HP AJ732A Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-
HP AJ732A - Cisco MDS 9134 Fabric Switch Manual
UPC - 883585789481
View all HP AJ732A manuals
Add to My Manuals
Save this manual to your list of manuals |
HP AJ732A manual content summary:
- HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 1
Send feedback to [email protected] Cisco Nexus 5000 Series Switch CLI Software Configuration Guide Software Release 4.0(1a)N1 January 2009 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 2
, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide © 2009 Cisco Systems, Inc. All rights reserved - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 3
1-5 Licensing 1-5 QoS 1-5 Serviceability 1-5 Switch Management 1-6 Network Security Features 1-7 Virtual Device Contexts 1-7 Typical Deployment Topologies 1-7 Ethernet TOR Switch Topology 1-8 IOC Topology 1-9 Supported Standards 1-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide i - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 4
3-6 Initial Configuration 3-7 Configuration Prerequisites 3-7 Initial Setup 3-8 Preparing to Configure the Switch 3-8 Default Login 3-9 Configuring the Switch 3-9 Changing the Initial Configuration 3-12 Accessing the Switch 3-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide ii OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 5
H A P T E R OL-16597-01 Managing Licenses 4-1 Licensing Terminology 4-1 Licensing Model 4-2 License Installation 4-3 Obtaining a Factory-Installed License 4-3 Performing a Manual Installation 4-4 Obtaining the License Key File 4-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide iii - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 6
6-1 Understanding VLAN Ranges 6-2 Creating, Deleting, and Modifying VLANs 6-3 Configuring a VLAN 6-4 Creating and Deleting a VLAN 6-4 Entering the VLAN Submode and Configuring the VLAN 6-5 Adding Ports to a VLAN 6-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide iv OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 7
the Rapid PVST+ Forward Delay Time for a VLAN 8-23 Configuring the Rapid PVST+ Maximum Age Time for a VLAN 8-23 Specifying the Link Type 8-24 Restarting the Protocol 8-25 Verifying Rapid PVST+ Configurations 8-25 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide v - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 8
Globally 9-23 Configuring PVST Simulation Per Port 9-23 Specifying the Link Type 9-24 Restarting the Protocol 9-25 Verifying MST Configurations 9-25 Configuring STP Extensions 10-1 Information About STP Extensions 10-1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide vi OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 9
11-12 12 C H A P T E R Configuring Access and Trunk Interfaces 12-1 Information About Access and Trunk Interfaces 12-1 Understanding Access and Trunk Interfaces 12-1 Understanding IEEE 802.1Q Encapsulation 12-2 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide vii - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 10
Limitations 15-2 Configuring Traffic Storm Control 15-3 Verifying Traffic Storm Control Configuration 15-3 Displaying Traffic Storm Control Counters 15-3 Traffic Storm Control Example Configuration 15-4 Default Settings 15-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide viii OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 11
Servers 17-4 Configuring RADIUS Server Hosts 17-5 Configuring Global Preshared Keys 17-6 Configuring RADIUS Server Preshared Keys 17-6 Configuring RADIUS Server Groups 17-7 Allowing Users to Specify a RADIUS Server at Login 17-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide ix - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 12
Interval 18-12 Manually Monitoring TACACS+ Servers or Groups 18-12 Disabling TACACS+ 18-12 Displaying TACACS+ Statistics 18-13 Verifying TACACS+ Configuration 18-13 Example TACACS+ Configuration 18-13 Default Settings 18-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide x OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 13
Sequence Numbers in an IP ACL 20-7 Applying an IP ACL as a Port ACL 20-7 Applying an IP ACL as a VACL 20-8 Verifying IP ACL Configurations 20-8 Displaying and Clearing IP ACL Statistics 20-9 Configuring MAC ACLs 20-9 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xi - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 14
CFS Merge Support 21-6 CFS Support for Applications 21-6 CFS Application Requirements 21-6 Enabling CFS for an Application 21-7 Locking the Network 21-8 Committing Changes 21-8 Discarding Changes 21-9 Saving the Configuration 21-9 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xii - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 15
T E R Configuring Session Manager 23-1 Information About Session Manager 23-1 Configuration Guidelines and Limitations 23-1 Configuring Session Manager 23-2 Creating a Session 23-2 Configuring ACLs in a Session 23-2 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xiii - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 16
-10 26 C H A P T E R Configuring Smart Call Home 26-1 Information About Call Home 26-1 Call Home Overview 26-1 Destination Profiles 26-2 Call Home Alert Groups 26-2 Call Home Message Levels 26-4 Obtaining Smart Call Home 26-5 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xiv OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 17
the Notification Target User 27-7 Enabling SNMP Notifications 27-8 Configuring linkUp/linkDown Notifications 27-9 Disabling Up/ Down Notifications on an Interface 27-10 Enabling One-Time Authentication for SNMP over TCP 27-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xv - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 18
Priority Flow Control 29-6 Configuring IEEE 802.3x Link-Level Flow Control 29-6 Configuring LLDP 29-6 Configuring Global LLDP Commands 29-7 Configuring Interface LLDP Commands 29-7 Verifying FCoE Configuration 29-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xvi OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 19
-9 Configuring Policy Maps 31-10 Creating the System Service Policy 31-11 System Class Example 31-11 Enabling Jumbo MTU 31-12 Verifying Jumbo MTU 31-12 Configuring QoS on Interfaces 31-13 Configuring Ingress Policies 31-13 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 20
About Fibre Channel Domains 33-1 About Domain Restart 33-3 Restarting a Domain 33-3 About Domain Manager Fast Restart 33-3 Enabling Domain Manager Fast Restart 33-4 About Switch Priority 33-4 xviii Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 21
Distribution 33-10 Locking the Fabric 33-11 Committing Changes 33-11 Discarding Changes 33-11 Clearing a Fabric Lock 33-12 Displaying Configuring N Port Virtualization 34-1 Information About NPV 34-1 NPV Overview 34-1 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 22
36-2 Configuring SAN Port Channels 36-4 SAN Port Channel Configuration Guidelines 36-5 Creating a SAN Port Channel 36-6 About SAN Port Channel Modes 36-6 About SAN Port Channel Deletion 36-7 Deleting SAN Port Channels 36-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xx OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 23
37-9 About Static VSAN Deletion 37-9 Deleting Static VSANs 37-10 About Load Balancing 37-10 Configuring Load Balancing 37-10 About Interop Mode 37-11 Displaying Static VSAN Configuration 37-11 Default Settings 37-11 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xxi - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 24
the Database 38-22 Configuring Zone Merge Control Policies 38-23 Default Zone Policies 38-23 Configuring System Default Zoning Settings 38-23 Verifying Enhanced Zone Information 38-24 Compacting the Zone Database 38-24 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xxii OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 25
Resetting FSPF to the Default Configuration 40-5 Enabling or Disabling FSPF 40-5 Clearing FSPF Counters for the VSAN 40-5 FSPF Interface Configuration 40-5 About FSPF Link Cost 40-6 Configuring FSPF Link Cost 40-6 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xxiii - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 26
T E R Managing FLOGI, Name Server, FDMI, and RSCN Databases 41-1 Information About Fabric Login 41-1 Name Server Proxy 41-2 About Registering Name Server Proxies 41-2 Registering Name Database Entries 41-3 FDMI 41-4 xxiv Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 27
43-4 Fabric Lock Override 43-4 Database Merge Guidelines 43-4 Verifying Configured fctimer Configuring a Secondary MAC Address 43-6 FC ID Allocation for HBAs 43-7 Default Company ID List 43-7 Verifying the Company ID Configuration 43-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 28
Port Security with Auto-Learning and CFS Distribution 45-3 Configuring Port Security with Auto-Learning without CFS 45-4 Configuring Port Security with Manual Database Configuration 45-5 Enabling Port Security 45-5 xxvi Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 29
-1 Port Security Versus Fabric Binding 46-2 Fabric Binding Enforcement 46-2 Configuring Fabric Binding 46-3 Configuring Fabric Binding 46-3 Enabling Fabric Binding 46-3 About Switch WWN Lists 46-4 Configuring Switch WWN List 46-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xxvii - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 30
Default Port Tracking Settings 48-7 Troubleshooting 49 C H A P T E R Configuring SPAN 49-1 SPAN Sources 49-1 Characteristics of Source Ports 49-1 SPAN Destinations 49-2 Characteristics of Destination Ports 49-2 xxviii Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 31
tech-support Command 50-8 show tech-support brief Command 50-10 show tech-support fc Command 50-12 show tech-support platform Command 50-14 Default Settings 50-16 51 C H A P T E R INDEX Configuration Limits 51-1 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xxix - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 32
Contents Send feedback to [email protected] Cisco Nexus 5000 Series Switch CLI Software Configuration Guide xxx OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 33
Part 5 Part 6 Fibre Channel over Ethernet Quality of Service Description Presents an overview of the Cisco Nexus 5000 Series switches. Contains chapters on using the CLI and initial switch configuration. Contains chapters on how to configure Ethernet interfaces, VLANs, STP, Port Channels, trunks - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 34
font. < > Nonprinting characters, such as passwords, are in angle brackets. [ ] Cisco Nexus 5000 Series switches is available at the following URL: http://www.cisco.com/en/US/products/ps9670/tsd_products_support_series_home.html Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 35
as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide iii - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 36
Obtaining Documentation and Submitting a Service Request Send feedback to [email protected] Preface Cisco Nexus 5000 Series Switch CLI Software Configuration Guide iv OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 37
Ethernet link must provide lossless service. Ethernet links on Cisco Nexus 5000 Series switches provide two mechanisms to ensure lossless transport for FCoE traffic: link-level flow control and priority flow control. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 38
-side interfaces. Cisco Nexus 5000 Series switches provide quality of service (QoS) capabilities to ensure lossless service across the switch for Fibre Channel traffic. Best-effort service can be applied to all of the Ethernet traffic or specific classes of Ethernet traffic can be configured with - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 39
supports redundant fans and power supplies. The Cisco Nexus 5000 Series switching fabric is low latency, nonblocking and supports Ethernet frame sizes from 64 to 9216 bytes. Expansion Modules The Nexus 5010 switch . OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 40
Serviceability, page 1-5 • Switch Management, page 1-6 • Network Security Features, page 1-7 • Virtual Device Contexts, page 1-7 Ethernet Switching Cisco Nexus 5000 Series switches are designed to support and broadcast) Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-4 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 41
and FCoE traffic. QoS can be configured to provide additional classes of service for Ethernet traffic. Serviceability The Cisco Nexus 5000 Series switch serviceability functions provide data for network planning and help to improve problem resolution time. This section includes the following - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 42
access and restrict it to the users who require it. Configuration Methods You can configure Cisco Nexus 5000 Series switches using direct network configuration methods or web services hosted on a Fabric Manager server. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-6 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 43
NX-OS XML Management Interface User Guide, Release 4.0. • SNMP-SNMP allows you to configure switches using Management Information Bases (MIBs). Configuring with Cisco MDS Fabric Manager You can configure Cisco Nexus 5000 Series switches using the Fabric Manager client, which runs on a local PC - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 44
, so the server ports are connected using 10-Gigabit Ethernet NICs. The servers are connected to the data center SAN through MDS 9134 SAN switches. The server Fibre Channel ports require standard Fibre Channel HBAs. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 1-8 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 45
5000 Series switch are connected to Cisco MDS 9000 Family switches. Depending on required traffic volume, there may be multiple Fibre Channel ports connected to each MDS 9000 Family switch, configured as SAN port channels. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 46
feedback to [email protected] Supported Standards Table 1-1 lists the standards supported by the Cisco Nexus 5000 Series switches. Table 1-1 Standard 802 Class of Service Tagging for Ethernet frames 1-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 47
Send feedback to [email protected] PART 1 Configuration Fundamentals - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 48
Send feedback to [email protected] - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 49
switch# exit Purpose Makes a Telnet connection from your host to the switch that you want to access. Initiates authentication. Note If no password has been configured, press Return. Exits the session when finished. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 50
that affect the system as a whole. From EXEC mode, enter the configure terminal command. Note Changes made in this mode are saved across system resets if you save your configuration. Prompt switch# switch(config)# Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 2-2 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 51
commands, which display the current configuration status. The following commands are available in EXEC mode: switch# ? callhome cd clear cli callhome commands Change current directory Reset functions CLI commands OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 2-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 52
list files in a directory discover information Exit configuration mode Configure cisco fabric analyzer Exit from command interpreter Ping an N-Port current configuration xml agent Execute Zone Server commands Execute zoneset commands Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 53
ntp NTP Configuration pm packet manager policy-map Configure policy-map port-channel Add to/remove from a port-channel port-security Configure Port Security port-track Configure Switch port track config OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 2-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 54
because it reminds you which keywords or arguments are applicable based on the commands, keywords, and arguments you have already entered. switch# # configure ? terminal Configure the system from terminal input Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 2-6 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 55
configuration mode. When in configuration mode (or in any submode), enter the do command along with the required EXEC mode command. The command is executed at the EXEC level, and the prompt resumes its current mode level. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 56
config))# interface type slot/port switch(config-if)# line console line vty role name vlan vsan database switch(config-console) switch(config-line)# switch(config-role)# switch(config-vlan)# switch(config-vsan-db)# Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 2-8 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 57
Configuration Mode, Enter: Submode Prompt zone name string vsan vsan-id switch(config-zone)# zoneset name name vsan vsan-id switch(config-zoneset)# Using CLI Variables The Cisco Nexus 5000 Series CLI parser supports OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 2-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 58
cli alias name shintbr show interface brief switch(config)# cli alias name shfcintup shintbr | include up | include fc You can display the command aliases defined on the switch using the alias default command alias. 2-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 59
the run-script command executing the contents in the test file: switch# run-script bootflash:testfile 'configure terminal' Enter configuration commands, one per line. End with CNTL/Z. 'interface fc Speed is 2 Gbps OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 2-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 60
as arguments to a child run-script command process: switch# show file bootflash:test1.vsh show interface $(var1) $(var2) switch# run bootflash:test2.vsh var1="fc2/1" var2="brief" `show interface $(var1) $(var2)` 2-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 61
:test-script When you execute the test-script command script, the switch software executes the discover scsi-target remote command, and then waits for 10 seconds before executing the show scsi-target disk command. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 2-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 62
Command Scripts Chapter 2 Using the Command-Line Interface Send feedback to [email protected] 2-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 63
image. You can use the install all command to upgrade the kickstart, system, and upgradeable BIOS images. This section includes the following topics: • Starting the Switch, page 3-2 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 64
, the BIOS image retains control and prints a message to the console at 9600 baud every 30 seconds that indicates a failure. Figure 3-1 shows the normal and recovery boot sequence. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-2 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 65
databits 7 switch(config-console)# exec-timeout 30 switch(config-console)# parity even switch(config-console)# stopbits 2 You cannot change the BIOS console settings. These are the same as the default console settings. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 66
kickstart and system software files to a server. Ensure that the required space is available in the bootflash: directory for the image file(s) to be copied. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-4 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 67
error message is displayed and the installation does not proceed. • Displays the compatibility check results and displays whether the installation is disruptive. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 68
installer System version: 4.0(0)N1(1) Service: Downgrading from a Higher switch is identical to a switch upgrade, except that the image files to be loaded are for an earlier release than the image currently running on the switch. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 69
, page 3-12 Configuration Prerequisites The following procedure is a review of the tasks you should have completed during hardware installation. These tasks must be completed before you can configure the switch. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 70
step, the Cisco MDS 9000 Family Fabric Manager can reach the switch through the console port. Preparing to Configure the Switch Before you configure Cisco Nexus 5000 Series switch for the first time, you need the following information: • Administrator password. Note If a password is weak (short - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 71
. To configure the switch for first time, follow these steps: Step 1 Ensure that the switch is on. Switches in the Cisco Nexus 5000 Series boot automatically. Step 2 Enter the new password for the administrator. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 72
8 Enter the switch name: switch_name Enter yes (yes is the default) to configure out-of-band management. Continue with Out-of-band (mgmt0) management configuration? [yes/no]: yes a. Enter the mgmt0 IPv4 address. 3-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 73
full zoneset distribution (yes/no) [n]: yes Overrides the switch-wide default for the full zone set distribution feature. You see the new configuration. Review and edit the configuration that you have just entered. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 74
the basic configuration process. Accessing the Switch After the initial configuration, you can access the switch in a number of ways: • Serial console access-You can use a serial port connection to access the CLI. 3-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 75
Telnet or SSH to access a Cisco Nexus 5000 Series switch or use the Cisco MDS 9000 Fabric Manager application to connect to the switch using SNMP. Additional Switch Configuration This section includes the following topics: • Assigning a Switch Name, page 3-13 • Configuring Date, Time, and Time Zone - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 76
configure your switch to adjust for daylight saving time (or summer time). By default, Cisco NX-OS does not automatically adjust for daylight saving time. You must manually configure the switch , perform this task: 3-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 77
to correlate interacting events logged across multiple devices. Many enterprise customers with extremely mission-critical networks maintain their own stratum-1 NTP source. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-15 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 78
Server-1 Peer association Server association Switch-1 Peer association Stratum-2 Server-2 Server association Switch-2 85532 In this configuration, the switches were configured as follows: • Stratum 2 Server 1 3-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 79
can enable NTP fabric distribution for all Cisco Nexus 5000 Series switches in a fabric using the Cisco Fabric Services (CFS). When you perform NTP configurations, and distribution is enabled, the entire server or peer configuration is distributed to all the switches in the fabric. You automatically - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 80
this task: Step 1 Step 2 Command switch# configure terminal switch(config)# ntp abort Purpose Enters configuration mode. Discards the NTP configuration changes in the pending database and releases the fabric lock. 3-18 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 81
sections: • About the mgmt0 Interface, page 3-20 • Configuring the Management Interface, page 3-20 • Displaying Management Interface Configuration, page 3-20 • Shutting Down the Management Interface, page 3-21 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-19 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 82
mgmt 0 command. switch# show interface mgmt0 mgmt0 is up Hardware is GigabitEthernet, address is 000d.ec8f.cb00 (bia 000d.ec8f.cb00) Internet Address is 172.16.131.202/24 MTU 1500 bytes, BW 0 Kbit, DLY 0 usec, 3-20 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 83
commands. Configurations are displayed based on a specified feature, interface, module, or VSAN. Available show commands for each feature are briefly described in this section and listed at the end of each chapter. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-21 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 84
CLI defaults to the volatile: file system. This command expects a directory name input. Any file saved in the volatile: file system is erased when the switch reboots. The syntax for this command is cd directory name. 3-22 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 85
be deleted. The syntax for this command is rmdir directory name. This example deletes the directory called test in the bootflash directory: OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 3-23 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 86
bootflash:mydir/samplefile to bootflash:mydir/mystorage/samplefile. Deleting Files The delete command deletes a specified file or the specified directory and all its contents. 3-24 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 87
up in the volatile: directory: switch# show tech-support > Samplefile Building Configuration ... switch# dir 1525859 Jul 04 00: switch# gzip volatile:Samplefile switch# dir 266069 Jul 04 00:51:03 2003 Samplefile.gz OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 88
that was compressed in the previous example: switch# gunzip Samplefile switch# dir 1525859 Jul 04 00:51:03 2003 Samplefile Usage for volatile:// 1527808 bytes used 19443712 bytes free 20971520 bytes total 3-26 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 89
first obtaining a license. • Node-locked license-A license that can only be used on a particular switch using the switch's unique host ID. • Host IDs-A unique chassis serial number that is specific to each switch. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 4-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 90
installation instructions through e-mail. • License key file-A switch- switch hardware at no additional charge. It includes all available Ethernet and system features, except features explicitly listed in the Storage Services Package. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 91
factory-installed licenses for a new Cisco Nexus 5000 Series switch. To obtain a factory-installed license, perform this task: Step 1 Contact your reseller or Cisco representative and request this service. Note If you purchased Cisco support through a Cisco reseller, contact the reseller directly - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 92
[email protected] Performing a Manual Installation All Cisco Nexus 5000 Series licenses are factory-installed. Manual installation is in any switch, be sure to provide unique file names for each license key file. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 4-4 OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 93
.lic: SERVER this_host ANY VENDOR cisco INCREMENT ENTERPRISE_PKG cisco 1.0 permanent uncounted \ HOSTID=VDH=FOX0646S017 \ NOTICE="0 \ dummyPak" SIGN=EE9F91EA4B64 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 4-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 94
volatile:. The following example saves all licenses to a file named Enterprise.tar: switch# copy licenses bootflash:/Enterprise.tar Backing up license done Tip We recommend backing , before that license is uninstalled. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 4-6 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 95
: SERVER this_host ANY VENDOR cisco Enter yes (yes is the default) to continue with the license update. Do you want to continue? (y/n) y Clearing license ..done The FibreChannel.lic license key file is now uninstalled. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 4-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 96
license key file is now updated. Grace Period Alerts Cisco NX-OS gives you a 120-day grace period. This grace period starts or continues when you are evaluating a feature for which you have not installed a license. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 4-8 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 97
through a Cisco reseller, contact the reseller directly. If you purchased support directly from Cisco Systems, contact Cisco Technical Support at this URL: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 4-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 98
file Displays information for a specific license file. switch# show license host-id Displays the host ID for the physical switch. switch# show license usage Displays the usage information for installed licenses. 4-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 99
Send feedback to [email protected] PART 2 LAN Switching - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 100
Send feedback to [email protected] - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 101
also support Fibre Channel over Ethernet (FCoE). FCoE allows the physical Ethernet link to carry both Ethernet and Fibre Channel traffic. For additional information, see Chapter 29, "Configuring FCoE" and Chapter 30, "Configuring Virtual Interfaces." On a Cisco Nexus 5000 Series switch, the - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 102
port is shut down. Devices on both ends of the link must support UDLD in order for the protocol to successfully identify and disable unidirectional links the same port. UDLD detects the problem and disables the port. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 5-2 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 103
mode is disabled by default. You can configure UDLD aggressive mode only on point-to-point links between network devices that support UDLD aggressive mode. If UDLD aggressive mode traffic from being discarded. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 5-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 104
data-link layer only, two systems that support different network-layer protocols can learn about each other. Each CDP-configured device sends periodic messages to a multicast and specify the delay time in milliseconds. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 5-4 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 105
this task: Step 1 Step 2 Command switch# configure terminal switch(config)# feature udld switch(config)# no feature udld Purpose Enters configuration mode. Enables UDLD for the device. Disables UDLD for the device. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 5-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 106
speed Purpose Enters configuration mode. Enters interface configuration mode for the specified interface. This interface must have a 1-Gigabit Ethernet SFP transceiver inserted into it. Sets the speed on the interface. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 5-6 OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 107
is 5 to 254; the default is 60 seconds. Use the no form of the CDP commands to return to the default settings. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 5-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 108
mode. Enters interface configuration mode for the specified interface. Enables the debounce timer for the amount of time (1 to 5000 milliseconds) specified. Disables the debounce timer if you specify 0 milliseconds. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 5-8 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 109
switch# configure terminal switch(config)# interface type slot/port switch(config-if)# shutdown Purpose Enters configuration mode. Enters interface configuration mode for the specified interface. Disables the interface. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 110
Encapsulation ARPA Port mode is trunk full-duplex, 10 Gb/s, media type is 1/10g Input flow-control is off, output flow-control is off 5-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 111
number is AGD1134229V 070823 nominal bitrate is 0 MBits/sec Link length supported for 50/125mm fiber is 0 m(s) Link length supported for 62.5/125mm fiber is 0 m(s) cisco id is -- cisco extended id number is 4 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 5-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 112
Bridge, B - Source-Route-Bridge S - Switch, H - Host, I - IGMP, r - Repeater, V - VoIP-Phone, D - Remotely-Managed-Device, s - Supports-STP-Dispute Device ID d13-dist-1 n5k( 100 milliseconds Auto (full-duplex) 5-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 113
Mode Access Speed Auto (10000) 1. MTU cannot be changed per-physical Ethernet interface. You modify MTU by selecting maps of QoS classes. See Chapter 31, "Configuring QoS," for additional information. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 5-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 114
Displaying Interface Information Chapter 5 Configuring Ethernet Interfaces Send feedback to [email protected] 5-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 115
. Each VLAN is considered a logical network. Packets destined for stations that do not belong to the VLAN must be forwarded through a router. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 6-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 116
limited in the number of VLANs it can support. The hardware also shares this available range with its VSANs. For details of the number of supported VLANs and VSANs, see the "Configuration Limits" section on page 51-1. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 6-2 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 117
Modifying VLANs VLANs are numbered from 1 to 4094. All configured ports belong to the default VLAN when you first bring up the switch. The default VLAN (VLAN1) uses only default values, the original ports to that VLAN. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 6-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 118
cannot create or delete those VLANs that are reserved for internal use. This example shows how to create a range of VLANs from 15 to 20: switch# configure terminal switch(config)# vlan 15-20 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 6-4 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 119
example shows how to configure optional parameters for VLAN 5: switch# configure terminal switch(config)# vlan 5 switch(config-vlan)# name accounting switch(config-vlan)# state active switch(config-vlan)# no shutdown OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 6-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 120
/19 Eth1/20, Eth1/21, Eth1/22 Eth1/23, Eth1/24, Eth1/25 Eth1/26, Eth1/27, Eth1/28 Eth1/29, Eth1/30, Eth1/31 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 6-6 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 121
Secondary Type Ports The following example shows the VLAN settings summary: switch# show vlan summary Number of existing VLANs : 2 Number of existing user VLANs : 2 Number of existing extended VLANs : 0 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 6-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 122
Verifying VLAN Configuration Chapter 6 Configuring VLANs Send feedback to [email protected] Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 6-8 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 123
ports in other community VLANs. Note A PVLAN isolated port on a Cisco Nexus 5000 Series switch running the current release of Cisco NX-OS does not support IEEE 802.1q encapsulation and cannot be used as a trunk port. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 7-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 124
a community VLAN can communicate with each other but cannot communicate with ports in other community VLANs or in any isolated VLANs at the Layer 2 level. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 7-2 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 125
from all isolated ports within the private VLAN domain. Note Because trunks can support the VLANs carrying traffic between promiscuous, isolated, and community ports, the isolated types of VLANs and types of ports. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 7-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 126
to be operational, the following conditions must be met: • The primary VLAN must exist and be configured as a primary VLAN. • The secondary VLAN must exist and be configured as either an isolated or community VLAN. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 7-4 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 127
end stations access to a default gateway. Configuring a Private VLAN Note You must have already created the VLAN before you can assign the specified VLAN as a private VLAN, This section includes the following topics: OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 7-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 128
task: Command switch(config)# no feature private-vlan Purpose Disables the private VLAN feature on the switch. Note You cannot disable private VLANs if there are operational ports on the switch that are in private VLAN mode. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 7-6 OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 129
VLAN ID or a hyphenated range of secondary VLAN IDs. • The secondary-vlan-list parameter can contain multiple community and isolated VLAN IDs. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 7-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 130
of the secondary VLANs, which are either community VLANs or isolated VLANs. You then associate the host port with both the primary and secondary VLANs. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 7-8 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 131
2 Command switch# configure terminal switch(config)# interface type slot/port Purpose Enters configuration mode. Selects the port to configure as a private VLAN promiscuous port. A physical interface is required. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 7-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 132
Primary Secondary Type 5 100 community 5 101 community 5 102 community 5 103 community 5 109 isolated switch# show vlan private-vlan type Vlan Type 5 primary Ports Eth1/12, veth1/1 Eth1/2 7-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 133
[email protected] 100 community 101 community 102 community 103 community 109 isolated The following example shows how to display enabled features: switch# show system internal clis feature 7 pvlan enabled OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 7-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 134
Verifying Private VLAN Configuration Chapter 7 Configuring Private VLANs Send feedback to [email protected] 7-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 135
Rapid PVST+, page 8-6 • Rapid PVST+ Interoperation with Legacy 802.1D STP, page 8-16 • Rapid PVST+ Interoperation with 802.1s MST, page 8-17 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 136
backup state; all paths that are not needed to reach the root switch from anywhere in the switched network are placed in an STP-blocked state. The topology on an active switched network is determined by the following: Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-2 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 137
10 Bit 9 Bit 8 Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 32768 16384 8192 4096 2048 1024 512 256 128 64 32 16 8 4 2 1 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 138
following minimal information: • The unique bridge ID of the switch that the transmitting switch determines is the root bridge • The STP path cost to the root • The bridge ID of the transmitting bridge • Message age Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-4 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 139
. By increasing the priority (lowering the numerical value) of the ideal switch so that it becomes the root bridge, you force an STP recalculation to form a new spanning tree topology with the ideal switch as the root. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 140
do not manually disable STP). Each Rapid PVST+ instance on a VLAN has a single root switch. You can enable and disable STP on a per-VLAN basis when you are running Rapid PVST+. Note Rapid PVST+ is the default STP mode for the switch. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 141
failure detection. The switch automatically checks the PVID. Rapid PVST+ provides for rapid recovery of connectivity following the failure of a network device, a switch port, or a LAN it receives a topology change. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 142
in Figure 8-4, switch A is connected to switch B through a point-to-point link, and all of the ports are in the blocking state. Assume that the priority of switch A is a smaller numerical value than the priority of switch B. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-8 OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 143
process then proliferates step-by-step throughout the topology. Protocol Timers Table 8-2 describes the protocol timers that affect the Rapid PVST+ performance. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 144
port role is included in the active topology. A port with the alternate or backup port role is excluded from the active topology (see Figure 8-5). 8-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 145
frame forwarding. • Forwarding-The LAN port forwards frames. • Disabled-The LAN port does not participate in STP and is not forwarding frames. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 146
the forwarding state from the learning state. A LAN port in the forwarding state performs as follows: • Forwards frames received from the attached segment. • Forwards frames switched from another port for forwarding. 8-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 147
synchronize with root information and the port does not satisfy any of the above conditions, its port state is set to blocking. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 148
software checks the consistency of the port role and state in the received BPDUs to detect unidirectional link failures that could cause bridging loops. 8-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 149
assign any value in the range of 1 to 65535. However, you can configure the switch to use the long (32-bit) pathcost method, which allows you to can configure the same port cost to all the VLANs on a trunk port. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-15 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 150
is started (specifies the minimum time during which 802.1w BPDUs are sent), and 802.1w BPDUs are sent. While this timer is active, the switch processes all BPDUs received on that port and ignores the protocol type. 8-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 151
+ on the switch, you must enable Rapid PVST+ on the specified VLANs (see "Enabling Rapid PVST+ per VLAN" section on page 8-18). Rapid PVST+ is the default STP mode. You cannot simultaneously run MST and Rapid PVST+. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-17 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 152
-range value can be 2 through 4094 (except reserved VLAN values. See Chapter 6, "Configuring VLANs." This example shows how to enable STP on VLAN 5: switch# configure terminal switch(config)# spanning-tree vlan 5 8-18 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 153
do not manually configure the hello time, forward-delay time, and maximum-age time using the spanning-tree mst hello-time, spanning-tree mst forward-time, and spanning-tree mst max-age global configuration commands. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-19 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 154
used when configuring the primary root bridge. Note With the switch configured as the root bridge, do not manually configure the hello configure the switch as the secondary root bridge for VLAN 5 with a network diameter of 4: 8-20 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 155
# configure terminal switch(config)# spanning-tree pathcost method {long | short} Purpose Enters configuration mode. Selects the method used for Rapid PVST+ pathcost calculations. The default method is the short method. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 156
rejected. The default value is 32768. This example shows how to configure the priority of VLAN 5 on Gigabit Ethernet port 1/4 to 8192: switch# configure terminal switch(config)# spanning-tree vlan 5 priority 8192 8-22 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 157
time 21 Configuring the Rapid PVST+ Maximum Age Time for a VLAN You can configure the maximum age time per VLAN when using Rapid PVST+. To configure the maximum age time for a VLAN in Rapid PVST+, perform this task: OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-23 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 158
as a point-to-point link: switch# configure terminal switch (config)# interface ethernet 1/4 switch(config-if)# spanning-tree link-type point-to-point You can only apply this command to a physical Ethernet interface. 8-24 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 159
Interface Role Sts Cost Prio.Nbr Type Eth1/3 Root FWD 2 128.131 P2p Peer(STP) veth1/1 Desg FWD 2 128.129 Edge P2p OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 8-25 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 160
Verifying Rapid PVST+ Configurations Chapter 8 Configuring Rapid PVST+ Send feedback to [email protected] 8-26 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 161
Count, page 9-7 • Boundary Ports, page 9-7 • Detecting Unidirectional Link Failure, page 9-8 • Port Cost and Port Priority, page 9-8 • Interoperability with IEEE 802.1D, page 9-9 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 162
traffic, enables load balancing, and reduces the number of STP instances required to support a large number of VLANs. MST improves the fault tolerance of the network because + regions and 802.1D spanning tree protocols. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-2 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 163
each time that the MST configuration is committed. • MST configuration table-4096-element table that associates each of the potential 4094 VLANs supported to a given instance with the mapping, the system restarts MST. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 164
subtree in the CST that encompasses the entire switched domain. The CIST is formed by the spanning tree algorithm running among switches that support the 802.1w, 802.1s, and 802.1D MST Regions" section on page 9-5. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-4 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 165
1D switch (D). The CIST regional root for region 1 (A) is also the CIST root. The CIST regional root for region 2 (B) and the CIST regional root for region 3 (C) are the roots for their respective subtrees within the CIST. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 166
an MST region. An MST region looks like a single switch to the CIST. The CIST external root path cost is the root path cost calculated between these virtual switches and switches that do not belong to any region. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-6 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 167
9-3). Figure 9-3 MST Boundary Ports MST region A MST region B Bridge B1 Bridge B2 Bridge B3 182777 B2 designated => B1 boundary, B2 & B3 internal OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 168
priorities to break ties among ports with the same cost. A lower number indicates a higher priority. The default port priority is 128. You can configure the priority to values between 0 and 224, in increments of 32. Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-8 OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 169
resumes the normal STP transition process. Configuring MST This section includes the following topics: • MST Configuration Guidelines, page 9-10 • Enabling MST, page 9-10 • Entering MST Configuration Mode, page 9-11 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 170
Changing the spanning tree mode disrupts traffic because all spanning tree instances are stopped for the previous mode and started for the new mode. 9-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 171
MST revision number. Note Each command reference line creates its pending regional configuration in MST configuration mode. In addition, the pending region configuration starts with the current region configuration. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 172
0. Specifying the MST Name You configure a region name on the bridge. For two or more bridges to be in the same MST region, they must have the identical MST name, VLAN-to-instance mapping, and MST revision number. 9-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 173
of processing IEEE 802.1w RSTP BPDUs. There is no limit to the number of MST regions in a network, but each region can support only up to 65 MST instances. You can assign a VLAN to only one MST instance at a time. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 174
-tree mst configuration switch(config-mst)# instance 1 vlan 10-20 switch(config-mst)# name region1 switch(config-mst)# revision 1 switch(config-mst)# show pending Pending MST configuration Name [region1] Revision 1 9-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 175
VLAN to MST instances, perform this task: Command switch(config-mst)# no instance instance-id vlan vlan-range Purpose Deletes the specified instance and returns the VLANs to the default MSTI, which is the CIST. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-15 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 176
, do not manually configure the hello time, forward-delay time, and maximum-age time using the spanning-tree mst hello-time, spanning-tree mst forward-time, and spanning-tree mst max-age global configuration commands. 9-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 177
configure multiple backup root bridges. Enter the same network diameter and hello-time values that you used when you configured the primary root bridge with the spanning-tree mst root primary global configuration command. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 178
the lowest interface number in the forwarding state and blocks the other interfaces. To configure the port priority, perform this task: Step 1 Command switch# configure terminal Purpose Enters configuration mode. 9-18 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 179
and blocks the other interfaces. Note MST uses the long pathcost calculation method. To configure the port cost, perform this task: Step 1 Command switch# configure terminal Purpose Enters configuration mode. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-19 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 180
using this command. For most situations, we recommend that you enter the spanning-tree mst root primary and the spanning-tree mst root secondary global configuration commands to modify the switch priority. 9-20 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 181
, the range is from 1 to 10, and the default is 2 seconds. This example shows how to configure the hello time of the switch to 1 second: switch# configure terminal switch(config)# spanning-tree mst hello-time 1 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-21 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 182
. You configure the maximum hops inside the region and apply it to the IST and all MST instances in that region. The hop count achieves the same result as the message-age information (triggers a reconfiguration). 9-22 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 183
port remains in the inconsistent state until the port stops receiving BPDUs, and then the port resumes the normal STP transition process. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-23 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 184
shared, the STP reverts to 802.1D. The default is auto, which sets the link type based on the duplex setting of the interface. 9-24 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 185
MST configuration: switch# show spanning-tree mst configuration % Switch is not in mst mode Name [mist-attempt] Revision 1 Instances configured 2 Instance Vlans mapped 0 1-12,14-41,43-4094 1 13,42 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 9-25 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 186
Verifying MST Configurations Chapter 9 Configuring MST Send feedback to [email protected] 9-26 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 187
, page 10-2 • Understanding BPDU Guard, page 10-3 • Understanding BPDU Filtering, page 10-3 • Understanding Loop Guard, page 10-4 • Understanding Root Guard, page 10-5 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 188
to forward data traffic when it is no longer running the spanning tree algorithm. Note Bridge Assurance is supported only by Rapid PVST+ and MST. Legacy 802.1D spanning tree does not support Bridge Assurance. 10-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 189
it receives and go to forwarding. If the port configuration is not set to default BPDU Filtering, then the edge configuration will not affect BPDU Filtering. Table 10-1 lists all the BPDU Filtering combinations. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 190
removes its loop-inconsistent condition, and the STP determines the port state because such recovery is automatic. Loop Guard isolates the failure and allows STP to converge to a is disabled for the specified ports. 10-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 191
, the port is unblocked again. Through STP, the port moves to the forwarding state. Recovery is automatic. Root Guard enabled on an interface applies this functionality to all VLANs to which if Root Guard is enabled. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 192
port type edge default This example shows how to configure all ports connected to switches or bridges as spanning tree network ports: switch# configure terminal switch(config)# spanning-tree port type network default 10-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 193
-tree port type edge Configuring Spanning Tree Network Ports on Specified Interfaces You can configure spanning tree network ports on specified interfaces. Bridge Assurance runs only on spanning tree network ports. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 194
that you enable BPDU Guard on all edge ports. Before you configure this feature, you should do the following: • Ensure that STP is configured. • Ensure that you have configured some spanning tree edge ports. 10-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 195
interfaces. This example shows how to explicitly enable BPDU Guard on the Ethernet edge port 1/4: switch# configure terminal switch (config)# interface ethernet 1/4 switch(config-if)# spanning-tree bpduguard enable OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 196
send any BPDUs and drops all BPDUs that it receives. This BPDU Filtering functionality applies to the entire interface, whether trunking or not. 10-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 197
the interface is an operational spanning tree edge port and if you enter the spanning-tree port type edge bpdufilter default command. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 198
belongs. Note Entering the Loop Guard command for the specified interface overrides the global Loop Guard command. Before you configure this feature, you should do the following: • Ensure that STP is configured. 10-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 199
config spanning-tree [all] switch# show spanning-tree [options] Purpose Displays the current status of spanning tree on the switch Displays selected detailed information for the current spanning tree configuration. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 10-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 200
Verifying STP Extension Configuration Chapter 10 Configuring STP Extensions Send feedback to [email protected] 10-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 201
Load Balancing Using Port Channels, page 11-3 • Understanding LACP, page 11-4 Understanding Port Channels Using port channels, Cisco NX-OS provides wider bandwidth, redundancy, and load balancing across the channels. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 11-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 202
• 802.3x flow control setting • MTU The Cisco Nexus 5000 Series switch only supports system level MTU. This attribute cannot be changed on an individual port basis. • Broadcast/Unicast/Multicast Storm Control setting 11-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 203
and destination IP addresses, and the source and destination port number. You can configure the switch to use one of the following methods to load balance across the port channel: and destination TCP/UDP port number OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 11-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 204
-5 • LACP ID Parameters, page 11-5 • Port-Channel Modes, page 11-6 • LACP Marker Responders, page 11-7 • LACP-Enabled and Static Port Channels Differences, page 11-7 11-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 205
standby mode when there is a limitation that prevents all compatible ports from aggregating and which ports should be put into active mode. A OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 11-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 206
passive mode is useful when you do not know whether the remote system, or partner, supports LACP. Ports can form an LACP port channel when they are in different LACP modes channel with another port in passive mode. 11-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 207
Cisco NX-OS supports Configuring the LACP Port Priority, page 11-11 Creating a Port Channel You can create a port channel before creating a channel group. Cisco NX-OS automatically creates the associated channel group. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 208
mode trunk Purpose Enters configuration mode. Specifies the interface that you want to add to a channel group and enters the interface configuration mode. (Optional) Configures the interface as a trunk port. 11-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 209
the port-channel load-balancing algorithm. This example shows how to configure source IP load balancing for port channels: switch# configure terminal switch (config)# port-channel load-balance ethernet source-ip OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 11-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 210
or passive. This channel configuration mode allows the link to operate with LACP. When you configure port channels with no associated protocol, all interfaces on both sides of the link remain in the on channel mode. 11-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 211
to 2500: switch# configure terminal switch(config)# lacp system-priority 2500 Configuring the LACP Port Priority When you enable LACP, you can configure each link in the LACP port channel for the port priority. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 11-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 212
statistics for port channels. Displays the range of used and unused channel numbers. Displays information on current running of the port channel feature. 11-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 213
two or more VLANs configured on the interface; it can carry traffic for several VLANs simultaneously. Figure 12-1 show how you can use trunk ports in the network. The trunk port carries traffic for two or more VLANs. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 12-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 214
between the VLANs. The encapsulated VLAN tag also allows the trunk to move traffic end-to-end through the network on the same VLAN. 12-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 215
address. Understanding the Native VLAN ID for Trunk Ports Note Native VLAN ID numbers must match on both ends of the trunk. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 12-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 216
in problems during switch# configure terminal switch(config)# interface {{type slot/port} | {port-channel number}} Purpose Enters configuration mode. Specifies an interface to configure, and enters interface configuration mode. 12-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 217
configuration mode. Sets the interface to be an access host port, which immediately moves to the spanning tree forwarding state and disables port channeling on this interface. Note Apply this command only to end stations. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 218
, the trunk port uses the default VLAN as the native VLAN ID. To configure native VLAN for a 802.1Q trunk port, perform this task: Step 1 Command switch# configure terminal Purpose Enters configuration mode. 12-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 219
how to add VLANs 15 to 20 to the list of allowed VLANs on the Ethernet 3/1 Ethernet trunk port: switch# configure terminal switch(config)# interface ethernet 3/1 switch(config-if)# switchport trunk allow vlan 15-20 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 12-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 220
switchport switch# show interface brief Purpose Displays the interface configuration Displays information for all Ethernet interfaces, including access and trunk interfaces. Displays interface configuration information. 12-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 221
Addresses This section includes the following topics: • Configuring a Static MAC Address, page 13-2 • Configuring the Aging Time for the MAC Table, page 13-2 • Clearing Dynamic Addresses from the MAC Table, page 13-3 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 13-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 222
of time that an entry (the packet source MAC address and port that packet ingresses) remain in the MAC table. Note You can also configure MAC aging time in interface configuration mode or VLAN configuration mode. 13-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 223
table. This example shows how to display the MAC address table: switch# show mac-address-table VLAN MAC Address Type Age Port 1 0018.b967.3cd0 dynamic 10 Eth1/3 1 001c.b05a.5380 dynamic 200 Eth1/3 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 13-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 224
Send feedback to [email protected] Total MAC Addresses: 2 This example shows how to display the current aging time: switch# show mac-address-table aging-time Vlan Aging Time 1 300 13 300 42 300 13-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 225
is supported switch that is located between the host and the IGMP router. The IGMP snooping switch snoops the IGMP membership reports and leave messages and forwards them only when necessary to the connected IGMP routers. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 226
IGMPv2 Both IGMPv1 and IGMPv2 support membership report suppression, which Cisco NX-OS ignores the configuration of last member query interval when you enable the fast leave feature because it does not check for remaining hosts. 14-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 227
reports to establish appropriate forwarding. IGMP Forwarding The control plane of the Cisco Nexus 5000 Series switch is able to detect IP addresses but forwarding occurs using the MAC VLAN from its IGMP cache. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 14-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 228
default is enabled. Note If the global setting is disabled, then all VLANs are treated as disabled, whether they are enabled or not. Enters VLAN configuration mode. 14-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 229
all VLANs. Supports IGMPv2 hosts switch(config-vlan)# ip igmp snooping mrouter interface ethernet 1/10 switch(config-vlan)# ip igmp snooping static-group 230.0.0.1 interface ethernet 1/10 switch(config-vlan)# end switch# OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 230
information for vlan 1 IGMP snooping enabled IGMP querier none Switch-querier disabled Explicit tracking enabled Fast leave disabled Report suppression enabled Router port detection using PIM Hellos, IGMP Queries 14-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 231
enabled Fast leave enabled Report suppression enabled Router port detection using PIM Hellos, IGMP Queries Number of router-ports: 1 Number of groups: 1 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 14-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 232
Verifying IGMP Snooping Configuration Chapter 14 Configuring IGMP Snooping Send feedback to [email protected] 14-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 233
example, traffic storm control occurs between times T1 and T2 and between T4 and T5. During those intervals, the amount of broadcast traffic exceeded the configured threshold. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 15-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 234
can configure traffic storm control on a port-channel interface. • Specify the level as a percentage of the total interface bandwidth: - The level can be from 0 to 100. - The optional fraction of a level can be from 0 to 99. 15-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 235
interfaces. Displays the traffic storm control configuration. Displaying Traffic Storm Control Counters You can display the counters the Cisco Nexus 5000 Series switch maintains for traffic storm control activity. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 15-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 236
the default settings for traffic storm control parameters. Table 15-1 Default Traffic Storm Control Parameters Parameters Traffic storm control Threshold percentage Default Disabled 100 15-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 237
Send feedback to [email protected] PART 3 Switch Security Features - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 238
Send feedback to [email protected] - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 239
actions of users managing Nexus 5000 Series switches. The Nexus 5000 Series switches support Remote Access Dial-In User Service (RADIUS) or Terminal Access Controller Access Control device Plus (TACACS+) protocols. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 240
over local AAA services: • User password lists for each Nexus 5000 Series switch in the fabric are easier to manage. • AAA servers are already deployed widely across enterprises and can be easily used for AAA services. 16-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 241
pool are the servers that can be selectively configured in a RADIUS server group on the Nexus 5000 Series switches. Table 16-2 describes the AAA authentication methods that you can configure for the AAA services. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 242
as custom attributes for the shell. 4. If your username and password are successfully authenticated locally, the Nexus 5000 Series switch logs you in and assigns you the roles configured in the local database. 16-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 243
Server Hosts" section on page 18-5) • The Nexus 5000 Series switch is configured as a client of the AAA servers. • The preshared secret key is configured on the Nexus 5000 Series switch and on the remote AAA servers. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 244
5000 Series Switches, page 16-11 Configuring Console Login Authentication Methods This section describes how to configure the authentication methods for the console login. The authentication methods include the following: 16-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 245
methods for the console login: switch# configure terminal switch(config)# aaa authentication login console group radius switch(config)# exit switch# show aaa authentication switch# copy running-config startup-config OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 246
displayed : Remote AAA servers unreachable; local authentication done. Remote AAA servers unreachable; local authentication failed. To enable login authentication failure messages, perform this task: 16-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 247
mode. Enables MS-CHAP authentication. The default is disabled. Exits configuration mode. (Optional) Displays the MS-CHAP configuration. (Optional) Copies the running configuration to the startup configuration. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 248
mode. switch# show aaa accounting (Optional) Displays the configuration AAA accounting default methods. switch# copy running-config startup-config (Optional) Copies the running configuration to the startup configuration. 16-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 249
Series Switch User Roles and SMNPv3 Parameters on AAA Servers You can use the VSA cisco-av-pair on AAA servers to specify user role mapping for the Nexus 5000 Series switch using this format: shell:roles="roleA roleB ..." OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 250
the AAA configuration in the startup configuration. Example AAA Configuration The following example shows how to configure AAA: aaa authentication login default group radius aaa authentication login console group radius 16-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 251
method Login authentication failure messages MSCHAP authentication Default accounting method Accounting log display length Default local local Disabled Disabled local 250 KB OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 16-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 252
Default Settings Chapter 16 Configuring AAA Send feedback to [email protected] 16-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 253
[email protected] 17 C H A P T E R Configuring RADIUS This chapter describes how to configure Remote Access Dial-In User Service (RADIUS) protocol on the Nexus 5000 Series switch. network access for remote users. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 254
authenticated and is prompted to reenter the username and password, or access is denied. • CHALLENGE-A challenge services. • Connection parameters, including the host or client IPv4 or IPv6 address, access list, and user timeouts. 17-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 255
5000 Series switch, the RADIUS protocol directs the RADIUS server to return user attributes, such as authorization information, along with authentication results. This authorization information is specified through VSAs. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 256
Prerequisites for RADIUS Chapter 17 Configuring RADIUS Send feedback to [email protected] The following VSA protocol options are supported by the Nexus 5000 Series switch: • Shell- Used in access-accept packets to provide user profile information. • Accounting- Used in accounting- - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 257
the IPv4 or IPv6 address or hostname for a RADIUS server. Exits configuration mode. (Optional) Displays the RADIUS server configuration. (Optional) Copies the running configuration to the startup configuration. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 258
secret text string between the Nexus 5000 Series switch and the RADIUS server host. To configure radius server preshared keys, obtain the preshared key values for the remote RADIUS servers and perform this task: 17-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 259
-name Creates a RADIUS server group and enters the RADIUS server group configuration submode for that group. The group-name argument is a case-sensitive alphanumeric string with a maximum length of 127 characters. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 260
-request Step 3 switch(config)# exit Purpose Enters configuration mode. Allows users to specify a RADIUS server to send the authentication request when logging in. The default is disabled. Exits configuration mode. 17-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 261
that the Nexus 5000 Series switch waits for responses from RADIUS servers before declaring a timeout failure. To configure RADIUS transmission retry count and timeout interval for a server, perform this task: OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 262
65535. (Optional) Specifies that the specified RADIUS server it to be used only for accounting purposes. The default is both accounting and authentication. 17-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 263
5000 Series switch sends out a test packet. Note The default idle timer value is 0 minutes. When the idle time interval is 0 minutes, the Nexus 5000 Series switch does not perform periodic RADIUS server monitoring. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 264
2 Command switch# configure terminal #switch(config)# radius-server deadtime Purpose Enters configuration mode. Configures the dead-time interval. The default value is 0 minutes. The range is from 1 to 1440 minutes. 17-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 265
, refer to the Cisco Nexus 5000 Series Command Reference. Displaying RADIUS Server Statistics To display the statistics the Cisco Nexus 5000 Series switch maintains for RADIUS server activity, perform this task: OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 17-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 266
count Retransmission timer interval Idle timer interval Periodic server monitoring username Periodic server monitoring password Default Authentication and accounting 0 minutes 1 5 seconds 0 minutes test test 17-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 267
provide each service (authentication, authorization, and accounting) independently. Each service is associated with its own database to take advantage of other services available on Type and Preshared Key, page 18-3 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 268
session for that user and determines the services that the user can access. Services include the following: • Telnet, rlogin, Point-to-Point Protocol (PPP), Serial Line Internet Protocol (SLIP), or EXEC services 18-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 269
The monitoring interval for alive servers and dead servers are different and can be configured by the user. The TACACS+ server monitoring is performed by sending a test authentication request to the TACACS+ server. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 270
1 Step 2 Enable TACACS+. See the "Enabling TACACS+" section on page 18-5. Establish the TACACS+ server connections to the Nexus 5000 Series switch. See the "Configuring TACACS+ Server Hosts" section on page 18-5. 18-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 271
(see the "Configuring Global Preshared Keys" section on page 18-6 and the "Configuring TACACS+ Server Preshared Keys" section on page 18-7). Before you configure TACACS+ server hosts, you should do the following: OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 272
keys are saved in encrypted form in the running configuration. Use the show running-config command to display the encrypted preshared keys. (Optional) Copies the running configuration to the startup configuration. 18-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 273
you configure them. You can configure these server groups at any time but they only take effect when you apply them to an AAA service. For information on AAA services, see the "Remote AAA Services" section on page 16-2. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 274
authentication method. If you enable this option, the user can log in as username@hostname, where hostname is the name of a configured RADIUS server. Note User specified logins are only supported for Telnet sessions. 18-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 275
responses from a TACACS+ server before declaring a timeout failure. The timeout interval determines how long the Nexus 5000 Series switch waits for responses from a TACACS+ server before declaring a timeout failure. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 276
example shows how to configure TCP ports: switch# configure terminal switch(config)# tacacs-server host 10.10.1.1 port 2 switch(config)# exit switch# show tacacs-server switch# copy running-config startup-config 18-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 277
)# tacacs-server host 10.10.1.1 test username user1 password Ur2Gd2BH idle-time 3 switch(config)# tacacs-server dead-time 5 switch(config)# exit switch# show tacacs-server switch# copy running-config startup-config OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 278
tacacs+ 10.10.1.1 user1 Ur2Gd2BH switch# test aaa group TacGroup user2 As3He3CI Disabling TACACS+ You can disable TACACS+. Caution When you disable TACACS+, all related configurations are automatically discarded. 18-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 279
following example shows how to configure TACACS+: feature tacacs+ tacacs-server key 7 "ToIkLhPpG" tacacs-server host 10.10.2.2 key 7 "ShMoMhTl" aaa group server tacacs+ TacServer server 10.10.2.2 use-vrf management OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 18-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 280
Parameters TACACS+ Dead timer interval Timeout interval Idle timer interval Periodic server monitoring username Periodic server monitoring password Default Disabled 0 minutes 5 seconds 0 minutes test test 18-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 281
5000 Series switch will interoperate with publicly and commercially available SSH clients. The user authentication mechanisms supported for SSH are RADIUS, TACACS+, and the use of locally stored user names and passwords. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 282
on the Nexus 5000 Series switch. Prerequisites for SSH SSH has the following prerequisites: • You have configured IP on a Layer 3 interface, out-of-band on the mgmt 0 interface or inband on an Ethernet interface. 19-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 283
. The following example shows how to generate an SSH server key: switch# configure terminal switch(config)# ssh key rsa 2048 switch(config)# exit switch# show ssh key switch# copy running-config startup-config OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 284
-file bootflash:filename Step 2 switch# configure terminal Purpose Downloads the file containing the SSH key in IETF SECSH format from a server. The server can be FTP, SCP, SFTP, or TFTP. Enters configuration mode. 19-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 285
SSH public keys in PEM-formatted public key certificate form: switch# copy tftp://10.10.1.1/cert.pem bootflash:cert.pem switch# configure terminal switch# show user-account switch# copy running-config startup-config OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 286
the SSH server. Note To reenable SSH, you must first generate an SSH server key (see "Generating SSH Server Keys" section on page 19-3). 19-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 287
5000 Series switch, perform this task: Step 1 Step 2 Command switch# configure terminal switch(config)# telnet server disable Purpose Enters configuration mode. Disables the Telnet server. The default is enabled. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 288
sessions from the Nexus 5000 Series switch, perform this task: Step 1 Step 2 Command switch# show users switch(config)# clear line vty-line Purpose Displays user session information. Clears a user Telnet session. 19-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 289
/DQhum+lJNqJP/eLowb7ubO+lVKRXFY/G+lJNIQW3g9ig G30c6k6+XVn+NjnI1B7ihvpVh7dLddMOXwOnXHYshXmSiH3UD/vKyziEh5S4Tplx8= Step 5 Save the configuration. switch(config)# copy running-config startup-config OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 19-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 290
Default Settings Chapter 19 Configuring SSH and Telnet Send feedback to [email protected] Default Settings Table 19-1 lists the default settings for SSH RSA key generated with 1024 bits 1024 Enabled 19-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 291
ACL Types and Applications The Cisco Nexus 5000 Series switch supports IPv4, IPv6 and MAC ACLs for security traffic filtering. The switch allows you to use IP ACLs as port ACLs and VLAN ACLs, as shown in Table 20-1. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 292
the map to a VLAN. Types of ACLs Supported IPv4 ACLs IPv6 ACLs MAC ACLs IPv4 ACLs IPv6 ACLs MAC ACLs Application Order When the switch processes a packet, it determines the forwarding path can specify ICMP by name. 20-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 293
IPv4 ACLs support the following additional filtering options: • Layer 4 protocol • TCP and UDP ports • ICMP types and codes • IGMP types • Precedence level • Differentiated Services Code without disrupting traffic. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 294
an IP ACL, page 20-7 • Applying an IP ACL as a Port ACL, page 20-7 • Applying an IP ACL as a VACL, page 20-8 • Verifying IP ACL Configurations, page 20-8 • Displaying and Clearing IP ACL Statistics, page 20-9 20-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 295
deny commands support many ways of identifying traffic. For more information, see the Cisco Nexus 5000 Series Command Reference. (Optional) Specifies that the switch maintains global statistics for packets matching the rules in the ACL. (Optional) Displays the IP ACL configuration. (Optional) Copies - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 296
. The switch allows you to remove ACLs that are currently applied. Removing an ACL does not affect the configuration of interfaces where you have applied the ACL. Instead, the switch considers the removed ACL to be empty. 20-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 297
/port switch(config)# interface port-channel channel-number Purpose Enters configuration mode. Enters interface configuration mode for the specified interface. Enters interface configuration mode for a port channel. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 298
. Displays the configuration of an interface to which you have applied an ACL. For detailed information about the fields in the output from these commands, refer to the Cisco Nexus 5000 Series Command Reference. 20-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 299
a MAC ACL, page 20-12 • Applying a MAC ACL as a Port ACL, page 20-12 • Applying a MAC ACL as a VACL, page 20-13 • Verifying MAC ACL Configurations, page 20-13 • Displaying and Clearing MAC ACL Statistics, page 20-13 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 300
ACL, perform this task: Step 1 Step 2 Command switch# configure terminal switch(config)# mac access-list name Purpose Enters configuration mode. Enters ACL configuration mode for the ACL that you specify by name. 20-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 301
The switch allows you to remove ACLs that are current applied. Removing an ACL does not affect the configuration of interfaces where you have applied the ACL. Instead, the switch considers the removed ACL to be empty. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 302
that the ACL that you want to apply exists and is configured to filter traffic as necessary for this application. For more information about configuring MAC ACLs, see the "Configuring IP ACLs" section on page 20-4. 20-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 303
the show mac access-lists command to display statistics about a MAC ACL, including the number of packets that have matched each rule. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 304
access map configuration mode, you use the action command to specify one of the following actions: • Forward-Sends the traffic to the destination determined by normal operation of the switch. • Drop-Drops the traffic. 20-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 305
on all the interfaces on which that VACL is applied. Note The Cisco Nexus 5000 Series switch does not support interface-level VACL statistics. For each VLAN access map that you configure, you can specify whether the switch maintains statistics for that VACL. This allows you to turn VACL statistics - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 306
ACL configuration. (Optional) Copies the running configuration to the startup configuration. Applying a VACL to a VLAN You can apply a VACL to a VLAN. The VACL drop-down list appears in the Advanced Settings section. 20-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 307
IP ACL named acl-ip-01 and how to apply the VACL to VLANs 50 through 82: configure terminal vlan access-map acl-ip-map match ip address acl-ip-01 action forward vlan filter acl-ip-map vlan-list 50-82 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 20-17 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 308
Default Settings Chapter 20 Configuring ACLs Send feedback to [email protected] Default Settings Table 20-2 lists the default settings for IP ACLs ACLs. See the "Implicit Rules" section on page 20-3. 20-18 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 309
Send feedback to [email protected] PART 4 System Management - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 310
Send feedback to [email protected] - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 311
features in the Cisco Nexus 5000 Series switch require configuration synchronization with other switches in the network to function correctly. Synchronization through manual configuration at each switch in the network can be a tedious and error-prone process. Cisco Fabric Services (CFS) provides - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 312
Using Cisco Fabric Services Send feedback to [email protected] configuration during a fabric merge event (when two independent SAN fabrics merge). CFS Distribution The CFS distribution functionality is independent of the lower layer transport. Cisco Nexus 5000 Series switches support - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 313
switch(config)# cfs distribute Purpose Enters configuration mode. Globally disables CFS distribution (CFS over Fibre Channel or IP) for all applications on the switch. Enables (default) CFS distribution on the switch. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 314
Cisco Fabric Services Send feedback to [email protected] Verifying CFS Distribution Status The show cfs status command displays the status of CFS distribution on the switch. switch list from node B. 21-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 315
scope) Some applications (such as NTP) need to distribute the configuration to the entire physical topology. • Between two selected switches Some applications operate only between selected switches in the network. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 316
for Applications Chapter 21 Using Cisco Fabric Services Send feedback to [email protected] CFS Merge Support CFS Merge is supported for CFS distribution over Fibre Channel. An application keeps the configuration synchronized in a SAN fabric through CFS. Two such fabrics might merge as - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 317
CFS, merge capability (if it has registered with CFS for merge support), and lastly the distribution scope. switch# show cfs application name fscm Enabled Timeout Merge Capable Scope : Yes : 100s : No : Physical-fc OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 318
Support for Applications Chapter 21 Using Cisco Fabric Services Send feedback to [email protected] Locking the Network When you configure (first time configuration releases the lock for all switches. 21-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 319
in the network. Any pending configurations in any switch in the network is flushed and lost. CFS Regions This section contains the following topics: • About CFS Regions, page 21-10 • Example Scenario, page 21-10 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 320
Cisco Fabric Services Send feedback to [email protected] • Managing CFS Regions, page 21-10 About CFS Regions A CFS region is a user-defined subset of switches for 11 • Deleting CFS Regions, page 21-12 21-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 321
Chapter 21 Using Cisco Fabric Services CFS Regions Send feedback to [email protected] Creating CFS Regions To create a CFS region, perform this task: Step 1 Step 2 Command switch# configure switch(config)# cfs region region-id Purpose Enters configuration mode. Creates a region. - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 322
)# cfs ipv6 distribute switch(config)# no cfs ipv6 distribute Purpose Enters configuration mode. Globally enables CFS over IPv6 for all applications on the switch. Disables (default) CFS over IPv6 on the switch. 21-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 323
Cisco Fabric Services Configuring CFS over IP Send feedback to [email protected] Verifying the CFS Over IP Configuration To verify the CFS over IP configuration, use the show cfs status command. switch OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 324
Chapter 21 Using Cisco Fabric Services Send feedback to [email protected] Verifying IP Multicast Address Configuration for CFS over IP To verify the IP multicast address configuration for CFS over IP, use the show cfs status command: switch# show cfs status Fabric distribution Enabled - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 325
number of entries = 2 Scope : Logical [VSAN 3] Domain Switch WWN IP Address 224 20:00:00:44:22:00:4a:9e 172.22.92.27 [Local] 151 20:00:00:05:30:01:1b:c2 172.22.92.215 Total number of entries = 2 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 21-15 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 326
Settings Chapter 21 Using Cisco Fabric Services Send feedback to [email protected] Default Settings Table 21-1 lists the default settings for CFS configurations. Table 21-1 Default CFS Parameters Parameters CFS distribution on the switch Database changes Application distribution - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 327
and cannot be used to configure users: bin, daemon, adm, lp, sync, shutdown, halt, mail, news, uucp, operator, games, gopher, ftp, nobody, nscd, mailnull, rpc, rpcuser, xfs, gdm, mtsuser, ftpuser, man, and sys. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 328
About User Accounts and RBAC Chapter 22 Configuring User Accounts and RBAC Send feedback to [email protected] Note User passwords are not displayed in the configuration files. Caution The Nexus 5000 Series switch does not support all numeric usernames, whether created with TACACS - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 329
user is permitted to access these resources, even if they are not listed in the user role policies associated with that user. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 330
a password, the user might not be able to log in to the Nexus 5000 Series switch. Step 4 switch(config)# exit The expire date option format is YYYY-MM-DD. The default is no expiry date. Exits global configuration mode. 22-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 331
-name Purpose Enters configuration mode. Specifies a user role and enters role configuration mode. The role-name argument is a case-sensitive, alphanumeric character string with a maximum length of 16 characters. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 332
)# rule deny read-write L3 switch(config-role)# description This role does not allow users to use clear commands switch(config-role)# exit switch(config)# show role switch(config)# copy running-config startup-config 22-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 333
mode. switch(config-role)# show role (Optional) Displays the role configuration. switch(config-role)# copy running-config (Optional) Copies the running configuration to the startup-config startup configuration. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 334
-role-vsan)# permit vsan vsan-list Specifies a range of VSANs that the role can access. Repeat this command for as many VSANs as needed. switch(config-role-vsan)# exit Exits role VSAN policy configuration mode. 22-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 335
rule 1 deny command clear * The following example shows how to configure a user role feature group: role feature-group name Security-features feature radius feature tacacs feature aaa feature acl feature access-list OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 22-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 336
account password User account expiry date. Interface policy VLAN policy VFC policy VETH policy Default Undefined. None. All interfaces are accessible. All VLANs are accessible. All VFCs are accessible. All VETHs are accessible. 22-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 337
following configuration guidelines and limitations: • Session Manager supports only the ACL feature. • You can create up to 32 configuration sessions. • You can configure a maximum of 20,000 commands across all sessions. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 338
Enters interface configuration mode. switch(config-s-if)# ip port access-group name in Adds a port access group to the interface. switch# show configuration session [name] (Optional) Displays the contents of the session. 23-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 339
acl)# exit switch(config-s)# interface Ethernet 1/4 switch(config-s-ip)# ip port access-group acl2 in switch(config-s-ip)# exit switch(config-s)# verify switch(config-s)# exit switch# show configuration session test2 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 23-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 340
[name] switch# show configuration session summary Purpose Displays the contents of the configuration session. Displays the status of the configuration session. Displays a summary of all the configuration sessions. 23-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 341
the switch online. Bootup diagnostics also check the data path and control path connectivity between the supervisor and the ASICs. Table 24-1 describes the diagnostics that are run only during switch bootup or reset. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 24 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 342
diagnostic test states (on, off, pass, or fail). You can configure Cisco Nexus 5000 Series switches to either bypass the bootup diagnostics, or run the complete set of bootup . Monitors fan speed and fan control. 24-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 343
is not placed into service. Table 24-4 Expansion Module Bootup and Health Monitoring Diagnostics Diagnostic SPROM Fabric engine Fabric port Forwarding engine Forwarding LEDs. Monitors temperature sensor readings. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 24-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 344
Displays the bootup diagnostics level. Displays the results of the diagnostics tests. Default Settings Table 24-6 lists the default settings for online diagnostics parameters. 24-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 345
Chapter 24 Configuring Online Diagnostics Default Settings Send feedback to [email protected] Table 24-6 Default Online Diagnostics Parameters Parameters Bootup diagnostics level Default complete OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 24-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 346
Default Settings Chapter 24 Configuring Online Diagnostics Send feedback to [email protected] 24-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 347
0 - emergency 1 - alert 2 - critical 3 - error 4 - warning 5 - notification Description System unusable Immediate action needed Critical condition Error condition Warning condition Normal but significant condition OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 25-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 348
up to three syslog servers. For information about configuring syslog servers, see the "Configuring syslog Servers" section on page 25-5. To support the same configuration of syslog servers on all switches in a fabric, you can use the Cisco Fabric Services (CFS) to distribute the syslog server - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 349
log:messages. For information about displaying and clearing log files, see the "Displaying and Clearing Log Files" section on page 25-8. To configure the switch to log system messages to a file, perform this task: OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 25-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 350
listed in Table 25-1. If the severity level is not specified, the default of 5 is used. Disables module log messages. (Optional) Displays the module logging configuration. 25-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 351
fabric, see the "Configuring syslog Server Configuration Distribution" section on page 25-7. You can configure a syslog server on a UNIX or Linux system by adding the following line to the /etc/syslog.conf file: facility.level action OL-16597-01 Cisco Nexus 5000 Series Switch - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 352
default outgoing facility is local7. Removes the logging server for the specified host. (Optional) Displays the syslog server configuration. (Optional) Copies the running configuration to the startup configuration. 25-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 353
(config)# show logging server switch(config)# copy running-config startup-config Configuring syslog Server Configuration Distribution You can distribute the syslog server configuration to other switches in the network by using the Cisco Fabric Services (CFS) infrastructure. For more information - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 354
or clear messages in a log file: switch# show logging last 40 switch# show logging logfile start-time 2007 nov 1 15:10:0 switch# show logging nvram last 10 switch# clear logging logfile switch# clear logging nvram 25-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 355
logging distribute logging server 172.28.254.253 logging server 172.28.254.254 5 local3 logging commit copy running-config startup-config OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 25-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 356
syslog server configuration distribution Default Enabled at severity level 2 Enabled at severity level 2 Enabled to log:messages at severity level 5 Enabled at severity level 5 Enabled; Seconds Disabled Disabled 25-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 357
to page a network support engineer, e-mail a Network Operations Center, or use Cisco Smart Call Home services to automatically generate a configure in destination profiles (see "Destination Profiles" section on page 26-2). OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 358
Nexus 5000 Series switches. Alert groups allow you to select the set of Call Home alerts that you want to send to a predefined or custom destination profile. The switch sends Call Home alerts to e-mail destinations in a 26-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 359
profile (see the "Call Home Message Levels" section on page 26-4). Table 26-1 lists supported alert groups and the default CLI command output included in Call Home messages generated for the all show system uptime OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 360
to full text and XML destination profiles. Short text destination profiles do not support additional show commands because they only allow 128 bytes of text. Call Home Message state. Debug (7) Debugging messages. 26-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 361
configuration guidelines and limitations: • If there is no IP connectivity or if the interface in the VRF to the profile destination is down, the switch cannot send the Call Home message. • Operates with any SMTP server. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 362
3 Command switch# configuration terminal switch(config)# snmp-server contact sys-contact switch(config)# callhome Purpose Enters configuration mode. Configures the SNMP sysContact. Enters callhome configuration mode. 26-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 363
.com switch(config)# callhome switch(config-callhome)# email-contact [email protected] switch(config-callhome)# phone-contact +1-800-123-4567 switch(config-callhome)# street-address 123 Anystreet st. Anytown,AnyWhere OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 364
the attributes for a destination profile, perform this task: Step 1 Step 2 Command switch# configuration terminal switch(config)# callhome Purpose Enters configuration mode. Enters callhome configuration mode. 26-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 365
. Use the All keyword to associate all alert groups with the destination profile. (Optional) Displays information about one or more destination profiles. (Optional) Saves this configuration change. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 366
-to e-mail addresses. To configure e-mail, perform this task: Step 1 Step 2 Command switch# configuration terminal switch(config)# callhome Purpose Enters configuration mode. Enters callhome configuration mode. 26-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 367
example shows how to configure the periodic inventory messages to generate every 20 days: switch# configuration terminal switch(config)# callhome switch(config-callhome)# periodic-inventory notification interval 20 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 368
using CFS in the callhome configuration mode, perform this task: Command switch(config-callhome)# commit Purpose Commits Call Home configuration changes and distributes the changes to call CFS-enabled devices. 26-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 369
Call Home configuration. Displays the status of the last Call Home CFS command. Displays the Call Home status. Displays the e-mail configuration for Call Home. Displays CLI commands added to any alert groups. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 370
association with profile. All for full-text-destination and short-text-destination profiles. The cisco-tac alert group for the CiscoTAC-1 destination profile. Format type. XML Call Home message level. 0 (zero) 26-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 371
Sample syslog Alert Notification in XML Format, page 26-19 Message Formats Call Home supports the following message formats: • Short Text Message Format • Common Fields for All Full header/level /aml/header/source OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-15 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 372
ID by any support service. Optional user-configurable field used for Cisco-supplied site /aml/ header/siteId ID or other data meaningful to alternate support service. If the message . /aml/body/chassis/partNo 26-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 373
XML) Hardware version of the chassis. Top-level software version. XML Tag (XML Only) /aml/body/chassis/hwVersion /aml/body/chassis/swVersion OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-17 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 374
%PORT-5-IF_TRUNK_UP: %$VLAN 1%$ Interface e2/5, vlan 1 is up syslog_facility:PORT start chassis information: Affected Chassis:WS-C6509 Affected Chassis Serial Number:FG@07120011 26-18 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 375
>http://tools.example.com/services/DDCEService Cisco Systems Catalyst 6500 Series Switches [email protected] OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 376
11-Apr-07 03:34 by integ Build [100] 00:01:01: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch 00:01:01: %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure console debugging output. 26-20 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 377
%DIAG-SP-6-DIAG_OK: Module 3: Passed Online Diagnostics 00:04:01: %OIR-SP-6-DOWNGRADE: Fabric capable module 3 not at an appropriate hardware revision level, and can only run in flowthrough 11-Apr-08 03:34 by integ Build [100] Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 26-21 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 378
8, interfaces are now online Router#]]> 26-22 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 379
Series switch supports the agent and MIB. To enable the SNMP agent, you must define the relationship between the manager and the agent. • A managed information base (MIB)-The collection of managed objects on the SNMP agent OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 380
Configuring SNMP Send feedback to [email protected] SNMP is defined in RFCs 3411 to 34180. Note Cisco NX-OS does not support SNMP sets for Ethernet MIBs. The Cisco Nexus 5000 Series switch supports . 27-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 381
security and offers the following services: • Message integrity-Ensures that Cisco NX-OS uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3 message encryption and conforms with RFC 3826. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 382
the SNMP agent in Cisco NX-OS to leverage the user authentication service of the AAA server When you configure passphrase/password in localized key/encrypted format, Cisco NX-OS does not synchronize the password. Group-Based Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 383
without authentication and encryption. When you enforce privacy, Cisco NX-OS responds with an authorization Error for any SNMPv3 PDU request using securityLevel parameter of either noAuthNoPriv or authNoPriv. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 27-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 384
snmp-server community name group {ro | rw} Purpose Creates an SNMP community string. Configuring SNMP Notification Receivers You can configure Cisco NX-OS to generate SNMP notifications to multiple host receivers. 27-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 385
authenticating and decrypting the received INFORM PDU, The notification host receiver should have the same user credentials as configured in the Cisco Nexus 5000 Series switch to authenticate and decrypt the informs. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 27-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 386
fcs discovery-complete snmp-server enable traps fcs request-reject CISCO-FDMI-MIB snmp-server enable traps fdmi CISCO-FSPF-MIB snmp-server enable traps fspf CISCO-PSM-MIB snmp-server enable traps port-security 27-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 387
ifLinkUpDownTrapEnable (defined in IF-MIB) is enabled for that interface. Cisco NX-OS adds additional varbinds specific to Cisco Systems in addition to the varbinds defined in the IF-MIB. This is the default setting. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 27-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 388
for SNMP over TCP in global configuration mode, perform this task: Command switch(config)# snmp-server tcp-session [auth] Purpose Enables a one-time authentication for SNMP over a TCP session. Default is disabled. 27-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 389
:00:01:00:a1:ac:15:10:03 snmp-server host 192.0.2.1 informs version 3 auth NMS snmp-server host 192.0.2.1 snmp-server enable traps link cisco OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 27-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 390
-3 lists the default settings for SNMP parameters. Table 27-3 Default SNMP Parameters Parameters license notifications linkUp/Down notification type Default enabled ietf-extended 27-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 391
to exchange network monitoring data. The Cisco NX-OS supports RMON alarms, events and logs to monitor Cisco Nexus 5000 Series switches An RMON alarm monitors a specific 1.3.6.1.2.1.2.2.1.17 represents ifOutOctets.17). OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 28-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 392
each RMON alarm. RMON supports the following event types: configure an SNMP user an notification receiver to use the SNMP notification event type. • You can only configure an RMON alarm on a MIB object that resolves to an integer. 28-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 393
, last value was 0 Rising threshold is 5, assigned to event 1 Falling threshold is 0, assigned to event 0 On startup enable rising or falling alarm OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 28-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 394
on ifOutOctets and associates a notification event with this alarm: configure terminal rmon alarm 1 1.3.6.1.2.1.2.2.1.17.83886080 5 delta rising-threshold 5 1 falling-threshold 0 owner test rmon event 1 trap public 28-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 395
to [email protected] Default Settings Table 28-1 lists the default settings for RMON parameters. Table 28-1 Default RMON Parameters Parameters Alarms Events Default None configured. None configured. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 28-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 396
Default Settings Chapter 28 Configuring RMON Send feedback to [email protected] 28-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 397
Send feedback to [email protected] PART 5 Fibre Channel over Ethernet - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 398
Send feedback to [email protected] - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 399
Storage Protocol Services License. Before using FCoE capabilities, ensure that: • The correct license is installed (N5010SS or N5020SS). • FCoE is activated by entering the feature fcoe command in configuration mode. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 29-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 400
Exchange Protocol (DCBX). To reduce configuration errors and simplify administration. you can configure the switch to distribute the configuration data to all the connected adapters. DCBX Capabilities The DCBX capabilities supported by Cisco Nexus 5000 Series switches are described in the following - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 401
. • Priority Flow Control (PFC) If the adapter supports PFC, the switch sends the IEEE 802.1p CoS values to be enabled with PFC. • Ethernet logical link up and down signal • FCoE logical link up and down signal OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 29-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 402
switch configuration value, the capability remains disabled. • If the adapter does not support the DCBX capability, the capability remains disabled. • If the adapter does not implement DCBX, all capabilities remain disabled. Note The Cisco Nexus 5000 Series switch provides CLI commands to manually - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 403
)# interface ethernet 1/4 switch(config-if)# fcoe mode on To disable the FCoE capability, perform this task: Command switch(config-if)# no fcoe mode [auto | on] Purpose Disables FCoE capability for this interface. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 29-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 404
shows how to configure LLDP both globally and on individual interfaces. This section includes the following topics: • Configuring Global LLDP Commands, page 29-7 • Configuring Interface LLDP Commands, page 29-7 29-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 405
of the command disables the LLDP transmit or receive. The following example shows how to set an interface to transmit LLDP packets: OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 29-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 406
LLDP timer information: switch# show lldp timers LLDP Timers holdtime 120 seconds reinit 2 seconds msg_tx_interval 30 seconds The following example shows how to display LLDP counters: switch# show lldp traffic 29-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 407
is associated with only one VSAN. • Any VSAN with associated virtual Fibre Channel interfaces must be mapped to a dedicated FCOE-enabled VLAN. • FCoE is not supported on private VLANs. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 30-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 408
VLAN, perform this task: Step 1 Step 2 Command switch# configure terminal switch(config)# vlan vlan-id Purpose Enters configuration mode. Enters VLAN configuration mode. VLAN number is in the range of 1 to 4096. 30-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 409
mode. Deletes a virtual Fibre Channel interface. The following example shows how to delete a virtual Fibre Channel interface: switch# configure terminal switch(config)# no interface vfc 4 switch(config-if)# exit OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 30-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 410
-- 10000 1500 -- ... Ethernet1/39 sfpIsAbsen -- -- 1500 -- Ethernet1/40 sfpIsAbsen -- -- 1500 -- Interface Status IP Address Speed MTU mgmt0 up 172.16.24.41 100 1500 30-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 411
Interface Information Send feedback to [email protected] Interface Vsan Admin Admin Status SFP Oper Oper Port Mode Trunk Mode Speed Channel Mode (Gbps) vfc 1 1 F -- down -- -- -- OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 30-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 412
Verifying Virtual Interface Information Chapter 30 Configuring Virtual Interfaces Send feedback to [email protected] 30-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 413
Send feedback to [email protected] PART 6 Quality of Service - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 414
Send feedback to [email protected] - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 415
Cisco Nexus 5000 Series switch provides QoS capabilities such as traffic prioritization and egress bandwidth allocation. The default QoS configuration on the switch provides lossless service Egress Policies, page 31-5 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 416
bandwidth or dropping packets. 3. Attach policies to MQC targets using the service-policy command. An MQC target is an entity (such as an Ethernet interface) that represents MTU and the system class MTU is configurable. 31-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 417
on a link (instead of all the traffic on the link). PFC applies pause functionality based on the IEEE 802.1p CoS value. When the switch enables PFC, it communicates to the adapter which CoS values to apply the pause. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 418
service. In the switch, each system class has an associated IEEE 802.1p CoS value (assigned by default or configured on the system class). If PFC is enabled, the switch The Cisco Nexus 5000 Series switch is a Layer 2 switch, and it does not support packet fragmentation. MTU configuration mismatch - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 419
5020 switch. To verify the model version, enter the show module 1 command. The model version is the last two characters of the model number. Optimized multicast is supported on all versions of the Cisco Nexus 5010 switch. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 420
such as BPDU frames, is given higher priority to ensure delivery. Configuration Guidelines and Limitations Switch resources (such as buffers, virtual output queues, and egress queues) on an interface with PFC. 31-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 421
configuring Ethernet port channels, note the following guidelines: • Service policies configured on . Configuring PFC and LLC Cisco Nexus 5000 Series switches support PFC configured for the no-drop Ethernet class. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 422
on or off. The following example enables link-level flow control frames on an interface: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# flowcontrol receive on transmit on 31-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 423
-value Specifies the CoS value to match for classifying packets into this class. You can configure a CoS value in the range of 1 to 7. Note CoS value 0 is reserved for the default drop system class (class-default). OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 424
available multicast queues. Note Only one class in a policy map can be configured for multicast optimization. Note The switch distributes all the policy map configuration values to the attached network adapters. 31-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 425
trading-data-no-drop switch(config-cmap)# match cos 5 switch(config)# class-map class-fcoe switch(config-cmap)# match cos 2 switch(config)# policy-map system-policy switch(config-pmap)# class trading-data-no-drop OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 426
configured to support the jumbo MTU: switch(config)# policy-map jumbo switch(config-pmap)# class class-default switch(config-pmap-c)# mtu 9216 switch(config)# system qos switch(config-system)# service in bold font): 31-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 427
• Configuring Ingress Policies, page 31-13 • Configuring Egress Policies, page 31-14 Configuring Ingress Policies An ingress policy is a service policy with this policy and enters configuration mode for the class. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 428
this policy and enters configuration mode for the class. Specifies the guaranteed percentage of bandwidth allocated to this class. Specifies that egress traffic in this class is mapped to a strict priority queue. 31-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 429
policy-map policy1-egress switch(config-pmap)# class best-effort-drop-class switch(config-pmap-c)# bandwidth percent 20 switch(config)# interface ethernet 1/1 switch(config-if)# service-policy output policy1-egress OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 31-15 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 430
Configuring QoS on Interfaces Chapter 31 Configuring QoS Send feedback to [email protected] 31-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 431
Send feedback to [email protected] PART 7 SAN Switching - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 432
Send feedback to [email protected] - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 433
interfaces and capabilities. Note You can configure virtual Fibre Channel interfaces without a Storage Protocol Services license, but these interfaces will not become operational until the license is activated. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 434
Channel Interfaces Chapter 32 Configuring Fibre Channel Interfaces Send feedback to [email protected] Physical Fibre Channel Interfaces Cisco Nexus 5000 Series switches provide up to eight physical Fibre Channel uplinks. The Fibre Channel interfaces are supported on optional expansion - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 435
destined to remote N ports. E ports support class 3 and class F service. An E port connected to another switch may also be configured to form a SAN port channel (see Chapter 36, "Configuring SAN Port Channels"). OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 436
Nexus 5000 Series or Cisco MDS 9000 Family, it may become operational in TE port mode (see Chapter 35, "Configuring VSAN Trunking"). SD ports are not determined during initialization and are administratively configured. 32-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 437
Up Operational Status Up Down Down Reason Code None. Administratively down. If you administratively configure an interface as down, you disable the interface. No traffic is received or transmitted. See Table 32-4. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 438
is in progress. Reconfigure fabric in progress The fabric is currently being reconfigured. Offline The switch software waits for the the switch is already configured with the maximum number of active SAN port channels. 32-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 439
isolated. of the link E port isolated Isolation due to invalid fabric The port is isolated due to fabric reconfiguration. reconfiguration Isolation due to domain manager disabled The fcdomain Ethernet interface. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 440
mode. Note When a Fibre Channel interface is configured, it is automatically assigned a unique world wide name (WWN). If the interface's operational state is up, it is also assigned a Fibre Channel ID (FC ID). 32-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 441
1 Step 2 Command switch# configuration terminal switch(config)# interface {fc slot/port}|{vfc vfc-id} Purpose Enters configuration mode. Selects a Fibre Channel interface and enters interface configuration mode. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 442
this task: Step 1 Step 2 Command switch# configuration terminal switch(config)# interface fc slot/port Purpose Enters configuration mode. Selects the specified interface and enters interface configuration mode. 32-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 443
bit error rate threshold is used by the switch to detect an increased error rate before performance degradation seriously affects traffic. The bit errors can occur for the following reasons: • Faulty or bad cable. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 444
this task: Step 1 Step 2 Command switch# configuration terminal switch(config)# interface fc slot/port Purpose Enters configuration mode. Selects a Fibre Channel interface and enters interface configuration mode. 32-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 445
port configurations, even if you do not individually specify them at that time. To configure switch port attributes, perform this task: Step 1 Command switch# configuration terminal Purpose Enters configuration mode. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 446
Virtualization You must globally enable NPIV for all VSANs on the switch to allow the NPIV-enabled applications to use multiple N port identifiers. Note All of the N port identifiers are allocated in the same VSAN. 32-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 447
fc2/1 - 4 , fc3/2 - 3 The following example shows how to display all interfaces: switch# show interface fc3/1 is up ... fc3/3 is up ... Ethernet1/3 is up ... mgmt0 is up ... vethernet1/1 is up ... vfc 1 is up ... OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-15 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 448
2000 ... interface fc3/5 switchport mode E ... interface fc3/5 channel-group 11 force no shutdown The following example shows the interface display when showing the running configuration for a specific interface: 32-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 449
Virtual Fibre Channel Interface Parameters Parameters Interface mode Interface speed Administrative state Trunk mode Default Auto n/a Shutdown (unless changed during initial setup) n/a OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 32-17 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 450
[email protected] Table 32-6 Default Virtual Fibre Channel Interface Parameters (continued) Parameters Trunk-allowed VSANs Interface VSAN EISL encapsulation Data field size Default n/a Default VSAN (1) n/a n/a 32-18 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 451
-This phase guarantees a resynchronization of all switches in the fabric to ensure they simultaneously restart a new principal switch selection phase. See Figure 33-1 for an example fcdomain configuration. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 452
page 33-5 • Disabling or Reenabling fcdomains, page 33-5 • Configuring Fabric Names, page 33-5 • About Incoming RCFs, page 33-5 • Rejecting Incoming RCFs, page 33-6 • About Autoreconfiguring Merged Fabrics, page 33-6 33-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 453
the switches in the VSAN, and together take at least 15 seconds to complete. To reduce the time required for the domain manager to select a new principal link, you can enable the domain manager fast restart feature. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 454
priority number VSAN vsan-id Purpose Enters configuration mode. Configures the specified priority for the local switch in the specified VSAN. Reverts the priority to the factory default (128) in the specified VSAN. 33-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 455
option takes effect immediately. No fcdomain restart is required. Note You do not need to configure the RFC reject option on virtual Fibre Channel interfaces, because these interfaces operate only in F port mode. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 456
it to the factory default in the specified VSAN. Domain IDs Domain IDs uniquely identify a switch in a VSAN. A switch may have different domain IDs in different VSANs. The domain ID is part of the overall FC ID. 33-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 457
Figure 33-2): 1. The local switch sends a configured domain ID request to the principal switch. 2. The principal switch assigns the requested domain ID if available. Otherwise, it assigns another available domain ID. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 458
currently configured in the VSAN. Alternatively, you can also configure zero-preferred domain ID. Caution You must enter the fcdomain restart command if you want to apply the configured domain changes to the runtime domain. 33-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 459
in the locally configured allowed domain list. Use allowed domain ID lists to design your VSANs with nonoverlapping domain IDs. This helps you in the future if you need to implement IVR without the NAT feature. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 460
Cisco Fabric Services." Enabling Distribution CFS distribution of allowed domain ID lists is disabled by default. You must enable distribution on all switches to which you want to distribute the allowed domain ID lists. 33-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 461
this task: Step 1 Step 2 Command switch# configuration terminal switch(config)# switch(config)# fcdomain abort vsan vsan-id Purpose Enters configuration mode. Discards the pending domain configuration changes. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 462
domain IDs: 24,100. [User] configured allowed domain IDs: 1-239. Pending Configured Allowed Domains VSAN 10 Assigned or unallowed domain IDs: 1-9,24,100,231-239. [User] configured allowed domain IDs: 10-230. 33-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 463
WWN on a best-effort basis. For example, if one N port disconnects from the switch and its FC ID is requested by another device, this request is granted and the WWN with the initial FC ID association is released. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 464
. Note If you connect to the switch from an AIX or HP-UX host, be sure to enable configuration mode. Activates (default) persistency of FC IDs in the specified VSAN. Disables the FC ID persistency feature in the specified VSAN. 33-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 465
. Configures a device WWN (11:22:11:22:33:44:33:44) with the FC IDs 0x070100 through 0x701FF in the specified VSAN. Note To secure the entire area for this fcdomain, assign 00 as the last two characters of the FC ID. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 466
be manually configured to be different from the storage port's FC ID. Cisco Nexus 5000 Series switches facilitate Cisco Nexus 5000 Series switch. switch# configuration terminal switch(config)# fcdomain fcid persistent vsan 1 33-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 467
Dynamic Persistent Usage State In use Not in use In use Not in use Action Not deleted Not deleted Not deleted Deleted OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-17 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 468
required in this switch. The following example shows how to display all existing, persistent FC IDs for a specified VSAN. You can also specify the unused option to view only persistent FC IDs that are still not in use. 33-18 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 469
-allocation option Disabled Priority 128 Allowed list 1 to 239 Fabric name 20:01:00:05:30:00:28:df rcf-reject Disabled Persistent FC ID Enabled Allowed domain ID list configuration distribution Disabled OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 33-19 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 470
Default Settings Chapter 33 Configuring Domain Parameters Send feedback to [email protected] 33-20 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 471
mode, the edge switch relays all traffic from server-side ports to the core switch. The core switch provides F port functionality (such as login and port security) and all the Fibre Channel switching capabilities. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 34-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 472
to the core switch. All of the end devices connected to a server interface are mapped to the same NP uplink. In Cisco Nexus 5000 Series switches, server interfaces can be physical or virtual Fibre Channel interfaces. 34-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 473
(FDISCs). For additional information about fabric login, see the "Information About Fabric Login" section on page 41-1. Note In the switch CLI configuration commands and output displays, NP uplinks are called External Interfaces. In Cisco Nexus 5000 Series switches, NP uplink interfaces must be - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 474
so that the server performs a new login to the core switch. Only server interfaces that are moved to a different uplink are reinitialized. A system message is generated for each server interface that is moved. 34-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 475
load balancing is not enabled, you can manually reinitialize some or all of the server switches can connect to multiple core switches. In other words, different NP ports can be connected to different core switches. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 476
to service, the configuration mode. Enables NPV mode. The switch reboots, and it comes back up in NPV mode. Note A write-erase is performed during the initialization. Disables NPV mode, which results in a reload of the switch. 34-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 477
interface. The switch associates the server interface with one of these NP uplinks. Note If a server interface is already mapped to an NP uplink, you should include this mapping in the traffic map configuration. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 34-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 478
causes traffic disruption to the attached devices. Verifying NPV To display information about NPV, perform the following task: Command switch# show npv flogi-table [all] Purpose Displays the NPV configuration. 34-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 479
database detail command on the core switch: core-switch# show fcns database detail Verifying NPV Traffic Management To display the NPV traffic map, enter the show npv traffic-map command. NPV Traffic Map Information: OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 34-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 480
load-balancing status, enter the show npv status command: switch# show npv status npiv is enabled disruptive load balancing is enabled External Interfaces Interface: fc2/1, VSAN: 2, FCID: 0x1c0000, State: Up ... 34-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 481
supported on native Fibre Channel interfaces, but not on virtual Fibre Channel interfaces. Figure 35-1 VSAN Trunking Switch 1 E port Any other switch ISL E port Switch 1 Switch VSAN Trunking Protocol, page 35-2 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 35-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 482
Switch 3 85472 VSAN 2 and VSAN 3 are effectively merged with overlapping entries in the name server and the zone applications. The Cisco MDS 9000 Fabric Manager helps detect such topologies. VSAN Trunking Protocol The trunking protocol is important for E-port and TE-port operations. It supports - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 483
Configuration Switch 1 Switch 2 On Auto or on Off Auto, on, or off Auto Auto Resulting State and Port Mode Trunking State Port Mode Trunking (EISL) TE port No trunking (ISL) E port No trunking (ISL) E port OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 484
of trunk-allowed VSANs. All VSANs configured in all three switches are allowed-active. However, only the common set of allowed-active VSANs at the ends of the ISL become operational as shown in Figure 35-4. 35-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 485
The ISL between switch 2 and switch 3 includes VSAN 1 and VSAN 2. • The ISL between switch 3 and switch 1 includes VSAN 1, 2, and 5. Consequently, VSAN 2 can only be routed from switch 1 through switch 3 to switch 2. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 35-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 486
for a TE port. Without any arguments, this command displays the information for all of the configured interfaces in the switch. The following example shows how to display the trunk mode of a Fibre Channel interface: 35-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 487
default settings for trunking parameters. Table 35-2 Default Trunk Configuration Parameters Parameters Switch port trunk mode Allowed VSAN list Trunking protocol Default On 1 to 4093 user-defined VSAN IDs Enabled OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 35-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 488
Default Settings Chapter 35 Configuring VSAN Trunking Send feedback to [email protected] 35-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 489
routing tables are not affected by link failure. Cisco Nexus 5000 Series switches support a maximum of four SAN port channels (with switch) identifier associated with each channel group. This number ranges from 1 to 256. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 490
same links for a given flow. That is, whichever link is selected for the first exchange of the flow is used for all subsequent exchanges. 36-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 491
1, no frame uses link 2. For the next exchange, link 2 is chosen by the hash algorithm. Now all frames in exchange 2 use link 2. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 492
Channel Configurations Channel Group 10 Channel Group 20 Channel Group 10 Channel Group 20 1 1 1 1 2 Switch A 3 2 Switch B 3 2 Switch A 3 2 Switch B 3 4 4 4 4 187235 Channel Group 1 Channel Group 2 36-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 493
same set of switches. If you misconfigure SAN port channels, you may receive a misconfiguration message. If you receive this message, the port channel's physical links are disabled because an error has been detected. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 494
the peer port. If the peer port, while configured in a channel group, does not support the port channel protocol, or responds with a recovery without explicitly enabling and disabling the port channel member ports at either end. 36-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 495
that no frames are lost when the interface is going down (see the "Setting the Interface Administrative State" section on page 32-9). OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 496
Addition, page 36-10 • About Interface Deletion from a SAN Port Channel, page 36-10 • Deleting an Interface from a SAN Port Channel, page 36-11 36-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 497
Enters configuration mode. Enters configuration mode for the specified interface. Adds the Fibre Channel interface to the specified channel group. If the channel group does not exist, it is created. The port is shut down. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 498
and to maintain consistency across switches, then the ports shut down. You must explicitly enable those ports again. • If you use the Active mode, then the port channel ports automatically recover from the deletion. 36-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 499
-Automatically aggregates compatible ports into a SAN port channel. This section describes how to configure the port channel protocol and includes the following sections: • About Channel Group Creation, page 36-12 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 500
automatically when compatible links come up between two compatible switches, if channel group autocreation is enabled in all ports at both ends. None of these ports are members of a user-configured channel group. 36-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 501
of channel groups is enabled for an interface, you must first disable autocreation before downgrading to earlier software versions or before configuring the interface in a manually configured channel group. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 502
the properties of the manually configured channel group, and configured channel group using the san-port-channel channel-group-number persistent EXEC command. If the SAN port channel does not exist, this command is not executed. 36-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 503
to help differentiate them from the manually created SAN port channels. The following example shows how to display an autocreated port channel: switch# show interface fc2/1 fc2/1 is Belongs to port-channel 123 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 36-15 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 504
Channel Parameters Parameters Port channels Create port channel Default port channel mode Autocreation Default FSPF is enabled by default. Administratively up. On. Disabled. 36-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 505
connected to the same fabric. With VSANs you can create multiple logical SANs over a common physical infrastructure. Each VSAN can contain up to 239 switches and has an such as FSPF, domain manager, and zoning. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 506
. The application servers or storage arrays can be connected to the switch using Fibre Channel or virtual Fibre Channel interfaces. A VSAN can include a mixture of Fibre Channel and virtual Fibre Channel interfaces. 37-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 507
- Replicating data from user traffic • VSANs can meet the needs of a particular department or application. VSAN Advantages VSANs offer the following advantages: OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 508
layers increases the scalability of the SAN. • Per VSAN fabric services-Replication of fabric services on a per VSAN basis provides increased scalability and availability and separate from zone A defined in VSAN 7. 37-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 509
originator exchange OX ID (src-dst-ox-id, the default) for load-balancing path selection. This section describes how to create and configure VSANs and includes the following topics: • About VSAN Creation, page 37-6 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 510
the VSAN with the assigned name. Suspends the selected VSAN. Negates the suspend command issued in the previous step. Returns you to EXEC mode. 37-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 511
is referred to as dynamic port VSAN membership (DPVM). Cisco Nexus 5000 Series switches do not support DPVM. VSAN trunking ports have an associated list of VSANs that are part of an allowed list (see Chapter 35, "Configuring VSAN Trunking"). Assigning Static Port VSAN Membership To statically - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 512
switches in the Cisco Nexus 5000 Series have only the default VSAN 1 enabled. We recommend that you do not use VSAN 1 as your production environment VSAN. If no VSANs are configured, all devices in the fabric VSAN. 37-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 513
see Chapter 35, "Configuring VSAN Trunking"). Any commands for a nonconfigured VSAN are rejected. For example, if VSAN 10 is not configured in the system, then a command request to move a port to VSAN 10 is rejected. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 514
, and the OX ID (default). Suspends the selected VSAN. Negates the suspend command entered in the previous step. Returns you to EXEC mode. 37-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 515
. Concatenation of VSAN and a four-digit string representing the VSAN ID. For example, VSAN 3 is VSAN0003. OX ID (src-dst-ox-id). OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 37-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 516
Default Settings Chapter 37 Configuring and Managing VSANs Send feedback to [email protected] 37-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 517
Zoning Zoning is described in the following topics: • Zoning Features, page 38-2 • Zoning Example, page 38-3 • Zone Implementation, page 38-4 • Active and Full Zone Set Configuration Guidelines, page 38-4 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 518
N ports attached to the switch over a virtual Fibre Channel interface, you can specify zone membership using the pWWN of the N port, the FC ID of the N port, or the fabric pWWN of the virtual Fibre Channel interface. 38-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 519
system S2 for the purpose of testing new software. To achieve this, zone 3 is configured, which contains only host H2 and storage S2. You can restrict access to only H2 and S2 in zone 3, and to H1 and S1 in zone 1. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 520
About Zoning Chapter 38 Configuring and Managing Zones Send feedback to [email protected] Figure 38-2 Fabric with Three Zones Zone 1 H1 S1 Fabric H2 Zone 3 S2 79536 H3 Zone 2 S3 Zone Implementation Cisco Nexus 5000 Series switches automatically support the following basic - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 521
stored in persistent configuration. This enables the switch to preserve the active zone set information across switch resets. • All other switches in the fabric receive the active zone added to an activated zone set. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 522
Information About Zoning Chapter 38 Configuring and Managing Zones Send feedback to [email protected] Figure 38-3 Active and Full Zone Sets Zone zone set 79948 After activating Zone set Z1 again 38-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 523
) and value specified. See Table 38-1 for details. Caution You must only configure pWWN-type zoning on all SAN switches running Cisco NX-OS if there is a Cisco MDS 9020 switch running FabricWare in the same fabric. Tip Use a relevant display command (for example, show interface or show flogi - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 524
-10 • Configuring the Default Zone Access Permission, page 38-10 • About FC Alias Creation, page 38-10 • Creating FC Aliases, page 38-11 • Creating Zone Sets and Adding Member Zones, page 38-12 • Zone Enforcement, page 38-13 38-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 525
activate name zoneset-name vsan vsan-id switch(config)# no zoneset activate name zoneset-name vsan vsan-id Purpose Enters configuration mode. Activates the specified zone set. Deactivates the specified zone set. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 526
, 10:00:00:23:45:67:89:ab). • fWWN-The WWN of the fabric port name is in hex format (for example, 10:00:00:23:45:67:89:ab). • FC ID-The N port ID is in 0xhhhhhh format (for example, 0xce00d1). 38-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 527
ID FC ID Fabric pWWN Local switch(config)# fcalias name AliasSample vsan 3 pWWN example: switch(config-fcalias)# member pwwn 10:00:00:23:45:67:89:ab fWWN example: switch(config-fcalias)# member fwwn 10:01:10:01:10:ab:cd:ef OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 528
have to copy the running configuration to the startup configuration to store the active zone set. However, you need to copy the running configuration to the startup configuration to explicitly store full zone sets. 38-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 529
Services" for details and requirements about device alias modes. Zone Enforcement Zoning can be enforced in two ways: soft and hard. Each end device (N port) discovers other devices in the fabric Sets, page 38-15 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 530
configuration. Note The one-time distribution of the full zone set is supported switches or fabrics. When a TE port or an E port become isolated, you can recover that port from its isolated state using one of three options: 38-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 531
adjacent switch connected through the specified range of VSANs. Note Perform the import and export operations from a single switch. Importing from one switch and exporting from another switch can lead to isolation again. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 532
SCP. Renaming Zones, Zone Sets, and Aliases To rename a zone, zone set, fcalias, or zone-attribute-group, perform this task: Step 1 Command switch# configuration terminal Purpose Enters configuration mode. 38-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 533
enter the copy running-config startup-config to ensure that the running configuration is used when the switch reboots. Note Clearing a zone set only erases the full zone database, not the active zone database. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-17 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 534
the zone status: switch# show zone status Enhanced Zoning The zoning feature complies with the FC-GS-4 and FC-SW-3 standards. Both standards support the basic zoning • Enabling Enhanced Zoning, page 38-20 38-18 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 535
a member type. The fWWN-based zone membership is only supported in Cisco interop mode. Supports fWWN-based membership in The fWWN-based member the standard interop mode (interop type is standardized. mode 1). OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-19 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 536
from all switches in the fabric. All switches in the fabric then move to basic zoning mode. Enabling Enhanced Zoning By default, the enhanced zoning feature is disabled in all switches in the Cisco Nexus 5000 Series. 38-20 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 537
the session is closed. If the fabric is locked by another user and switches after using the no zone commit vsan command, you can use the clear zone lock vsan command on the remote switches. switch# clear zone lock vsan 2 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 538
The merge method depends on the fabric-wide merge control setting: • Restrict-If the two databases are not identical, the ISLs between the switches are isolated. • Allow-The two rules are used to perform the merge. 38-22 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 539
for new VSANs on the switch. Only the active zone database is distributed. Note Because VSAN 1 is the default VSAN and is always present on the switch, the system default zone commands have no effect on VSAN 1. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-23 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 540
shows how to display active zoning analysis: switch# show zone analysis active vsan 1 See the Cisco Nexus 5000 Series Switch Command Reference for the description of the information displayed in the command output. 38-24 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 541
Default zone policy Full zone set distribute Enhanced zoning Default Denied to all members. The full zone set(s) is not distributed. Disabled. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 38-25 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 542
Default Settings Chapter 38 Configuring and Managing Zones Send feedback to [email protected] 38-26 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 543
Services Switches in the Cisco Nexus 5000 Series support Distributed Device Alias Services (device aliases) on a fabric-wide basis. This chapter includes the following sections: • Information About Device Aliases, page 39-1 • Device Alias Databases, page 39-2 • About Legacy Zone Alias Configuration - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 544
used to configure other features. You can use any zone member type to specify the end Only pWWNs are supported. devices. Configuration is contained configurations. • Effective database-The database currently used by the fabric. 39-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 545
Renames an existing device alias with a new name. To display the device alias configuration, use the show device-alias name command: switch# show device-alias name x device-alias name x pwwn 21:01:00:e0:8b:2e:80:93 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 39-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 546
Device Alias Databases Chapter 39 Distributing Device Alias Services Send feedback to [email protected] Device Alias Modes You can specify that automatically enforces zoning based on the new HBA's pWWN. 39-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 547
which device alias task), the fabric is automatically locked for the device alias feature. Once you lock the fabric, the following situations apply: • No other user can make any configuration changes to this feature. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 39-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 548
show device alias status command. switch# show device-alias status Fabric Distribution: Enabled Database:- Device Aliases 24 Status of the last CFS operation issued from this switch Operation: Abort Status: Success 39-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 549
shows the device alias display when distribution is disabled: switch# show device-alias status Fabric Distribution: Disabled Database:- Device Aliases 24 Status of the last CFS operation issued from this switch: OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 39-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 550
, then this merge operation will fail. Merge operations will also fail if there is a device alias mode mismatch. For additional information, see the "CFS Merge Support" section on page 21-6. 39-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 551
+ device-alias name SampleName pwwn 21:00:00:e0:8b:0b:66:56 Where available, device aliases are displayed regardless of a member being configured using a device-alias command or a zone-specific member pwwn command. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 39-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 552
Distributing Device Alias Services Send feedback to [email protected] Default Settings Table fabric lock state Default Enabled. Basic. Effective database. Pending database. Locked with the first device alias task. 39-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 553
mode Fibre Channel interfaces on Cisco Nexus 5000 Series switches. Except in configurations that require special consideration, you do not need to configure any FSPF services. FSPF automatically calculates the best path between any two switches in a fabric. FSPF provides the following capabilities - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 554
the network. The failure of a link in a SAN port channel does not trigger a route change, which reduces the risks of routing loops, traffic loss, or fabric downtime for route reconfiguration. 40-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 555
SPF computations on the VSAN. Setting this to a small value means that FSPF reacts faster to any fabric changes by recomputing paths on the VSAN. A small SPF computational hold time uses more switch CPU time. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 556
Chapter 40 Configuring Fibre Channel Routing Services and Protocols Send feedback to [email protected] About Link State Records Each time a new switch enters the fabric, a link state record (LSR) is sent to the neighboring switches, and then flooded throughout the fabric. Table 40 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 557
40-6 • Configuring FSPF Link Cost, page 40-6 • About Hello Time Intervals, page 40-6 • Configuring Hello Time Intervals, page 40-6 • About Dead Time Intervals, page 40-7 • Configuring Dead Time Intervals, page 40-7 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 558
the ports at both ends of the ISL. Configuring Hello Time Intervals To configure the FSPF Hello time interval, perform this task: Step 1 Command switch# configuration terminal Purpose Enters configuration mode. 40-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 559
the interface. The integer value to specify retransmit intervals can range from 1 to 65,535 seconds. Note This value must be the same on the switches on both ends of the interface. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 560
selected interfaces. By default, FSPF is enabled on all E ports and TE ports. This default can be disabled by setting the interface as passive. 40-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 561
the specified route (for example, FC ID 111211 and domain ID 3) in the switch with domain ID 1 (see Figure 40-3). Figure 40-3 Fibre Channel Routes fc1/1 Domain ID 1 Domain ID 3 Domain ID 7 79944 FC ID 111211 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 562
order in which they were received. Use IOD only if your environment cannot support out-of-order frame delivery. Tip If you enable the in-order delivery feature, the graceful shutdown feature is not implemented. 40-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 563
Chapter 40 Configuring Fibre Channel Routing Services and Protocols In-Order Delivery Send feedback to [email protected] This section includes same flow can switch from one path to another faster path. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 564
fabric. Otherwise, enable IOD only for the VSANs that require this feature. To enable in-order delivery for the switch, perform this task: Step 1 Command switch# configuration terminal Purpose Enters configuration mode. 40-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 565
inorder delivery:guaranteed vsan 3452 inorder delivery:guaranteed Configuring the Drop Latency Time You can change the default latency time for a network, a specified VSAN in a network, or for the entire switch. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 566
Statistics, page 40-15 • Counting Individual Flow Statistics, page 40-15 • Clearing FIB Statistics, page 40-15 • Displaying Flow Statistics, page 40-16 40-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 567
example clears the aggregated flow counters: switch# clear fcflow stats aggregated index 1 The following example clears the flow counters for source and destination FC IDs: switch# clear fcflow stats index 1 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-15 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 568
on all E ports and TE ports. Dynamic. 0. 0. 5 seconds. 30 minutes. 60 minutes. 20 seconds. 80 seconds. Derived from the principal switch (root node). FSPF stores up to 16 equal cost paths to a given destination. 40-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 569
. Disabled. If the cost (metric) of the route is not specified, the default is 10. If the remote destination switch is not specified, the default is direct. Uses the principal switch to compute the multicast tree. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 40-17 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 570
Default Settings Chapter 40 Configuring Fibre Channel Routing Services and Protocols Send feedback to [email protected] 40-18 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 571
devices in the fabric login (FLOGI) table: switch# show flogi switch# show flogi database interface vfc1/1 INTERFACE VSAN FCID PORT NAME NODE NAME vfc1/1 1 0x870000 20:00:00:1b:21:06:58:bc 10:00:00:1b:21:06:58:bc OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 572
using another device's pWWN by enabling the reject-duplicate-pwwn option. If you disable this option, these pWWNs are allowed to log in to the fabric and replace the first device in the name server database. 41-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 573
:a6:be:14 (Seagate) scsi-fcp Total number of entries = 4 The following example shows how to display the name server database details for all VSANs: switch# show fcns database detail OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 41-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 574
for all VSANs: switch# show fcns statistics FDMI Cisco Nexus 5000 Series switches provide support for the Fabric-Device Management Interface multi-pid Option, page 41-5 • Configuring the multi-pid Option, page 41-6 41-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 575
generated to host H, and the RSCN payload lists the affected port IDs (in this case, both D1 and D2). Note Some Nx ports may not support multi-pid RSCN payloads. If so, disable the RSCN multi-pid option. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 41-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 576
what changed. Domain format SW-RSCNs can cause problems with some non-Cisco SAN switches. For additional information, see the Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide, available at the following location: http://www.cisco.com/en/US/docs/storage/san_switches/mds9000 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 577
You verify the RSCN timer configuration using the show rscn event-tov vsan command. The following example shows how to clear the RSCN statistics for VSAN 10: switch# show rscn event-tov vsan 10 Event TOV : 1000 ms OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 41-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 578
, see Chapter 21, "Using Cisco Fabric Services." RSCN supports two modes, distributed and nondistributed. In distributed mode, RSCN uses CFS to distribute configuration to all switches in the fabric. In nondistributed mode, only the configuration commands on the local switch are affected. Note All - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 579
RSCN Configuration Distribution Information The following example shows how to display the registration status for RSCN configuration distribution: switch# show cfs application name rscn Enabled Timeout : Yes : 5s OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 41 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 580
Table 41-1 lists the default settings for RSCN. Table 41-1 Default RSCN Settings Parameters RSCN timer value RSCN timer configuration distribution Default 2000 milliseconds for Fibre Channel VSANs Disabled 41-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 581
or SNMP. This information is also synchronized with neighboring switches, if those switches belong to the Cisco Nexus 5000 Series. This section includes the following topics: • About = SCSI_FCP are discovered. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 42-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 582
-list add vsan vsan-id domain domain-id switch# discover custom-list delete vsan vsan-id domain domain-id Purpose Adds the specified entry to the custom list. Deletes the specified domain ID from the custom list. 42-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 583
all operating systems: switch# show scsi-target lun os all The following example displays the port WWN that is assigned to each operating system (Windows, AIX, Solaris, Linux, or HPUX): switch# show scsi-target pwwn OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 42-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 584
Displaying SCSI LUN Information Chapter 42 Discovering SCSI Targets Send feedback to [email protected] 42-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 585
protocol-related timer values for the switch by configuring the following timeout values (TOVs): • Distributed services TOV (D_S_TOV)-The valid range is Fabric Lock Override, page 43-4 • Database Merge Guidelines, page 43-4 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 586
(config#)# fctimer D_S_TOV timeout vsan vsan-id Configures the D_S_TOV timeout value (in milliseconds) for the specified VSAN. Suspends the VSAN temporarily. You have the option to end this command, if required. 43-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 587
Purpose Enters configuration mode. Distributes the fctimer configuration changes to all switches in the fabric and releases the lock. Overwrites the effective database with the changes made to the pending database. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 43-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 588
cannot be more than 15. After 15 operations, you must commit or abort the pending configurations before performing any more operations. See the "CFS Merge Support" section on page 21-6 for additional information. 43-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 589
familiar with switch operations. This section includes the following topics: • Verifying WWN Information, page 43-6 • Link Initialization WWN Usage, page 43-6 • Configuring a Secondary MAC Address, page 43-6 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 43-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 590
a specific switch: switch# show wwn switch Switch WWN is 20:00:ac:16:5e:52:00:00 Link Initialization WWN Usage Exchange Link Protocol (ELP) and Exchange Fabric Protocol (EFP entered: no. Secondary MAC NOT programmed 43-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 591
part of the running and saved configuration. • The list of company IDs is used only when the fcinterop FC ID allocation scheme is in auto mode. By default, the interop FC ID allocation is set to auto, unless changed. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 43-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 592
the company IDs in a specific WWN by entering the show fcid-allocation company-id-from-wwn command. Some WWN formats do not support company IDs. In these cases, you many need to configure the FC ID persistent entry. 43-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 593
the product with a standards-compliant implementation. Note For more information on configuring interoperability for Cisco Nexus 5000 Series switches, see the Cisco MDS 9000 Family Switch-to-Switch Interoperability Configuration Guide. This section includes the following topics: • About Interop Mode - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 594
even when in interop mode. The routing of frames within the fabric is not changed by the introduction of interop mode. The switch continues to use src-id, dst-id, and ox-id to load balance across multiple ISL links. 43-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 595
switch agrees and assigns the requested ID. Note When changing the domain ID, the FC IDs assigned to N ports also change. Step 3 Change the Fibre Channel timers (if they have been changed from the system defaults). OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 596
must be the same on each switch within the fabric. Step 4 switch(config)# fctimer e_d_tov ? E_D_TOV in milliseconds(1000-100000) switch(config)# fctimer r_a_tov ? - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 597
version: 4.0(1a)N1(1) Service: plugin Core Plugin, Ethernet Plugin Step 2 Verify if the interface states are as required by your configuration. switch# show int brief Interface domain 100 preferred vsan 1 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 43-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 598
ID. switch# show fcdomain vsan 1 The local switch is a Subordinated Switch. Local switch run time information: State: Stable Local switch WWN: 20:01:00:05:30:00:51:1f Running fabric name: 22:32:91 [Principal] 43-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 599
:00:00:e0:69:f0:43:9f (JNI) Total number of entries = 12 Note The Cisco switch name server shows both local and remote entries, and does not time out the entries. Default Settings capture connection protocol TCP OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 43-15 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 600
capture connection mode Local capture frame limits FC ID allocation mode Loop monitoring Interop mode Default Passive 10 frames Auto mode Disabled Disabled 43-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 601
• DHCHAP, page 44-2 • Sample Configuration, page 44-9 • Default Settings, page 44-11 Information About Fabric Authentication All Cisco Nexus 5000 Series switches enable fabric-wide authentication from one switch to another switch, or from a switch to a host. These switch and host authentications are - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 602
Channel authentication allows only trusted devices to be added to a fabric, which prevents unauthorized devices from accessing the switch. Note The terms FC-SP and DHCHAP are used interchangeably in this chapter. 44-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 603
, DHCHAP authentication is performed at the physical interface level, not at the port channel level. • Port security or fabric binding-Fabric-binding policies are enforced based on identities authenticated by DHCHAP. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 44-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 604
commands for fabric authentication. When you disable this feature, all related configurations are automatically discarded. Enabling DHCHAP To enable DHCHAP for a Cisco Nexus 5000 Series switch, perform this task: Step 1 Step 2 Command switch# configuration terminal switch(config)# fcsp - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 605
interval configuration is the same as setting it to zero (0). About the DHCHAP Hash Algorithm Cisco SAN switches support a default hash algorithm priority list of MD5 followed by SHA-1 for DHCHAP authentication. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 44 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 606
in each direction requires a shared secret password between the connected devices. To do this, you can use one of three configurations to manage passwords for all switches in the fabric that participate in DHCHAP: 44-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 607
3 and using the Cisco MDS 9000 Family Fabric Manager to manage the password database. Configuring DHCHAP Passwords for the Local Switch To configure the DHCHAP password for the local switch, perform this task: Step 1 Step 2 Command switch# configuration terminal switch(config)# fcsp dhchap - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 608
configures a password entered in an encrypted format for another switch in the fabric that is identified by the switch WWN device name: switch(config)# fcsp dhchap devicename 00:11:22:33:55:aa:bb:cc password 7 asdflkjh About the DHCHAP Timeout Value During the DHCHAP protocol exchange, if the Cisco - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 609
to configure the example illustrated in Figure 44-2. Figure 44-2 Sample DHCHAP Authentication Password sent by NX-5000 to MDS-9509 Oregon int fc 1/6 int fc 4/5 Password sent by MDS-9509 to NX5000 MDS-9509 187234 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 610
devicename 20:00:00:05:30:00:54:de password rtp9216 MDS-9509(config)# interface fc 4/5 MDS-9509(config-if)# fcsp on MDS-9509# show fcsp dhchap database DHCHAP Local Password: Non-device specific password:******* 44-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 611
order DHCHAP timeout value Default Disabled A priority list of MD5 followed by SHA-1 for DHCHAP authentication Auto-passive 0, 4, 1, 2, and 3, respectively 30 seconds OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 44-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 612
Default Settings Chapter 44 Configuring FC-SP and DHCHAP Send feedback to [email protected] 44-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 613
switches that are CFS capable. Distribution is disabled by default. • Configuring the port security policy requires the Storage Protocol Services license. For additional information, see Chapter 4, "Managing Licenses." OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 614
enforce authorization. About Auto-Learning You can instruct the switch to automatically learn (auto-learn) the port security configurations over a specified period. This feature allows any Cisco Nexus 5000 Series switch to automatically learn about devices and switches that connect to it. Use this - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 615
Configuring Port Security with Manual Database Configuration, page 45-5 Configuring Port Security with Auto-Learning and CFS Distribution To configure commit to copy this configuration to all switches in the fabric. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 616
page 45-17. Copy the running configuration to the startup configuration, which saves the port security configuration database to the startup configuration. Repeat Step 1 through Step 6 for all switches in the fabric. 45-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 617
5 for all switches in the fabric. Enabling Port Security By default, the port security feature is disabled in Cisco Nexus 5000 Series switches. To enable port security, perform this task: Step 1 Step 2 Command switch# configuration terminal switch(config)# port-security enable switch(config)# no - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 618
# configuration terminal switch(config)# switch(config)# port-security activate vsan vsan-id force Purpose Enters configuration mode. Forces the port security database to activate for the specified VSAN even if conflicts occur. 45-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 619
, page 45-8 • Enabling Auto-Learning, page 45-8 • Disabling Auto-Learning, page 45-8 • Auto-Learning Device Authorization, page 45-8 • Authorization Scenario, page 45-9 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 620
-Learning Device Requests Condition Device (pWWN, nWWN, sWWN) 1 Configured with one or more switch 2 ports Requests Connection to Authorization A configured switch port Permitted Any other switch port Denied 45-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 621
match for F3. Denied 2 P1 is bound to F1. Denied 2 N1 is only allowed on F2. Permitted 1 No conflict. Permitted 1 No conflict. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 622
No conflict. Permitted 6 Wildcard ( * ) match for F3 and N3. Permitted 6 Wildcard ( * ) match for N3. Port Security Manual Configuration To configure port security on a Cisco Nexus 5000 Series switch, perform this task: Step 1 Step 2 Step 3 Step 4 Identify the WWN of the ports that need to be - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 623
the specified switch: switch(config-port-security)# pwwn 20:11:33:11:00:2a:4a:66 swwn 20:00:00:0c:85:90:3e:80 interface fc 3/2 This example configures any WWN to log in through the specified interface in any switch: OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 624
Purpose switch# configuration terminal switch(config)# Enters configuration mode. switch(config)# port-security distribute Enables distribution. switch(config)# no port-security distribute Disables distribution. 45-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 625
, the learned entries become static entries in the active database and are distributed to all switches in the fabric. After the commit, the active database on all switches are identical and learning can be disabled. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 626
guidelines: • Verify that the activation status and the auto-learning status is the same in both fabrics. • Verify that the combined number of configurations for each VSAN in both databases does not exceed 2000. 45-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 627
• Clearing the Port Security Database, page 45-18 Database Scenarios Figure 45-1 illustrates various scenarios showing the active database and the configuration database status based on port security configurations. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-15 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 628
in the startup configuration. Saving the configuration (copy running start) active Database Copying active database to config database 99301 45-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 629
, this command creates a temporary copy (and consequently a fabric lock) of the configuration database. If you lock the fabric, you need to commit the changes to the configuration databases in all the switches. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-17 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 630
local to the switch and do not participate in distribution. Use the port-security clear vsan command to clear the pending session in the VSAN from any switch in the VSAN. switch# clear port-security session vsan 5 45-18 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 631
Parameters Auto-learn Port security Distribution Default Enabled if port security is enabled. Disabled. Disabled. Note Enabling distribution enables it on all VSANs in the switch. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 45-19 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 632
Default Settings Chapter 45 Configuring Port Security Send feedback to [email protected] 45-20 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 633
Versus Fabric Binding, page 46-2 • Fabric Binding Enforcement, page 46-2 Licensing Requirements Fabric Binding requires the Storage Protocol Services license. For additional information, see Chapter 4, "Managing Licenses." OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 634
are done on every activation and when the port tries to come up. For a Fibre Channel VSAN, the fabric binding feature requires all sWWNs connected to a switch to be part of the fabric binding active database. 46-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 635
terminal switch(config)# fabric-binding enable switch(config)# no fabric-binding enable Purpose Enters configuration mode. Enables fabric binding on that switch. Disables (default) fabric binding on that switch. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 46 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 636
config database conflict with the current state of the fabric. For example, one of the already logged in switches may be denied login by the config database. You can choose to forcefully override these situations. 46-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 637
database diff active vsan command to view the differences between the active database and the config database. This command can be used when resolving conflicts. switch# fabric-binding database diff active vsan 1 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 46-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 638
example displays the active fabric binding information for VSAN 4: switch# show fabric-binding database active vsan 4 The following example displays fabric binding violations: switch# show fabric-binding violations 46-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 639
show fabric-binding efmd statistics vsan 4 Default Settings Table 46-2 lists the default settings for the fabric binding feature. Table 46-2 Default Fabric Binding Settings Parameters Fabric binding Default Disabled OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 640
Default Settings Chapter 46 Configuring Fabric Binding Send feedback to [email protected] 46-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 641
for some attributes. In the Cisco Nexus 5000 Series switch environment, a fabric may consist of multiple VSANs. One instance of the FCS is present per VSAN. FCS supports the discovery of virtual devices. The fcs virtual-device-add command, entered in FCS configuration submode, allows you to discover - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 642
information about the fabric topology. • Support TE ports in fabric. FCS Name Specification You can specify if the unique name verification is for the entire fabric (globally) or only for locally (default) registered platforms. 47-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 643
command globally only if every switch in the fabric belong to the Cisco MDS 9000 Family or Cisco Nexus 5000 Series of switches. To enable global checking of the platform name, perform this task: Step 1 Step 2 Command switch# configuration terminal switch(config)# switch(config)# fcs plat-check - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 644
Configuring Fabric Configuration Servers Send feedback to [email protected] The following example shows how to display a list of all interconnect elements for VSAN 1: switch type Default Disabled Unknown 47-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 645
section on page 41-5). In Figure 48-1, when the direct link 1 to the host fails, recovery can be immediate. However, when the ISL 2 fails between the two switches, recovery depends on TOVs, RSCNs, and other factors. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 48-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 646
This section includes the following topics: • Enabling Port Tracking, page 48-3 • About Configuring Linked Ports, page 48-3 • Operationally Binding a Tracked Port, page 48-3 • About Tracking Multiple Ports, page 48-4 48-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 647
fc slot/port Purpose Enters configuration mode. Enters the interface configuration mode for the linked port. You can now configure the tracked ports. Note This link symbolizes the direct link (1) in Figure 48-1. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 48-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 648
1 will not be brought down if either 2 or 3 are still functioning as desired. Figure 48-2 Traffic Recovery Using Port Tracking Port Channel FC 2/4 2 WAN or X MAN 1 X FC 3/2 FC FC X3 WAN or MAN 187237 48-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 649
tracking of the SAN port channel in VSAN 2. switch(config-if)# no port-track Removes the VSAN association for the linked port. The SAN interface san-port-channel 1 vsan 2 port channel link remains in effect. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 48-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 650
channel: switch# show interface san-port-channel 1 port-channel 1 is down (No operational members) Hardware is Fibre Channel Port WWN is 24:01:00:05:30:00:0d:de Admin port mode is auto, trunk mode is on Port vsan is 2 48-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 651
for port tracking parameters. Table 48-1 Default Port Tracking Parameters Parameters Port tracking Operational binding Default Disabled Enabled along with port tracking OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 48-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 652
Default Port Tracking Settings Chapter 48 Configuring Port Tracking Send feedback to [email protected] 48-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 653
Send feedback to [email protected] PART 8 Troubleshooting - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 654
Send feedback to [email protected] - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 655
49-2 • Configuring SPAN, page 49-2 SPAN Sources SPAN sources refer to the interfaces from which traffic can be monitored. The Cisco Nexus 5000 Series switch supports Ethernet, Fibre . • Cannot be a destination port. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 49-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 656
You can configure a SPAN session to duplicate packets from source ports to the specified destination ports on the switch. This section includes the following topics: • Creating and Deleting a SPAN Session, page 49-3 49-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 657
the configuration of Ethernet and Fibre Channel destination ports as described in the following topics: • Configuring an Ethernet Destination Port, page 49-4 • Configuring Fibre Channel Destination Port, page 49-4 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 49 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 658
(SD) mode. Sets the interface speed to 1000. The auto speed option is not allowed. Reverts to global configuration mode. Enters the monitor configuration mode. Configures the Fibre Channel destination port. 49-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 659
can configure the source channels for a SPAN session. These ports can be port channels, SAN port channels, VLANs, and VSANs. The monitored direction can only be ingress and applies to all physical ports in the group. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 49 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 660
SPAN session. The following example shows configuring a description of a SPAN session: switch# configure terminal switch(config)# monitor session 2 switch(config-monitor)# description monitoring ports fc2/2-fc2/4 49-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 661
session or all sessions. Note The Cisco Nexus 5000 Series switch supports two active SPAN sessions. When you configure more than two SPAN sessions, the session details: switch# show monitor session 2 session 2 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 49-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 662
SPAN Send feedback to [email protected] type : local state : up source intf : rx : fc3/1 tx : fc3/1 both : fc3/1 source VLANs : rx : source VSANs : rx : 1 destination ports : Eth3/1 49-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 663
methods used to resolve issues with a Cisco Nexus 5000 Series switch. This chapter includes the following sections: • Recovering a Lost Password, page 50-1 • Using Ethanalyzer, page 50-3 • Troubleshooting Fibre Channel, page 50-5 • show tech-support Command, page 50-8 • Default Settings, page - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 664
image. In the following example, the system image filename is nx-os.bin: switch(boot) # load bootflash:nx-os.bin Log in to the switch using the new administrator password. switch login: admin Password: 50-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 665
Chapter 50 Troubleshooting Using Ethanalyzer Send feedback to [email protected] Step 8 Step 9 Reset the new password to ensure that is it is also the SNMP password. switch# configure terminal switch(config)# username admin password switch(config)# exit switch# Save the - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 666
Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN- 0, Len: 0 Source port: 1288 (1288) 50-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 667
Troubleshooting Fibre Channel This section describes troubleshooting of the fabric. When the frame reaches the edge of the fabric (the switch. Also, fctrace times out in the originator, and path discovery does not start. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 668
Channel Chapter 50 Troubleshooting Send feedback to [email protected] To perform the fctrace operation, perform one of these tasks: Command switch# fctrace fcid 0xd70000 of the destination N port. 50-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 669
Chapter 50 Troubleshooting Troubleshooting Fibre Channel Send feedback to [email protected] fcping few seconds later. Verifying Switch Connectivity You can verify connectivity to a destination switch. OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 670
the switch for troubleshooting purposes. The output of this command can be provided to technical support representatives when reporting a problem. The show tech-support command displays the output of several show commands at once. The output from this command varies depending on your configuration - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 671
Chapter 50 Troubleshooting show tech-support Command Send feedback to [email protected] The default output of the show tech-support command includes the output of system reset-reason • show logging nvram OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-9 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 672
how to display a condensed view of the switch configurations: switch# show tech-support brief Switch Name : switch Switch Type : Kickstart Image : 4.0(0) bootflash:///nuova-or-kickstart-nsg.4.0.0.001.bin 50-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 673
Chapter 50 Troubleshooting show tech-support Command Send feedback to [email protected] System Image IP Address/Mask Switch WWN No of VSANs Configured VSANs : 4.0(0) /35 up -- 10000 1500 -- OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 674
show tech-support Command Chapter 50 Troubleshooting Send feedback to [email protected] Ethernet1/36 Ethernet1/37 Ethernet1/38 Ethernet1/39 Ethernet1/40 4093 • show fcns internal event-history 50-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 675
• show zone pending-diff vsan 1-4093 • show zone analysis active vsan 1-4093 • show zone analysis vsan 1-4093 • show zone ess vsan 1-4093 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-13 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 676
show tech-support Command Chapter 50 Troubleshooting Send feedback to [email protected] • show zone internal vsan 1-4093 • show zone internal change event all • show platform hardware fwm info vlan all 50-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 677
Chapter 50 Troubleshooting show tech-support Command Send feedback to [email protected] • show platform hardware fwm info pif all • show platform info global • show platform afm info attachment brief OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide 50-15 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 678
for the features included in this chapter. Table 50-1 Default Settings for Troubleshooting Features Parameters Default Timeout period to invoke fctrace 5 seconds Number of FC ID allocation mode Auto mode 50-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 679
Send feedback to [email protected] 51 C H A P T E R Configuration Limits The features supported by the Cisco Nexus 5000 Series Switch have maximum configuration limits. For some of the features, we have verified configurations that support limits less that the maximum. Table 51-1 lists - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 680
sessions configured (2 active) Egress SPAN sources 2 2 1. The entire 4094 VLAN ID space is supported. 2. configured to count either bytes or packets. A system-wide limit of 32 accounting entries for VACL or PACL is enforced. 51-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 681
groups description 16-3 AAA servers specifying SNMPv3 parameters 16-10, 16-11 specifying user roles 16-11 specifying user roles in VSAs 16-10 AAA services configuration options 16-3 remote 16-2 security 16-1 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-1 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 682
Call Home destination profiles attributes 26-8 Call Home messages configuring levels 26-4 format options 26-2 call home notifications full-txt format for syslog 26-18 XML format for syslog 26-19 CDP configuring 5-7 IN-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 683
discarding changes 39-6 distribution to fabric 39-5 enabling distribution 39-7 locking the fabric 39-5 merging 39-8 overriding fabric locks 39-6 device aliases comparison with 26-16 DHCHAP AAA authentication 44-8 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-3 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 684
38-20 merging databases 38-22 modifying database 38-21 E port mode classes of service 32-3 description 32-3 E ports configuring 32-9 fabric binding checking 46-2 FCS support 47-1 FSPF topologies 40-1 isolation 32-7 IN-4 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 685
38-10 creating 38-11 renaming 38-16 using 39-8 fcdomains autoreconfigured merged fabrics 33-6 configuring CFS distribution 33-10, 33-13 default settings 33-19 description 33-1 disabling 33-5 displaying information 33-18, 33-19 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-5 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 686
47-4 description 47-1 displaying fabric ports using Device Manager 47-4 displaying information 47-3 fctimers displaying configured values 43-4 distribution 43-3 fctrace statistics clearing 40-15 counting 40-15 IN-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 687
24-2 runtime 24-2 graces period alerts licenses 4-8 H hard zoning description 38-13 HBA ports configuring area FCIDs 33-16 HBAs FC ID allocations 43-6 health monitoring diagnostics information 24-2 hello time MSTP 9-21 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-7 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 688
37-8 displaying membership 37-8 L LACP 11-1, 11-10 system ID 11-5 license key files description 4-2 installing key files 4-4 updating 4-4 licenses backing up 4-5 claim certificates 4-1 IN-8 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 689
interop mode 43-9 merged fabrics autoreconfigured 33-6 mgmt0 interfaces configuring 3-20 description 3-20 Microsoft configuring forward-delay time 9-21 hello time 9-21 maximum aging time 9-22 maximum hop count 9-22 MST region 9-13 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 690
DHCHAP 44-6, 44-7 setting administrator default 3-9 strong characteristics 22-2 persistent FC IDs configuring 33-14 description 33-14 displaying 33-18 enabling 33-14 purging 33-17 PLOGI name server 41-3 Port Channel IN-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 691
requirement 45-1 preventing unauthorized accesses 45-1 WWN identification 45-10 port security auto-learning authorization examples 45-8 description 45-2 device authorization 45-8 disabling 45-8 distributing configuration 45-13 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-11 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 692
dead-time intervals 17-12 configuring hosts 17-5 configuring periodic monitoring 17-11 configuring preshared keys 17-6 configuring timeout interval 17-9 configuring transmission retry count 17-9 deleting hosts 17-12 IN-12 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 693
switch, defined 8-10 proposal-agreement handshake process 8-7 rapid convergence 8-7 point-to-point links 8-7 root ports 8-7 root port, defined 8-10 See also MSTP runtime checks static routes 40-9 runtime diagnostics information 24-2 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 694
-10 path selection 37-10 SPAN egress sources 49-1 sources for monitoring 49-1 SPAN destination port mode. See SD port mode SPAN sources IN-14 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 695
-7, 18-13 configuring TCP ports 18-10 configuring timeout interval 18-9 displaying statistics 18-13 field descriptions 18-13 manually monitoring 18-12 monitoring 18-3 verifying configuration 18-13 TCP ports TACACS+ servers 18-10 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-15 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 696
IDs configuring 33-16 description 33-15 user accounts password characteristics 22-2 user login authentication process 16-4 authorization process 16-4 user logins configuring AAA login authentication methods 16-7 user roles IN-16 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 697
options 16-11, 17-3 support description 16-11 VTP domains VLANs 6-3 W world wide names. See WWNs WWNs configuring 43-5 displaying information 43-5 link initialization 43-6 port security 45-10 secondary MAC addresses 43-6 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-17 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 698
cisco.com suspended connections 32-7 Z zone aliases conversion to device aliases 39-8 importing 39-8 zone attribute groups cloning 38-16 zone databases migrating a non-MDS ) 38-16 show tech-support zone command 50-12 viewing Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 699
Index Send feedback to [email protected] implementation 38-4 See also zones;zone sets 38-1 OL-16597-01 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide IN-19 - HP AJ732A | Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX- - Page 700
Index Send feedback to [email protected] IN-20 Cisco Nexus 5000 Series Switch CLI Software Configuration Guide OL-16597-01
Send feedback to [email protected]
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco Nexus 5000 Series Switch CLI
Software Configuration Guide
Software Release 4.0(1a)N1
January 2009
Text Part Number: OL-16597-01