Cisco Nexus Switches - Configuration Examples

* Useful NX-OS Commands

show version
show inventory
show environment

show module
show redundancy status
show system resources
show feature
show boot
show role

show int counters errors

show run int
show run int eth 1/4-12
show int eth 1/4-12
show int brief
show int transceiver

show cdp neighbors
show cdp neighbors int e1/15 detail

int e1/4
 beacon

Cool pipe options: grep, less, no-more, wc, sed, diff

show ip arp
show mac address-table

show vrf
show vrf default interface (per-interface listing)
show ip int brief vrf all

show int status module 2 | grep disabled

show log last 10

dir
where
pwd

Detach from any module:
~,

show spanning-tree vlan 5

password strength-check

ping 192.168.100.23 vrf management
ssh 192.168.100.23 vrf management
telnet 192.168.100.23 vrf management

switchport (L2)
no switchport (L3)

* 5000 Series Features

show feature
show feature | grep enabled
show license usage

dhcp-snooping - DHCP Snooping
fcoe - Fibre Channel over Ethernet (LICENSE REQUIRED)
fex - Fabric Extender 
http-server  - HTTP Server (for management)
interface-vlan, SVI (Switch Virtual Interface)
lacp - LACP, required for PortChannels
ldap - LDAP
lldp - Link Layer Discovery Protocol
niv - Network Interface Virtualization
private-vlan - PVLAN
privilege - 
sshServer - SSH Server (for management)
tacacs - TACACS Authentication
telnetServer - Telnet Server (for management)
udld
vpc - Virtual PortChannel, aka MEC (Multichassis EtherChannel)
vtp - VLAN Trunking Protocol

* Licensing

www.cisco.com/web/go/license

show license host-id
show license usage

copy scp://jeremy@192.168.1.25/home/jeremy/cisco/foo.lic bootflash:foo.lic
install license bootflash:foo.lic

* Upgrade NX-OS (Nexus 5010, NX-OS 5.0(2)N2(1), non-disruptive)

# copy running-config startup-config
# show version
# show boot
# dir bootflash:
# show spanning-tree issu-impact

copy scp://jeremy@192.168.1.25/home/jeremy/cisco/n5000-uk9-kickstart.5.0.2.N2.1.bin bootflash:n5000-uk9-kickstart.5.0.2.N2.1.bin
copy scp://jeremy@192.168.1.25/home/jeremy/cisco/n5000-uk9.5.0.2.N2.1.bin bootflash:n5000-uk9.5.0.2.N2.1.bin

show install all impact  kickstart bootflash:n5000-uk9-kickstart.5.0.2.N2.1.bin system bootflash:n5000-uk9.5.0.2.N2.1.bin

install all kickstart bootflash:n5000-uk9-kickstart.5.0.2.N2.1.bin system bootflash:n5000-uk9.5.0.2.N2.1.bin

...stuff...

Compatibility check is done:
Module  bootable          Impact  Install-type  Reason
------  --------  --------------  ------------  ------
     1       yes  non-disruptive         reset



Images will be upgraded according to following table:
Module       Image         Running-Version             New-Version  Upg-Required
------  ----------  ----------------------  ----------------------  ------------
     1      system             4.2(1)N1(1)             5.0(2)N2(1)           yes
     1   kickstart             4.2(1)N1(1)             5.0(2)N2(1)           yes
     1        bios        v1.3.0(09/08/09)        v1.3.0(09/08/09)            no
     1   power-seq                    v1.0                    v1.2           yes


Do you want to continue with the installation (y/n)?  [n] y

Install is in progress, please wait.

...more stuff...

Supervisor non-disruptive upgrade successful.

Install has been successful.

* PortChannel (EtherChannel)

feature lacp

interface port-channel21
  description Uplink to core
  switchport mode trunk
  switchport trunk native vlan 999
  switchport trunk allowed vlan 13,31-38,155

interface Ethernet1/1
  switchport mode trunk
  switchport trunk native vlan 999
  switchport trunk allowed vlan 13,31-38,15
  channel-group 21

interface  Ethernet1/2
  switchport mode trunk
  switchport trunk native vlan 999
  switchport trunk allowed vlan 13,31-38,15
  channel-group 21

show port-channel summary

* Enable Jumbo Frames (Nexus 5010)

# show policy-map

# Prep (safe, since it is a policy that is not attached to anything)
policy-map type network-qos jumbo
class type network-qos class-default
mtu 9216
exit
class type network-qos class-fcoe
pause no-drop
mtu 2158
exit
exit

# Deploy (deploys the new 'jumbo' policy):
system qos
service-policy type network-qos jumbo
 
# Rollback (deploys the default policy):
system qos
service-policy type network-qos default-nq-policy

* VPC - Virtual PortChannel (aka MEC, Multichassis EtherChannel)

Yes, it's a feature so nice, it gets two acronyms, and sometimes a third, as some folks call Multichassis EtherChannel MCE.

But wait! Cisco has a newer, better technology called FabricPath.
See http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11-605488.html
See http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11-709336.html

* Checkpoint

Note: If you use the default syntax (checkpoint foo), the checkpoint file is place in volatile memory, and is lost on reload!
      You probably want to write the file to flash, as illustrated below:

Summary:
checkpoint file bootflash:20110208-foo
rollback running-config file bootflash:20110208-foo

Full Example:
5010-lab# checkpoint file bootflash:20110211-foo
..Done

5010-lab# conf
Enter configuration commands, one per line.  End with CNTL/Z.
5010-lab(config)# int e1/10-15
5010-lab(config-if-range)# desc A Tragic Mistake is Made
5010-lab(config-if-range)# end

5010-lab# rollback running-config file bootflash:20110211-foo
Note: Applying config parallelly may fail Rollback verification
Collecting Running-Config
Generating Rollback patch for switch profile
Rollback Patch is Empty
Collecting Running-Config
#Generating Rollback Patch
Executing Rollback Patch
Generating Running-config for verification
Generating Patch for verification

Rollback completed successfully.

5010-lab#

* FEX (4x 10Gb connection from 5010 to 2148T)

Note: The doc indicates there is another way to attach a FEX, without the port channel, using 'pinning max-links 4' and 
      directly associating each interface with a set of ports on the FEX (for example, on the 2148T, each 10Gb connection
      would map to 12 1 Gb ports). This method makes each 10 Gb link a single point of failure, and should not be used.
      Below is the preferred configuration:

feature fex

fex 115
 desc FEX115
 pinning max-links 1
 exit

interface port-channel115
 switchport mode fex-fabric
 fex associate 115
 exit

interface e1/17-20
 switchport mode fex-fabric
 fex associate 115
 channel-group 115
 no shutdown

Note: At this point, wait a minute or two for the FEX module to come online
 
show int fex-fabric
show int po115 fex-intf

* FCOE (5010, Two servers connecting to a storage array)

feature fcoe
reload

vlan 50
 fcoe vsan 50
 exit

int e1/5
 desc VM01 CNA port 1
 switchport mode trunk
 spanning-tree port type edge trunk

int vfc51
 bind int e1/5
 no shut
 exit

int e1/6
 desc VM02 CNA port 1
 switchport mode trunk
 spanning-tree port type edge trunk

int vfc52
 bind int e1/6
 no shut
 exit

int fc2/1
 desc EMC101 port 1
 no shut
 exit
 
vsan database
 vsan 50
 vsan 50 interface vfc 51
 vsan 50 interface vfc 52
 vsan 50 interface fc2/1
 exit

Note: Zones use the PORT WWN, not the NODE WWN. Pay attention to the output of show fcns database!

zone name EMC101-VM vsan 50
 member pwwn 11:11:11:11:11:11:11:10
 member pwwn 11:11:11:11:11:11:11:1a
 member pwwn 22:11:11:11:11:11:11:10

zoneset name ZONESET1 vsan 50
 member EMC101-VM

zoneset activate name ZONESET1 vsan 50

zoneset distribute vsan 50 (only needed if there are multiple switches in the fabric)

show zoneset active (look for an asterisk next to each member)

show vsan
show vsan 50 membership
show vlan fcoe
show int vfc
show flogi database
show fcns database vsan 50
show zoneset active

fcping fcid 0x010101 vsan 50

Related Pages: