1/1 interface. switch# configure terminal...
Page 57: Cisco Nexus 5000 Series Nx-Os System Management Configuration Guide, Release 5.2(1)N1(1
Ethernet101/1/2 service-policy input test interface Ethernet101/1/3 service-policy input test This example shows how to remove all pre-provisioned modules from a slot: switch(config)# slot 2 switch(config-slot)# no provision model switch(config-slot)# Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 58: Cisco Nexus 5000 Series Nx-Os System Management Configuration Guide, Release 5.2(1)N1(1
Configuring Module Pre-Provisioning Configuration Examples for Pre-Provisioning Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 59: Information About Cfs
CFS-capable switches in the network and to discover feature capabilities in all CFS-capable switches. Cisco Nexus Series switches support CFS message distribution over Fibre Channel and IPv4 or IPv6 networks. If the switch is provisioned with Fibre Channel ports, CFS over Fibre Channel is enabled by default while CFS over IP must be explicitly enabled.
Page 60: Cfs Distribution
(when two independent SAN fabrics merge). CFS Distribution The CFS distribution functionality is independent of the lower layer transport. Cisco Nexus Series switches support CFS distribution over IP and over Fibre Channel. Features that use CFS are unaware of the lower layer transport.
Page 61: Coordinated Distribution
Globally disables CFS distribution (CFS over Fibre Channel or IP) for all applications on the switch. Step 3 switch(config)# cfs distribute (Optional) Enables CFS distribution on the switch. This is the default. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 62: Verifying The Cfs Distribution Status
• Keepalive mechanism to detect network topology changes using a configurable multicast address. • Compatibility with Cisco MDS 9000 Family switches running release 2.x or later. The following figure (Network Example 1) shows a network with both Fibre Channel and IP connections.
Page 63: Cfs Distribution Over Fibre Channel
CFS packets. CFS packets are sent to or from the switch domain controller addresses. CFS Distribution Scopes Different applications on the Cisco Nexus Series switches need to distribute the configuration at various levels. The following levels are available when using CFS distribution over Fibre Channel: •...
Page 64: Cfs Merge Support
When you commit the changes, the pending database overwrites the configuration database (also known as the active database or the effective database). Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 65: Enabling Cfs For An Application
CFS, merge capability (if it has registered with CFS for merge support), and the distribution scope. switch# show cfs application name fscm Enabled : Yes Timeout : 100s Merge Capable : No Scope : Physical-fc Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 66: Locking The Network
The commit function does not start a session; only a lock function starts a session. However, an empty commit is allowed if configuration changes are not previously made. In this case, a commit operation results in a session that acquires locks and distributes the current database. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 67: Discarding Changes
When a network spans a vast geography, you might need to localize or restrict the distribution of certain profiles among a set of switches based on their physical proximity. CFS regions allow you to create multiple Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 68: Example Scenario
Enters configuration mode. Step 2 switch(config)# cfs region region-id Creates a region. Assigning Applications to CFS Regions You can assign an application on a switch to a region. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 69: Moving An Application To A Different Cfs Region
The following example shows how to move an application into Region 2 that was originally assigned to Region 1: switch# configure terminal switch(config)# cfs region 2 switch(config-cfs-region)# ntp Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 70: Removing An Application From A Region
Configuring CFS over IP Enabling CFS over IPv4 You can enable or disable CFS over IPv4. CFS cannot distribute over both IPv4 and IPv6 from the same switch. Note Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 71: Enabling Cfs Over Ipv6
The following example show how to verify the CFS over IP configuration, use the show cfs status command. switch# show cfs status Distribution : Enabled Distribution over IP : Enabled - mode IPv4 IPv4 multicast address : 239.255.70.83 IPv6 multicast address : ff15::efff:4653 Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 72: Configuring Ip Multicast Address For Cfs Over Ip
Configures the IPv6 multicast address for CFS distribution mcast-address ipv4-address over IPv6. The range of valid IPv6 addresses is ff15::/16 (ff15::0000:0000 through ff15::ffff:ffff) and ff18::/16 (ff18::0000:0000 through ff18::ffff:ffff). Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 73: Verifying The Ip Multicast Address Configuration For Cfs Over Ip
Domain Switch WWN IP Address ---------------------------------------------------------------- 20:00:00:0e:d7:00:3c:9e 10.76.100.169 [Merge Master] Logical [VSAN 2] Merge Status: Success Local Fabric ---------------------------------------------------------------- Domain Switch WWN IP Address ---------------------------------------------------------------- 20:00:00:05:30:00:6b:9e 10.76.100.167 [Merge Master] 20:00:00:0e:d7:00:3c:9e 10.76.100.169 Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 74: Cisco Nexus 5000 Series Nx-Os System Management Configuration Guide, Release 5.2(1)N1(1
The following example show cfs peers name command output displays all the application peers (all switches in which that application is registered). The local switch is indicated as Local. switch# show cfs peers name port-security Scope : Logical [VSAN 1] ----------------------------------------------------------- Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 75: Default Settings For Cfs
IPv4 multicast address 239.255.70.83 IPv6 multicast address ff15::efff:4653 The CISCO-CFS-MIB contains SNMP configuration information for any CFS-related functions. See the Cisco Nexus 5000 and Nexus 2000 MIBs Reference available at the following URL: http://www.cisco.com/en/US/ docs/switches/datacenter/nexus5000/sw/mib/reference/NX5000_MIBRef.html. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 76: Cisco Nexus 5000 Series Nx-Os System Management Configuration Guide, Release 5.2(1)N1(1
Using Cisco Fabric Services Default Settings for CFS Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 77: Chapter
Synchronization is achieved by exchanging PTP timing messages, with the members using the timing information to adjust their clocks to the time of their master in the hierarchy. PTP operates within a logical scope called a PTP domain. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 78: Ptp Device Types
PTP message or an associated follow-up message. PTP operates only in boundary clock mode. Cisco recommends deployment of a Grand Master Clock Note (GMC) upstream, with servers containing clocks requiring synchronization connected to the switch.
Page 79: Clock Management
PTP requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Page 80: Default Settings For Ptp
You can enable or disable PTP globally on a device. You can also configure various PTP clock parameters to help determine which clock in the network has the highest priority to be selected as the grandmaster. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 81 This example shows how to configure PTP globally on the device, specify the source IP address for PTP communications, and configure a preference level for the clock: switch# configure terminal switch(config)# feature ptp switch(config)# ptp source 10.10.10.1 switch(config)# ptp priority1 1 switch(config)# ptp priority2 1 Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 82: Configuring Ptp On An Interface
Configures the minimum interval allowed between PTP seconds delay-request messages when the port is in the master state. The range is from -1 to 6 seconds. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 83 Announce receipt time out: 2 Peer mean path delay: 0 Announce interval(log mean): 3 Sync interval(log mean): -1 Delay Mechanism: End to End Peer delay request interval(log mean): 0 switch(config-if)# Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 84: Verifying The Ptp Configuration
Displays the properties of the PTP parent and grandmaster clock. show ptp port interface ethernet slot/port Displays the status of the PTP port on the switch. show ptp time-property Displays the PTP clock time properties. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 85: Configuring User Accounts And Rbac
Configuring User Accounts Default Settings for the User Accounts and RBAC, page 80 Information About User Accounts and RBAC Cisco Nexus Series switches use role-based access control (RBAC) to define the amount of access that each user has when the user logs into the switch.
Page 86: Predefined San Admin User Role
• Configuration and management of SAN features such as: ◦ FC-SP ◦ FC-PORT-SECURITY ◦ FCoE ◦ FCoE-NPV ◦ FPORT-CHANNEL-TRUNK ◦ PORT-TRACK ◦ FABRIC-BINDING • Configuration and management for the following of EXEC mode commands: ◦ DEBUG Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 87: Rules
A command or group of commands defined in a regular expression. Feature Commands that apply to a function provided by the Cisco Nexus 5000 Series switch. Enter the show role feature command to display the feature names available for this parameter.
Page 88 Read and write permissions for port security-related commands Read and write permissions for Remote Domain Loopback (RDL) related commands rmon Read and write permissions for RMON-related commands Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 89: User Role Policies
If a command rule permits access to specific resources (interfaces, VLANs, or VSANs), the user is permitted to access these resources, even if the user is not listed in the user role policies associated with that user. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 90: User Account Configuration Restrictions
• xfs Caution The Cisco Nexus 5000 Series switch does not support all numeric usernames, even if those usernames were created in TACACS+ or RADIUS. If an all numeric username exists on an AAA server and is entered during login, the switch rejects the login request.
Page 91: Guidelines And Limitations For User Accounts
Guidelines and Limitations for User Accounts If a password is trivial (such as a short, easy-to-decipher password), the Cisco Nexus 5000 Series switch rejects the password. Be sure to configure a strong password for each user account. A strong password has the following characteristics: •...
Page 92: Configuring User Accounts
Copies the running configuration to the startup configuration. The following example shows how to configure a user account: switch# configure terminal switch(config)# username NewUser password 4Ty18Rnt switch(config)# exit switch# show user-account Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 93: Configuring San Admin Users
Groups ____ ____ _____________ ______ admin des(no) network-admin user1 des(no) san-admin ________________________________________________________________________ NOTIFICATION TARGET USES (configured for sending V3 Inform) ________________________________________________________________________ User Auth Priv ____ ____ ____ switch(config) # Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 94: Configuring Rbac
Repeat this command for as many rules as needed. Step 7 switch(config-role)# description text (Optional) Configures the role description. You can include spaces in the description. Step 8 switch(config-role)# end Exits role configuration mode. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 95: Creating Feature Groups
This example shows how to create a feature group: switch# configure terminal switch(config) # role feature-group group1 switch(config) # exit switch# show role feature-group switch# copy running-config startup-config switch# Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 96: Changing User Role Interface Policies
3/1 switch(config-role-interface)# permit interface vfc 30/1 Changing User Role VLAN Policies You can change a user role VLAN policy to limit the VLANs that the user can access. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 97: Changing User Role Vsan Policies
Repeat this command for as many VSANs as needed. Step 5 switch(config-role-vsan) # exit Exits role VSAN policy configuration mode. Step 6 switch# show role (Optional) Displays the role configuration. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 98: Verifying The User Accounts And Rbac Configuration
The following table lists the default settings for user accounts and RBAC parameters. Table 6: Default User Accounts and RBAC Parameters Parameters Default User account password Undefined. User account expiry date None. Interface policy All interfaces are accessible. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 99 Configuring User Accounts Default Settings for the User Accounts and RBAC Parameters Default VLAN policy All VLANs are accessible. VFC policy All VFCs are accessible. VETH policy All VETHs are accessible. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 100 Configuring User Accounts and RBAC Configuring User Accounts Default Settings for the User Accounts and RBAC Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 101: Chapter
• Configuration session—Creates a list of commands that you want to implement in session manager mode. • Validation—Provides a basic semantic check on your configuration. Cisco NX-OS returns an error if the semantic check fails on any part of the configuration.
Page 102: Configuring Session Manager
The name can be any alphanumeric string. Step 2 switch(config-s)# ip access-list name Creates an ACL. Step 3 switch(config-s-acl)# permit protocol source (Optional) destination Adds a permit statement to the ACL. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 103: Verifying A Session
(Optional) Saves the session to a file. The location can be in bootflash or volatile. Discarding a Session To discard a session, use the following command in session mode: Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 104: Configuration Example For Session Manager
Displays the contents of the configuration session. show configuration session status [name] Displays the status of the configuration session. show configuration session summary Displays a summary of all the configuration sessions. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 105: Configuring Online Diagnostics
Online diagnostics provide verification of hardware components during switch bootup or reset, and they monitor the health of the hardware during normal switch operation. Cisco Nexus Series switches support bootup diagnostics and runtime diagnostics. Bootup diagnostics include disruptive tests and nondisruptive tests that run during system bootup and system reset.
Page 106: Health Monitoring Diagnostics
Bootup diagnostics log any failures to the onboard failure logging (OBFL) system. Failures also trigger an LED display to indicate diagnostic test states (on, off, pass, or fail). You can configure Cisco Nexus 5000 Series switches to either bypass the bootup diagnostics or run the complete set of bootup diagnostics.
Page 107: Expansion Module Diagnostics
Table 11: Expansion Module Health Monitoring Diagnostics Diagnostic Description Monitors port and system status LEDs. Temperature Sensor Monitors temperature sensor readings. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 108: Configuring Online Diagnostics
Displays the results of the diagnostics tests. Default Settings for Online Diagnostics The following table lists the default settings for online diagnostics parameters. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 109 Configuring Online Diagnostics Default Settings for Online Diagnostics Table 12: Default Online Diagnostics Parameters Parameters Default Bootup diagnostics level complete Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 110 Configuring Online Diagnostics Default Settings for Online Diagnostics Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 111: Configuring System Message Logging
3164. For more information about the system message format and the messages that the device generates, see the Cisco NX-OS System Messages Reference. By default, the Cisco Nexus 5000 Series switch outputs messages to terminal sessions. By default, the switch logs system messages to a log file.
Page 112: Syslog Servers
You can configure the Cisco Nexus Series switch to sends logs to up to eight syslog servers. To support the same configuration of syslog servers on all switches in a fabric, you can use Cisco Fabric Services (CFS) to distribute the syslog server configuration.
Page 113: Default Settings For System Message Logging
Enables the switch to log messages to the console session [severity-level] based on a specified severity level or higher (a lower number value indicates a higher severity level). Severity levels range from 0 to 7: Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 114 Displays the console logging configuration. Step 8 switch# show logging monitor (Optional) Displays the monitor logging configuration. Step 9 switch# copy running-config (Optional) Copies the running configuration to the startup configuration. startup-config Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 115: Configuring System Message Logging To A File
5 and the file size is 4194304. Severity levels range from 0 to 7: • 0 – emergency • 1 – alert • 2 – critical • 3 – error • 4 – warning Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 116: Configuring Module And Facility Messages Logging
Configuring Module and Facility Messages Logging You can configure the severity level and time-stamp units of messages logged by modules and facilities. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 117 Resets the logging severity level for the specified facility to [facility severity-level] its default level. If you do not specify a facility and severity level, the switch resets all facilities to their default levels. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 118: Configuring Logging Timestamps
The following example shows how to configure the severity level of module and specific facility messages: switch# configure terminal switch(config)# logging module 3 switch(config)# logging level aaa 2 Configuring Logging Timestamps You can configure the time-stamp units of messages logged by the Cisco Nexus Series switch. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters configuration mode.
Page 119: Configuring The Acl Logging Cache
• Create an IP access list with at least one access control entry (ACE) configured for logging. • Configure the ACL logging cache. • Configure the ACL log match level. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 120: Configuring The Acl Log Match Level
Message Logging to a File, on page Step 3 switch(config)# copy (Optional) Saves the change persistently through reboots and restarts by running-config startup-config copying the running configuration to the startup configuration. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 121: Configuring Syslog Servers
Cisco Nexus Series software that you are using. The command references available for Nexus 5000 can be found here: http://www.cisco.com/en/US/products/ps9670/prod_ command_reference_list.html. Debugging is a CLI facility but the debug syslogs are Note not sent to the server. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 122: Configuring Syslog On A Unix Or Linux System
(*) for all. These facility designators allow you to control the destination of messages based on their origin. Check your configuration before using a Note local facility. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 123: Configuring Syslog Server Configuration Distribution
$ kill -HUP ~cat /etc/syslog.pid~ Configuring syslog Server Configuration Distribution You can distribute the syslog server configuration to other switches in the network by using the Cisco Fabric Services (CFS) infrastructure. After you enable syslog server configuration distribution, you can modify the syslog server configuration and view the pending changes before committing the configuration for distribution.
Page 124: Displaying And Clearing Log Files
(Optional) Copies the running configuration to the startup configuration. startup-config Displaying and Clearing Log Files You can display or clear messages in the log file and the NVRAM. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 125: Verifying The System Message Logging Configuration
Displays detailed information about the IP access list cache. show logging ip access-list status Displays the status of the IP access list cache. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 126 Displays the logging status. show logging timestamp Displays the logging time-stamp units configuration. show running-config acllog Displays the running configuration for the ACL log file. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 127: Information About Smart Call Home
Technical Assistance Center. If you have a service contract directly with Cisco, you can register your devices for the Smart Call Home service. Smart Call Home provides fast resolution of system problems by analyzing Smart Call Home messages sent from your devices and providing background information and recommendations.
Page 128: Smart Call Home Overview
You can also configure a destination profile to allow periodic inventory update messages by using the inventory alert group that will send out periodic messages daily, weekly, or monthly. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 129: Smart Call Home Alert Groups
Smart Call Home Alert Groups An alert group is a predefined subset of Smart Call Home alerts that are supported in all Cisco Nexus 5000 Series switches. Alert groups allow you to select the set of Smart Call Home alerts that you want to send to a predefined or custom destination profile.
Page 130: Smart Call Home Message Levels
0 (the switch sends all messages). Smart Call Home messages that are sent for syslog alert groups have the syslog severity level mapped to the Smart Call Home message level. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 131: Call Home Message Formats
• Short text message format • Common fields for all full text and XML messages • Inserted fields for a reactive or proactive event message • Inserted fields for an inventory event message Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 132 Name of message type, such as /aml/header/type reactive or proactive. Message group Name of alert group, such as /aml/header/group syslog. Severity level Severity level of message. /aml/header/level Source ID Product type for routing. /aml/header/source Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 133 ID by any support service. Site ID Optional user-configurable field /aml/ header/siteID used for Cisco-supplied site ID or other data meaningful to alternate support service. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 134 Serial number Chassis serial number of the unit. /aml/body/chassis/serialNo Chassis part number Top assembly number of the /aml/body/chassis/partNo chassis. Fields specific to a particular alert group message are inserted here. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 135 Table 21: Inserted Fields for an Inventory Event Message Data Item (Plain Text and XML) Description (Plain Text and XML) XML Tag (XML Only) Chassis hardware version Hardware version of the chassis. /aml/body/chassis/hwVersion Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 136: Guidelines And Limitations For Smart Call Home
Prerequisites for Smart Call Home • E-mail server connectivity. • Access to contact name (SNMP server contact), phone, and street address information. • IP connectivity between the switch and the e-mail server. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 137: Default Call Home Settings
• SMARTnet contract number for your switch • Your e-mail address • Your Cisco.com ID Procedure Step 1 In a browser, navigate to the Smart Call Home Web page. http://www.cisco.com/go/smartcall/ Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 138: Configuring Contact Information
Spaces are accepted. Step 7 switch(config-callhome)# (Optional) contract-id contract-number Configures the contract number for this switch from the service agreement. The contract-number can be up to 255 alphanumeric characters. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 139: Creating A Destination Profile
You must create a user-defined destination profile and configure the message format for that new destination profile. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 140: Modifying A Destination Profile
• Message size—The allowed length of a Call Home message sent to the e-mail addresses in this destination profile. You cannot modify or delete the CiscoTAC-1 destination profile. Note Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 141 5 switch(config-callhome)# destination-profile full-text-destination message-size 10000 switch(config-callhome)# What to Do Next Associate an alert group with a destination profile. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 142: Associating An Alert Group With A Destination Profile
You can assign a maximum of five user-defined CLI show commands to an alert group. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode. Step 2 switch(config)# callhome Enters Smart Call Home configuration mode. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 143: Configuring E-Mail Server Details
Saves the change persistently through reboots and startup-config restarts by copying the running configuration to the startup configuration. This example shows how to add the show ip routing command o the Cisco-TAC alert group: switch# configuration terminal switch(config)# callhome switch(config-callhome)# alert-group Configuration user-def-cmd show ip routing...
Page 144: Configuring Periodic Inventory Notifications
Configures periodic inventory messages. periodic-inventory notification The interval days range is from 1 to 30 days. [interval days] [timeofday time] The default is 7 days. The timeofday time is in HH:MM format. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 145: Disabling Duplicate Message Throttling
This example shows how to disable duplicate message throttling: switch# configuration terminal switch(config)# callhome switch(config-callhome)# no duplicate-message throttle switch(config-callhome)# Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 146: Enabling Or Disabling Smart Call Home
Smart Call Home testing fails when the message level for the destination profile is set to 3 or higher. Important Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 147: Verifying The Smart Call Home Configuration
Displays the running configuration for Smart Call Home. callhome-all] switch# show startup-config callhome Displays the startup configuration for Smart Call Home. switch# show tech-support callhome Displays the technical support output for Smart Call Home. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 148: Sample Syslog Alert Notification In Full-Text Format
<soap-env:Envelope xmlns:soap-env="http://www.w3.org/2003/05/soap-envelope"> <soap-env:Header> <aml-session:Session xmlns:aml-session="http://www.example.com/2004/01/aml-session" soap-env:mustUnderstand="true" soap-env:role= "http://www.w3.org/2003/05/soap-envelope/role/next"> <aml-session:To>http://tools.example.com/services/DDCEService</aml-session:To> <aml-session:Path> <aml-session:Via>http://www.example.com/appliance/uri</aml-session:Via> </aml-session:Path> <aml-session:From>http://www.example.com/appliance/uri</aml-session:From> <aml-session:MessageId>M2:69000101:C9D9E20B</aml-session:MessageId> </aml-session:Session> </soap-env:Header> <soap-env:Body> <aml-block:Block xmlns:aml-block="http://www.example.com/2004/01/aml-block"> <aml-block:Header> <aml-block:Type>http://www.example.com/2005/05/callhome/syslog</aml-block:Type> <aml-block:CreationDate>2007-04-25 14:19:55 GMT+00:00</aml-block:CreationDate> <aml-block:Builder> <aml-block:Name>Cat6500</aml-block:Name> <aml-block:Version>2.0</aml-block:Version> </aml-block:Builder> <aml-block:BlockGroup> Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 149 00:01:05: %SYS-5-CONFIG_I: Configured from memory by console 00:01:09: %SYS-5-RESTART: System restarted --Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_DBG-VM), Experimental Version 12.2(20070421:012711) Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Thu 26-Apr-07 15:54 by xxx Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 150 Cisco DCOS Software, c6slc Software (c6slc-SPDBG-VM), Experimental Version 4.0 (20080421:012711)Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 26-Apr-08 16:40 by username1 00:00:25: DFC1: Currently running ROMMON from F2 region Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 151 00:06:59: %OIR-SP-6-DOWNGRADE_EARL: Module 8 DFC installed is not identical to system PFC and will perform at current system operating mode. 00:07:06: %OIR-SP-6-INSCARD: Card inserted in slot 8, interfaces are now online Router#]]> </aml-block:Data> </aml-block:Attachment> </aml-block:Attachments> </aml-block:Block> </soap-env:Body> </soap-env:Envelope> Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 152 Configuring Smart Call Home Sample Syslog Alert Notification in XML Format Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 153: Information About Rollback
You can create a checkpoint copy of the current running configuration at any time. Cisco NX-OS saves this checkpoint as an ASCII file which you can use to roll back the running configuration to the checkpoint configuration at a future time.
Page 154: Creating A Checkpoint
Configuring Rollback Creating a Checkpoint • Beginning in Cisco NX-OS Release 5.0(2)N1(1), you can start a checkpoint filename with the word auto. • Beginning in Cisco NX-OS Release 5.0(2)N1(1), you can name a checkpoint file summary or any abbreviation of the word summary.
Page 155: Implementing A Rollback
This example shows how to create a checkpoint file and then implements an atomic rollback to a user checkpoint name: switch# checkpoint stable switch# rollback running-config checkpoint stable atomic Verifying the Rollback Configuration To display the rollback configuration, perform one of the following tasks: Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 156 | startup-config | file dest-file} show rollback log [exec | verify] Displays the contents of the rollback log. Use the clear checkpoint database command to delete all checkpoint files. Note Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 157: Configuring Dns
A name server may also store information about other parts of the domain tree. To map domain names to IP addresses in Cisco NX-OS, you must first identify the host names, then specify a name server, and enable the DNS service.
Page 158: Dns Operation
High Availability Cisco NX-OS supports stateless restarts for the DNS client. After a reboot or supervisor switchover, Cisco NX-OS applies the running configuration. Prerequisites for DNS Clients The DNS client has the following prerequisites: •...
Page 159: Configuring Dns Clients
Example: NX-OS uses to resolve this domain name server if it switch(config)# ip domain-list mycompany.com cannot be resolved in the VRF that you configured this switch(config)# domain name under. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 160 This example shows how to configure a default domain name and enable DNS lookup: switch# config t switch(config)# vrf context management switch(config)# ip domain-name mycompany.com switch(config)# ip name-server 172.68.0.10 switch(config)# ip domain-lookup Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 161: Configuring Snmp
• An SNMP agent—The software component within the managed device that maintains the data for the device and reports these data, as needed, to managing systems. The Cisco Nexus 5000 Series switch supports the agent and MIB. To enable the SNMP agent, you must define the relationship between the manager and the agent.
Page 162: Snmp Notifications
SNMP Notifications Cisco NX-OS does not support SNMP sets for Ethernet MIBs. Note The Cisco Nexus 5000 Series switch supports SNMPv1, SNMPv2c and SNMPv3. Both SNMPv1 and SNMPv2c use a community-based form of security. Cisco NX-OS supports SNMP over IPv6.
Page 163: Security Models And Levels For Snmpv1, V2, V3
HMAC-MD5 or Provides HMAC-SHA authentication based on the Hash-Based Message Authentication Code (HMAC) Message Digest 5 (MD5) algorithm or the HMAC Secure Hash Algorithm (SHA). Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 164: User-Based Security Model
• HMAC-MD5-96 authentication protocol • HMAC-SHA-96 authentication protocol Cisco NX-OS uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3 message encryption and conforms with RFC 3826. The priv option offers a choice of DES or 128-bit AES encryption for SNMP security encryption. The priv option along with the aes-128 token indicates that this privacy password is for generating a 128-bit AES key.The AES priv password can have a minimum of eight characters.
Page 165: Cli And Snmp User Synchronization
Licensing Requirements for SNMP This feature does not require a license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Page 166: Guidelines And Limitations For Snmp
Configuring SNMP Configuring SNMP Users The commands used to configure SNMP users in Cisco NX-OS are different from those used to configure Note users in Cisco IOS. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode.
Page 167: Enforcing Snmp Message Encryption
You can configure SNMP to require authentication or encryption for incoming requests. By default the SNMP agent accepts SNMPv3 messages without authentication and encryption. When you enforce privacy, Cisco NX-OS responds with an authorization error for any SNMPv3 PDU request using security level parameter of either noAuthNoPriv or authNoPriv.
Page 168: Creating Snmp Communities
The ACL applies to both IPv4 and IPv6 over UDP and TCP. After creating the ACL, assign the ACL to the SNMP community. For more information on creating ACLs, see the NX-OS Security Configuration Guide for the Cisco Nexus Series software that you are using. The security configuration guides available for Nexus 5000 can be found here: http://www.cisco.com/en/US/products/ps9670/products_installation_and_configuration_...
Page 169: Configuring Snmp Notification Receivers
Create an ACL to assign to the SNMP community. Assign the ACL to the SNMP community. Configuring SNMP Notification Receivers You can configure Cisco NX-OS to generate SNMP notifications to multiple host receivers. You can configure a host receiver for SNMPv1 traps in a global configuration mode. Command...
Page 170: Configuring Snmp Notification Receivers With Vrfs
192.0.2.1 informs version 3 auth NMS Configuring SNMP Notification Receivers with VRFs You can configure Cisco NX-OS to use a configured VRF to reach the host receiver. SNMP adds entries into the cExtSnmpTargetVrfTable of the CISCO-SNMP-TARGET-EXT-MIB when you configure the VRF reachability and filtering options for an SNMP notification receiver.
Page 171: Filtering Snmp Notifications Based On A Vrf
Configuring SNMP Filtering SNMP Notifications Based on a VRF Filtering SNMP Notifications Based on a VRF You can configure Cisco NX-OS filter notifications based on the VRF in which the notification occurred. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode.
Page 172: Configuring A Host Receiver For Snmp Notifications
2/1 To the following example configures a source interface responsible for receiving all SNMP notifications: switch# config t switch(config) # snmp-server host 192.0.2.1 source-interface ethernet 2/1 Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 173: Configuring Snmp For Inband Access
The following SNMPv2 example shows how to configure and inband access to the community comm which is not mapped: switch# config t Enter configuration commands, one per line. End with CNTL/Z. switch(config)# snmp-server context def vrf default switch(config)# snmp-server community comm group network-admin switch(config)# Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 174: Enabling Snmp Notifications
Enabling SNMP Notifications You can enable or disable notifications. If you do not specify a notification name, Cisco NX-OS enables all notifications. Note The snmp-server enable traps CLI command enables both traps and informs, depending on the configured notification host receivers.
Page 175 Enables the ENTITY-MIB SNMP notifications. [fru] switch(config)# snmp-server enable traps license Enables the license SNMP notification. switch(config)# snmp-server enable traps Enables the port security SNMP notifications. port-security Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 176: Configuring Link Notifications
(cieLinkUp, cieLinkDown) defined in CISCO-IF-EXTENSION-MIB.my, if ifLinkUpDownTrapEnable (defined in IF-MIB) is enabled for that interface. Cisco NX-OS adds additional varbinds specific to Cisco Systems in addition to the varbinds defined in the IF-MIB for the linkUp and linkDown notifications.
Page 177: Disabling Link Notifications On An Interface
Configures sysContact, the SNMP contact name. Step 3 switch(config)# snmp-server location Configures sysLocation, the SNMP location. name Step 4 switch# show snmp (Optional) Displays information about one or more destination profiles. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 178: Configuring The Context To Network Entity Mapping
Disabling SNMP Procedure Command or Action Purpose Step 1 Enters global configuration mode. configure terminal Example: switch# configure terminal switch(config)# Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 179: Verifying Snmp Configuration
Displays the SNMP notifications enabled or disabled. switch# show snmp user Displays SNMPv3 users. Feature History for SNMP Table 27: Feature History for SNMP Feature Name Releases Information IPv6 support 5.2(1)N1(1) This feature was introduced. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 180 Configuring SNMP Feature History for SNMP Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 181: Information About Rmon
You can use alarms with RMON events to generate a log entry or an SNMP notification when the RMON alarm triggers. RMON is disabled by default and no events or alarms are configured in Cisco Nexus 5000 Series. You can configure your RMON alarms and events by using the CLI or an SNMP-compatible network management...
Page 182: Rmon Events
Configuring RMON RMON Events • Sampling interval—The interval that the Cisco Nexus 5000 Series switch uses to collect a sample value of the MIB object. • The sample type—Absolute samples take the current snapshot of the MIB object value. Delta samples take two consecutive samples and calculate the difference between them.
Page 183: Configuring Rmon
Taking delta samples, last value was 0 Rising threshold is 5, assigned to event 1 Falling threshold is 0, assigned to event 0 On startup enable rising or falling alarm Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 184: Configuring Rmon Events
Displays information about RMON hcalarms. switch# show rmon logs Displays information about RMON logs. Default RMON Settings The following table lists the default settings for RMON parameters. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 185 Configuring RMON Default RMON Settings Table 28: Default RMON Parameters Parameters Default Alarms None configured. Events None configured. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 186 Configuring RMON Default RMON Settings Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 187: Information About Span
The Switched Port Analyzer (SPAN) feature (sometimes called port mirroring or port monitoring) selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe, a Fibre Channel Analyzer, or other Remote Monitoring (RMON) probes.
Page 188: Span Sources
SPAN Sources SPAN Sources SPAN sources refer to the interfaces from which traffic can be monitored. The Cisco Nexus Series device supports Ethernet, Fibre Channel, virtual Fibre Channel, port channels, SAN port channels, VSANs and VLANs as SPAN sources. With VLANs or VSANs, all supported interfaces in the specified VLAN or VSAN are included as SPAN sources.
Page 189: Span Destinations
• For VLAN or VSAN SPAN sources, all active ports in the source VLAN or VSAN are included as source ports. SPAN Destinations SPAN destinations refer to the interfaces that monitors source ports. The Cisco Nexus Series device supports Ethernet and Fibre Channel interfaces as SPAN destinations. Source SPAN...
Page 190: Creating Or Deleting A Span Session
SPAN destination. Step 4 switch(config-if)# exit Reverts to global configuration mode. Step 5 switch(config)# monitor session Enters monitor configuration mode for the specified session-number SPAN session. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 191: Configuring Mtu Truncation For Each Span Session
Copies the running configuration to the startup configuration. This example shows how to configure MTU truncation for a SPAN session: switch# configure terminal switch(config) # monitor session 3 switch(config-monitor) # mtu Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 192: Configuring The Rate Limit For Span Traffic
Configuring Fibre Channel Destination Port The SPAN destination port can only be a physical port on the switch. Note You can configure a Fibre Channel port as a SPAN destination port. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 193: Configuring Source Ports
You can enter a range of Ethernet, Fibre Channel, or virtual Fibre Channel ports. You can specify the traffic direction to duplicate as ingress (rx), egress (tx), or both. By default, the direction is both. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 194: Configuring Source Port Channels, Vsans, Or Vlans
VSANs and VLANs. The monitored direction can be ingress, egress, or both and applies to all physical ports in the group. The Cisco Nexus 5000 Series switch supports two active SPAN sessions. The Cisco Nexus 5548 Switch Note supports four active SPAN sessions. When you configure more than two SPAN sessions, the first two sessions are active.
Page 195: Configuring The Description Of A Span Session
The default is to keep the session state shut. You can open a session that duplicates packets from sources to destinations. Procedure Command or Action Purpose Step 1 switch# configure terminal Enters global configuration mode. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 196: Suspending A Span Session
By default, the session state is shut. Note The Cisco Nexus switch supports two active SPAN sessions. The Cisco Nexus 5548 Switch supports four active SPAN sessions. When you configure more than two SPAN sessions, the first two sessions are active.
Page 197 2 session 2 --------------- type : local state : up source intf : fc3/1 : fc3/1 both : fc3/1 source VLANs source VSANs destination ports : Eth3/1 Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 198 Configuring SPAN Displaying SPAN Information Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 199: Information About Erspan
(GRE)-encapsulated traffic, and an ERSPAN destination session. You separately configure ERSPAN source sessions and destination sessions on different switches. The implementation of ERSPAN on Cisco Nexus 5000 Series switches supports source sessions only, not destination sessions. You can monitor traffic on one or more source ports.
Page 200: Monitored Traffic
VLAN, and trunk ports can be configured as source ports and mixed with nontrunk source ports. • Source VLANs—A source VLAN is a virtual local area network (VLAN) that is monitored for traffic analysis. Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 201: Truncated Erspan
Although you can create up to 18 ERSPAN sessions, you can run only two ERSPAN or SPAN sessions simultaneously on a Cisco Nexus 5000 Series switch and only four ERSPAN or SPAN sessions on a Cisco Nexus 5500 Series switch. You can shut down any unused ERSPAN sessions.
Page 202: Prerequisites For Erspan
• ERSPAN traffic can exit the switch through a Layer 2 interface, Layer 3 interface, port channel, or FabricPath core port. • The Cisco Nexus 5000 series switch cannot reach a destination IP address of a remote switch through a virtual Ethernet port or FEX port. This functionality is not supported.
Page 203: Default Settings
Configuring ERSPAN Default Settings • ERSPAN can monitor ingress traffic on a source VSAN only on Cisco Nexus 5010 and 5020 switches. • ERSPAN cannot monitor egress traffic on source VLANs and VSANs on any Cisco Nexus 5000 Series switch.
Page 204 1 Step 6 source vsan number On Cisco Nexus 5000 Series switches, specifies the VSAN ID number. The range is 1 to 4093. On Cisco Nexus 5500 Series switches, you cannot configure source VSANs. Example: switch(config-erspan-src)# source vsan 1...
Page 205: Configuring An Origin Ip Address For Erspan Packets
You must configure an IP address to be used as the source of the ERSPAN traffic. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: switch# configure terminal switch(config)# Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 206: Configuring Truncated Erspan
ID is globally unique for both session erspan-source types. switch(config-erspan-src)# The session ID (configured by the span-session number argument) and the session type (configured by the erspan-source keyword) cannot be changed once entered. To Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 207: Shutting Down Or Activating An Erspan Session
You can shut down ERSPAN sessions to discontinue the copying of packets from sources to destinations. Because only two ERSPAN sessions on the Cisco Nexus 5000 Series switch and four ERSPAN sessions on the Cisco Nexus 5500 Series switchcan be running simultaneously, you can shut down a session in order to free hardware resources to enable another session.
Page 208 (Optional) Displays the running ERSPAN configuration. Example: switch(config-erspan-src)# show running-config monitor Step 10 show startup-config monitor (Optional) Displays the ERSPAN startup configuration. Example: switch(config-erspan-src)# show startup-config monitor Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 209: Verifying The Erspan Configuration
Configuration Example for an IP Address as the Source for an ERSPAN Session This example shows how to configure an IP address as the source for an ERSPAN session: switch# configure terminal Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 210: Configuration Example For Truncated Erspan
Additional References Related Documents Related Topic Document Title ERSPAN commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1)
Page 211 SPAN smart call home ERSPAN 181, 182, 183, 184, 185, 188, 191, 192 configuring source sessions Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1) IN-1...
Page 212 10, 61, 73, 94, 118, 148, 171 message encryption SNMP smart call home mgmt0 interface SNMP ACL logging Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1) IN-2...
Page 213 ERSPAN destination profile, modifying requirements destination profiles user passwords Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1) IN-3...
Page 214 169, 170, 171, 172, 174, 175, 176, 177, 178 RBAC activating sessions user accounts 72, 73, 80 characteristics, source ports guidelines and limitations creating, deleting sessions passwords description, configuring Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1) IN-4...
Page 215 RBAC SAN admin smart call home user roles user accounts RBAC VRFs 152, 153 user roles and rules, creating configuring SNMP notification receivers with RBAC filtering SNMP notifications Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1) IN-5...
Page 216 Index Cisco Nexus 5000 Series NX-OS System Management Configuration Guide, Release 5.2(1)N1(1) IN-6...

Cisco Nexus 5000 Series Configuration Manual

Quick Links

Related Manuals for Cisco Nexus 5000 Series

Summary of Contents for Cisco Nexus 5000 Series