cisco nexus 9000 series nx-os system management ......cisco nexus 9000 series nx-os system...

Cisco Nexus 9000 Series NX-OS System Management ConfigurationGuide, Release 9.3(x)First Published: 2019-07-20

Last Modified: 2021-04-27

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 527-0883

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITHTHE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version ofthe UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHERWARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUTLIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, networktopology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentionaland coincidental.

All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.

Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply apartnership relationship between Cisco and any other company. (1721R)

© 2019–2021 Cisco Systems, Inc. All rights reserved.

https://www.cisco.com/c/en/us/about/legal/trademarks.html

C O N T E N T S

Preface xxiiiP R E F A C E

Audience xxiii

Document Conventions xxiii

Related Documentation for Cisco Nexus 9000 Series Switches xxiv

Documentation Feedback xxiv

Communications, Services, and Additional Information xxiv

New and Changed Information 1C H A P T E R 1

New and Changed Information 1

Platform Support for System Management Features 7C H A P T E R 2

Platform Support for System Management Features 7

Overview 15C H A P T E R 3

Licensing Requirements 15

Software Image 15

Cisco NX-OS Device Configuration Methods 16

Configuring with CLI or XML Management Interface 16

Configuring with Cisco DCNM 17

Network Time Protocol 17

Cisco Discovery Protocol 17

Session Manager 17

Scheduler 17

SNMP 18

Online Diagnostics 18

Onboard Failure Logging 18

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)iii

SPAN 18

ERSPAN 18

LLDP 18

MPLS Stripping 19

sFlow 19

SMUs 19

Virtual Device Contexts 19

Troubleshooting Features 19

Configuring Switch Profiles 21C H A P T E R 4

About Switch Profiles 21

Switch Profile Configuration Modes 22

Configuration Synchronization Mode 22

Switch Profile Mode 22

Switch Profile Import Mode 22

Configuration Validation 22

Mutual Exclusion Checks 22

Merge Checks 23

Software Upgrades and Downgrades with Switch Profiles 23

Guidelines and Limitations for Switch Profiles 23

Configuring Switch Profiles 25

Adding or Modifying Switch Profile Commands 27

Importing a Switch Profile 28

Importing Configurations in a vPC Topology 30

Isolating a Peer Switch 30

Deleting a Switch Profile 31

Manually Correcting Mutex and Merge Failures 32

Verifying the Switch Profile Configuration 32

Configuration Examples for Switch Profiles 32

Creating a Switch Profile on a Local and a Peer Switch 32

Verifying the Synchronization Status 35

Showing the Running Configuration 36

Displaying the Switch Profile Synchronization Between the Local and the Peer Switch 37

Displaying Verify and Commit on the Local and the Peer Switch 37

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)iv

Contents

Displaying the Successful andUnsuccessful Synchronization Between the Local and the Peer Switch39

Displaying the Switch Profile Buffer 39

Importing Configurations 40

Migrating to Cisco NX-OS Release 7.0(3)I2(1) or Higher in a Fabric Extender Straight-ThroughTopology 42

Replacing a Cisco Nexus 9000 Series Switch 42

Synchronizing Configurations 43

Synchronizing Configurations After a Cisco Nexus 9000 Series Switch Reboots 43

Synchronizing Configurations When the mgmt0 Interface Connectivity Is Lost 44

Reverting an Inadvertent Port Mode Change of Layer 2 to Layer 3 in Global ConfigurationMode 44

Configuring Frequency Synchronization 45C H A P T E R 5

About Frequency Synchronization 45

Hybrid SyncE-PTP with External PRC Source 46

Timing Sources 46

Timing Inputs 46

Timing Outputs 47

Timing Source Selection Points 47

Guidelines and Limitations for Frequency Synchronization 48

Configuring Frequency Synchronization 48

Enabling Frequency Synchronization 48

Configuring Frequency Synchronization on an Interface 50

Verifying the Frequency Synchronization Configuration 52

Configuring PTP 57C H A P T E R 6

About PTP 57

PTP Offload 58

PTP Device Types 58

Clocks 58

PTP Process 59

ITU-T Telecom Profile for PTP 61

Telecom Profile G.8275.1 61

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)v

Contents

High Availability for PTP 62

Guidelines and Limitations for PTP 62

Default Settings for PTP 65

Configuring PTP 66

Configuring PTP Globally 66

Configuring PTP on an Interface 69

Configuring PTP in Unicast Mode 74

Configuring Unicast Mode 74

Assigning Master Role 74

Assigning Slave Role 76

Configuring Unicast Source Address 77

Configuring PTP Telecom Profile 78

Configuring Global PTP Telecom Profile 78

Configuring PTP Telecom Profile on an Interface 80

PTP Profile Defaults 83

Configuring PTP Notifications 85

PTP Mixed Mode 87

Configuring a PTP Interface to Stay in a Master State 87

Timestamp Tagging 88

Configuring Timestamp Tagging 89

Configuring the TTAG Marker Packets and Time Interval 89

Verifying the PTP Configuration 91

Verifying the PTP Telecom Profile Configuration 92

Configuration Examples for PTP 96

Additional References 98

Related Documents 98

Configuring NTP 99C H A P T E R 7

About NTP 99

NTP Associations 100

NTP as a Time Server 100

Clock Manager 100

High Availability 100

Virtualization Support 100

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)vi

Contents

Prerequisites for NTP 101

Guidelines and Limitations for NTP 101

Default Settings for NTP 102

Configuring NTP 102

Enabling or Disabling NTP 102

Configuring the Device as an Authoritative NTP Server 103

Configuring an NTP Server and Peer 103

Configuring NTP Authentication 105

Configuring NTP Access Restrictions 107

Configuring the NTP Source IP Address 109

Configuring the NTP Source Interface 109

Configuring NTP Logging 110

Verifying the NTP Configuration 110

Configuration Examples for NTP 111



MIBs 112

Configuring CDP 113C H A P T E R 8

About CDP 113

VTP Feature Support 114



Guidelines and Limitations for CDP 114

Default Settings for CDP 115

Configuring CDP 115

Enabling or Disabling CDP Globally 115

Enabling or Disabling CDP on an Interface 116

Configuring Optional CDP Parameters 116

Verifying the CDP Configuration 117

Configuration Example for CDP 118

Configuring System Message Logging 119C H A P T E R 9

About System Message Logging 119

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)vii

Contents

Syslog Servers 120

Secure Syslog Servers 120

Guidelines and Limitations for System Message Logging 120

Default Settings for System Message Logging 121

Configuring System Message Logging 122

Configuring System Message Logging to Terminal Sessions 122

Configuring the Origin ID for Syslog Messages 124

Logging System Messages to a File 124

Configuring Module and Facility Messages Logging 127

Configuring Syslog Servers 129

Configuring Secure Syslog Servers 130

Configuring the CA Certificate 131

Enrolling the CA Certificate 132

Configuring Syslog Servers on a UNIX or Linux System 133

Displaying and Clearing Log Files 134

Verifying the System Message Logging Configuration 135

Repeated System Logging Messages 136

Configuration Example for System Message Logging 137



Configuring Smart Call Home 139C H A P T E R 1 0

About Smart Call Home 139

Destination Profiles 140

Smart Call Home Alert Groups 140

Smart Call Home Message Levels 143

Obtaining Smart Call Home 144

Database Merge Guidelines 145



Prerequisites for Smart Call Home 145

Guidelines and Limitations for Smart Call Home 146

Default Settings for Smart Call Home 146

Configuring Smart Call Home 147

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)viii

Contents

Configuring Contact Information 147

Creating a Destination Profile 149

Modifying a Destination Profile 150

Associating an Alert Group with a Destination Profile 152

Adding Show Commands to an Alert Group 153

Configuring the Email Server 154

Configuring VRFs To Send Messages Using HTTP 155

Configuring an HTTP Proxy Server 156

Configuring Periodic Inventory Notifications 157

Disabling Duplicate Message Throttling 158

Enabling or Disabling Smart Call Home 159

Testing the Smart Call Home Configuration 160

Verifying the Smart Call Home Configuration 160

Configuration Examples for Smart Call Home 161


Event Triggers 162

Message Formats 164

Short Text Message Format 164

Common Event Message Fields 164

Alert Group Message Fields 166

Fields for Reactive and Proactive Event Messages 166

Fields for Inventory Event Messages 167

Fields for User-Generated Test Messages 167

Sample Syslog Alert Notification in Full-Text Format 168

Sample Syslog Alert Notification in XML Format 170

MIBs 174

Configuring Session Manager 175C H A P T E R 1 1

About Session Manager 175


Prerequisites for Session Manager 176

Guidelines and Limitations for Session Manager 176

Configuring Session Manager 176

Creating a Session 176

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)ix

Contents

Configuring ACLs in a Session 177

Verifying a Session 178

Committing a Session 178

Saving a Session 178

Discarding a Session 178

Verifying the Session Manager Configuration 179

Configuration Example for Session Manager 179



Configuring the Scheduler 181C H A P T E R 1 2

About the Scheduler 181

Remote User Authentication 182

Logs 182


Prerequisites for the Scheduler 182

Guidelines and Limitations for the Scheduler 182

Default Settings for the Scheduler 183

Configuring the Scheduler 183

Enabling or Disabling the Scheduler 183

Defining the Scheduler Log File Size 184

Configuring Remote User Authentication 184

Defining a Job 185

Deleting a Job 186

Defining a Timetable 187

Clearing the Scheduler Log File 189

Verifying the Scheduler Configuration 189

Configuration Examples for the Scheduler 189

Creating a Scheduler Job 189

Scheduling a Scheduler Job 190

Displaying the Job Schedule 190

Displaying the Results of Running Scheduler Jobs 190

Configuring SNMP 193C H A P T E R 1 3

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)x

Contents

About SNMP 193

SNMP Functional Overview 193

SNMP Notifications 194

SNMPv3 195

Security Models and Levels for SNMPv1, v2, v3 195

User-Based Security Model 196

CLI and SNMP User Synchronization 197

Group-Based SNMP Access 198

SNMP and Embedded Event Manager 198

Multiple Instance Support 198

High Availability for SNMP 199

Virtualization Support for SNMP 199

Guidelines and Limitations for SNMP 199

Default Settings for SNMP 200

Configuring SNMP 200

Configuring SNMP Users 200

Enforcing SNMP Message Encryption 201

Assigning SNMPv3 Users to Multiple Roles 201

Creating SNMP Communities 202

Filtering SNMP Requests 202

Configuring SNMP Notification Receivers 204

Configuring a Source Interface for SNMP Notifications 204

Configuring the Notification Target User 206

Configuring SNMP Notification Receivers with VRFs 206

Configuring SNMP to Send Traps Using an Inband Port 208

Enabling SNMP Notifications 209

Disabling Link Notifications on an Interface 217

Displaying SNMP ifIndex for an Interface 218

Enabling a One-Time Authentication for SNMP over TCP 218

Assigning SNMP Device Contact and Location Information 218

Configuring the Context to Network Entity Mapping 219

Disabling SNMP 220

Managing the SNMP Server Counter Cache Update Timer 221

Modifying the AAA Synchronization Time 221

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xi

Contents

Configuring the SNMP Local Engine ID 222

Verifying SNMP Configuration 223

Configuration Examples for SNMP 224



RFCs 225

MIBs 226

Configuring RMON 227C H A P T E R 1 4

About RMON 227

RMON Alarms 227

RMON Events 228

High Availability for RMON 228

Virtualization Support for RMON 228

Guidelines and Limitations for RMON 229

Default Settings for RMON 229

Configuring RMON 229

Configuring RMON Alarms 229

Configuring RMON Events 230

Verifying the RMON Configuration 231

Configuration Examples for RMON 231


MIBs 232

Configuring Online Diagnostics 233C H A P T E R 1 5

About Online Diagnostics 233

Bootup Diagnostics 233

Runtime or Health Monitoring Diagnostics 234

On-Demand Diagnostics 240



Guidelines and Limitations for Online Diagnostics 240

Default Settings for Online Diagnostics 242

Configuring Online Diagnostics 242

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xii

Contents

Setting the Bootup Diagnostic Level 242

Activating a Diagnostic Test 243

Starting or Stopping an On-Demand Diagnostic Test 244

Simulating Diagnostic Results 245

Clearing Diagnostic Results 245

Verifying the Online Diagnostics Configuration 245

Configuration Examples for Online Diagnostics 246

Configuring the Embedded Event Manager 247C H A P T E R 1 6

About EEM 247

Policies 247

Event Statements 248

Action Statements 249

VSH Script Policies 250

Environment Variables 250

EEM Event Correlation 251



Prerequisites for EEM 251

Guidelines and Limitations for EEM 251

Default Settings for EEM 252

Configuring EEM 252

Defining an Environment Variable 252

Defining a User Policy Using the CLI 253

Configuring Event Statements 254

Configuring Action Statements 259

Defining a Policy Using a VSH Script 261

Registering and Activating a VSH Script Policy 261

Overriding a Policy 262

Configuring Memory Thresholds 263

Configuring Syslog as EEM Publisher 265

Verifying the EEM Configuration 266

Configuration Examples for EEM 267

Event Log Auto-Collection and Backup 268

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xiii

Contents

Extended Log File Retention 268

Enabling Extended Log File Retention For All Services 268

Disabling Extended Log File Retention For All Services 269

Enabling Extended Log File Retention For a Single Service 269

Displaying Extended Log Files 270

Disabling Extended Log File Retention For a Single Service 271

Trigger-Based Event Log Auto-Collection 272

Enabling Trigger-Based Log File Auto-Collection 273

Auto-Collection YAML File 273

Limiting the Amount of Auto-Collections Per Component 275

Auto-Collection Log Files 275

Verifying Trigger-Based Log Collection 279

Checking Trigger-Based Log File Generation 279

Local Log File Storage 279

Generating a Local Copy of Recent Log Files 279

External Log File Storage 281

Configuring Onboard Failure Logging 283C H A P T E R 1 7

About OBFL 283

Prerequisites for OBFL 284

Guidelines and Limitations for OBFL 284

Default Settings for OBFL 284

Configuring OBFL 284

Verifying the OBFL Configuration 287

Configuration Example for OBFL 288



Configuring SPAN 289C H A P T E R 1 8

About SPAN 289

SPAN Sources 289

Characteristics of Source Ports 290

SPAN Destinations 290

Characteristics of Destination Ports 291

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xiv

Contents

SPAN Sessions 291

Localized SPAN Sessions 291

SPAN Truncation 291

ACL TCAM Regions 292


Prerequisites for SPAN 292

Guidelines and Limitations for SPAN 292

SPAN Limitations for the Cisco Nexus 3000 Platform Switches 295




Default Settings for SPAN 300

Configuring SPAN 301

Configuring a SPAN Session 301

Configuring UDF-Based SPAN 304

Configuring SPAN Truncation 307

Configuring SPAN for Multicast Tx Traffic Across Different LSE Slices 308

Shutting Down or Resuming a SPAN Session 309

Verifying the SPAN Configuration 310

Configuration Examples for SPAN 310

Configuration Example for a SPAN Session 310

Configuration Example for a Unidirectional SPAN Session 311

Configuration Example for a SPAN ACL 311

Configuration Examples for UDF-Based SPAN 312

Configuration Example for SPAN Truncation 312

Configuration Examples for Multicast Tx SPAN Across LSE Slices 313



Configuring ERSPAN 315C H A P T E R 1 9

About ERSPAN 315

ERSPAN Sources 315

ERSPAN Destination 316

ERSPAN Sessions 316

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xv

Contents

Localized ERSPAN Sessions 316

ERSPAN Truncation 316

Prerequisites for ERSPAN 316

Guidelines and Limitations for ERSPAN 317

Default Settings 320

Configuring ERSPAN 320

Configuring an ERSPAN Source Session 320

Shutting Down or Activating an ERSPAN Session 323

Configuring an ERSPAN ACL 325

Configuring UDF-Based ERSPAN 327

Configuring ERSPAN Truncation 329

Configuring an ERSPAN Destination Session 330

Verifying the ERSPAN Configuration 333

Configuration Examples for ERSPAN 333

Configuration Example for a Unidirectional ERSPAN Session 333

Configuration Example for an ERSPAN ACL 334

Configuration Example for a Marker Packet 334

Configuration Examples for UDF-Based ERSPAN 335

Configuration Example for ERSPAN Truncation 336

Configuration Example for a ERSPAN Destination Session 336

Configuring LLDP 339C H A P T E R 2 0

About LLDP 339

About DCBXP 340



Guidelines and Limitations for LLDP 341

Default Settings for LLDP 341

Configuring LLDP 342

Enabling or Disabling LLDP Globally 342

Enabling or Disabling LLDP on an Interface 342

Configuring the DCBXP Protocol Version 343

Multiple LLDP Neighbors Per Physical Interface 344

Enabling or Disabling LLDP Multi-Neighbor Support 345

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xvi

Contents

Enabling or Disabling LLDP Support on Port-Channel Interfaces 346

Configuring Optional LLDP Parameters 348

Verifying the LLDP Configuration 349

Configuration Example for LLDP 350

Configuring NetFlow 351C H A P T E R 2 1

About NetFlow 351

Dual-Layer NetFlow Implementation 352

Flow Records 352

Flow Exporters 352

Export Format 353

Layer 2 NetFlow Keys 353

Flow Monitors 353

NetFlow Output Interface 353


Prerequisites for NetFlow 354

Guidelines and Limitations for NetFlow 354

Configuring NetFlow 357

Enabling the NetFlow Feature 357

Creating a Flow Record 358

Specifying the Match Parameters 359

Specifying the Collect Parameters 360

Creating a Flow Exporter 360

Creating a Flow Monitor 362

Applying a Flow Monitor to an Interface 363

Configuring Bridged NetFlow on a VLAN 364

Configuring Layer 2 NetFlow Keys 364

Configuring NetFlow Timeouts 366

Verifying the NetFlow Configuration 366

Monitoring NetFlow 367

Display Example for NetFlow 367

Configuration Example for NetFlow 367

Configuring sFlow 369C H A P T E R 2 2

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xvii

Contents

About sFlow 369

sFlow Agent 369

Prerequisites for sFlow 370

Guidelines and Limitations for sFlow 370

Default Settings for sFlow 371

Configuring sFlow 371

Enabling sFlow 371

Configuring the Sampling Rate 372

Configuring the Maximum Sampled Size 373

Configuring the Counter Poll Interval 373

Configuring the Maximum Datagram Size 374

Configuring the sFlow Collector Address 375

Configuring the sFlow Collector Port 376

Configuring the sFlow Agent Address 377

Configuring the sFlow Sampling Data Source 377

Verifying the sFlow Configuration 378

Monitoring and Clearing sFlow Statistics 378

Configuration Examples for sFlow 379



Configuring TAP Aggregation and MPLS Stripping 381C H A P T E R 2 3

About TAP Aggregation 381

Network TAPs 381

TAP Aggregation 382

Guidelines and Limitations for TAP Aggregation 382

About MPLS Stripping 384

Guidelines and Limitations for MPLS Stripping 384

Configuring TAP Aggregation 385

Enabling TAP Aggregation for Line Cards 385

Configuring a TAP Aggregation Policy 386

Attaching a TAP Aggregation Policy to an Interface 387

Verifying the TAP Aggregation Configuration 388

Configuration Example for TAP Aggregation 389

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xviii

Contents

Configuring MPLS Stripping 389

Enabling MPLS Stripping 389

Configuring the Incoming Port for the VLAN Tag 390

Adding and Deleting MPLS Labels 391

Configuring Destination MAC Addresses 392

Configuring MPLS Label Aging 393

Verifying the MPLS Stripping Configuration 394

Clearing MPLS Stripping Counters and Label Entries 395

Configuration Examples for MPLS Stripping 395



Configuring Graceful Insertion and Removal 397C H A P T E R 2 4

About Graceful Insertion and Removal 397

Profiles 398

Snapshots 399

Guidelines and Limitations for GIR 399

GIR Workflow 400

Configuring the Maintenance-Mode Profile 400

Configuring the Normal-Mode Profile 402

Creating a Snapshot 403

Adding Show Commands to Snapshots 405

Triggering Graceful Removal 407

Triggering Graceful Insertion 409

Maintenance Mode Enhancements 410

Verifying the GIR Configuration 411

Configuration Examples for GIR 412

Performing Software Maintenance Upgrades 415C H A P T E R 2 5

About SMUs 415

RPM Patching 416

Package Management 416

Impact of Package Activation and Deactivation 417

Prerequisites for SMUs 417

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xix

Contents

Guidelines and Limitations for SMUs 418

Performing a Software Maintenance Upgrade for Cisco NX-OS 418

Preparing for Package Installation 418

Downloading the SMU Package File from Cisco.com 420

Copying the Package File to a Local Storage Device or Network Server 420

Adding and Activating Packages 423

Committing the Active Package Set 426

Installing RPM Packages 426

Deactivating and Removing Packages 427

Downgrading Feature RPMs 429

Displaying Installation Log Information 431

Performing a Software Maintenance Upgrade for Guest Shell Bash 433



SMU History 435

Performing Configuration Replace 437C H A P T E R 2 6

About Configuration Replace and Commit-timeout 437

Overview 437

Benefits of Configuration Replace 439

Guidelines and Limitations for Configuration Replace 439

Recommended Workflow for Configuration Replace 441

Performing a Configuration Replace 442

Verifying Configuration Replace 443

Examples for Configuration Replace 444

Configuring Rollback 451C H A P T E R 2 7

About Rollbacks 451

Automatically Generated System Checkpoints 452



Prerequisites for Rollbacks 452

Guidelines and Limitations for Rollbacks 452

Default Settings for Rollbacks 453

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xx

Contents

Configuring Rollbacks 453

Creating a Checkpoint 454

Implementing a Rollback 454

Verifying the Rollback Configuration 455

Configuration Example for Rollback 455



IETF RFCs supported by Cisco NX-OS System Management 457A P P E N D I X A

IETF RFCs Supported by Cisco NX-OS System Management 457

Embedded Event Manager System Events and Configuration Examples 459A P P E N D I X B

EEM System Policies 459

EEM Events 462

Configuration Examples for EEM Policies 463

Configuration Examples for CLI Events 463

Monitoring Interface Shutdown 463

Monitoring Module Powerdown 463

Adding a Trigger to Initiate a Rollback 463

Configuration Examples to Override (Disable) Major Thresholds 464

Preventing a Shutdown When Reaching a Major Threshold 464

Disabling One Bad Sensor 464

Disabling Multiple Bad Sensors 464

Overriding (Disabling) an Entire Module 465

Overriding (Disabling) Multiple Modules and Sensors 465

Enabling One Sensor While Disabling All Remaining Sensors of All Modules 465

Enabling Multiple Sensors While Disabling All Remaining Sensors of All Modules 466

Enabling All Sensors of One Module While Disabling All Sensors of the Remaining Modules466

Enabling a Combination of Sensors on Modules While Disabling All Sensors of the RemainingModules 466

Configuration Examples to Override (Disable) Shutdown for Fan Tray Removal 467

Overriding (Disabling) a Shutdown for Removal of One or More Fan Trays 467

Overriding (Disabling) a Shutdown for Removal of a Specified Fan Tray 467

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xxi

Contents

Overriding (Disabling) a Shutdown for Removal of Multiple Specified Fan Trays 467

Overriding (Disabling) a Shutdown for Removal of All Fan Trays Except One 468

Overriding (Disabling) a Shutdown for Removal of Fan Trays Except for a Specified Set of FanTrays 468

Overriding (Disabling) a Shutdown for Removal of All Fan Trays Except One from a Set of FanTrays 468

Configuration Examples to Create a Supplemental Policy 469

Creating a Supplemental Policy for the Fan Tray Absent Event 469

Creating a Supplemental Policy for the Temperature Threshold Event 469

Configuration Examples for the Power Over-Budget Policy 469

Shutting Down Modules 469

Shutting Down a Specified List of Modules 470

Configuration Examples to Select Modules to Shut Down 470

Using the Policy Default to Select Nonoverridden Modules to Shut Down 470

Using Parameter Substitution to Select Nonoverridden Modules to Shut Down 470

Configuration Examples for the Online Insertion Removal Event 470

Configuration Example to Generate a User Syslog 471

Configuration Example to Monitor Syslog Messages 471

Configuration Examples for SNMP Notification 471

Polling an SNMP OID to Generate an EEM Event 471

Sending an SNMP Notification in Response to an Event in the Event Policy 472

Configuration Example for Port Tracking 472

Configuration Example to Register an EEM Policy with the EEM 473

Configuration Limits for Cisco NX-OS System Management 477A P P E N D I X C

Configuration Limits for Cisco NX-OS System Management 477

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xxii

Contents

Preface

This preface includes the following sections:

• Audience, on page xxiii• Document Conventions, on page xxiii• Related Documentation for Cisco Nexus 9000 Series Switches, on page xxiv• Documentation Feedback, on page xxiv• Communications, Services, and Additional Information, on page xxiv

AudienceThis publication is for network administrators who install, configure, and maintain Cisco Nexus switches.

Document ConventionsCommand descriptions use the following conventions:

DescriptionConventionBold text indicates the commands and keywords that you enter literallyas shown.

bold

Italic text indicates arguments for which you supply the values.Italic

Square brackets enclose an optional element (keyword or argument).[x]

Square brackets enclosing keywords or arguments that are separated bya vertical bar indicate an optional choice.

[x | y]

Braces enclosing keywords or arguments that are separated by a verticalbar indicate a required choice.

{x | y}

Nested set of square brackets or braces indicate optional or requiredchoices within optional or required elements. Braces and a vertical barwithin square brackets indicate a required choice within an optionalelement.

[x {y | z}]

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xxiii

DescriptionConvention

Indicates a variable for which you supply values, in context where italicscannot be used.

variable

A nonquoted set of characters. Do not use quotation marks around thestring or the string includes the quotation marks.

string

Examples use the following conventions:

DescriptionConventionTerminal sessions and information the switch displays are in screen font.screen font

Information that you must enter is in boldface screen font.boldface screen font

Arguments for which you supply values are in italic screen font.italic screen font

Nonprinting characters, such as passwords, are in angle brackets.< >

Default responses to system prompts are in square brackets.[ ]

An exclamation point (!) or a pound sign (#) at the beginning of a lineof code indicates a comment line.

!, #

Related Documentation for Cisco Nexus 9000 Series SwitchesThe entire Cisco Nexus 9000 Series switch documentation set is available at the following URL:

http://www.cisco.com/en/US/products/ps13386/tsd_products_support_series_home.html

Documentation FeedbackTo provide technical feedback on this document, or to report an error or omission, please send your commentsto [email protected]. We appreciate your feedback.

Communications, Services, and Additional Information• To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

• To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.

• To submit a service request, visit Cisco Support.

• To discover and browse secure, validated enterprise-class apps, products, solutions and services, visitCisco Marketplace.

• To obtain general networking, training, and certification titles, visit Cisco Press.

• To find warranty information for a specific product or product family, access Cisco Warranty Finder.

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xxiv

PrefaceRelated Documentation for Cisco Nexus 9000 Series Switches

http://www.cisco.com/en/US/products/ps13386/tsd_products_support_series_home.htmlhttps://www.cisco.com/offer/subscribehttps://www.cisco.com/go/serviceshttps://www.cisco.com/c/en/us/support/index.htmlhttps://www.cisco.com/go/marketplace/https://www.cisco.com/go/marketplace/http://www.ciscopress.comhttp://www.cisco-warrantyfinder.com

Cisco Bug Search Tool

Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking systemthat maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST providesyou with detailed defect information about your products and software.

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xxv

PrefacePreface

https://www.cisco.com/c/en/us/support/web/tools/bst/bsthelp/index.html

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)xxvi

PrefacePreface

C H A P T E R 1New and Changed Information

This chapter provides release-specific information for each new and changed feature in the Cisco Nexus 9000Series NX-OS System Management Configuration Guide, Release 9.3(x).

• New and Changed Information, on page 1

New and Changed InformationTable 1: New and Changed Features

Where DocumentedChanged in ReleaseDescriptionFeature

Performing aConfiguration Replace, onpage 442

Platform Support forSystem ManagementFeatures, on page 7

9.3(7)In the event of CR failureplus failure to restore tothe previous runningconfiguration, support forthe optional on-failurereload command toreload the switch to thepreviously saved startupconfiguration. Thiscommand is to befollowed by thesave-startup-configcommand to save therunning config to startup.

Config-replace - collectlogs and reload whenrollback 1st and 2nd tryfails

User-Based SecurityModel

9.3(7)Support forHMAC-SHA-256authentication protocol forSNMPv3.

SNMPv3 encryption withSHA256

Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 9.3(x)1


Guidelines andLimitations forConfiguration Replace, onpage 439

9.3(6)Support for the serviceexclude-bootconfigcommand to exclude theboot nxos imageconfiguration from showand copy configurationcommands.

Hide boot variable inrunning/starting config

Configuring PTPGlobally, on page 66

Guidelines andLimitations for PTP, onpage 62

9.3(6)ptp forward-version1command forwards allPTPv1 packets based onthe forwarding rule andprevents these packetsfrom being dropped.

PTPv1 Forwarding

Event LogAuto-Collection andBackup, on page 268

9.3(5)Updates to theauto-collection YAMLfile and additional optionsfor the bloggerdlog-snapshot command.

Event LogAuto-Collection andBackup

Performing ConfigurationReplace, on page 437

9.3(5)Support for FEX interfaceconfigurationmodifications, portprofiles, and configurejobs mode.

Configuration Replace

SPAN Limitations for theCisco Nexus 9300Platform Switches , onpage 296

9.3(5)Support for SPANtruncation onCiscoNexus9300-GX platformswitches.

SPAN Truncation

Bootup Diagnostics, onpage 233

9.3(5)Support for the bootupdiagnostic testMacSecPortLoopback.

MacSecPortLoopbackTest


9.3(5)Support for ERSPAN typeIII header on Cisco Nexus9300-GX platformswitches.

ERSPANType III Header


9.3(5)Support for ERSPANdestination on CiscoNexus 9300-GX platformswitches.

ERSPAN DestinationSupport


9.3(5)Support for the PrecisionTime Protocol andtimestamp tagging onCisco Nexus 9300-GXplatform switches.

PTP and TTAG Support


New and Changed InformationNew and Changed Information


Configuring PTPNotifications, on page 85


9.3(5)Support for configuringevent-based notificationfor PTP error scenarios.

PTP Event-basedNotifications

Logging SystemMessages to a File, onpage 124

9.3(5)Support for loggingmessage files to locationthat is persistent acrosssystem reloads.

Syslog for ExceedingLogging Message SizeThreshold

Repeated SystemLoggingMessages, on page 136

9.3(5)Support for an updatedindicator in repeatedsyslog messages.

Modified RepeatedSystemLoggingMessageFormat

Multiple LLDPNeighborsPer Physical Interface, onpage 344

Enabling or DisablingLLDP Support onPort-Channel Interfaces,on page 346

9.3(5)Support for up to three (3)LLDP neighbors perinterface. Support forLLDP on interface portchannels.

LLDP Multi-Neighborand Port-ChannelInterface Support

Configuring FrequencySynchronization, on page45

9.3(5)Support forITU-compliant precisionfrequency over Ethernetports and the PHY-levelfrequency distribution ofknown common precisionfrequency references.

FrequencySynchronization (SyncE)

ITU-T Telecom Profilefor PTP, on page 61

9.3(5)Support for ITU-TTelecom Profiles for PTPas defined in the ITU-Trecommendation.

Telecom Profile G.8275.1and Telecom ProfileG.8273.2

Event LogAuto-Collection andBackup, on page 268

9.3(3)Introduced support forextended on-switch andoff-switch event loggingfile storage.



9.3(3)Added PTP support forCisco Nexus93360YC-FX2 and93216TC-FX2 switches.

PTP Support

Guidelines andLimitations for SwitchProfiles, on page 23

9.3(3)Introduced support forconfiguring MTU in aswitch profileconfiguration.

MTU Configuration onInterfaces in SwitchProfiles




Guidelines andLimitations for sFlow, onpage 370


9.3(3)Cisco Nexus 9300-GXplatform switches supportboth sFlow and SPANtogether on the sameinterface.

sFlow and SPAN Support


9.3(3)Netflow is now supportedon Cisco Nexus 9300-GXplatform switches.

Netflow Support

Guidelines andLimitations for NetFlow,on page 354

9.3(3)Export loss is expectedduring an ND-ISSU.

Netflow ND-ISSULimitation

Runtime or HealthMonitoring Diagnostics,on page 234

9.3(3)The ASICRegisterCheckis added as a healthmonitor diagnostic.

ASIC Register HealthMonitor Check

RPM Patching, on page416

Installing RPM Packages,on page 426

9.3(1)Added support for ISSURPM patching.

ISSU RPM Patching

RecommendedWorkflowfor ConfigurationReplace, on page 441

Performing aConfiguration Replace, onpage 442

9.3(1)Added support forsemantic validation ofconfiguration replacecommands.

Configuration replace

Guidelines andLimitations for ERSPAN,on page 317

9.3(1)Added support for CiscoNexus 9200, 9300-EX,and 9300-FX platformswitches.

ERSPAN

Guidelines andLimitations for NetFlow,on page 354

9.3(1)Added support for theCisco Nexus 9500platform switches with9300-FX line cards.

NetFlow

Runtime or HealthMonitoring Diagnostics,on page 234

EEM System Policies, onpage 459

9.3(1)Introduced correctiveactions for theAsicMemory,BootupPortLoopback,FpgaRegTest, andL2ACLRedirect tests.

Online diagnostics andEEM




PTP Offload, on page 589.3(1)Added support for theCisco Nexus 9500platform switches with9700-EX and 9700-FXline cards.

PTP offload

Clock Modes, on page 59


9.3(1)Configurable on CiscoNexus 9636C-R and9636Q-R line cards.

PTP one-step clock mode


9.3(1)Added support for CiscoNexus 9200, 9300-EX,and 9300-FX switchesand Cisco Nexus 9500platform switches with9700-EX and 9700-FXline cards.

PTP timestamp tagging


Guidelines andLimitations for sFlow, onpage 370

9.3(1)Added support for CiscoNexus 9336C-FX2,93240YC-FX2, and93360YC-FX2 switches.

sFlow and SPAN together

SPAN Limitations for theCisco Nexus 9500Platform Switches, onpage 299

9.3(1)Added support for theCisco Nexus 9500platform switches with9700-EX and 9700-FXline cards.

SPAN truncation



C H A P T E R 2Platform Support for System ManagementFeatures

This chapter defines platform support for features that are not supported across the entire suite of CiscoPlatforms.

• Platform Support for System Management Features, on page 7

Platform Support for System Management FeaturesThe following tables list the supported platforms for each feature and the release in which they were firstintroduced. See the Release Notes for details about the platforms supported in the initial product release.

Configuration Replace

For more information about configuration replace, see Performing Configuration Replace, on page 437.

First Supported ReleaseSupported Platform(s) or Line CardsFeature

Cisco NX-OS Release9.3(7)

All CiscoNexus 9000 series switchesConfig-replace - collect logs and reloadwhen rollback 1st and 2nd try fails

ERSPAN

For more information about ERSPAN, see Configuring ERSPAN, on page 315.



CiscoNexus 9300-GX platform switchesERSPAN Destination


CiscoNexus 9300-GX platform switchesERSPAN Type IIIHeader

Embedded Event Manager

For more information about the Embedded Event Manager, see Configuring the Embedded Event Manager,on page 247.




• Cisco Nexus 9200 platform switches


• Cisco Nexus 9300-EX/FX/FX2/FX3/GX platformswitches

• Cisco Nexus 9500 platform switches with allsupported line cards


Frequency Synchronization (SyncE)

For more information about Frequency Synchronization, see Configuring Frequency Synchronization, onpage 45.

First SupportedRelease

Supported Platform(s) or Line CardsFeature

9.3(5)Cisco Nexus 93180YC-FX3SFrequency Synchronization (SyncE)

Switch Profiles

For more information about switch profiles, see Configuring Switch Profiles, on page 21.



CiscoNexus 9300 platform switchesSwitchProfiles

Precision Time Protocol

For more information about Precision Time Protocol (PTP), see Configuring PTP, on page 57.


9.3(6)Cisco Nexus 9300-FX/FX2 platform switches

Cisco Nexus 9348GC-FXP

PTPv1 Forwarding

9.3(5)Cisco Nexus 93180YC-FX3STelecom Profile G.8275.1and Telecom ProfileG.8273.2


Platform Support for System Management FeaturesPlatform Support for System Management Features


9.3(5)Cisco Nexus 92348GC-X

Cisco Nexus 93108TC-EX

Cisco Nexus 93108TC-FX

Cisco Nexus 9316D-GX

Cisco Nexus 93180LC-EX

Cisco Nexus 93180YC-EX

Cisco Nexus 93180YC-FX

Cisco Nexus 93180YC-FX3S

Cisco Nexus 93216TC-FX2

Cisco Nexus 93240YC-FX2

Cisco Nexus 9332C


Cisco Nexus 9336C-FX2

Cisco Nexus 9348GC-FXP

Cisco Nexus 93600CD-GX

Cisco Nexus 9364C

Cisco Nexus 9364C-GX

CiscoNexus 9504, 9508, 9516 platform switches withthe following line cards:

• Cisco Nexus 97160YC-EX

• Cisco Nexus 9732C-EX

• Cisco Nexus 9732C-FX



• Cisco Nexus 9788TC-FX

Cisco Nexus 9504 and 9508 platform switches withthe following line cards:

• Cisco Nexus 9636C-R

• Cisco Nexus 9636C-RX

• Cisco Nexus 9636Q-R

PTP Notifications


Cisco Nexus 9300-FX3 and -GX platform switchesTimestamp Tagging(TTAG)




Cisco NX-OS Release7.0(3)I7(3)

Cisco Nexus 9300-FX platform switchesTimestamp Tagging(TTAG)


Cisco Nexus 9300-FX2 platform switchesTimestamp Tagging(TTAG)

Cisco Nexus 9500 platform switches with -EX or -FXline cards

Timestamp Tagging(TTAG)


Cisco Nexus 9300-EX platform switchesTimestamp Tagging(TTAG)


Cisco Nexus 9364CTimestamp Tagging(TTAG)


Cisco Nexus 9332CTimestamp Tagging(TTAG)


Cisco Nexus 9200 platform switchesTimestamp Tagging(TTAG)


Cisco Nexus 9300-GX platform switchesPTP



Cisco Nexus 93216TC-FX2

PTP


Cisco Nexus 9504-FM-R platform switchesPTP

NetFlow

For more information about NetFlow, see Configuring NetFlow, on page 351.



Cisco Nexus C93180YC-FX3S

Cisco Nexus C93108TC-FX3P

NetFlow


• Cisco Nexus 9300-GX platform switchesNetFlow


• Cisco Nexus 92348GC-X

• Cisco Nexus 9500 platform switches with Cisco Nexus 9700-FXline cards and FM-E fabric modules.

• Cisco Nexus 93360YC-FX2

NetFlow




• Cisco Nexus 9300-EX and 9300-FX platform switches

• Cisco Nexus N9K-C9336C-FX2 platform switches

• Cisco Nexus N9K-C93240YC-FX2 platform switches

NetFlow


• Cisco Nexus 9500 platform switches with Cisco Nexus 9700-EXline cards

NetFlow

LLDP

For more information about LLDP, see Configuring LLDP, on page 339.



Cisco NX-OSRelease 9.3(5)

Cisco Nexus 9200-series platform switches

Cisco Nexus 9300-EX/FX/FX2/GX platform switches

Cisco Nexus 9500 platform switches with -EX and -FX linecards

Cisco Nexus 9504 and 9508 platform switches with thefollowing line cards:




• Cisco Nexus 96136YC-R

LLDPMulti-NeighborSupport

Cisco NX-OSRelease 9.3(5)

Cisco Nexus 9200-series platform switches

Cisco Nexus 9300-EX/FX/FX2/GX platform switches

Cisco Nexus 9500 platform switches with -EX and -FX linecards

Cisco Nexus 9504 and 9508 platform switches with thefollowing line cards:




• Cisco Nexus 96136YC-R

LLDP Support onPort-ChannelInterfaces

sFlow

For more information about sFlow, see Configuring sFlow, on page 369.




Cisco NX-OS Release 9.3(1)Cisco Nexus 92348GC-XsFlow

CiscoNX-OSRelease 7.0(3)I7(2)Cisco 9500 platform switches with the Cisco Nexus 9736C-FXline card

sFlow

CiscoNX-OSRelease 7.0(3)I7(3)Cisco 9500 platform switches with Cisco Nexus 9788TC-FX or9732C-FX line cards

sFlow

SPAN

For more information about SPAN, see Configuring SPAN, on page 289.



Cisco Nexus 9200 platform switches, Cisco Nexus 9300-EX platformswitches, CiscoNexus 9300-FX platform switches, CiscoNexus 9300-GXplatform switches

Cisco Nexus 9500 platform switches with the following line cards:

• Cisco Nexus 97160YC-EX





• Cisco Nexus 9736Q-FX

• Cisco Nexus 9788TC-FX

VLAN TxSPAN

Online Diagnostics

For more information about online diagnostics, see Configuring Online Diagnostics, on page 233.



9.3(5)Cisco Nexus 9736C-FX line card

CiscoNexus 97160TC-FX line card

BootupDiagnosticMacSecPortLoopback Test

TAP Aggregation

For more information about TAP aggregation, see Configuring TAP Aggregation and MPLS Stripping, onpage 381.




All Cisco Nexus 9000 series switchesTAP Aggregation


• Cisco Nexus 9500 platform switches, includingthe Cisco Nexus 9700-EX and Cisco Nexus9700-FX line cards



TAP Aggregation andMPLS Stripping

System Message Logging

For more information about switch profiles, see Configuring System Message Logging, on page 119.



9.3(5)• Cisco Nexus 9200 platform switches


• CiscoNexus 9300-EX/FX/FX2/FX3/GX platform switches

• Cisco Nexus 9500 platform switches with all supported linecards

Persistent Logging

9.3(5)• Cisco Nexus 9200 platform switches


• CiscoNexus 9300-EX/FX/FX2/FX3/GX platform switches

• Cisco Nexus 9500 platform switches with all supported linecards

Repeated SyslogMessage Format



C H A P T E R 3Overview

This chapter describes the systemmanagement features that you can use to monitor andmanage Cisco NX-OSdevices.

• Licensing Requirements, on page 15• Software Image, on page 15• Cisco NX-OS Device Configuration Methods, on page 16• Network Time Protocol, on page 17• Cisco Discovery Protocol, on page 17• Session Manager, on page 17• Scheduler, on page 17• SNMP, on page 18• Online Diagnostics, on page 18• Onboard Failure Logging, on page 18• SPAN, on page 18• ERSPAN, on page 18• LLDP, on page 18• MPLS Stripping, on page 19• sFlow, on page 19• SMUs, on page 19• Virtual Device Contexts, on page 19• Troubleshooting Features, on page 19

Licensing RequirementsFor a complete explanation of Cisco NX-OS licensing recommendations and how to obtain and apply licenses,see the Cisco NX-OS Licensing Guide.

Software ImageThe Cisco NX-OS software consists of one NXOS software image. This image runs on all Cisco Nexus 3400Series switches.


https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/licensing/guide/b_Cisco_NX-OS_Licensing_Guide.html

Cisco NX-OS Device Configuration MethodsYou can configure devices using direct network configuration methods or web services hosted on a CiscoData Center Network Management (DCNM) server.

This figure shows the device configuration methods available to a network user.

Figure 1: Cisco NX-OS Device Configuration Methods

This table lists the configuration method and the document where you can find more information.

Table 2: Configuration Methods Book Links

DocumentConfiguration Method

Cisco Nexus 3400 Series NX-OS FundamentalsConfiguration Guide

CLI from a Secure Shell (SSH) session, a Telnetsession, or the console port

Cisco DCNM Fundamentals GuideCisco DCNM client

Configuring with CLI or XML Management InterfaceYou can configure Cisco NX-OS devices using the command-line interface (CLI) or the XML managementinterface over Secure Shell (SSH) as follows:

• CLI from an SSH session, a Telnet session, or the console port—You can configure devices using theCLI from an SSH session, a Telnet session, or the console port. SSH provides a secure connection to the


OverviewCisco NX-OS Device Configuration Methods

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/fundamentals/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Fundamentals_Configuration_Guide_7x.htmlhttps://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/fundamentals/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Fundamentals_Configuration_Guide_7x.html

device. For more information, see the Cisco Nexus 9000 Series NX-OS Fundamentals ConfigurationGuide.

• XMLmanagement interface over SSH—You can configure devices using the XMLmanagement interface,which is a programmaticmethod based on theNETCONF protocol that complements the CLI functionality.For more information, see the Cisco NX-OS XML Management Interface User Guide.

Configuring with Cisco DCNMYou can configure Cisco NX-OS devices using the Cisco DCNM client, which runs on your local PC anduses web services on the Cisco DCNM server. The Cisco DCNM server configures the device over the XMLmanagement interface. Formore information about the CiscoDCNMclient, see the CiscoDCNMFundamentalsGuide.

Network Time ProtocolThe Network Time Protocol (NTP) synchronizes the time of day among a set of distributed time servers andclients so that you can correlate time-specific information, such as system logs, received from the devices inyour network.

Cisco Discovery ProtocolYou can use the Cisco Discovery Protocol (CDP) to discover and view information about all Cisco equipmentthat is directly attached to your device. CDP runs on all Cisco-manufactured equipment including routers,bridges, access and communication servers, and switches. CDP is media and protocol independent, and gathersthe protocol addresses of neighboring devices, discovering the platform of those devices. CDP runs over thedata link layer only. Two systems that support different Layer 3 protocols can learn about each other.

Session ManagerSession Manager allows you to create a configuration and apply it in batch mode after the configuration isreviewed and verified for accuracy and completeness.

SchedulerThe scheduler allows you to create and manage jobs such as routinely backing up data or making quality ofservice (QoS) policy changes. The scheduler can start a job according to your needs—only once at a specifiedtime or at periodic intervals.


OverviewConfiguring with Cisco DCNM

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/10_1_x/fundamentals/DCNM_Fundamentals_10_1_x.htmlhttps://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/10_1_x/fundamentals/DCNM_Fundamentals_10_1_x.html

SNMPThe Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a messageformat for communication between SNMP managers and agents. SNMP provides a standardized frameworkand a common language used for the monitoring and management of devices in a network.

Online DiagnosticsCisco Generic Online Diagnostics (GOLD) define a common framework for diagnostic operations acrossCisco platforms. The online diagnostic framework specifies the platform-independent fault-detection architecturefor centralized and distributed systems, including the common diagnostics CLI and the platform-independentfault-detection procedures for boot-up and run-time diagnostics. The platform-specific diagnostics providehardware-specific fault-detection tests and allow you to take appropriate corrective action in response todiagnostic test results.

Onboard Failure LoggingYou can configure a device to log failure data to persistent storage, which you can retrieve and display foranalysis at a later time. This on-board failure logging (OBFL) feature stores failure and environmentalinformation in nonvolatile memory on the module. This information is useful for analysis of failed modules.

SPANYou can configure an Ethernet Switched Port Analyzer (SPAN) to monitor traffic in and out of your device.The SPAN features allow you to duplicate packets from source ports to destination ports.

ERSPANEncapsulated Remote Switched Port Analyzer (ERSPAN) is used to transport mirrored traffic in an IP network.ERSPAN supports source ports, source VLANs, and destinations on different switches, which provide remotemonitoring of multiple switches across your network.

To configure an ERSPAN source session, you associate a set of source ports or VLANs with a destination IPaddress, ERSPAN ID number, and virtual routing and forwarding (VRF) name.

LLDPLink Layer Discovery Protocol (LLDP) is a vendor-neutral, one-way device discovery protocol that allowsnetwork devices to advertise information about themselves to other devices on the network. This protocolruns over the data-link layer, which allows two systems running different network layer protocols to learnabout each other. You can enable LLDP globally or per interface.


OverviewSNMP

MPLS StrippingMPLS stripping provides the ability to strip MPLS labels from packets, enabling non-MPLS-capable networkmonitoring tools to monitor packets.

sFlowSampled flow (sFlow) allows you to monitor real-time traffic in data networks that contain switches androuters and to forward the sample data to a central data collector.

SMUsA software maintenance upgrade (SMU) is a package file that contains fixes for a specific defect. SMUs arecreated to respond to immediate issues and do not include new features. SMUs are not an alternative tomaintenance releases. They provide a quick resolution of immediate issues. All defects fixed by SMUs areintegrated into the maintenance releases.

Virtual Device ContextsCisco NX-OS can segment operating system and hardware resources into virtual device contexts (VDCs) thatemulate virtual devices. The Cisco Nexus 9000 Series switches currently do not support multiple VDCs. Allswitch resources are managed in the default VDC.

Troubleshooting FeaturesCisco NX-OS provides troubleshooting tools such as ping, traceroute, Ethanalyzer, and the Blue Beaconfeature.

When a service fails, the system generates information that can be used to determine the cause of the failure.The following sources of information are available:

• Every service restart generates a syslog message of level LOG_ERR.• If the Smart Call Home service is enabled, every service restart generates a Smart Call Home event.• If SNMP traps are enabled, the SNMP agent sends a trap when a service is restarted.• When a service failure occurs on a local module, you can view a log of the event by entering the show

processes log command in that module. The process logs are persistent across supervisor switchoversand resets.

• When a service fails, a system core image file is generated. You can view recent core images by enteringthe show cores command on the active supervisor. Core files are not persistent across supervisorswitchovers and resets, but you can configure the system to export core files to an external server usingthe file transfer utility Trivial File Transfer Protocol (TFTP) by entering the system cores command.

• CISCO-SYSTEM-MIB contains a table for cores (cseSwCoresTable).


OverviewMPLS Stripping


OverviewTroubleshooting Features

C H A P T E R 4Configuring Switch Profiles

This chapter describes how to configure switch profiles on the Cisco Nexus 9000 Series switches.

• About Switch Profiles, on page 21• Guidelines and Limitations for Switch Profiles, on page 23• Configuring Switch Profiles, on page 25• Adding or Modifying Switch Profile Commands , on page 27• Importing a Switch Profile, on page 28• Importing Configurations in a vPC Topology, on page 30• Isolating a Peer Switch, on page 30• Deleting a Switch Profile, on page 31• Manually Correcting Mutex and Merge Failures, on page 32• Verifying the Switch Profile Configuration, on page 32• Configuration Examples for Switch Profiles, on page 32

About Switch ProfilesSeveral applications require consistent configuration across devices in the network. For example, with a virtualport channel (vPC), you must have identical configurations. Mismatched configurations can cause errors ormisconfigurations that can result in service disruptions. The configuration synchronization (config-sync)feature allows you to configure one switch profile and have the configuration be automatically synchronizedto the peer switch.

A switch profile provides the following benefits:

• Allows configurations to be synchronized between switches.

• Merges configurations when connectivity is established between two switches.

• Provides control of exactly which configuration gets synchronized.

• Ensures configuration consistency across peers through merge and mutual-exclusion checks.

• Provides verify and commit semantics.

• Allows for migrating existing vPC configurations to a switch profile.


Switch Profile Configuration ModesThe switch profile feature includes the following configuration modes:

• Configuration synchronization mode (config-sync)

• Switch profile mode (config-sync-sp)

• Switch profile import mode (config-sync-sp-import)

Configuration Synchronization ModeThe configuration synchronization mode (config-sync) allows you to create switch profiles.

Switch Profile ModeThe switch profile mode (config-sync-sp) allows you to add supported configuration commands to a switchprofile temporary buffer that is later synchronized with a peer switch. Commands that you enter in the switchprofile mode are not executed until you enter the commit command. Although the syntax of the commandsare validated when you enter them, there is no guarantee that the commands will be successful when you enterthe commit command.

Switch Profile Import ModeThe switch profile import mode (config-sync-sp-import) allows you to import existing switch configurationsfrom the running configuration to a switch profile and specify which commands you want to include in thatprofile. This option is especially useful when you upgrade from a Cisco NX-OS release that does not supportswitch profiles to a release that does.

Cisco recommends that you import the necessary configurations from the running configuration using theswitch profile import mode and commit the changes before making any additional changes in the switchprofile or global configuration mode. Otherwise, you might jeopardize the import, requiring you to abandonthe current import session and perform the process again. For more information, see Importing a SwitchProfile, on page 28.

Configuration ValidationTwo types of configuration validation checks can identify switch profile failures:

• Mutual exclusion checks

• Merge checks

Mutual Exclusion ChecksThe mutual exclusion of configuration commands is enforced in order to avoid duplicate commands in theconfig-sync and global configuration modes. When you commit the configuration of a switch profile, mutualexclusion (mutex) checks are performed on the local switch as well as the peer switch (if configured). If nofailures are reported on both switches, the commit is accepted and pushed into the running configuration.

A command that is included in a switch profile cannot be configured outside of the switch profile.

If a mutex check identifies errors, they are reported as mutex failures, and they must be manually corrected.For details, see Manually Correcting Mutex and Merge Failures, on page 32.


Configuring Switch ProfilesSwitch Profile Configuration Modes

The following exceptions apply to the mutual exclusion policy:

• Interface configuration—An interface configuration can be partially present in a switch profile andpartially present in the running configuration as long as there are no conflicts.

• Shutdown/no shutdown

• System QoS

Merge ChecksMerge checks are done on the peer switch that is receiving a configuration. The merge checks ensure that thereceived configuration does not conflict with the switch profile configuration that already exists on the receivingswitch. The merge check occurs during the verify or commit process. Errors are reported as merge failuresand must be manually corrected. For details, see Manually Correcting Mutex and Merge Failures, on page32.

When one or both switches are reloaded and the configurations are synchronized for the first time, the mergecheck verifies that the switch profile configurations are identical on both switches. Differences in the switchprofiles are reported as merge errors and must be manually corrected.

Software Upgrades and Downgrades with Switch ProfilesYou must delete the switch profile when downgrading from a Cisco NX-OS release that supports switchprofiles to a release that does not.

When you upgrade from an earlier release to a Cisco NX-OS release that supports switch profiles, you havethe option to move some of the running-configuration commands to a switch profile. For details, see SwitchProfile Import Mode, on page 22.

An upgrade can occur if there are buffered (uncommitted) configurations; however, the uncommittedconfigurations will be lost.

Guidelines and Limitations for Switch ProfilesSwitch profiles have the following configuration guidelines and limitations:

• Beginningwith CiscoNX-OSRelease 9.3(3), themtu command is supported in the interface configurationmode through the switch-profiles configuration mode.

• Switch profiles are supported only on Cisco Nexus 9300 Series switches. Cisco Nexus 9500 Seriesswitches do not support switch profiles.

• You can only enable configuration synchronization using the mgmt0 interface.

• When using config-sync in a virtual peer-link environment, note the following limitations:

• To initiate a config-sync session with a virtual peer link, be sure to configure a loopback IP addressinstead of a management IP address between the peer switches.

• You cannot perform a configuration synchronization between a multichassis EtherChannel trunk(MCT) configuration and a virtual peer-link configuration. This config-sync operation is notsupported.


Configuring Switch ProfilesMerge Checks

• You must configure synchronized peers with the same switch profile name.

• Commands that are qualified for a switch profile configuration are allowed to be configured in theconfiguration switch profile mode (config-sync-sp).

• Supported switch profile commands relate to vPC commands.

• Only one switch profile session can be in progress at a time. Attempts to start another session will fail.

• Command changes made from the global configuration mode are blocked when a switch profile sessionis in progress.

• When you enter the commit command and a peer switch is reachable, the configuration is applied toboth peer switches or neither switch. If a commit failure occurs, the commands remain in the switchprofile buffer. You can then make necessary corrections and try the commit again.

• The configuration synchronization (config-sync) mode is an L2 mode parallel to the config-terminalmode (config t). Config-sync uses the switch-profile to update config t mode in the same switch as wellas the peer switch. To prevent sync issues in switch-profile mode, Cisco recommends that you performa commit action after each CLI command before overriding, or replacing the current CLI command.

For example, if you want to overwrite CLI_command_A and change it to CLI_command_B, commitCLI_command_A first, then configure CLI_command_B and perform another commit action.switch# conf syncEnter configuration commands, one per line. End with CNTL/Z.switch(config-sync)# switch-profile testResyncing db before starting Switch-profile.Re-synchronization of switch-profile dbtakes a few minutes...Re-synchronize switch-profile db completed successfully.Switch-Profile started, Profile ID is 1switch(config-sync-sp)#switch(config-sync-sp)# int e 1/3switch(config-sync-sp-if)# switchport trunk allowed vlan 100-150switch(config-sync-sp-if)# commitVerification successful...Proceeding to apply configuration. This might take a while depending on amount ofconfiguration in buffer.Please avoid other configuration changes during this time.Commit Successfulswitch(config-sync)#switch(config-sync)# switch-profile testResyncing db before starting Switch-profile.Re-synchronization of switch-profile dbtakes a few minutes...Re-synchronize switch-profile db completed successfully.Switch-Profile started, Profile ID is 1switch(config-sync-sp)#switch(config-sync-sp)# int e 1/3switch(config-sync-sp-if)# switchport trunk allowed vlan 45-90switch(config-sync-sp-if)# commitVerification successful...Proceeding to apply configuration. This might take a while depending on amount ofconfiguration in buffer.Please avoid other configuration changes during this time.Commit Successfulswitch(config-sync)# endswitch#

• Layer 3 commands are not supported.


Configuring Switch ProfilesGuidelines and Limitations for Switch Profiles

Configuring Switch ProfilesYou can create and configure a switch profile on the local switch and then add a second switch that will beincluded in the synchronization.

You must create the switch profile with the same name on each switch, and the switches must configure eachother as a peer. When connectivity is established between switches with the same active switch profile, theswitch profiles are synchronized.

Procedure

Step 1 configure terminal

Example:switch# configure terminalswitch(config)#

Enters global configuration mode.

Step 2 Required: cfs ipv4 distribute

Example:switch(config)# cfs ipv4 distribute

Enables Cisco Fabric Services (CFS) distribution between the peer switches.

Step 3 Required: config sync

Example:switch(config)# config syncswitch(config-sync)#

Enters the configuration synchronization mode.

Step 4 Required: switch-profile name

Example:switch(config-sync)# switch-profile abcswitch(config-sync-sp)#

Configures the switch profile, names the switch profile, and enters the switch profile configuration mode.

Step 5 Required: [no] sync-peers destination ip-address

Example:switch(config-sync-sp)# sync-peers destination 10.1.1.1

Adds a switch to the switch profile. The destination IP address is the IP address of the switch that you wantto synchronize.

The no form of this command removes the specified switch from the switch profile.

You need to wait for peer switches to show the switch-profile status of "In sync" before any commitis done.

Note

Step 6 Required: For Cisco Nexus 3164Q switches only, follow these steps:


Configuring Switch ProfilesConfiguring Switch Profiles

a) interface type slot/port

Example:switch(config-sync-sp)# interface ethernet 1/1switch(config-sync-sp-if)#

Enters the switch profile interface configuration mode.

b) switchport

Example:switch(config-sync-sp-if)# switchport

Changes a Layer 3 interface into a Layer 2 interface.

c) exit

Example:switch(config-sync-sp-if)# exitswitch(config-sync-sp)#

Exits the switch profile interface configuration mode.

d) commit

Example:switch(config-sync-sp)# commit

Commits the current configuration.

Verify that the switch-profile status shows as "In sync" before any commit is done.Note

Step 7 (Optional) end

Example:switch(config-sync-sp)# endswitch#

Exits the switch profile configuration mode and returns to EXEC mode.

Step 8 (Optional) show switch-profile name status

Example:switch# show switch-profile abc status

Displays the switch profile on the local switch and the peer switch information.

Step 9 (Optional) show switch-profile name peer ip-address

Example:switch# show switch-profile abc peer 10.1.1.1

Displays the switch profile peer configuration.

Step 10 (Optional) copy running-config startup-config

Example:switch# copy running-config startup-config


Configuring Switch ProfilesConfiguring Switch Profiles

Copies the running configuration to the startup configuration.

Adding or Modifying Switch Profile CommandsAfter you configure a switch profile on the local and the peer switch, you must add and commit the supportedcommands to the switch profile.

Commands that are added or modified are buffered until you enter the commit command. Commands areexecuted in the same order in which they are buffered. If there is an order dependency for certain commands(for example, a QoS policy must be defined before being applied), you must maintain that order; otherwise,the commit might fail. You can use utility commands, such as the show switch-profile name buffer command,the buffer-delete command, and the buffer-move command, to change the buffer and correct the order ofalready entered commands.

Procedure

PurposeCommand or Action

Enters the configuration synchronizationmode.Required: config sync

Example:

Step 1

switch# config syncswitch(config-sync)#

Configures the switch profile, names the switchprofile, and enters the switch profileconfiguration mode.

Required: switch-profile name


Step 2

Adds a command to the switch profile.Required: command

Example:

Step 3

switch(config-sync-sp)# interfacePort-channel100switch(config-sync-sp-if)# speed 1000switch(config-sync-sp-if)# interfaceEthernet1/1switch(config-sync-sp-if)# speed 1000switch(config-sync-sp-if)# channel-group100

switch(config-sync-sp-if)# exitswitch(config-sync-sp)#

Displays the configuration commands in theswitch profile buffer.

(Optional) show switch-profile name buffer

Example:

Step 4

switch(config-sync-sp)# showswitch-profile abc buffer

Verifies the commands in the switch profilebuffer.

Required: verify

Example:

Step 5

switch(config-sync-sp)# verify


Configuring Switch ProfilesAdding or Modifying Switch Profile Commands


Saves the commands in the switch profile andsynchronizes the configuration with the peerswitch. This command also does the following:

Required: commit

Example:switch(config-sync-sp)# commit

Step 6

• Triggers the mutex check and the mergecheck to verify the synchronization.

• Creates a checkpoint with a rollbackinfrastructure.

• Executes a rollback on all switches if anapplication failure occurs on any of theswitches in the switch profile.

• Deletes the checkpoint.

Exits the switch profile configuration mode andreturns to EXEC mode.

(Optional) end

Example:

Step 7

switch(config-sync-sp)# endswitch#

Displays the status of the switch profile on thelocal switch and the status on the peer switch.

(Optional) show switch-profile name status

Example:

Step 8

switch# show switch-profile abc status

Copies the running configuration to the startupconfiguration.

(Optional) copy running-config startup-config

Example:

Step 9

switch# copy running-configstartup-config

Importing a Switch ProfileYou can import a switch profile based on the set of commands that you want to import.

Before you begin

Make sure that the switch profile buffer is empty before you import commands to a switch profile.

Procedure


Enters configuration synchronization mode.(Optional) Configure the interface that will beimported in Step 4.

Step 1

Example:switch(config)# interface ethernet 1/2switch(config-if)# switchportswitch(config-if)# switchport mode trunk


Configuring Switch ProfilesImporting a Switch Profile


switch(config-if)# switchport trunkallowed vlan 12switch(config-if)# speed 10000switch(config-if)# spanning-tree porttype edge trunkswitch(config)# endswitch#

Enters configuration synchronization mode.config sync

Example:

Step 2


Configures the switch profile, names the switchprofile, and enters the switch profileconfiguration mode.

Required: switch-profile name


Step 3

Identifies the commands that youwant to importand enters the switch profile import mode. Thefollowing options are available:

Required: import [interface interface port/slot| running-config]

Example:

Step 4

• Entering the import commandwithout anyoptions adds the selected commands to theswitch profile.

switch(config-sync-sp)# import interfaceethernet 1/2

switch(config-sync-sp-import)#

• The import interface option adds thesupported commands for a specifiedinterface.

• The running-config option adds supportedsystem-level commands.

If new commands are added duringthe import, the switch profileremains unsaved, and the switchremains in the switch profile importmode.

Note

Imports the commands and saves the commandsto the switch profile.

Required: commit

Example:

Step 5

switch(config-sync-sp-import)# commit

Aborts the import process.(Optional) abort

Example:

Step 6

switch(config-sync-sp-import)# abort

Exits the switch profile import mode and returnsto EXEC mode.

(Optional) end

Example:

Step 7


Configuring Switch ProfilesImporting a Switch Profile

PurposeCommand or Actionswitch(config-sync-sp-import)# endswitch#

Displays the switch profile configuration.(Optional) show switch-profile

Example:

Step 8

switch# show switch-profile

Copies the running configuration to the startupconfiguration.

(Optional) copy running-config startup-config

Example:

Step 9

switch# copy running-configstartup-config

Importing Configurations in a vPC TopologyYou can import configurations in a two-switch vPC topology.

For specific information on the following steps, see the appropriate sections in this chapter.Note

1. Configure the switch profile with the same name on both switches.

2. Import the configurations to both switches independently.

Make sure that the configuration moved to the switch profile on both switches is identical; otherwise, amerge-check failure might occur.

Note

3. Configure the switches by entering the sync-peers destination command.

4. Verify that the switch profiles are the same by entering the appropriate show commands.

Isolating a Peer SwitchYou can isolate a peer switch in order to make changes to a switch profile. This process can be used whenyou want to block configuration synchronization, debug configurations, or recover from a situation when theconfig-sync feature becomes out of sync.

Isolating a peer switch requires that you break the peer connection from the switch profile and then add thepeer switch back to the switch profile.

For specific information on the following steps, see the appropriate sections in this chapter.Note

1. Remove the peer switch from the switch profile on both switches.


Configuring Switch ProfilesImporting Configurations in a vPC Topology

2. Add the no sync-peers destination command to the switch profile and commit the changes on bothswitches.

3. Add any necessary troubleshooting configurations.

4. Verify that the show running switch-profile is identical on both switches.

5. Add the sync-peers destination ip-address command to both switches and commit the changes.

6. Verify that the peers are in sync.

Deleting a Switch ProfileYou can delete a switch profile.

Procedure


Enters configuration synchronization mode.config sync

Example:

Step 1


Deletes the switch profile as follows:Required: no switch-profile name {all-config| local-config}

Step 2

• all-config—Deletes the switch profile onthe local and the peer switch. If the peerExample:switch is not reachable, only the localswitch profile is deleted.

switch(config-sync)# no switch-profileabc local-configswitch(config-sync-sp)#

• local-config—Deletes the switch profileand local configu