Send feedback to nx5000-docfeedback@cisco.com
Cisco Nexus 5000 Series NX-OS
Software Configuration Guide
Release 4.0(1a)N2(1)
June 2009
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-088
3
Text Part Number: OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome
to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS,
Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS,
Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step,
Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone,
MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase,
SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of
Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0812R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the
document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
© 2008 Cisco Systems, Inc. All rights reserved
Send feedback to nx5000-docfeedback@cisco.com
CONTENTS
Preface i
Audience i
Organization i
Document Conventions ii
Related Documentation iii
Obtaining Documentation and Submitting a Service Request iii
CHAPTER
1 Product Overview 1-1
New Technologies in the Cisco Nexus 5000 Series 1-1
Fibre Channel over Ethernet 1-1
I/O Consolidation 1-2
Virtual Interfaces 1-3
Cisco Nexus 5000 Series Switch Hardware 1-3
Chassis 1-3
Expansion Modules 1-3
Fabric Extender 1-4
Ethernet Interfaces 1-4
Fibre Channel Interfaces 1-4
Management Interfaces 1-4
Cisco Nexus 5000 Series Switch Software 1-4
Ethernet Switching 1-5
FCoE and Fibre Channel Switching 1-5
Licensing 1-5
QoS 1-5
Serviceability 1-6
Switch Management 1-6
Network Security Features 1-7
Virtual Device Contexts 1-8
Typical Deployment Topologies 1-8
Ethernet TOR Switch Topology 1-8
Fabric Extender Deployment Topology 1-9
I/O Consolidation Topology 1-11
Supported Standards 1-12
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
i
Contents
Send feedback to nx5000-docfeedback@cisco.com
Configuration Fundamentals
CHAPTER
2 Using the Command-Line Interface 2-1
Accessing the Command Line Interface 2-1
Using the CLI 2-2
Using CLI Command Modes 2-2
CLI Command Hierarchy 2-3
EXEC Mode Commands 2-4
Configuration Mode Commands 2-5
Using Commands 2-6
Listing Commands and Syntax 2-7
Entering Command Sequences 2-7
Undoing or Reverting to Default Values or Conditions 2-7
Using Keyboard Shortcuts 2-8
Using CLI Variables 2-9
User-Defined Persistent CLI Variables 2-9
Using Command Aliases 2-10
Defining Command Aliases 2-11
Command Scripts 2-11
Executing Commands Specified in a Script 2-11
Using CLI Variables in Scripts 2-12
Setting the Delay Time 2-13
CHAPTER
ii
3 Configuring the Switch 3-1
Image Files on the Switch 3-1
Starting the Switch 3-2
Boot Sequence 3-2
Console Settings 3-3
Upgrading the Switch 3-4
Downgrading from a Higher Release 3-6
Initial Configuration 3-7
Configuration Prerequisites 3-7
Initial Setup 3-8
Preparing to Configure the Switch 3-8
Default Login 3-9
Configuring the Switch 3-9
Changing the Initial Configuration 3-12
Accessing the Switch 3-12
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Additional Switch Configuration 3-12
Assigning a Switch Name 3-13
Configuring Date, Time, and Time Zone 3-13
Adjusting for Daylight Saving Time or Summer Time 3-14
NTP Configuration 3-15
About NTP 3-15
NTP Configuration Guidelines 3-16
Configuring NTP 3-17
NTP CFS Distribution 3-17
Management Interface Configuration 3-19
About the mgmt0 Interface 3-19
Configuring the Management Interface 3-20
Displaying Management Interface Configuration 3-20
Shutting Down the Management Interface 3-21
Managing the Switch Configuration 3-21
Displaying the Switch Configuration 3-21
Saving a Configuration 3-21
Clearing a Configuration 3-22
Contents
CHAPTER
Using Switch File Systems 3-22
Setting the Current Directory 3-22
Displaying the Current Directory 3-23
Listing the Files in a Directory 3-23
Creating a Directory 3-23
Deleting an Existing Directory 3-23
Moving Files 3-24
Copying Files 3-24
Deleting Files 3-24
Displaying File Contents 3-25
Saving Command Output to a File 3-25
Compressing and Uncompressing Files 3-25
4 Managing Licenses 4-1
Licensing Terminology 4-1
Licensing Model 4-2
License Installation 4-3
Obtaining a Factory-Installed License 4-3
Performing a Manual Installation 4-4
Obtaining the License Key File 4-4
Installing the License Key File 4-4
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
iii
Contents
Send feedback to nx5000-docfeedback@cisco.com
Backing Up License Files 4-6
Identifying License Features in Use 4-6
Uninstalling Licenses 4-6
Updating Licenses 4-8
Grace Period Alerts 4-8
License Transfers Between Switches 4-9
Verifying the License Configuration 4-10
LAN Switching
CHAPTER
5 Configuring Ethernet Interfaces 5-1
Information About Ethernet Interfaces 5-1
About the Interface Command 5-1
About the Unidirectional Link Detection Parameter 5-2
About Interface Speed 5-4
About the Cisco Discovery Protocol 5-4
About the Debounce Timer Parameters 5-4
About MTU Configuration 5-5
Configuring Ethernet Interfaces 5-5
Configuring the UDLD Mode 5-5
Configuring Interface Speed 5-6
Configuring the Cisco Discovery Protocol 5-7
Configuring the Debounce Timer 5-8
Configuring the Description Parameter 5-9
Disabling and Restarting Ethernet Interfaces 5-9
Displaying Interface Information 5-10
Default Physical Ethernet Settings 5-12
CHAPTER
6 Configuring VLANs 6-1
Information About VLANs 6-1
Understanding VLANs 6-1
Understanding VLAN Ranges 6-2
Creating, Deleting, and Modifying VLANs 6-3
Configuring a VLAN 6-4
Creating and Deleting a VLAN 6-4
Entering the VLAN Submode and Configuring the VLAN 6-5
Adding Ports to a VLAN 6-6
Verifying VLAN Configuration 6-6
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
iv
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Contents
CHAPTER
CHAPTER
7 Configuring Private VLANs 7-1
About Private VLANs 7-1
Primary and Secondary VLANs in Private VLANs 7-2
Understanding Private VLAN Ports 7-3
Understanding Broadcast Traffic in Private VLANs 7-5
Understanding Private VLAN Port Isolation 7-5
Configuring a Private VLAN 7-5
Configuration Guidelines for Private VLANs 7-6
Enabling Private VLANs 7-6
Configuring a VLAN as a Private VLAN 7-7
Associating Secondary VLANs with a Primary Private VLAN 7-7
Configuring an Interface as a Private VLAN Host Port 7-8
Configuring an Interface as a Private VLAN Promiscuous Port 7-9
Verifying Private VLAN Configuration 7-10
8 Configuring Rapid PVST+ 8-1
Information About Rapid PVST+ 8-1
Understanding STP 8-2
Understanding Rapid PVST+ 8-6
Rapid PVST+ and IEEE 802.1Q Trunks 8-16
Rapid PVST+ Interoperation with Legacy 802.1D STP 8-16
Rapid PVST+ Interoperation with 802.1s MST 8-17
CHAPTER
OL-16597-01
Configuring Rapid PVST+ 8-17
Enabling Rapid PVST+ 8-17
Enabling Rapid PVST+ per VLAN 8-18
Configuring the Root Bridge ID 8-19
Configuring a Secondary Root Bridge 8-20
Configuring the Rapid PVST+ Port Priority 8-21
Configuring the Rapid PVST+ Pathcost Method and Port Cost 8-21
Configuring the Rapid PVST+ Bridge Priority of a VLAN 8-22
Configuring the Rapid PVST+ Hello Time for a VLAN 8-23
Configuring the Rapid PVST+ Forward Delay Time for a VLAN 8-23
Configuring the Rapid PVST+ Maximum Age Time for a VLAN 8-23
Specifying the Link Type 8-24
Restarting the Protocol 8-25
Verifying Rapid PVST+ Configurations 8-25
9 Configuring MST 9-1
Information About MST 9-1
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
v
Contents
Send feedback to nx5000-docfeedback@cisco.com
MST Overview 9-2
MST Regions 9-2
MST BPDUs 9-3
MST Configuration Information 9-3
IST, CIST, and CST 9-4
Hop Count 9-7
Boundary Ports 9-7
Detecting Unidirectional Link Failure 9-8
Port Cost and Port Priority 9-8
Interoperability with IEEE 802.1D 9-9
Interoperability with Rapid PVST+: Understanding PVST Simulation 9-9
Configuring MST 9-9
MST Configuration Guidelines 9-10
Enabling MST 9-10
Entering MST Configuration Mode 9-11
Specifying the MST Name 9-12
Specifying the MST Configuration Revision Number 9-13
Specifying the Configuration on an MST Region 9-13
Mapping and Unmapping VLANs to MST Instances 9-15
Mapping Secondary VLANs to Same MSTI as Primary VLANs for Private VLANs 9-16
Configuring the Root Bridge 9-16
Configuring a Secondary Root Bridge 9-17
Configuring the Port Priority 9-18
Configuring the Port Cost 9-19
Configuring the Switch Priority 9-20
Configuring the Hello Time 9-21
Configuring the Forwarding-Delay Time 9-22
Configuring the Maximum-Aging Time 9-22
Configuring the Maximum-Hop Count 9-22
Configuring PVST Simulation Globally 9-23
Configuring PVST Simulation Per Port 9-23
Specifying the Link Type 9-24
Restarting the Protocol 9-25
Verifying MST Configurations 9-25
CHAPTER
10 Configuring STP Extensions 10-1
Information About STP Extensions 10-1
Understanding STP Port Types 10-2
Understanding Bridge Assurance 10-2
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
vi
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Understanding BPDU Guard 10-3
Understanding BPDU Filtering 10-3
Understanding Loop Guard 10-4
Understanding Root Guard 10-5
Configuring STP Extensions 10-5
STP Extensions Configuration Guidelines 10-5
Configuring Spanning Tree Port Types Globally 10-6
Configuring Spanning Tree Edge Ports on Specified Interfaces 10-7
Configuring Spanning Tree Network Ports on Specified Interfaces 10-7
Enabling BPDU Guard Globally 10-8
Enabling BPDU Guard on Specified Interfaces 10-9
Enabling BPDU Filtering Globally 10-10
Enabling BPDU Filtering on Specified Interfaces 10-10
Enabling Loop Guard Globally 10-12
Enabling Loop Guard or Root Guard on Specified Interfaces 10-12
Contents
CHAPTER
Verifying STP Extension Configuration 10-13
11 Configuring EtherChannels 11-1
Information About EtherChannels 11-1
Understanding EtherChannels 11-2
Compatibility Requirements 11-2
Load Balancing Using EtherChannels 11-3
Understanding LACP 11-4
Configuring EtherChannels 11-7
Creating an EtherChannel 11-7
Adding a Port to an EtherChannel 11-8
Configuring Load Balancing Using EtherChannels 11-9
Enabling LACP 11-10
Configuring Port-Channel Port Modes 11-10
Configuring the LACP System Priority and System ID 11-11
Configuring the LACP Port Priority 11-11
Verifying Port-Channel Configuration 11-12
CHAPTER
12 Configuring Access and Trunk Interfaces 12-1
Information About Access and Trunk Interfaces 12-1
Understanding Access and Trunk Interfaces 12-1
Understanding IEEE 802.1Q Encapsulation 12-2
Understanding Access VLANs 12-3
Understanding the Native VLAN ID for Trunk Ports 12-3
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
vii
Contents
Send feedback to nx5000-docfeedback@cisco.com
Understanding Allowed VLANs 12-4
Configuring Access and Trunk Interfaces 12-4
Configuring a LAN Interface as an Ethernet Access Port 12-4
Configuring Access Host Ports 12-5
Configuring Trunk Ports 12-6
Configuring the Native VLAN for 802.1Q Trunking Ports 12-6
Configuring the Allowed VLANs for Trunking Ports 12-7
Verifying Interface Configuration 12-8
CHAPTER
CHAPTER
CHAPTER
13 Configuring the MAC Address Table 13-1
Information About MAC Addresses 13-1
Configuring MAC Addresses 13-1
Configuring a Static MAC Address 13-2
Configuring the Aging Time for the MAC Table 13-2
Clearing Dynamic Addresses from the MAC Table 13-3
Verifying the MAC Address Configuration 13-3
14 Configuring IGMP Snooping 14-1
Information About IGMP Snooping 14-1
IGMPv1 and IGMPv2 14-2
IGMPv3 14-3
IGMP Snooping Querier 14-3
IGMP Forwarding 14-3
Configuring IGMP Snooping Parameters 14-4
Verifying IGMP Snooping Configuration 14-6
15 Configuring Traffic Storm Control 15-1
Information About Traffic Storm Control 15-1
Guidelines and Limitations 15-2
Configuring Traffic Storm Control 15-3
Verifying Traffic Storm Control Configuration 15-3
Displaying Traffic Storm Control Counters 15-3
Traffic Storm Control Example Configuration 15-4
Default Settings 15-4
Switch Security Features
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
viii
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Contents
CHAPTER
16 Configuring AAA 16-1
Information About AAA 16-1
AAA Security Services 16-1
Benefits of Using AAA 16-2
Remote AAA Services 16-2
AAA Server Groups 16-3
AAA Service Configuration Options 16-3
Authentication and Authorization Process for User Login 16-4
Prerequisites for Remote AAA 16-5
AAA Guidelines and Limitations 16-6
Configuring AAA 16-6
Configuring Console Login Authentication Methods 16-6
Configuring Default Login Authentication Methods 16-8
Enabling Login Authentication Failure Messages 16-8
Enabling MSCHAP Authentication 16-9
Configuring AAA Accounting Default Methods 16-10
Using AAA Server VSAs with Nexus 5000 Series Switches 16-11
Displaying and Clearing the Local AAA Accounting Log 16-12
CHAPTER
Verifying AAA Configuration 16-12
Example AAA Configuration 16-12
Default Settings 16-13
17 Configuring RADIUS 17-1
Information About RADIUS 17-1
RADIUS Network Environments 17-1
RADIUS Operation 17-2
RADIUS Server Monitoring 17-3
Vendor-Specific Attributes 17-3
Prerequisites for RADIUS 17-4
Guidelines and Limitations 17-4
Configuring RADIUS Servers 17-4
Configuring RADIUS Server Hosts 17-5
Configuring Global Preshared Keys 17-6
Configuring RADIUS Server Preshared Keys 17-6
Configuring RADIUS Server Groups 17-7
Allowing Users to Specify a RADIUS Server at Login 17-8
Configuring the Global RADIUS Transmission Retry Count and Timeout Interval 17-9
Configuring the RADIUS Transmission Retry Count and Timeout Interval for a Server 17-9
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
ix
Contents
Send feedback to nx5000-docfeedback@cisco.com
Configuring Accounting and Authentication Attributes for RADIUS Servers 17-10
Configuring Periodic RADIUS Server Monitoring 17-11
Configuring the Dead-Time Interval 17-12
Manually Monitoring RADIUS Servers or Groups 17-13
Verifying RADIUS Configuration 17-13
Displaying RADIUS Server Statistics 17-13
Example RADIUS Configuration 17-14
Default Settings 17-14
CHAPTER
18 Configuring TACACS+ 18-1
Information About TACACS+ 18-1
TACACS+ Advantages 18-2
User Login with TACACS+ 18-2
Default TACACS+ Server Encryption Type and Preshared Key 18-3
TACACS+ Server Monitoring 18-3
Prerequisites for TACACS+ 18-4
Guidelines and Limitations 18-4
Configuring TACACS+ 18-4
TACACS+ Server Configuration Process 18-4
Enabling TACACS+ 18-5
Configuring TACACS+ Server Hosts 18-5
Configuring Global Preshared Keys 18-6
Configuring TACACS+ Server Preshared Keys 18-7
Configuring TACACS+ Server Groups 18-7
Specifying a TACACS+ Server at Login 18-8
Configuring the Global TACACS+ Timeout Interval 18-9
Configuring the Timeout Interval for a Server 18-9
Configuring TCP Ports 18-10
Configuring Periodic TACACS+ Server Monitoring 18-11
Configuring the Dead-Time Interval 18-12
Manually Monitoring TACACS+ Servers or Groups 18-12
Disabling TACACS+ 18-12
Displaying TACACS+ Statistics 18-13
Verifying TACACS+ Configuration 18-13
Example TACACS+ Configuration 18-13
Default Settings 18-14
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
x
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Contents
CHAPTER
19 Configuring SSH and Telnet 19-1
Information About SSH and Telnet 19-1
SSH Server 19-1
SSH Client 19-2
SSH Server Keys 19-2
Telnet Server 19-2
Prerequisites for SSH 19-2
Guidelines and Limitations 19-3
Configuring SSH 19-3
Generating SSH Server Keys 19-3
Specifying the SSH Public Keys for User Accounts 19-4
Starting SSH Sessions to Remote Devices 19-6
Clearing SSH Hosts 19-6
Disabling the SSH Server 19-6
Deleting SSH Server Keys 19-6
Clearing SSH Sessions 19-7
Configuring Telnet 19-7
Enabling the Telnet Server 19-7
Starting Telnet Sessions to Remote Devices 19-8
Clearing Telnet Sessions 19-8
CHAPTER
Verifying the SSH and Telnet Configuration 19-9
SSH Example Configuration 19-9
Default Settings 19-10
20 Configuring ACLs 20-1
Information About ACLs 20-1
IP ACL Types and Applications 20-1
Rules 20-2
Configuring IP ACLs 20-4
Creating an IP ACL 20-5
Changing an IP ACL 20-5
Removing an IP ACL 20-6
Changing Sequence Numbers in an IP ACL 20-7
Applying an IP ACL as a Port ACL 20-7
Applying an IP ACL as a VACL 20-8
Verifying IP ACL Configurations 20-8
Displaying and Clearing IP ACL Statistics 20-9
Configuring MAC ACLs 20-9
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xi
Contents
Send feedback to nx5000-docfeedback@cisco.com
Creating a MAC ACL 20-10
Changing a MAC ACL 20-10
Removing a MAC ACL 20-11
Changing Sequence Numbers in a MAC ACL 20-12
Applying a MAC ACL as a Port ACL 20-12
Applying a MAC ACL as a VACL 20-13
Verifying MAC ACL Configurations 20-13
Displaying and Clearing MAC ACL Statistics 20-13
Information About VLAN ACLs 20-14
VACLs and Access Maps 20-14
VACLs and Actions 20-14
Statistics 20-15
Configuring VACLs 20-15
Creating or Changing a VACL 20-15
Removing a VACL 20-16
Applying a VACL to a VLAN 20-16
Verifying VACL Configuration 20-17
Displaying and Clearing VACL Statistics 20-17
CHAPTER
Default Settings 20-18
System Management
21 Using Cisco Fabric Services 21-1
Information About CFS 21-1
CFS Distribution 21-2
CFS Distribution Modes 21-2
Enabling/Disabling CFS Distribution on a Switch 21-3
Verifying CFS Distribution Status 21-4
CFS Distribution over IP 21-4
CFS Distribution over Fibre Channel 21-5
CFS Distribution Scopes 21-5
CFS Merge Support 21-6
CFS Support for Applications 21-6
CFS Application Requirements 21-6
Enabling CFS for an Application 21-7
Locking the Network 21-8
Committing Changes 21-8
Discarding Changes 21-9
Saving the Configuration 21-9
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xii
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Clearing a Locked Session 21-9
CFS Regions 21-9
About CFS Regions 21-10
Example Scenario 21-10
Managing CFS Regions 21-10
Configuring CFS over IP 21-12
Enabling CFS over IP 21-12
Verifying the CFS Over IP Configuration 21-13
Configuring IP Multicast Address for CFS over IP 21-13
Verifying IP Multicast Address Configuration for CFS over IP 21-14
Displaying CFS Distribution Information 21-14
Default Settings 21-16
Contents
CHAPTER
22 Configuring User Accounts and RBAC 22-1
Information About User Accounts and RBAC 22-1
About User Accounts 22-1
Characteristics of Strong Passwords 22-2
About User Roles 22-2
About Rules 22-3
About User Role Policies 22-3
Guidelines and Limitations 22-4
Configuring User Accounts 22-4
Configuring RBAC 22-5
Creating User Roles and Rules 22-5
Creating Feature Groups 22-7
Changing User Role Interface Policies 22-7
Changing User Role VLAN Policies 22-8
Changing User Role VSAN Policies 22-8
Verifying User Accounts and RBAC Configuration 22-9
Example User Accounts and RBAC Configuration 22-9
Default Settings 22-10
CHAPTER
23 Configuring Session Manager 23-1
Information About Session Manager 23-1
Configuration Guidelines and Limitations 23-1
Configuring Session Manager 23-2
Creating a Session 23-2
Configuring ACLs in a Session 23-2
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xiii
Contents
Send feedback to nx5000-docfeedback@cisco.com
Verifying a Session 23-3
Committing a Session 23-3
Saving a Session 23-3
Discarding a Session 23-3
Session Manager Example Configuration 23-3
Verifying Session Manager Configuration 23-4
CHAPTER
CHAPTER
24 Configuring Online Diagnostics 24-1
Information About Online Diagnostics 24-1
Online Diagnostics Overview 24-1
Bootup Diagnostics 24-1
Health Monitoring Diagnostics 24-2
Expansion Module Diagnostics 24-3
Configuring Online Diagnostics 24-4
Verifying Online Diagnostics Configuration 24-4
Default Settings 24-4
25 Configuring System Message Logging 25-1
Information About System Message Logging 25-1
syslog Servers 25-2
Configuring System Message Logging 25-2
Configuring System Message Logging to Terminal Sessions 25-2
Configuring System Message Logging to a File 25-3
Configuring Module and Facility Messages Logged 25-4
Configuring syslog Servers 25-5
Configuring syslog Server Configuration Distribution 25-7
Displaying and Clearing Log Files 25-8
Verifying System Message Logging Configuration 25-9
System Message Logging Example Configuration 25-9
Default Settings 25-10
CHAPTER
26 Configuring Smart Call Home 26-1
Information About Call Home 26-1
Call Home Overview 26-1
Destination Profiles 26-2
Call Home Alert Groups 26-2
Call Home Message Levels 26-4
Obtaining Smart Call Home 26-5
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xiv
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Prerequisites for Call Home 26-5
Configuration Guidelines and Limitations 26-5
Configuring Call Home 26-6
Guidelines for Configuring Call Home 26-6
Configuring Contact Information 26-6
Creating a Destination Profile 26-8
Modifying a Destination Profile 26-8
Associating an Alert Group with a Destination Profile 26-9
Adding show Commands to an Alert Group 26-10
Configuring E-Mail 26-10
Configuring Periodic Inventory Notification 26-11
Disabling Duplicate Message Throttle 26-12
Enabling or Disabling Call Home 26-12
Testing Call Home Communications 26-13
Verifying Call Home Configuration 26-13
Contents
CHAPTER
Call Home Example Configuration 26-14
Default Settings 26-14
Additional References 26-15
Message Formats 26-15
Sample syslog Alert Notification in Full-Text Format 26-18
Sample syslog Alert Notification in XML Format 26-19
27 Configuring SNMP 27-1
Information About SNMP 27-1
SNMP Functional Overview 27-1
SNMP Notifications 27-2
SNMPv3 27-2
Configuration Guidelines and Limitations 27-5
Configuring SNMP 27-5
Configuring SNMP Users 27-5
Enforcing SNMP Message Encryption 27-5
Assigning SNMPv3 Users to Multiple Roles 27-6
Creating SNMP Communities 27-6
Configuring SNMP Notification Receivers 27-6
Configuring the Notification Target User 27-7
Enabling SNMP Notifications 27-8
Configuring linkUp/linkDown Notifications 27-9
Disabling Up/ Down Notifications on an Interface 27-10
Enabling One-Time Authentication for SNMP over TCP 27-10
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xv
Contents
Send feedback to nx5000-docfeedback@cisco.com
Assigning SNMP Switch Contact and Location Information 27-11
Verifying SNMP Configuration 27-11
SNMP Example Configuration 27-11
Default Settings 27-12
CHAPTER
CHAPTER
28 Configuring RMON 28-1
Information About RMON 28-1
RMON Alarms 28-1
RMON Events 28-2
Configuration Guidelines and Limitations 28-2
Configuring RMON 28-3
Configuring RMON Alarms 28-3
Configuring RMON Events 28-4
Verifying RMON Configuration 28-4
RMON Example Configuration 28-4
Default Settings 28-5
Fibre Channel over Ethernet
29 Configuring FCoE 29-1
Information About FCoE 29-1
Licensing Requirements 29-1
Converged Network Adapters 29-2
DCBX Capabilities 29-2
DCE Bridging Capability Exchange Protocol 29-3
DCBX Feature Negotiation 29-3
Ethernet Frame Formats 29-4
Configuring FCoE 29-4
Enabling FCoE 29-5
Enabling FCoE on Ethernet Interfaces 29-5
Configuring Priority Flow Control 29-6
Configuring IEEE 802.3x Link-Level Flow Control 29-6
Configuring LLDP 29-7
Configuring Global LLDP Commands 29-7
Configuring Interface LLDP Commands 29-8
Verifying FCoE Configuration 29-8
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xvi
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Contents
CHAPTER
CHAPTER
30 Configuring Virtual Interfaces 30-1
Information About Virtual Interfaces 30-1
Guidelines and Limitations 30-1
Configuring Virtual Interfaces 30-2
Creating a Virtual Fibre Channel Interface 30-2
Mapping VSANs to VLANs 30-2
Deleting a Virtual Fibre Channel Interface 30-3
Verifying Virtual Interface Information 30-4
Quality of Service
31 Configuring QoS 31-1
Information About QoS 31-1
MQC 31-2
System Classes 31-2
Default System Classes 31-3
Link-Level Flow Control 31-3
Priority Flow Control 31-3
MTU 31-4
Trust Boundaries 31-4
Ingress Policies 31-5
Egress Policies 31-5
QoS for Multicast Traffic 31-5
Policy for Fibre Channel Interfaces 31-6
QoS for Traffic Directed to the CPU 31-6
Configuration Guidelines and Limitations 31-6
Configuring PFC and LLC 31-7
Configuring Priority Flow Control 31-7
Configuring IEEE 802.3x Link-Level Flow Control 31-8
Configuring System Classes 31-8
Configuring Class Maps 31-9
Configuring Policy Maps 31-9
Creating the System Service Policy 31-11
System Class Example 31-11
Enabling Jumbo MTU 31-11
Verifying Jumbo MTU 31-12
Configuring QoS on Interfaces 31-13
Configuring Untagged CoS 31-13
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xvii
Contents
Send feedback to nx5000-docfeedback@cisco.com
Configuring Ingress Policies 31-13
Configuring Egress Policies 31-14
SAN Switching
CHAPTER
32 Configuring Fibre Channel Interfaces 32-1
Information About Fibre Channel Interfaces 32-1
Licensing Requirements 32-1
Physical Fibre Channel Interfaces 32-2
Virtual Fibre Channel Interfaces 32-2
Interface Modes 32-2
Interface States 32-5
Buffer-to-Buffer Credits 32-7
Configuring Fibre Channel Interfaces 32-8
Configuring a Fibre Channel Interface 32-8
Setting the Interface Administrative State 32-9
Configuring Interface Modes 32-9
Configuring the Interface Description 32-10
Configuring Port Speeds 32-10
Configuring SD Port Frame Encapsulation 32-11
Configuring Receive Data Field Size 32-11
Understanding Bit Error Thresholds 32-11
Configuring Buffer-to-Buffer Credits 32-12
CHAPTER
xviii
Configuring Global Attributes for Fibre Channel Interfaces 32-13
Configuring Switch Port Attribute Default Values 32-13
About N Port Identifier Virtualization 32-14
Enabling N Port Identifier Virtualization 32-14
Verifying Fibre Channel Interfaces 32-15
Verifying SFP Transmitter Types 32-15
Verifying Interface Information 32-15
Verifying BB_Credit Information 32-17
Default Settings 32-17
33 Configuring Domain Parameters 33-1
Information About Fibre Channel Domains 33-1
About Domain Restart 33-3
Restarting a Domain 33-3
About Domain Manager Fast Restart 33-3
Enabling Domain Manager Fast Restart 33-4
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
About Switch Priority 33-4
Configuring Switch Priority 33-4
About fcdomain Initiation 33-5
Disabling or Reenabling fcdomains 33-5
Configuring Fabric Names 33-5
About Incoming RCFs 33-5
Rejecting Incoming RCFs 33-6
About Autoreconfiguring Merged Fabrics 33-6
Enabling Autoreconfiguration 33-6
Domain IDs 33-6
About Domain IDs 33-7
Specifying Static or Preferred Domain IDs 33-9
About Allowed Domain ID Lists 33-9
Configuring Allowed Domain ID Lists 33-10
About CFS Distribution of Allowed Domain ID Lists 33-10
Enabling Distribution 33-10
Locking the Fabric 33-11
Committing Changes 33-11
Discarding Changes 33-11
Clearing a Fabric Lock 33-12
Displaying CFS Distribution Status 33-12
Displaying Pending Changes 33-12
Displaying Session Status 33-13
About Contiguous Domain ID Assignments 33-13
Enabling Contiguous Domain ID Assignments 33-13
Contents
FC IDs 33-13
About Persistent FC IDs 33-14
Enabling the Persistent FC ID Feature 33-14
Persistent FC ID Configuration Guidelines 33-15
Configuring Persistent FC IDs 33-15
About Unique Area FC IDs for HBAs 33-16
Configuring Unique Area FC IDs for an HBA 33-16
About Persistent FC ID Selective Purging 33-17
Purging Persistent FC IDs 33-18
Verifying fcdomain Information 33-18
Default Settings 33-19
CHAPTER
34 Configuring N Port Virtualization 34-1
Information About NPV 34-1
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xix
Contents
Send feedback to nx5000-docfeedback@cisco.com
NPV Overview 34-1
NPV Mode 34-2
Server Interfaces 34-2
NP Uplinks (External Interfaces) 34-3
FLOGI Operation 34-3
NPV Traffic Management 34-4
NPV Traffic Management Guidelines 34-5
Guidelines and Limitations 34-5
Configuring NPV 34-6
Enabling NPV 34-6
Configuring NPV Interfaces 34-7
Configuring NPV Traffic Management 34-7
Verifying NPV 34-8
Verifying NPV Traffic Management 34-9
CHAPTER
CHAPTER
35 Configuring VSAN Trunking 35-1
Information About VSAN Trunking 35-1
VSAN Trunking Mismatches 35-2
VSAN Trunking Protocol 35-2
Configuring VSAN Trunking 35-3
Guidelines and Restrictions 35-3
Enabling or Disabling the VSAN Trunking Protocol 35-3
About Trunk Mode 35-3
Configuring Trunk Mode 35-4
About Trunk-Allowed VSAN Lists 35-4
Configuring an Allowed-Active List of VSANs 35-6
Displaying VSAN Trunking Information 35-6
Default Settings 35-7
36 Configuring SAN Port Channels 36-1
Information About SAN Port Channels 36-1
Understanding Port Channels and VSAN Trunking 36-2
Understanding Load Balancing 36-2
Configuring SAN Port Channels 36-4
SAN Port Channel Configuration Guidelines 36-5
Creating a SAN Port Channel 36-6
About SAN Port Channel Modes 36-6
About SAN Port Channel Deletion 36-7
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xx
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Deleting SAN Port Channels 36-8
Interfaces in a SAN Port Channel 36-8
About Interface Addition to a SAN Port Channel 36-9
Adding an Interface to a SAN Port Channel 36-9
Forcing an Interface Addition 36-10
About Interface Deletion from a SAN Port Channel 36-10
Deleting an Interface from a SAN Port Channel 36-11
Port Channel Protocol 36-11
About Channel Group Creation 36-12
Autocreation Guidelines 36-13
Enabling and Configuring Autocreation 36-14
About Manually Configured Channel Groups 36-14
Converting to Manually Configured Channel Groups 36-14
Verifying SAN Port Channel Configuration 36-15
Default Settings 36-16
Contents
CHAPTER
37 Configuring and Managing VSANs 37-1
Information About VSANs 37-1
VSAN Topologies 37-1
VSAN Advantages 37-3
VSANs Versus Zones 37-4
Configuring VSANs 37-5
About VSAN Creation 37-6
Creating VSANs Statically 37-6
About Port VSAN Membership 37-7
Assigning Static Port VSAN Membership 37-7
Displaying VSAN Static Membership 37-7
About the Default VSAN 37-8
About the Isolated VSAN 37-8
Displaying Isolated VSAN Membership 37-8
Operational State of a VSAN 37-9
About Static VSAN Deletion 37-9
Deleting Static VSANs 37-10
About Load Balancing 37-10
Configuring Load Balancing 37-10
About Interop Mode 37-11
Displaying Static VSAN Configuration 37-11
Default Settings 37-11
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xxi
Contents
Send feedback to nx5000-docfeedback@cisco.com
CHAPTER
38 Configuring and Managing Zones 38-1
Information About Zoning 38-1
Zoning Features 38-2
Zoning Example 38-3
Zone Implementation 38-4
Active and Full Zone Set Configuration Guidelines 38-4
Configuring Zones 38-7
Zone Sets 38-8
Activating a Zone Set 38-9
About the Default Zone 38-10
Configuring the Default Zone Access Permission 38-10
About FC Alias Creation 38-10
Creating FC Aliases 38-11
Creating Zone Sets and Adding Member Zones 38-12
Zone Enforcement 38-13
Zone Set Distribution 38-13
Enabling Full Zone Set Distribution 38-14
Enabling a One-Time Distribution 38-14
About Recovering from Link Isolation 38-14
Importing and Exporting Zone Sets 38-15
Zone Set Duplication 38-16
Copying Zone Sets 38-16
Renaming Zones, Zone Sets, and Aliases 38-16
Cloning Zones, Zone Sets, FC Aliases, and Zone Attribute Groups 38-17
Clearing the Zone Server Database 38-17
Verifying Zone Information 38-18
Enhanced Zoning 38-18
About Enhanced Zoning 38-19
Changing from Basic Zoning to Enhanced Zoning 38-20
Changing from Enhanced Zoning to Basic Zoning 38-20
Enabling Enhanced Zoning 38-20
Modifying the Zone Database 38-21
Releasing Zone Database Locks 38-21
Merging the Database 38-22
Configuring Zone Merge Control Policies 38-23
Default Zone Policies 38-23
Configuring System Default Zoning Settings 38-23
Verifying Enhanced Zone Information 38-24
Compacting the Zone Database 38-24
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xxii
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Zone and Zone Set Analysis 38-24
Default Settings 38-25
Contents
CHAPTER
39 Distributing Device Alias Services 39-1
Information About Device Aliases 39-1
Device Alias Features 39-1
Device Alias Requirements 39-2
Zone Aliases Versus Device Aliases 39-2
Device Alias Databases 39-2
Creating Device Aliases 39-3
Device Alias Modes 39-4
Changing Device Alias Mode Guidelines 39-4
Configuring Device Alias Modes 39-5
About Device Alias Distribution 39-5
Locking the Fabric 39-5
Committing Changes 39-6
Discarding Changes 39-6
Fabric Lock Override 39-7
Disabling and Enabling Device Alias Distribution 39-7
About Legacy Zone Alias Configuration 39-8
Importing a Zone Alias 39-8
CHAPTER
Database Merge Guidelines 39-8
Verifying Device Alias Configuration 39-9
Default Settings 39-10
40 Configuring Fibre Channel Routing Services and Protocols 40-1
Information About FSPF 40-1
FSPF Examples 40-2
FSPF Global Configuration 40-3
About SPF Computational Hold Times 40-3
About Link State Records 40-4
Configuring FSPF on a VSAN 40-4
Resetting FSPF to the Default Configuration 40-5
Enabling or Disabling FSPF 40-5
Clearing FSPF Counters for the VSAN 40-5
FSPF Interface Configuration 40-5
About FSPF Link Cost 40-6
Configuring FSPF Link Cost 40-6
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xxiii
Contents
Send feedback to nx5000-docfeedback@cisco.com
About Hello Time Intervals 40-6
Configuring Hello Time Intervals 40-6
About Dead Time Intervals 40-7
Configuring Dead Time Intervals 40-7
About Retransmitting Intervals 40-7
Configuring Retransmitting Intervals 40-8
About Disabling FSPF for Specific Interfaces 40-8
Disabling FSPF for Specific Interfaces 40-8
Clearing FSPF Counters for an Interface 40-9
FSPF Routes 40-9
About Fibre Channel Routes 40-9
Configuring Fibre Channel Routes 40-10
In-Order Delivery 40-10
About Reordering Network Frames 40-11
About Reordering SAN Port Channel Frames 40-11
About Enabling In-Order Delivery 40-12
Enabling In-Order Delivery Globally 40-12
Enabling In-Order Delivery for a VSAN 40-13
Displaying the In-Order Delivery Status 40-13
Configuring the Drop Latency Time 40-13
Displaying Latency Information 40-14
CHAPTER
Flow Statistics Configuration 40-14
About Flow Statistics 40-15
Counting Aggregated Flow Statistics 40-15
Counting Individual Flow Statistics 40-15
Clearing FIB Statistics 40-15
Displaying Flow Statistics 40-16
Default Settings 40-16
41 Managing FLOGI, Name Server, FDMI, and RSCN Databases 41-1
Information About Fabric Login 41-1
Name Server Proxy 41-2
About Registering Name Server Proxies 41-2
Registering Name Server Proxies 41-2
About Rejecting Duplicate pWWNs 41-2
Rejecting Duplicate pWWNs 41-3
About Name Server Database Entries 41-3
Displaying Name Server Database Entries 41-3
FDMI 41-4
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xxiv
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Displaying FDMI 41-4
RSCN 41-4
About RSCN Information 41-5
Displaying RSCN Information 41-5
About the multi-pid Option 41-5
Configuring the multi-pid Option 41-6
Suppressing Domain Format SW-RSCNs 41-6
Clearing RSCN Statistics 41-6
Configuring the RSCN Timer 41-7
Verifying the RSCN Timer Configuration 41-7
RSCN Timer Configuration Distribution 41-8
Default Settings 41-10
Contents
CHAPTER
CHAPTER
42 Discovering SCSI Targets 42-1
Information About SCSI LUN Discovery 42-1
About Starting SCSI LUN Discovery 42-1
Starting SCSI LUN Discovery 42-2
About Initiating Customized Discovery 42-2
Initiating Customized Discovery 42-2
Displaying SCSI LUN Information 42-3
43 Advanced Fibre Channel Features and Concepts 43-1
Fibre Channel Timeout Values 43-1
Timer Configuration Across All VSANs 43-2
Timer Configuration Per-VSAN 43-2
About fctimer Distribution 43-3
Enabling or Disabling fctimer Distribution 43-3
Committing fctimer Changes 43-3
Discarding fctimer Changes 43-4
Fabric Lock Override 43-4
Database Merge Guidelines 43-4
Verifying Configured fctimer Values 43-5
World Wide Names 43-5
Verifying WWN Information 43-6
Link Initialization WWN Usage 43-6
Configuring a Secondary MAC Address 43-6
FC ID Allocation for HBAs 43-7
Default Company ID List 43-7
Verifying the Company ID Configuration 43-8
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xxv
Contents
Send feedback to nx5000-docfeedback@cisco.com
Switch Interoperability 43-9
About Interop Mode 43-9
Configuring Interop Mode 1 43-11
Verifying Interoperating Status 43-12
Default Settings 43-15
CHAPTER
44 Configuring FC-SP and DHCHAP 44-1
Information About Fabric Authentication 44-1
DHCHAP 44-2
DHCHAP Compatibility with Fibre Channel Features 44-3
About Enabling DHCHAP 44-4
Enabling DHCHAP 44-4
About DHCHAP Authentication Modes 44-4
Configuring the DHCHAP Mode 44-5
About the DHCHAP Hash Algorithm 44-5
Configuring the DHCHAP Hash Algorithm 44-6
About the DHCHAP Group Settings 44-6
Configuring the DHCHAP Group Settings 44-6
About the DHCHAP Password 44-6
Configuring DHCHAP Passwords for the Local Switch 44-7
About Password Configuration for Remote Devices 44-7
Configuring DHCHAP Passwords for Remote Devices 44-8
About the DHCHAP Timeout Value 44-8
Configuring the DHCHAP Timeout Value 44-8
Configuring DHCHAP AAA Authentication 44-9
Displaying Protocol Security Information 44-9
Sample Configuration 44-9
Default Settings 44-11
CHAPTER
45 Configuring Port Security 45-1
Information About Port Security 45-1
Port Security Enforcement 45-2
About Auto-Learning 45-2
Port Security Activation 45-3
Configuring Port Security 45-3
Configuring Port Security with Auto-Learning and CFS Distribution 45-3
Configuring Port Security with Auto-Learning without CFS 45-4
Configuring Port Security with Manual Database Configuration 45-5
Enabling Port Security 45-5
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xxvi
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Port Security Activation 45-5
Activating Port Security 45-6
Database Activation Rejection 45-6
Forcing Port Security Activation 45-6
Database Reactivation 45-7
Auto-Learning 45-7
About Enabling Auto-Learning 45-8
Enabling Auto-Learning 45-8
Disabling Auto-Learning 45-8
Auto-Learning Device Authorization 45-8
Authorization Scenario 45-9
Port Security Manual Configuration 45-10
WWN Identification Guidelines 45-10
Adding Authorized Port Pairs 45-11
Port Security Configuration Distribution 45-12
Enabling Distribution 45-12
Locking the Fabric 45-13
Committing the Changes 45-13
Discarding the Changes 45-13
Activation and Auto-Learning Configuration Distribution 45-13
Contents
CHAPTER
Database Merge Guidelines 45-14
Database Interaction 45-15
Database Scenarios 45-15
Copying the Port Security Database 45-17
Deleting the Port Security Database 45-18
Clearing the Port Security Database 45-18
Displaying Port Security Configuration 45-19
Default Settings 45-19
46 Configuring Fabric Binding 46-1
Information About Fabric Binding 46-1
Licensing Requirements 46-1
Port Security Versus Fabric Binding 46-2
Fabric Binding Enforcement 46-2
Configuring Fabric Binding 46-3
Configuring Fabric Binding 46-3
Enabling Fabric Binding 46-3
About Switch WWN Lists 46-4
Configuring Switch WWN List 46-4
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xxvii
Contents
Send feedback to nx5000-docfeedback@cisco.com
About Fabric Binding Activation and Deactivation 46-4
Activating Fabric Binding 46-5
Forcing Fabric Binding Activation 46-5
Copying Fabric Binding Configurations 46-5
Clearing the Fabric Binding Statistics 46-6
Deleting the Fabric Binding Database 46-6
Verifying Fabric Binding Information 46-6
Default Settings 46-7
CHAPTER
CHAPTER
47 Configuring Fabric Configuration Servers 47-1
Information About FCS 47-1
FCS Characteristics 47-2
FCS Name Specification 47-2
Displaying FCS Information 47-3
Default Settings 47-4
48 Configuring Port Tracking 48-1
Information About Port Tracking 48-1
Configuring Port Tracking 48-2
Enabling Port Tracking 48-3
About Configuring Linked Ports 48-3
Operationally Binding a Tracked Port 48-3
About Tracking Multiple Ports 48-4
Tracking Multiple Ports 48-5
About Monitoring Ports in a VSAN 48-5
Monitoring Ports in a VSAN 48-5
About Forceful Shutdown 48-6
Forcefully Shutting Down a Tracked Port 48-6
Displaying Port Tracking Information 48-6
Default Port Tracking Settings 48-7
Troubleshooting
CHAPTER
49 Configuring SPAN 49-1
SPAN Sources 49-1
Characteristics of Source Ports 49-1
SPAN Destinations 49-2
Characteristics of Destination Ports 49-2
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xxviii
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Configuring SPAN 49-2
Creating and Deleting a SPAN Session 49-3
Configuring the Destination Port 49-3
Configuring Source Ports 49-5
Configuring Source Port Channels, VLANs, or VSANs 49-5
Configuring the Description of a SPAN Session 49-6
Suspending or Activating a SPAN Session 49-7
Displaying SPAN Information 49-7
Contents
CHAPTER
CHAPTER
I
NDEX
50 Troubleshooting 50-1
Recovering a Lost Password 50-1
Using the CLI with Network-Admin Privileges 50-1
Power Cycling the Switch 50-2
Using Ethanalyzer 50-3
Troubleshooting Fibre Channel 50-5
fctrace 50-5
fcping 50-7
show tech-support Command 50-8
show tech-support brief Command 50-10
show tech-support fc Command 50-12
show tech-support platform Command 50-14
Default Settings 50-16
51 Configuration Limits 51-1
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xxix
Contents
Send feedback to nx5000-docfeedback@cisco.com
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
xxx
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
Audience
Preface
This preface describes the audience, organization, and conventions of the Cisco Nexus 5000 Series
Switch CLI Software Configuration Guide. It also provides information on how to obtain related
documentation.
This guide is for experienced network administrators who are responsible for configuring and
maintaining Cisco Nexus 5000 Series switches.
Organization
This guide is organized as follows:
Chapter Title Description
Chapter 1 Product Overview Presents an overview of the Cisco Nexus 5000
Part 1 Configuration Fundamentals Contains chapters on using the CLI and initial
Part 2 LAN Switching Contains chapters on how to configure Ethernet
Part 3 Switch Security Features Contains chapters on how to configure AAA,
Part 4 System Management Contains chapters on how to configure CFS,
Part 5 Fibre Channel over Ethernet Contains chapters on how to configure FCoE
Part 6 Quality of Service Contains chapters on how to configure QoS.
Series switches.
switch configuration.
interfaces, VLANs, STP, Port Channels,
trunks, the MAC address table and IGMP
snooping.
Radius, TACACS+, SSH/Telnet and ACLs.
RBAC, System Message Logging, Call Home,
SNMP, RMON, network management
interfaces, storm control and SPAN.
and virtual interfaces.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
i
Send feedback to nx5000-docfeedback@cisco.com
Chapter Title Description
Part 7 SAN Switching Contains chapters on how to configure Fibre
Part 8 Troubleshooting Contains chapters on how to perform basic
Document Conventions
Command descriptions use these conventions:
boldface font Commands and keywords are in boldface.
italic font Arguments for which you supply values are in italics.
[ ]
[ x | y | z ] Optional alternative keywords are grouped in brackets and separated by
Preface
Channel interfaces and Fibre Channel
capabilities (such as NPV, SAN Port Channels,
zones, DDAS, FSPF, and security features).
troubleshooting.
Elements in square brackets are optional.
vertical bars.
Screen examples use these conventions:
screen font
boldface screen font
italic screen font
< >
[ ]
!, #
Terminal sessions and information the switch displays are in screen font.
Information you must enter is in boldface screen font.
Arguments for which you supply values are in italic screen font.
Nonprinting characters, such as passwords, are in angle brackets.
Default responses to system prompts are in square brackets.
An exclamation point (!) or a pound sign (#) at the beginning of a line of code
indicates a comment line.
This document uses the following conventions:
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.
Caution Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
ii
OL-16597-01
Preface
Send feedback to nx5000-docfeedback@cisco.com
Related Documentation
Documentation for Cisco Nexus 5000 Series Switches and Cisco Nexus 2000 Series Fabric Extender is
available at the following URL:
http://www.cisco.com/en/US/products/ps9670/tsd_products_support_series_home.html
The following are related Cisco Nexus 5000 Series and Cisco Nexus 2000 Series Fabric Extender
documents:
Cisco Nexus 5000 Series CLI Software Configuration Guide, Cisco NX-OS Release 4.0
Cisco Nexus 5000 Series Command Reference, Cisco NX-OS Release 4.0
Cisco Nexus 5000 Series Hardware Installation Guide
Cisco Nexus 5000 Series System Messages Reference
Cisco Nexus 5000 Series Release Notes
Cisco Nexus 2000 Series Fabric Extender Software Configuration Guide, Cisco NX-OS Release 4.0
Cisco Nexus 2000 Series Fabric Extender Hardware Installation Guide
Cisco Nexus 5000 Series Fabric Manager Software Configuration Guide, Cisco NX-OS Release 4.0
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and
revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS Version 2.0.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
iii
Send feedback to nx5000-docfeedback@cisco.com
Preface
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
iv
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
CHAPTER
1
Product Overview
The Cisco NX-OS Release 4.0 is a family of top-of-rack switches for the data center. The Cisco Nexus
5000 Series offers high-speed Ethernet switching and supports Fibre Channel over Ethernet (FCoE) to
provide data center I/O consolidation.
The Cisco Nexus 5010 switch provides 20 fixed Ethernet ports in a 1 RU switch and the Cisco Nexus
5020 switch provides 40 fixed Ethernet ports in a 2 RU switch. Optional expansion modules provide
native Fibre Channel ports and additional Ethernet ports.
This chapter describes the Cisco Nexus 5000 Series switches and includes the following sections:
• New Technologies in the Cisco Nexus 5000 Series, page 1-1
• Cisco Nexus 5000 Series Switch Hardware, page 1-3
• Cisco Nexus 5000 Series Switch Software, page 1-4
• Typical Deployment Topologies, page 1-8
• Supported Standards, page 1-12
New Technologies in the Cisco Nexus 5000 Series
Cisco Nexus 5000 Series switches introduce several new technologies, which are described in the
following sections:
• Fibre Channel over Ethernet, page 1-1
• I/O Consolidation, page 1-2
• Virtual Interfaces, page 1-3
Fibre Channel over Ethernet
Fibre Channel over Ethernet (FCoE) provides a method of encapsulating Fibre Channel traffic over a
physical Ethernet link. FCoE frames use a unique Ethertype so that FCoE traffic and standard Ethernet
traffic can be carried on the same link.
Fibre Channel traffic requires a lossless transport layer. Native Fibre Channel implements lossless
service using a buffer-to-buffer credit system. For FCoE traffic, the Ethernet link must provide lossless
service.
Ethernet links on Cisco Nexus 5000 Series switches provide two mechanisms to ensure lossless transport
for FCoE traffic: link-level flow control and priority flow control.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
1-1
New Technologies in the Cisco Nexus 5000 Series
Send feedback to nx5000-docfeedback@cisco.com
IEEE 802.3x link-level flow control allows a congested receiver to signal the far end to pause the data
transmission for a short period of time. The pause functionality is applied to all the traffic on the link.
The priority flow control (PFC) feature applies pause functionality to specific classes of traffic on the
Ethernet link. For example, PFC can provide lossless service for the FCoE traffic, and best-effort service
for the standard Ethernet traffic. PFC can provide different levels of service to specific classes of
Ethernet traffic (using IEEE 802.1p traffic classes).
I/O Consolidation
I/O consolidation allows a single network technology to carry IP, SAN, and IPC traffic.
FCoE enables an evolutionary approach to I/O consolidation. The upper Fibre Channel layers are
unchanged, so the Fibre Channel operational model is maintained. FCoE network management and
configuration is similar to a native Fibre Channel network.
Cisco Nexus 5000 Series switches use FCoE to carry Fibre Channel and Ethernet traffic on the same
physical Ethernet connection between the switch and the server. At the server, the connection terminates
to a converged network adapter (CNA). The adapter presents two interfaces to the server’s operating
system (OS): one Ethernet NIC interface and one Fibre Channel HBA interface. The server OS is not
aware of the FCoE encapsulation (See Figure 1-1)
At the switch, the incoming Ethernet port separates the Ethernet and Fibre Channel traffic (using
Ethertype to differentiate the frames). Ethernet frames and Fibre Channel frames are switched to their
respective network-side interfaces.
Chapter 1 Product Overview
Cisco Nexus 5000 Series switches provide quality of service (QoS) capabilities to ensure lossless service
across the switch for Fibre Channel traffic. Best-effort service can be applied to all of the Ethernet traffic
or specific classes of Ethernet traffic can be configured with different QoS levels.
Figure 1-1 I/O Consolidation
IP FC SAN
10GE
Server
FCoE
Adapter
10GE
NICFCHBA
FC
IOC Switch
10GE
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
1-2
187213
OL-16597-01
Chapter 1 Product Overview
Send feedback to nx5000-docfeedback@cisco.com
Virtual Interfaces
When FCoE is enabled, a physical Ethernet cable carries traffic for a logical Fibre Channel connection.
The Cisco Nexus 5000 Series switch uses virtual interfaces to represent the logical Fibre Channel
connections. For configuration purposes, virtual Fibre Channel interfaces are implemented as Layer 2
subinterfaces of the physical Ethernet interface.
Ethernet features (such as link debounce timer and VLAN membership) are configured on the physical
Ethernet interface. Logical Fibre Channel features (such as VSAN membership) are configured on the
virtual Fibre Channel interfaces.
Cisco Nexus 5000 Series Switch Hardware
The Cisco Nexus 5000 Series includes the Cisco Nexus 5010 and Cisco Nexus 5020 switches. The Cisco
Nexus 5000 Series switch hardware is described in the following topics:
• Chassis, page 1-3
• Expansion Modules, page 1-3
• Fabric Extender, page 1-4
Cisco Nexus 5000 Series Switch Hardware
• Ethernet Interfaces, page 1-4
• Fibre Channel Interfaces, page 1-4
• Management Interfaces, page 1-4
Chassis
The Cisco Nexus 5010 switch is a 1 RU chassis and the Cisco Nexus 5020 switch is a 2 RU chassis
designed for rack mounting. The chassis supports redundant fans and power supplies.
The Cisco Nexus 5000 Series switching fabric is low latency, nonblocking and supports Ethernet frame
sizes from 64 to 9216 bytes.
Expansion Modules
The Cisco Nexus 5010 switch has one slot and the Cisco Nexus 5020 switch has two slots for optional
expansion modules. The following expansion modules are available:
• N5K-M1404 provides four 10-Gigabit Ethernet ports, and four 1/2/4-Gigabit Fibre Channel ports.
• N5K-M1600 provides six 10-Gigabit Ethernet ports.
• N5K-M1008 provides eight 1/2/4-Gigabit Fibre Channel ports.
The expansion modules are field-replaceable units (FRUs) that support online insertion and removal
(OIR).
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
1-3
Cisco Nexus 5000 Series Switch Software
Send feedback to nx5000-docfeedback@cisco.com
Fabric Extender
The Cisco Nexus 5000 Series switch supports the optional Cisco Nexus 2000 Series Fabric Extender.
The Fabric Extender is a fixed configuration chassis designed to deliver additional connectivity and is
configured from the parent switch as a remote linecard.
The Cisco Nexus 2148T Fabric Extender provides 48 1-Gigabit Ethernet host interfaces and is connected
to its parent switch using four 10-Gigabit Ethernet ports.
Refer to the Cisco Nexus 2000 Series Fabric Extender Software Configuration Guide for an overview of
the Fabric Extender and configuration details.
Ethernet Interfaces
The Cisco Nexus 5010 switch has 20 fixed 10-Gigabit Ethernet ports equipped with SFP+ interface
adapters. The first 8 ports are switchable 1-Gigabit and 10-Gigabit ports. Up to 6 additional 10-Gigabit
Ethernet ports are available on an expansion module.
The Cisco Nexus 5020 switch has 40 fixed 10-Gigabit Ethernet ports equipped with SFP+ interface
adapters. The first 16 ports are switchable 1-Gigabit and 10-Gigabit ports. Up to 12 additional
10-Gigabit Ethernet ports are available on the expansion modules.
Chapter 1 Product Overview
All of the 10-Gigabit Ethernet ports support FCoE. Each port can be used as a downlink (connected to a
server) or as an uplink (to the data center LAN).
Fibre Channel Interfaces
Fibre Channel ports are optional on the Cisco Nexus 5000 Series switch. When you use expansion
modules up to 8 Fibre Channel ports are available on the Cisco Nexus 5010 switch and up to 16 Fibre
Channel ports are available on the Cisco Nexus 5020 switch.
Each Fibre Channel port can be used as a downlink (connected to a server) or as an uplink (to the data
center SAN fabric).
Management Interfaces
A Cisco Nexus 5000 Series switch has two dedicated management interfaces (one serial console port and
one 10/100/1000 Ethernet interface).
Cisco Nexus 5000 Series Switch Software
The Cisco Nexus 5000 Series switch is a Layer 2 device, which runs Cisco NX-OS. The Cisco Nexus
5000 Series switch software is described in the following topics:
• Ethernet Switching, page 1-5
• FCoE and Fibre Channel Switching, page 1-5
• Licensing, page 1-5
• QoS, page 1-5
• Serviceability, page 1-6
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
1-4
OL-16597-01
Chapter 1 Product Overview
Send feedback to nx5000-docfeedback@cisco.com
• Switch Management, page 1-6
• Network Security Features, page 1-7
• Virtual Device Contexts, page 1-8
Ethernet Switching
Cisco Nexus 5000 Series switches are designed to support high-density, high-performance Ethernet
systems and provide the following Ethernet switching features:
• IEEE 802.1D-2004 Rapid and Multiple Spanning Tree Protocols (802.1w and 802.1s)
• IEEE 802.1Q VLANs and trunks
• IEEE 802.3ad link aggregation
• Private VLANs
• Traffic suppression (unicast, multicast, and broadcast)
Cisco Nexus 5000 Series Switch Software
FCoE and Fibre Channel Switching
Cisco Nexus 5000 Series switches support data center I/O consolidation by providing FCoE interfaces
(to the servers) and native Fibre Channel interfaces (to the SAN).
FCoE and Fibre Channel switching includes the following features:
• Cisco fabric services
• N-port virtualization
• VSANs and VSAN trunking
• Zoning
• Distributed device alias service
• SAN port channels
Licensing
Cisco Nexus 5000 Series switches are shipped with the licenses installed. The switch provides commands to
manage the licenses and install additional licenses.
QoS
The Cisco Nexus 5000 Series switch provides quality of service (QoS) capabilities such as traffic
prioritization and bandwidth allocation on egress interfaces.
The default QoS configuration on the switch provides lossless service for Fibre Channel and FCoE
traffic. QoS can be configured to provide additional classes of service for Ethernet traffic.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
1-5
Cisco Nexus 5000 Series Switch Software
Send feedback to nx5000-docfeedback@cisco.com
Serviceability
The Cisco Nexus 5000 Series switch serviceability functions provide data for network planning and help
to improve problem resolution time.
This section includes the following topics:
• Switched Port Analyzer, page 1-6
• Ethanalyzer, page 1-6
• Call Home, page 1-6
• Online Diagnostics, page 1-6
Switched Port Analyzer
The switched port analyzer (SPAN) feature allows an administrator to analyze all traffic between ports
by nonintrusively directing the SPAN session traffic to a SPAN destination port that has an external
analyzer attached to it.
Chapter 1 Product Overview
Ethanalyzer
Ethanalyzer is a Cisco NX-OS protocol analyzer tool based on the Wireshark (formerly Ethereal) open
source code. Ethanalyzer is a command-line version of Wireshark for capturing and decoding packets.
You can use Ethanalyzer to troubleshoot your network and analyze the control-plane traffic. For more
information about Ethanalyzer, see the “Using Ethanalyzer” section on page 50-3.
Call Home
The Call Home feature continuously monitors hardware and software components to provide
e-mail-based notification of critical system events. A versatile range of message formats is available for
optimal compatibility with pager services, standard e-mail, and XML-based automated parsing
applications. The feature offers alert grouping capabilities and customizable destination profiles. This
feature can be used, for example, to directly page a network support engineer, send an e-mail message
to a network operations center (NOC), and employ Cisco AutoNotify services to directly generate a case
with the Cisco Technical Assistance Center (TAC). This feature is a step toward autonomous system
operation, which enables networking devices to inform IT when a problem occurs and helps to ensure
that the problem is resolved quickly.
Online Diagnostics
Cisco generic online diagnostics (GOLD) is a suite of diagnostic facilities to verify that hardware and
internal data paths are operating as designed. Boot-time diagnostics, continuous monitoring, and
on-demand and scheduled tests are part of the Cisco GOLD feature set. GOLD allows rapid fault
isolation and continuous system monitoring.
Switch Management
This section includes the following topics:
• Simple Network Management Protocol, page 1-7
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
1-6
OL-16597-01
Chapter 1 Product Overview
Send feedback to nx5000-docfeedback@cisco.com
• Role-Based Access Control, page 1-7
• Configuration Methods, page 1-7
Simple Network Management Protocol
Cisco NX-OS is compliant with Simple Network Management Protocol (SNMP) version 1, version 2,
and version 3. A full set of Management Information Bases (MIBs) is supported.
Role-Based Access Control
With role-based access control (RBAC), you can limit access to switch operations by assigning roles to
users. Administrators can customize access and restrict it to the users who require it.
Configuration Methods
You can configure Cisco Nexus 5000 Series switches using direct network configuration methods or web
services hosted on a Fabric Manager server.
Cisco Nexus 5000 Series Switch Software
This section includes the following topics:
• Configuring with CLI, XML Management Interface, or SNMP, page 1-7
• Configuring with Cisco MDS Fabric Manager, page 1-7
Configuring with CLI, XML Management Interface, or SNMP
You can configure Cisco Nexus 5000 Series switches using the command line interface (CLI), the XML
management interface over SSH, or SNMP as follows:
• CLI —You can configure switches using the CLI from an SSH session, a Telnet session. or the
console port. SSH provides a secure connection to the device.
• XML Management Interface over SSH—You can configure switches using the XML management
interface, which is a programming interface based on the NETCONF protocol that complements the
CLI functionality. For more information, see the Cisco NX-OS XML Management Interface User
Guide, Release 4.0.
• SNMP—SNMP allows you to configure switches using Management Information Bases (MIBs).
Configuring with Cisco MDS Fabric Manager
You can configure Cisco Nexus 5000 Series switches using the Fabric Manager client, which runs on a
local PC and uses the Fabric Manager server.
Network Security Features
Cisco NX-OS Release 4.0 includes the following security features:
• Authentication, authorization, and accounting (AAA) and TACACS+
• RADIUS
• Secure Shell (SSH) Protocol Version 2
• Simple Network Management Protocol Version 3 (SNMPv3)
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
1-7
Typical Deployment Topologies
Send feedback to nx5000-docfeedback@cisco.com
• MAC ACLs and IP ACLs, including port-based ACLs (PACLs) and VLAN-based ACLs (VACLs).
Virtual Device Contexts
Cisco NX-OS can segment operating system and hardware resources into virtual device contexts (VDC)
that emulate virtual devices. The Cisco Nexus 5000 Series switch does not support multiple VDCs. All
switch resources are managed in the default VDC.
Typical Deployment Topologies
In this release, the Cisco Nexus 5000 Series switch is typically deployed in the following topologies:
• Ethernet TOR Switch Topology, page 1-8
• Fabric Extender Deployment Topology, page 1-9
• I/O Consolidation Topology, page 1-11
Chapter 1 Product Overview
Ethernet TOR Switch Topology
The Cisco Nexus 5000 Series switch can be deployed as a 10-Gigabit Ethernet top-of-rack (TOR) switch,
with uplinks to the data center LAN distribution layer switches. An example configuration in shown in
Figure 1-2.
In this example, the blade server rack incorporates blade switches that support 10-Gigabit Ethernet
uplinks to the Cisco Nexus 5000 Series switch. The blade switches do not support FCoE, so there is no
FCoE traffic and no Fibre Channel ports on the Cisco Nexus 5000 Series switch.
In the example configuration, the Cisco Nexus 5000 Series switch has Ethernet uplinks to two Catalyst
switches. If STP is enabled in the data center LAN, the links to one of the switches will be STP active
and the links to the other switch will be STP blocked.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
1-8
OL-16597-01
Chapter 1 Product Overview
Send feedback to nx5000-docfeedback@cisco.com
Figure 1-2 Ethernet TOR Switch Topology
Typical Deployment Topologies
SAN-A LAN Core SAN-B
Distribution
layer
MDS9134
All of the server-side ports on the Cisco Nexus 5000 Series switch are running standard Ethernet. FCoE
is not required, so the server ports are connected using 10-Gigabit Ethernet NICs.
The servers are connected to the data center SAN through MDS 9134 SAN switches. The server Fibre
Channel ports require standard Fibre Channel HBAs.
Fabric Extender Deployment Topology
Figure 1-3 shows a simplfied configuration using the Cisco Nexus 2000 Series Fabric Extender in
combination with the Cisco Nexus 5000 Series switch to provide a simplified and cost-effective
1-Gigabit TOR solution.
NX-5000
Access
Layer
187216
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
1-9
Typical Deployment Topologies
Send feedback to nx5000-docfeedback@cisco.com
Figure 1-3 Fabric Extender Deployment Topology
Cisco Nexus 7000
Series Switches
Chapter 1 Product Overview
Core
Aggregation
Layer
4x 10 Gigabit
Ethernet Uplinks
from each
Fabric Extender
Cisco Nexus 2000 Series
FabricExtenders
Rack Mount
Servers
Rack 1 Rack 2
Cisco Nexus 5000
Series Switches
Access
Layer
Server
Racks
274315
In the example configuration, the Fabric Extender top-of-rack units provide 1-Gigabit host interfaces
connected to the servers. The Fabric Extender units are attached to their parent Cisco Nexus 5000 Series
switches with 10-Gigabit fabric interfaces.
Each Fabric Extender acts as a Remote I/O Module on the parent Cisco Nexus 5000 Series switch. All
device configurations are managed on the Cisco Nexus 5000 Series switch and configuration information
is downloaded using inband communication to the Fabric Extender.
See the Cisco Nexus 2000 Series Fabric Extender Software Configuration Guide for an overview of the
Fabric Extender and configuration details.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
1-10
OL-16597-01
Chapter 1 Product Overview
Send feedback to nx5000-docfeedback@cisco.com
I/O Consolidation Topology
Figure 1-4 shows a typical I/O consolidation scenario for the Cisco Nexus 5000 Series switch.
Figure 1-4 I/O Consolidation Topology
SAN-A LAN Core SAN-B
Typical Deployment Topologies
Distribution
layer
NX-5000
Access Layer
187214
The Cisco Nexus 5000 Series switch connects to the server ports using FCoE. Ports on the server require
converged network adapters. For redundancy, each server connects to both switches. Dual-port CNA
adapters can be used for this purpose. The CNA is configured in active-passive mode, and the server
needs to support server-based failover.
On the Cisco Nexus 5000 Series switch, the Ethernet network-facing ports are connected to two Catalyst
6500 switches. Depending on required uplink traffic volume, there may be multiple ports connected to
each Catalyst 6500 switch, configured as port channels. If STP is enabled in the data center LAN, the
links to one of the switches will be STP active and the links to the other switch will be STP blocked.
The SAN network-facing ports on the Cisco Nexus 5000 Series switch are connected to Cisco MDS 9000
Family switches. Depending on required traffic volume, there may be multiple Fibre Channel ports
connected to each MDS 9000 Family switch, configured as SAN port channels.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
1-11
Supported Standards
Send feedback to nx5000-docfeedback@cisco.com
Supported Standards
Table 1-1 lists the standards supported by the Cisco Nexus 5000 Series switches.
Table 1-1 IEEE Compliance
Standard Description
802.1D MAC Bridges
802.1s Multiple Spanning Tree Protocol
802.1w Rapid Spanning Tree Protocol
802.3ad Link aggregation with LACP
802.3ae 10-Gigabit Ethernet
802.1Q VLAN Tagging
802.1p Class of Service Tagging for Ethernet frames
Chapter 1 Product Overview
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
1-12
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
P
ART
1
Configuration Fundamentals
Send feedback to nx5000-docfeedback@cisco.com
Send feedback to nx5000-docfeedback@cisco.com
CHAPTER
Using the Command-Line Interface
This chapter describes the command-line interface (CLI) and CLI command modes. It includes the
following sections:
• Accessing the Command Line Interface, page 2-1
• Using the CLI, page 2-2
• Using Commands, page 2-6
• Using CLI Variables, page 2-9
• Using Command Aliases, page 2-10
• Defining Command Aliases, page 2-11
• Command Scripts, page 2-11
Accessing the Command Line Interface
2
Step 1
Step 2
Step 3
You can connect to the switch using a terminal plugged into the console port. See Console Settings,
page 3-3 for information on how to set console port parameters.
You can also connect to the switch with Telnet or SSH. The switch supports up to eight simultaneous
Telnet and SSH connections. To connect with Telnet or SSH, you need to know the hostname or IP
address of the switch.
To make a Telnet connection to the switch, perform these steps:
Command Purpose
telnet {hostname | ip_addr}
Login: admin
Password: password
switch# exit
Makes a Telnet connection from your host to the switch that you
want to access.
Initiates authentication.
Note If no password has been configured, press Return.
Exits the session when finished.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-1
Using the CLI
Send feedback to nx5000-docfeedback@cisco.com
Alternatively, to make an SSH connection to the switch, use the following command:
Command Purpose
ssh {hostname | ip_addr}
Using the CLI
The section includes the following topics:
• Using CLI Command Modes, page 2-2
• CLI Command Hierarchy, page 2-3
• EXEC Mode Commands, page 2-4
• Configuration Mode Commands, page 2-5
Chapter 2 Using the Command-Line Interface
Makes an SSH connection from your host to the switch that you
want to access.
Using CLI Command Modes
Switches in the Cisco Nexus 5000 Series have two main command modes: user EXEC mode and
configuration mode. The commands available to you depend on the mode you are in. To obtain a list of
available commands in either mode, type a question mark (?) at the system prompt.
Table 2-1 lists and describes the two commonly used modes, how to enter the modes, and the resulting
system prompts. The system prompt helps you identify which mode you are in and the commands that
are available to you in that mode.
Table 2-1 Frequently Used Switch Command Modes
Mode Description How to Access Prompt
EXEC Enables you to temporarily
Configuration mode Enables you to configure
change terminal settings,
perform basic tests, and
display system information.
Note Changes made in this
mode are generally
not saved across
system resets.
features that affect the
system as a whole.
Note Changes made in this
mode are saved
across system resets
if you save your
configuration.
At the switch prompt,
enter the required EXEC
mode command.
From EXEC mode, enter
the configure terminal
command.
switch#
switch(config)#
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-2
OL-16597-01
Chapter 2 Using the Command-Line Interface
Send feedback to nx5000-docfeedback@cisco.com
You can abbreviate commands and keywords by entering just enough characters to make the command
unique from other commands. For example, you can abbreviate the configure terminal command to
conf t.
Changing Command Modes
Configuration mode, also known as terminal configuration mode, has several submodes. Each of these
submodes places you further down in the prompt hierarchy. When you type exit, the switch backs out of
the current level and returns you to the previous level. When you type end, the switch backs out to the
user EXEC level. You can also press Ctrl-Z in configuration mode as an alternative to typing end.
Listing the Commands Used with Each Command Mode
You can display the commands available in any command mode by typing a question mark (?) at the
switch prompt.
CLI Command Hierarchy
Using the CLI
CLI commands are organized hierarchically, with commands that perform similar functions grouped
under the same level. For example, all commands that display information about the system,
configuration, or hardware are grouped under the show command, and all commands that allow you to
configure the switch are grouped under the configure terminal command.
To execute a command, you enter the command by starting at the top level of the hierarchy. For example,
to configure an interface, use the config terminal command. Once you are in configuration mode, enter
the interface command. When you are in the interface submode, you can query the available commands.
The following example shows how to query the available command in the interface submode:
switch# configure terminal
switch(config)# interface ethernet 1/1
switch(config-if)# ?
bandwidth Set bandwidth informational parameter
cdp Configure CDP interface parameters
channel-group Add to/remove from a port-channel
delay Specify interface throughput delay
description Enter description of maximum 80 characters
exit Exit from command interpreter
fcoe Fibre channel over ethernet configuration
fex Configure FEX fabric
flowcontrol Configure interface flowcontrol
ip Configure IP features
ipv6 Configure IPv6 features
lacp Configure LACP parameters
link Configure link
lldp Configure Interface LLDP parameters
logging Configure logging for interface
mac MAC configuration commands
no Negate a command or set its defaults
priority-flow-control Configure interface priority-flowcontrol
service-policy Configure QoS service policy
shutdown Enable/disable an interface
snmp Modify SNMP interface parameters
spanning-tree Spanning Tree Subsystem
speed Enter the port speed
storm-control Configure Interface storm control
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-3
Using the CLI
Send feedback to nx5000-docfeedback@cisco.com
switchport Configure switchport parameters
untagged default to use for untagged packets on interface
EXEC Mode Commands
When you start a session on the switch, you begin in EXEC mode. From EXEC mode, you can enter
configuration mode. Most of the EXEC commands are one-time commands, such as show commands,
which display the current configuration status.
The following commands are available in EXEC mode:
switch# ?
attach Connect to a specific linecard
callhome callhome commands
cd Change current directory
check run consistency check on external storage device
clear Reset functions
cli CLI commands
clock Manage the system clock
configure Enter configuration mode
copy Copy from one file to another
debug Debugging functions
debug-filter Enable filtering for debugging functions
delete delete a file
dir list files in a directory
discover discover information
echo echo argument back to screen (usefull for run script)
end Exit configuration mode
ethanalyzer Configure cisco fabric analyzer
exit Exit from command interpreter
fcping Ping an N-Port
fctrace Trace the route for an N-Port.
fex FEX control commands
find Find a file below the current directory
format Format disks
gunzip Uncompresses LZ77 coded files
gzip Compresses file using LZ77 coding
install upgrade software
license Enter the license configuration mode
mkdir Create new directory
move Move files
no Negate a command or set its defaults
ntp Execute NTP commands
ping Test network reachability
ping6 Test IPv6 network reachability
purge Deletes unused data
pwd View current directory
reload Reboot the entire box
rmdir Delete a directory
routing-context Set the routing context
run-script Run shell scripts
san-port-channel Port-Channel related commands
send Send message to open sessions
session Configure session preferences
setup Run the basic SETUP command facility
show Show running system information
sleep Sleep for the specified number of seconds
ssh SSH to another system
ssh6 SSH to another system
system System management commands
tac-pac save tac information to a specific location
Chapter 2 Using the Command-Line Interface
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-4
OL-16597-01
Chapter 2 Using the Command-Line Interface
Send feedback to nx5000-docfeedback@cisco.com
tail Display the last part of a file
telnet Telnet to another system
telnet6 Telnet6 to another system
terminal Set terminal line parameters
terminate Terminates a config session
test test command
traceroute Traceroute to destination
traceroute6 Traceroute6 to destination
undebug Disable Debugging functions (See also debug)
unmount unmount compact flash disk or usb drive
update Update license
where shows the cli context you are in
write Write current configuration
xml xml agent
zone Execute Zone Server commands
zoneset Execute zoneset commands
Configuration Mode Commands
Configuration mode allows you to make changes to the existing configuration. When you save the
configuration, these commands are saved across switch reboots. Once you are in configuration mode,
you can enter interface configuration mode, zone configuration mode, and a variety of protocol-specific
modes. Configuration mode is the starting point for all configuration commands.
Using the CLI
The following commands are available in configuration mode:
switch# configure terminal
switch(config)# ?
aaa Configure aaa functions
banner Configure banner message
boot Configure boot variables
callhome Enter the callhome configuration mode
cdp Configure CDP parameters
cfs CFS configuration commands
class-map Configure class-map
cli Configure CLI aliases
clock Configure time-of-day clock
device-alias Device-alias configuration commands
diagnostic Diagnostic commands
end Exit configuration mode
exit Exit from command interpreter
fabric-binding Fabric Binding configuration
fcalias Fcalias configuration commands
fcdomain Enter the fcdomain configuration mode
fcdroplatency configure switch or network latency
fcflow Configure fcfloww
fcid-allocation Add/remove company id(or OUIs) from auto area list
fcinterop Interop commands
fcns name server configuration
fcroute Configure FC routes
fcs Configure Fabric Config Server
fcsp Config commands for FC-SP
fctimer configure fibre channel timers
fdmi config commands for FDMI
feature Command to enable/disable features
fex FEX configuration
fspf Configure fspf
hostname Configure system's host name
hw-module Enable/Disable OBFL information
in-order-guarantee set in-order delivery guarantee
interface Configure interfaces
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-5
Using Commands
Send feedback to nx5000-docfeedback@cisco.com
Chapter 2 Using the Command-Line Interface
ip Configure IP features
ipv6 Configure IPv6 features
lacp Configure LACP parameters
license Modify license features
line Configure a terminal line
lldp Configure global LLDP parameters
logging Modify message logging facilities
mac MAC configuration commands
mac-address-table MAC Address Table
monitor Ethernet SPAN
no Negate a command or set its defaults
npiv Nx port Id Virtualization (NPIV) feature enable
npv Config commands for FC N_port Virtualizer
ntp NTP Configuration
policy-map Configure policy-map
port-channel Configure port channel parameters
port-security Configure Port Security
port-track Configure Switch port track config
privilege Command privilege parameters
radius-server Configure RADIUS related parameters
resequence Resequence a list with sequence numbers
rib Configure RIB parameters
rlir config commands for RLIR
rmon Remote Monitoring
role Configure roles
rscn config commands for RSCN
scsi-target scsi-target configuration
show Show running system information
snmp-server Configure snmp server
spanning-tree Spanning Tree Subsystem
ssh Configure SSH parameters
switchname Configure system's host name
system system config command
system System management commands
tacacs+ Enable tacacs+
telnet Enable telnet
track Object tracking configuration commands
trunk Configure Switch wide trunk protocol
username Configure user information.
vlan Vlan commands
vrf Configure VRF parameters
vsan Enter the vsan configuration mode
wwn Set secondary base MAC addr and range for additional WWNs
xml xml agent
zone Zone configuration commands
zoneset Zoneset configuration commands
Using Commands
You can configure the CLI to function in two ways: configure it interactively by entering commands at
the CLI prompt or create an ASCII file containing switch configuration information (use the CLI to edit
and activate the file).
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-6
OL-16597-01
Chapter 2 Using the Command-Line Interface
Send feedback to nx5000-docfeedback@cisco.com
Listing Commands and Syntax
In any command mode, you can obtain a list of available commands by entering a question mark (?).
switch# ?
To see a list of commands that begin with a particular character sequence, type those characters followed
by a question mark (?). Do not include a space before the question mark.
switch# co?
configure copy
To list keywords or arguments, enter a question mark in place of a keyword or argument. Include a space
before the question mark. This form of help is called command syntax help because it reminds you which
keywords or arguments are applicable based on the commands, keywords, and arguments you have
already entered.
switch# # configure ?
<CR>
terminal Configure the system from terminal input
Using Commands
Tip If you are having trouble entering a command, check the system prompt and enter the question mark (?)
for a list of available commands. You might be in the wrong command mode or using incorrect syntax.
Entering Command Sequences
In any command mode, you can begin a particular command sequence, then immediately press the Tab
key to complete the rest of the command.
switch (config)# ro<Tab>
switch (config)# role <Tab>
switch (config)# role name
This form of help is called command completion because it completes a word for you. If several options
are available for the typed letters, all options that match those letters are displayed.
Undoing or Reverting to Default Values or Conditions
You can enter the no form of any command to perform the following actions:
• Undo an incorrectly entered command.
If you enter the zone member command, you can undo the results:
switch(config)# zone name test vsan 1
switch(config-zone)# member pwwn 12:12:12:12:12:12:12:12
switch(config-zone)# no member pwwn 12:12:12:12:12:12:12:12
WARNING: Zone is empty. Deleting zone test. Exit the submode.
switch(config-zone)#
• Delete a created facility.
If you want to delete a zone that you created:
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-7
Using Commands
Send feedback to nx5000-docfeedback@cisco.com
switch(config)# zone name test vsan 1
switch(config-zone)# exit
switch(config)# no zone name test vsan 1
switch(config)#
You cannot delete a zone facility called test while still in zone configuration submode. You must
first exit the zone submode and return to configuration mode.
• Revert to the default value.
If you enter the zone merge-control restrict vsan command, you can undo the results:
switch(config)# zone merge-control restrict vsan 10
switch(config)# no zone merge-control restrict vsan 10
switch(config)#
Using Keyboard Shortcuts
You can execute an EXEC mode command from a configuration mode or submode prompt. You can enter
this command from any submode within the configuration mode. The command is executed at the EXEC
level, and the prompt resumes its current mode level, as in the following example:
switch(config)# terminal session-timeout 0
switch(config)#
Chapter 2 Using the Command-Line Interface
In this example, terminal session-timeout is an EXEC mode command.
Table 2-2 lists some useful command keys that can be used in both EXEC and configuration modes.
Table 2-2 Useful Command Keys
Command Description
Ctrl-P Up history
Ctrl-N Down history
Ctrl-X-H List history
Alt-P History search backwards
Note The difference between Tab completion and Alt-P or Alt-N is that
pressing Tab completes the current word, while Alt-P and Alt-N
completes a previously entered command.
Alt-N History search forwards
Ctrl-G Exit
Ctrl-Z End
Ctrl-L Clear session
Table 2-3 describes the commonly used configuration submodes.
Table 2-3 Common Configuration Submodes
Submode Name From Configuration Mode, Enter: Submode Prompt
Call home
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-8
callhome switch(config-callhome)#
OL-16597-01
Chapter 2 Using the Command-Line Interface
Send feedback to nx5000-docfeedback@cisco.com
Table 2-3 Common Configuration Submodes (continued)
Submode Name From Configuration Mode, Enter: Submode Prompt
FCS Registration
Fibre Channel alias
FSPF
Interface
configuration
Line console
Virtual terminal line
Role
VLAN
VSAN database
Zone
Zone set
Using CLI Variables
fcs register switch(config-fcs-register)#
From FCS registration submode:
platform name name vsan
vsan-id
fcalias name name vsan vsan-id switch(congif-fcalias)#
fspf config vsan vsan-id switch(config-(fspf-config))#
interface type slot/port switch(config-if)#
line console switch(config-console)
line vty switch(config-line)#
role name switch(config-role)#
vlan switch(config-vlan)#
vsan database switch(config-vsan-db)#
zone name string vsan vsan-id switch(config-zone)#
zoneset name name vsan vsan-id switch(config-zoneset)#
switch(config-fcs-register-attrib)#
Using CLI Variables
The Cisco Nexus 5000 Series CLI parser supports the definition and use of variables in CLI commands.
CLI variables can be used as follows:
• Entered directly on the command line.
• Passed to the child script initiated using the run-script command.
The variables defined in the parent shell are available for use in the child run-script command
process (see the “Executing Commands Specified in a Script” section on page 2-11).
• Passed as command line arguments to the run-script command (see the “Executing Commands
Specified in a Script” section on page 2-11).
CLI variables have the following characteristics:
• You cannot reference a variable through another variable using nested references.
• You can define persistent variables that are available across switch reloads.
• You can reference only one predefined system variable, which is the TIMESTAMP variable.
User-Defined Persistent CLI Variables
You can define CLI session variables to persist only for the duration of your CLI session using the cli
var name command in EXEC mode. CLI session variables are useful for scripts that you execute
periodically.
The following example shows how to create a user-defined CLI session variable:
switch# cli var name testinterface fc 1/1
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-9
Using Command Aliases
Send feedback to nx5000-docfeedback@cisco.com
Chapter 2 Using the Command-Line Interface
You can reference a variable using the syntax $(variable). The following example shows how to
reference a user-defined CLI session variable:
switch# show interface $(testinterface)
fc2/1 is up
Hardware is Fibre Channel, SFP is short wave laser w/o OFC (SN)
Port WWN is 20:01:00:0d:ec:0e:1d:00
Admin port mode is auto, trunk mode is on
snmp traps are enabled
Port mode is F, FCID is 0x01000b
Port vsan is 1
Speed is 2 Gbps
Transmit B2B Credit is 7
Receive B2B Credit is 16
Receive data field Size is 2112
Beacon is turned off
5 minutes input rate 256 bits/sec, 32 bytes/sec, 1 frames/sec
5 minutes output rate 256 bits/sec, 32 bytes/sec, 1 frames/sec
232692 frames input, 7447280 bytes
0 discards, 0 errors
0 CRC, 0 unknown class
0 too long, 0 too short
232691 frames output, 7448692 bytes
0 discards, 0 errors
0 input OLS, 0 LRR, 0 NOS, 0 loop inits
1 output OLS, 1 LRR, 0 NOS, 1 loop inits
16 receive B2B credit remaining
7 transmit B2B credit remaining
Use the show cli variables command to display user-defined CLI session variables. The following
example displays user-defined CLI session variables:
switch# show cli variables
VSH Variable List
----------------TIMESTAMP="2005-10-24-21.29.33"
testinterface="fc 1/1"
Use the cli no var name command to remove user-defined CLI session variables. The following example
removes a user-defined CLI session variable:
switch# cli no var name testinterface
Using Command Aliases
Command alias support has the following characteristics:
• Command aliases are global for all user sessions.
• Command aliases are saved across reboots.
• Commands being aliased must be typed in full without abbreviation.
• Command alias translation always takes precedence over any keyword in any configuration mode or
submode.
• Command alias support is only available on the supervisor module, not the switching modules.
• Command alias configuration takes effect for other user sessions immediately.
• You cannot override the default command alias alias, which aliases the show cli alias command.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-10
OL-16597-01
Chapter 2 Using the Command-Line Interface
Send feedback to nx5000-docfeedback@cisco.com
• Nesting of command aliases is permitted to a maximum depth of 1. One command alias can refer to
another command alias that must refer to a valid command, not to another command alias.
• A command alias always replaces the first command keyword on the command line.
• You can define command aliases for commands in any configuration submode or the EXEC mode.
Defining Command Aliases
You can define command aliases using the cli alias name command in configuration mode.
This following example shows how to define command aliases:
switch# configure terminal
switch(config)# cli alias name eth interface ethernet
switch(config)# cli alias name shintbr show interface brief
switch(config)# cli alias name shfcintup shintbr | include up | include fc
You can display the command aliases defined on the switch using the alias default command alias.
The following example shows how to display the command aliases defined on the switch:
switch# alias
CLI alias commands
==================
alias :show cli alias
gigint :interface gigabitethernet
shintbr :show interface brief
shfcintup :shintbr | include up | include fc
Defining Command Aliases
Command Scripts
This section includes the following topics:
• Executing Commands Specified in a Script, page 2-11
• Using CLI Variables in Scripts, page 2-12
• Setting the Delay Time, page 2-13
Executing Commands Specified in a Script
The run-script command executes the commands specified in a file. To use this command, be sure to
create the file and specify commands in the required order.
Note You cannot create the script file at the switch prompt. You can create the script file on an external
machine and copy it to the bootflash: directory. This section assumes that the script file resides in the
bootflash: directory.
The syntax for this command is run-script filename.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-11
Command Scripts
Send feedback to nx5000-docfeedback@cisco.com
Chapter 2 Using the Command-Line Interface
This example displays the CLI commands specified in a test file that resides in the bootflash: directory.
switch# show file bootflash:testfile
configure terminal
interface fc 3/1
no shutdown
end
show interface fc 3/1
This file output is in response to the run-script command executing the contents in the test file:
switch# run-script bootflash:testfile
'configure terminal'
Enter configuration commands, one per line. End with CNTL/Z.
'interface fc 3/1'
'no shutdown'
'end'
'show interface fc 3/1'
fc3/1 is trunking
Hardware is Fibre Channel, SFP is short wave laser w/o OFC (SN)
Port WWN is 20:81:00:0d:ec:6b:cd:c0
Peer port WWN is 20:01:00:0d:ec:0d:d0:00
Admin port mode is auto, trunk mode is on
snmp link state traps are enabled
Port mode is TE
Port vsan is 1
Speed is 2 Gbps
Transmit B2B Credit is 255
Receive B2B Credit is 16
Receive data field Size is 2112
Beacon is turned off
Trunk vsans (admin allowed and active) (1)
Trunk vsans (up) (1)
Trunk vsans (isolated) ()
Trunk vsans (initializing) ()
5 minutes input rate 96 bits/sec, 12 bytes/sec, 0 frames/sec
5 minutes output rate 64 bits/sec, 8 bytes/sec, 0 frames/sec
77423 frames input, 6708868 bytes
0 discards, 0 errors
0 CRC, 0 unknown class
0 too long, 0 too short
77302 frames output, 4184976 bytes
0 discards, 0 errors
1 input OLS, 2 LRR, 0 NOS, 0 loop inits
1 output OLS, 0 LRR, 1 NOS, 0 loop inits
16 receive B2B credit remaining
255 transmit B2B credit remaining
Using CLI Variables in Scripts
You can use CLI variables defined by the cli var command (see the “Using CLI Variables” section on
page 2-9) or passed as arguments in the run-script command.
The following example shows how to use CLI session variables in a script file used by the run-script
command:
switch# cli var name testinterface fc 1/1
switch# show file bootflash:test1.vsh
show interface $(testvar)
switch# run-script bootflash:test1.vsh
`show interface $(testvar)`
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-12
OL-16597-01
Chapter 2 Using the Command-Line Interface
Send feedback to nx5000-docfeedback@cisco.com
fc2/1 is down (SFP not present)
Hardware is Fibre Channel
Port WWN is 20:01:00:05:30:00:8e:1e
Admin port mode is auto, trunk mode is on
Port vsan is 1
Receive data field Size is 2112
Beacon is turned off
5 minutes input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
5 minutes output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec
1 frames input, 128 bytes
0 discards, 0 errors
0 CRC, 0 unknown class
0 too long, 0 too short
1 frames output, 128 bytes
0 discards, 0 errors
0 input OLS, 0 LRR, 0 NOS, 0 loop inits
0 output OLS, 0 LRR, 0 NOS, 0 loop inits
0 receive B2B credit remaining
0 transmit B2B credit remaining
The following example shows how you can pass CLI session variable as arguments to a child run-script
command process:
switch# show file bootflash:test1.vsh
show interface $(var1) $(var2)
switch# run bootflash:test2.vsh var1="fc2/1" var2="brief"
`show interface $(var1) $(var2)`
------------------------------------------------------------------------------Interface Vsan Admin Admin Status SFP Oper Oper Port
------------------------------------------------------------------------------fc2/1 1 auto on sfpAbsent -- -- -- \
Command Scripts
Mode Trunk Mode Speed Channel
Mode (Gbps)
Setting the Delay Time
The sleep command delays an action by a specified number of seconds.
The syntax for this command is sleep seconds.
switch# sleep 30
You will see the switch prompt return after 30 seconds. This command is useful within scripts. For
example, if you create a command script called test-script.
switch# show file bootflash:test-script
discover scsi-target remote
sleep 10
show scsi-target disk
switch# run-script bootflash:test-script
When you execute the test-script command script, the switch software executes the discover scsi-target
remote command, and then waits for 10 seconds before executing the show scsi-target disk command.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-13
Command Scripts
Send feedback to nx5000-docfeedback@cisco.com
Chapter 2 Using the Command-Line Interface
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
2-14
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
CHAPTER
3
Configuring the Switch
This chapter describes basic switch configuration functions. This chapter includes the following
sections:
• Image Files on the Switch, page 3-1
• Upgrading the Switch, page 3-4
• Downgrading from a Higher Release, page 3-6
• Initial Configuration, page 3-7
• Accessing the Switch, page 3-12
• Additional Switch Configuration, page 3-12
• NTP Configuration, page 3-15
• Management Interface Configuration, page 3-19
• Managing the Switch Configuration, page 3-21
• Using Switch File Systems, page 3-22
Image Files on the Switch
The Cisco Nexus 5000 Series switches have the following images:
• BIOS and loader images combined in one file
• Kickstart image
• System image that includes a BIOS image that can be upgraded
The switch has flash memory that consists of two separate flash parts:
• A 2 MB flash part holds two BIOS and loader images.
• A 1 GB flash part holds configuration files, kickstart images, systems images, and other files.
The upgradeable BIOS and the golden BIOS are programmed onto the 2 MB flash part. You cannot
upgrade the golden BIOS.
When you download a new pair of kickstart and system images, you also get a new BIOS image because
it is included in the system image. You can use the install all command to upgrade the kickstart, system,
and upgradeable BIOS images.
This section includes the following topics:
• Starting the Switch, page 3-2
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-1
Image Files on the Switch
Send feedback to nx5000-docfeedback@cisco.com
• Boot Sequence, page 3-2
Starting the Switch
A Cisco Nexus 5000 Series switch starts its boot process as soon as its power cord is connected to an
A/C source. The switch does not have a power switch.
Boot Sequence
When the switch boots, the golden BIOS validates the checksum of the upgradeable BIOS. If the
checksum is valid, then control is transferred to the upgradeable BIOS image. The upgradeable BIOS
launches the kickstart image, which then launches the system image. If the checksum of the upgradeable
BIOS is not valid, then the golden BIOS launches the kickstart image, which then launches the system
image.
You can force the switch to bypass the upgradeable BIOS and use the golden BIOS instead. If you press
Ctrl-Shift-6 within two seconds of when power is supplied to the switch, the golden BIOS will be used
to launch the kickstart image, even if the checksum of the upgradeable BIOS is valid.
Chapter 3 Configuring the Switch
Note When you press Ctrl-Shift-6, the console settings must be set to their defaults: 9600 baud, 8 data bits,
no parity, and 1 stop bit.
Before the boot sequence starts, the BIOS performs internal tests on the switch. If the tests fail, then the
loader does not gain control. Instead, the BIOS image retains control and prints a message to the console
at 9600 baud every 30 seconds that indicates a failure.
Figure 3-1 shows the normal and recovery boot sequence.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-2
OL-16597-01
Chapter 3 Configuring the Switch
Send feedback to nx5000-docfeedback@cisco.com
Figure 3-1 Boot Sequence
Image Files on the Switch
Power
on
Golden BIOS
waits for
Ctrl-Shift-6
@9600
baud
Yes
Loader
reads
and enforces
CMOS
setting
No No
Is
Upgradeable
BIOS valid?
Loader waits
Cntl-Shift-L
@CMOS
baud
Go to loader
@
CMOS baud
Yes
No
No No
Yes Yes
Boot
Ungradeable
BIOS
Boot
Golden
BIOS
Loader
launches
Kickstart
BIOS
launches
loader
still @ 9600
baud
Kickstart
waits for
Cntl-]
@CMOS
baud
Switch (boot)
prompt
For information about recovery procedures, see Chapter 50, “Troubleshooting.”
Loader waits
Cntl-Shift-R
@9600
baud
Yes
To loader
prompt
@9600 baud
without reading
CMOS
User can return
CMOS settings
to factory
defaults
Kickstart
uncompresses
system image
and starts
system CLI
187098
Console Settings
The loader, kickstart, and system images have the following factory default console settings:
• Speed—9600 baud
• Databits—8 bits per byte
• Stopbits—1 bit
• Parity—none
These settings are stored on the switch, and all three images use the stored console settings.
To change a console setting, use the line console command in configuration mode. The following
example configures a line console and sets the options for that terminal line:
switch# configure terminal
switch(config)# line console
switch(config-console)# databits 7
switch(config-console)# exec-timeout 30
switch(config-console)# parity even
switch(config-console)# stopbits 2
You cannot change the BIOS console settings. These are the same as the default console settings.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-3
Upgrading the Switch
Send feedback to nx5000-docfeedback@cisco.com
Upgrading the Switch
Note Users with the network-admin role can upgrade the software image on the switch.
This section includes the following topics:
• Upgrade Procedure Summary, page 3-4
• Detailed Upgrade Procedure, page 3-4
Upgrade Procedure Summary
The following summary procedure describes how to upgrade the switch software:
Step 1 Log in to the console port on the supervisor module.
Step 2 Log in to Cisco.com and download the kickstart and system images to a server.
Step 3 Download the kickstart and system images to the switch using the copy command.
Step 4 Install the images using the install all command.
Chapter 3 Configuring the Switch
Caution While the switch performs the installation, all traffic through the switch is disrupted.
Detailed Upgrade Procedure
Caution Upgrading a Cisco Nexus 5000 Series switch disrupts all traffic flow through the switch.
To upgrade the software on the switch, follow these steps:
Step 1 Log in to the switch on the console port connection.
Step 2 Log in to Cisco.com to access the Software Download Center. To log in to Cisco.com, go to the URL
http://www.cisco.com/ and click Log In at the top of the page. Enter your Cisco username and password.
Note Unregistered Cisco.com users cannot access the links provided in this document.
Step 3 Access the Software Download Center using this URL:
http://www.cisco.com/kobayashi/sw-center/index.shtml
Step 4 Navigate to the software downloads for Cisco Nexus 5000 Series switches.
You see links to the download images for the switch.
Step 5 Read the release notes for the related image file.
Step 6 Select and download the kickstart and system software files to a server.
Step 7 Ensure that the required space is available in the bootflash: directory for the image file(s) to be copied.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-4
OL-16597-01
Chapter 3 Configuring the Switch
Send feedback to nx5000-docfeedback@cisco.com
Upgrading the Switch
switch# dir bootflash:
Usage for bootflash://sup-local
4681 Nov 24 02:43:52 2008 config
13176836 Nov 24 07:19:36 2008 gdb.1
49152 Jan 12 18:38:36 2009 lost+found/
310556 Dec 23 02:53:28 2008 n1
20058112 Nov 07 02:35:22 2008 n5000-uk9-kickstart.4.0.0.N1.2.474.bin
20217856 Jan 12 18:26:54 2009 n5000-uk9-kickstart.4.0.1a.N2.0.140.bin
76930262 Nov 07 02:35:22 2008 n5000-uk9.4.0.0.N1.2.474.bin
103484727 Jan 12 18:29:08 2009 n5000-uk9.4.0.1a.N2.0.140.bin
74934272 bytes used
5550080 bytes free
80484352 bytes total
Tip We recommend that you keep the kickstart and system image files for at least one previous
software release to use if the new image files do not load successfully.
Step 8 If you need more space on the active supervisor module bootflash, delete unnecessary files to make space
available.
switch# delete bootflash:n5000-uk9-kickstart.4.0.0.N1.2.474.bin
switch# delete bootflash:n5000-uk9.4.0.0.N1.2.474.bin
Step 9 Copy the kickstart and system images to the supervisor module bootflash using a transfer protocol. You
can use ftp:, tftp:, scp:, or sftp:. The examples in this procedure use scp:.
switch# copy
scp://user@scpserver.cisco.com//downloads/n5000-uk9-kickstart.4.0.1a.N2.0.140.bin
bootflash:n5000-uk9-kickstart.4.0.1a.N2.0.140.bin
switch# copy scp://user@scpserver.cisco.com//downloads/n5000-uk9.4.0.1a.N2.0.140.bin
bootflash:n5000-uk9.4.0.1a.N2.0.140.bin
Step 10 Install the new images, specifying the new image names that you downloaded in step 9.
switch(config)# install all kickstart bootflash:n5000-uk9-kickstart.4.0.1a.N2.0.140.bin
system bootflash:n5000-uk9.4.0.1a.N2.0.140.bin
The install command performs the following actions:
• performs compatibility checks (equivalent to the show incompatibility command) for the images
that you have specified. If there are compatibility issues, an error message is displayed and the
installation does not proceed.
• Displays the compatibility check results and displays whether the installation is disruptive.
• Provides a prompt to allow you to continue or abort the installation.
Note A disruptive installation causes traffic disruption while the switch reboots.
• Updates the boot variables to reference the specified images and saves the configuration to the
startup configuration file.
Step 11 After the switch completes the installation, log in and verify that the switch is running the required
software version.
switch# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-5
Downgrading from a Higher Release
Send feedback to nx5000-docfeedback@cisco.com
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
BIOS: version 1.2.0
loader: version N/A
kickstart: version 4.0(1a)N2(1) [build 4.0(1a)N2(0.140)]
system: version 4.0(1a)N2(1) [build 4.0(1a)N2(0.140)]
BIOS compile time: 06/19/08
kickstart image file is: bootflash:/n5000-uk9-kickstart.4.0.1a.N2.0.140.bin
kickstart compile time: 1/12/2009 2:00:00 [01/12/2009 10:50:37]
system image file is: bootflash:/n5000-uk9.4.0.1a.N2.0.140.bin
system compile time: 1/12/2009 2:00:00 [01/12/2009 11:21:25]
Hardware
cisco Nexus5020 Chassis ("40x10GE/Supervisor")
Intel(R) Celeron(R) M CPU with 2074308 kB of memory.
Processor Board ID JAB1232002F
Device name: switch
bootflash: 1003520 kB
Chapter 3 Configuring the Switch
Kernel uptime is 2 day(s), 5 hour(s), 22 minute(s), 19 second(s)
Last reset at 695620 usecs after Mon Jan 12 18:54:03 2009
Reason: Reset Requested by CLI command reload
System version: 4.0(1a)N2(1)
Service:
plugin
Core Plugin, Ethernet Plugin
Downgrading from a Higher Release
The procedure to downgrade the switch is identical to a switch upgrade, except that the image files to be
loaded are for an earlier release than the image currently running on the switch.
Note Prior to downgrading to a specific release, check the release notes for the current release installed on the
switch, to ensure that your hardware is compatible with the specific release.
To downgrade the software on the switch, follow these steps:
Step 1 Locate the image files you will use for the downgrade by entering the dir bootflash: command.
If the image files are not stored on the bootflash memory, download the files from Cisco.com (using steps
1 through 9 of the software upgrade procedure).
Step 2 Install the new images.
switch(config)# install all kickstart bootflash:n5000-uk9-kickstart.4.0.0.N1.1a.bin system
bootflash:n5000-uk9.4.0.0.N1.1a.bin
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-6
OL-16597-01
Chapter 3 Configuring the Switch
Send feedback to nx5000-docfeedback@cisco.com
The install all command performs the following actions:
• performs compatibility checks (equivalent to the show incompatibility command) for the images
that you have specified. If there are compatibility issues, an error message is displayed and the
installation does not proceed.
• Displays the compatibility check results and displays whether the installation is disruptive.
• Provides a prompt to allow you to continue or abort the installation.
Note A disruptive installation causes traffic disruption while the switch reboots.
• updates the boot variables to reference the specified images and saves the configuration to the
startup configuration file.
Step 3 After the switch completes the installation, log in and verify that the switch is running the required
software version.
switch# show version
Initial Configuration
Initial Configuration
The section includes the following topics:
• Configuration Prerequisites, page 3-7
• Initial Setup, page 3-8
• Preparing to Configure the Switch, page 3-8
• Default Login, page 3-9
• Configuring the Switch, page 3-9
• Changing the Initial Configuration, page 3-12
Configuration Prerequisites
The following procedure is a review of the tasks you should have completed during hardware
installation. These tasks must be completed before you can configure the switch.
Before you can configure a switch, follow these steps:
Step 1 Verify the following physical connections for the new Cisco Nexus 5000 Series switch:
• The console port is physically connected to a computer terminal (or terminal server).
• The management Ethernet port (mgmt0) is connected to an external hub, switch, or router.
Refer to the Cisco Nexus 5000 Series Hardware Installation Guide (for the required product) for more
information.
Tip Save the host ID information for future use (for example, to enable licensed features). The host
ID information is provided in the Proof of Purchase document that accompanies the switch.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-7
Initial Configuration
Send feedback to nx5000-docfeedback@cisco.com
Step 2 Verify that the default console port parameters are identical to those of the computer terminal (or
Initial Setup
Chapter 3 Configuring the Switch
terminal server) attached to the switch console port:
• 9600 baud
• 8 data bits
• No parity
• 1 stop bit
The first time that you access a switch in the Cisco Nexus 5000 Series, it runs a setup program that
prompts you for the IP address and other configuration information necessary for the switch to
communicate over the Ethernet interface. This information is required to configure and manage the
switch.
Note The IP address can only be configured from the CLI. When the switch powers up for the first time, you
should assign the IP address. After you perform this step, the Cisco MDS 9000 Family Fabric Manager
can reach the switch through the console port.
Preparing to Configure the Switch
Before you configure Cisco Nexus 5000 Series switch for the first time, you need the following
information:
• Administrator password.
Note If a password is weak (short, easy-to-decipher), your password configuration is rejected. Be sure
to configure a strong password.
• If you are using an IPv4 address for the management interface, you need the following information:
–
IPv4 subnet mask for the switch’s management interface.
–
IPv4 address of the default gateway (optional).
• SSH service on the switch (optional).
To enable this service, select the type of SSH key (dsa/rsa/rsa1) and number of SSH key bits (768
to 2048).
• NTP server IPv4 address (optional).
• SNMP community string (optional).
• Switch name (optional).
This is your switch prompt.
• An additional login account and password (optional).
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-8
OL-16597-01
Chapter 3 Configuring the Switch
Send feedback to nx5000-docfeedback@cisco.com
Note If you are using IPv4, be sure to configure the IPv4 route, the IPv4 default network address, and the IPv4
default gateway address to enable SNMP access.
Default Login
The switch has the network administrator as a default user (admin). You cannot change the default user
at any time.
There is no default password so you must explicitly configure a strong password. If a password is trivial
(short, easy-to-decipher), your password configuration is rejected. Be sure to configure a strong
password. If you configure and subsequently forget this new password, you have the option to recover
this password.
Note If you enter a write erase command and reload the switch, you must reconfigure the default user (admin)
password using the setup procedure.
Initial Configuration
Configuring the Switch
This section describes how to initially configure the switch.
Note Press Ctrl-C at any prompt to skip the remaining configuration options and proceed with what you have
configured up to that point. Entering the new password for the administrator is a requirement and cannot
be skipped.
Tip If you do not want to answer a previously configured question, or if you want to skip answers to any
questions, press Enter. If a default answer is not available (for example, switch name), the switch uses
what was previously configured and skips to the next question.
To configure the switch for first time, follow these steps:
Step 1 Ensure that the switch is on. Switches in the Cisco Nexus 5000 Series boot automatically.
Step 2 Enter the new password for the administrator.
Enter the password for admin: password
Tip If a password is weak (short, easy-to-decipher), your password configuration is rejected. Be sure
to configure a strong password. Passwords are case-sensitive.
Step 3 Enter yes to enter the setup mode.
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
*Note: setup is mainly used for configuring the system initially,
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-9
Initial Configuration
Send feedback to nx5000-docfeedback@cisco.com
Step 4 Enter the new password for the administrator (admin is the default).
Step 5 Enter yes (no is the default) to create additional accounts.
Chapter 3 Configuring the Switch
when no configuration is present. So setup always assumes system
defaults and not the current system configuration values.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): yes
The setup utility guides you through the basic configuration process. Press Ctrl-C at any prompt to end
the configuration process.
Enter the password for admin: admin
Create another login account (yes/no) [n]: yes
While configuring your initial setup, you can create an additional user account (in the network-admin
role) besides the administrator’s account. See the “Configuring RBAC” section on page 22-5 for
information on default roles and permissions.
a. Enter the user login ID.
Enter the user login ID: user_name
b. Enter the user password.
Enter the password for user_name: user-password
Step 6 Enter yes (yes is the default) to create an SNMP read-only community string.
Configure read-only SNMP community string (yes/no) [n]: yes
SNMP community string: snmp_community
Step 7 Enter a name for the switch.
Note The switch name is limited to 32 alphanumeric characters. The default is switch.
Enter the switch name: switch_name
Step 8 Enter yes (yes is the default) to configure out-of-band management.
Continue with Out-of-band (mgmt0) management configuration? [yes/no]: yes
a. Enter the mgmt0 IPv4 address.
Mgmt0 IPv4 address: ip_address
Step 9 Enter yes (yes is the default) to configure the IPv4 default gateway (recommended).
Configure the default-gateway: (yes/no) [y]: yes
a. Enter the default gateway IPv4 address.
IPv4 address of the default-gateway: default_gateway
Step 10 Enter yes (yes is the default) to enable the Telnet service.
Enable the telnet service? (yes/no) [y]: yes
Step 11 Enter yes (no is the default) to enable the SSH service.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-10
OL-16597-01
Chapter 3 Configuring the Switch
Send feedback to nx5000-docfeedback@cisco.com
Enabled SSH service? (yes/no) [n]: yes
Step 12 Enter the SSH key type that you would like to generate.
Type the SSH key you would like to generate (dsa/rsa/rsa1)? dsa
Step 13 Enter the number of key bits within the specified range.
Enter the number of key bits? (768 to 2048): 768
Step 14 Enter yes (no is the default) to configure the NTP server.
Configure NTP server? (yes/no) [n]: yes
a. Enter the NTP server IPv4 address.
NTP server IP address: ntp_server_IP_address
Step 15 Enter yes (yes is the default) to configure basic Fibre Channel configurations.
Enter basic FC configurations (yes/no) [n]: yes
Step 16 Enter shut (shut is the default) to configure the default Fibre Channel switch port interface to the shut
(disabled) state.
Configure default physical FC switchport interface state (shut/noshut) [shut]: shut
Initial Configuration
Step 17 Enter on (on is the default) to configure the switch port trunk mode.
Configure default physical FC switchport trunk mode (on/off/auto) [on]: on
Step 18 Enter permit (deny is the default) to deny a default zone policy configuration.
Configure default zone policy (permit/deny) [deny]: permit
Permits traffic flow to all members of the default zone.
Note If you are executing the setup script after entering a write erase command, you explicitly must change
the default zone policy to permit for VSAN 1 after finishing the script using the following command:
switch(config)# zone default-zone permit vsan 1
Step 19 Enter yes (no is the default) to enable a full zone set distribution.
Enable full zoneset distribution (yes/no) [n]: yes
Overrides the switch-wide default for the full zone set distribution feature.
You see the new configuration. Review and edit the configuration that you have just entered.
Step 20 Enter no (no is the default) if you are satisfied with the configuration.
The following configuration will be applied:
username admin password <user-password> role network-admin
snmp-server community snmp_community ro
switchname switch
telnet server enable
ssh key dsa 768 force
ssh server enable
system default switchport shutdown san
system default switchport trunk mode on
system default zone default-zone permit
system default zone distribute full
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-11
Accessing the Switch
Send feedback to nx5000-docfeedback@cisco.com
Would you like to edit the configuration? (yes/no) [n]: no
Step 21 Enter yes (yes is default) to use and save this configuration:
Use this configuration and save it? (yes/no) [y]: yes
Caution If you do not save the configuration at this point, none of your changes are updated the next
time the switch is rebooted. Type yes to save the new configuration. This operation ensures
that the kickstart and system images are also automatically configured (see “Image Files on
the Switch” section on page 3-1).
Changing the Initial Configuration
To make changes to the initial configuration at a later time, enter the setup command in EXEC mode:
switch# setup
Chapter 3 Configuring the Switch
---- Basic System Configuration Dialog ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
*Note: setup is mainly used for configuring the system initially,
when no configuration is present. So setup always assumes system
defaults and not the current system configuration values.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): yes
The setup utility guides you through the basic configuration process.
Accessing the Switch
After the initial configuration, you can access the switch in a number of ways:
• Serial console access—You can use a serial port connection to access the CLI.
• Out-of-band access—You can use Telnet or SSH to access a Cisco Nexus 5000 Series switch or use
the Cisco MDS 9000 Fabric Manager application to connect to the switch using SNMP.
Additional Switch Configuration
This section includes the following topics:
• Assigning a Switch Name, page 3-13
• Configuring Date, Time, and Time Zone, page 3-13
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-12
OL-16597-01
Chapter 3 Configuring the Switch
Send feedback to nx5000-docfeedback@cisco.com
• Adjusting for Daylight Saving Time or Summer Time, page 3-14
Assigning a Switch Name
Each switch in the network requires a unique name. You can assign names to easily identify the switch
by its physical location, its network association, or the organization to which it is deployed. The assigned
name is displayed in the command-line prompt. The switch name is limited to 20 alphanumeric
characters.
Note This guide refers to a switch in the Cisco Nexus 5000 Series switch as switch, and it uses the switch#
prompt.
To change the name of the switch, perform this task:
Command Purpose
Step 1
Step 2
Step 3
switch# configure terminal
switch(config)# switchname myswitch1
myswitch1(config)#
myswitch1(config)# no switchname
switch(config)#
Additional Switch Configuration
Enters configuration mode.
Changes the switch name prompt as specified
(myswitch1).
Reverts the switch name prompt to its default (switch#).
Configuring Date, Time, and Time Zone
The Cisco Nexus 5000 Series switches use Universal Coordinated Time (UTC), which is the same as
Greenwich Mean Time (GMT). To change the default time on the switch, perform this task:
Command Purpose
switch# clock set HH:MM:SS DD Month
YYYY
The following example sets the time for the switch:
switch# clock set 15:58:09 29 February 2008
Mon Feb 20 15:58:09 UTC 2008
Note The clock command changes are saved across system resets.
You can specify a time zone for the switch. To specify the local time without the daylight saving time
feature, perform this task:
Sets the default time on the switch. HH represents hours
in 24-hour time (15 for 3 P.M.), MM is minutes (58), SS
is seconds (09), DD is the date (29), Month is the month
in words (February), and YYYY is the year (2008).
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-13
Additional Switch Configuration
Send feedback to nx5000-docfeedback@cisco.com
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
switch# configure terminal
switch(config)# clock timezone
timezone hours_offset minutes_offset
switch(config)# exit
switch# show clock
switch# show run
The following example sets the time zone to Pacific Standard Time (PST) and offsets the UTC time by
negative eight hours and 0 minutes:
switch# configure terminal
switch(config)# clock timezone PST -8 0
Chapter 3 Configuring the Switch
Enters configuration mode.
Sets the time zone. timezone is the three letter time zone
(PST for Pacific Standard), the hours offset from UTC (-8
for the PST offset), and minutes offset (needed for time
zones such as Newfoundland Standard (NST) or India
Standard (IST)).
Returns to EXEC mode.
Verifies the time zone configuration.
Displays changes made to the time zone configuration
along with other configuration information.
To disable the local time setting, perform this task:
switch(config)# no clock timezone
Disables the time zone adjustment feature.
Adjusting for Daylight Saving Time or Summer Time
You can configure your switch to adjust for daylight saving time (or summer time). By default, Cisco
NX-OS does not automatically adjust for daylight saving time. You must manually configure the switch
to adjust to the daylight saving time.
For example, following U.S. standards (defined by the Energy Policy Act of 2005), you can have the
switch advance the clock one hour at 2:00 a.m. on the second Sunday in March and move back the clock
one hour at 2:00 a.m. on the first Sunday in November. You can also explicitly specify the start and end
dates and times and whether or not the time adjustment recurs every year.
To enable the daylight saving time clock adjustment, perform this task:
Command Purpose
Step 1
switch# configure terminal
Enters configuration mode.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-14
OL-16597-01
Chapter 3 Configuring the Switch
Send feedback to nx5000-docfeedback@cisco.com
Command Purpose
Step 2
Step 3
Step 4
switch(config)# clock summer-time
timezone start_week start_day
start_month start_time end_week
end_day end_month end_time offset
switch(config)# no clock summer-time
switch(config)# exit
switch# show running-config | include
summer-time
The following example adjusts the daylight savings time for the U.S. Pacific daylight time by 60 minutes
starting the second Sunday in March at 2 a.m. and ending the first Sunday in November at 2 a.m:
switch# configure terminal
switch(config)# clock summer-time PDT 1 Sunday March 02:00 1 Sunday November 02:00 60
NTP Configuration
Sets the daylight savings time for a specified time zone.
The start and end values are as follows:
• Week ranging from 1 through 5
• Day ranging from Sunday through Saturday
• Month ranging from January through December
The daylight offset ranges from 1 through 1440 minutes,
which are added to the start time and deleted time from
the end time.
Disables the daylight saving time adjustment feature.
Returns to EXEC mode.
Verifies the time zone configuration.
NTP Configuration
A Network Time Protocol (NTP) server provides a precise time source (radio clock or atomic clock) to
synchronize the system clocks of network devices. NTP is transported over User Datagram Protocol
UDP/IP. All NTP communications use Universal Time Coordinated (UTC). An NTP server receives its
time from a reference time source, such as a radio clock or atomic clock, attached to the time. NTP
distributes this time across the network.
This section includes the following sections:
• About NTP, page 3-15
• NTP Configuration Guidelines, page 3-16
• Configuring NTP, page 3-17
• NTP CFS Distribution, page 3-17
About NTP
In a large enterprise network, having one time standard for all network devices is critical for management
reporting and event logging functions when trying to correlate interacting events logged across multiple
devices. Many enterprise customers with extremely mission-critical networks maintain their own
stratum-1 NTP source.
Time synchronization happens when several frames are exchanged between clients and servers. The
switches in client mode know the address of one or more NTP servers. The servers act as the time source
and receive client synchronization requests.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-15
NTP Configuration
Send feedback to nx5000-docfeedback@cisco.com
By configuring an IP address as a peer, the switch will obtain and provide time as required. The peer is
capable of providing time on its own and is capable of having a server configured. If both these instances
point to different time servers, your NTP service is more reliable. Even if the active server link is lost,
you can still maintain the right time due to the presence of the peer.
Tip If an active server fails, a configured peer helps in providing the NTP time. Provide a direct NTP server
association and configure a peer to ensure backup support if the active server fails.
If you only configure a peer, the most accurate peer takes on the role of the NTP server and the other
peer(s) acts as a peer(s).
NTP Configuration Guidelines
The following guidelines apply to all NTP configurations:
• You should have a peer association with another switch only when you are sure that your clock is
reliable (which means that you are a client of a reliable NTP server).
• A peer configured alone takes on the role of a server and should be used as backup. If you have two
servers, then you can have several switches point to one server, and the remaining switches to the
other server. You would configure peer association between these two sets, which forces the clock
to be more reliable.
• If you only have one server, it is better for all the switches to have a client association with that
server.
Not even a server down time will affect well-configured switches in the network. Figure 3-2 displays a
network with two NTP stratum 2 servers and two switches.
Chapter 3 Configuring the Switch
Figure 3-2 NTP Peer and Server Association
From lower stratum
server-1
Stratum-2
Server-1
Switch-1 Switch-2
Peer association
Server
association
Peer association
From lower stratum
server-2
Stratum-2
Server-2
Server
association
85532
In this configuration, the switches were configured as follows:
• Stratum 2 Server 1
–
IPv4 address–10.10.10.10
–
Stratum–2 Server-2
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-16
OL-16597-01
Chapter 3 Configuring the Switch
Send feedback to nx5000-docfeedback@cisco.com
• Switch 1 IPv4 address–10.10.10.1
• Switch 1 NTP configuration commands
• Switch 2 IPv4 address–10.10.10.2
• Switch 2 NTP configuration commands
Configuring NTP
You can configure NTP using either IPv4 addresses, IPv6 addresses, or Domain Name Services (DNS)
names. To configure NTP associations, perform this task:
–
IPv4 address–10.10.10.9
–
ntp server 10.10.10.10
–
ntp peer 10.10.10.2
–
ntp server 10.10.10.9
–
ntp peer 10.10.10.1
NTP Configuration
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
switch# configure terminal
switch(config)# ntp server
{ip-address | ipv6-address |
dns-name}
switch(config)# ntp peer {ip-address
| ipv6-address | dns-name}
switch(config)# exit
switch# copy running-config
startup-config
switch# show ntp peers
NTP CFS Distribution
You can enable NTP fabric distribution for all Cisco Nexus 5000 Series switches in a fabric using the
Cisco Fabric Services (CFS). When you perform NTP configurations, and distribution is enabled, the
entire server or peer configuration is distributed to all the switches in the fabric.
You automatically acquire a fabric-wide lock when you enter the first configuration command after you
enabled distribution in a switch.The NTP application uses an effective and pending database model to
store or commit the commands based on your configuration. You changes are stored in the pending
database and committed to the effective database.
See the “Information About CFS” section on page 21-1 for more information on the CFS application.
Enters configuration mode.
Forms an association with a server.
Forms an association with a peer. You can specify
multiple associations.
Returns to EXEC mode.
Saves your configuration changes to NVRAM.
Tip This is one instance where you can save the
configuration as a result of an NTP configuration
change. You can enter this command at any time.
Displays the configured server and peer associations.
This section includes the following sections:
• Enabling NTP Distribution, page 3-18
• Committing NTP Configuration Changes, page 3-18
• NTP Session Status Verification, page 3-19
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-17
NTP Configuration
Send feedback to nx5000-docfeedback@cisco.com
• Database Merge Guidelines, page 3-19
• NTP Session Status Verification, page 3-19
Enabling NTP Distribution
To enable NTP configuration fabric distribution, perform this task:
Command Purpose
Step 1
Step 2
switch# configure terminal
switch(config)# ntp distribute
switch(config)# no ntp distribute
Committing NTP Configuration Changes
Chapter 3 Configuring the Switch
Enters configuration mode.
Enables NTP configuration distribution to all switches in
the fabric. Acquires a fabric lock and stores all future
configuration changes in the pending database.
Disables (default) NTP configuration distribution to all
switches in the fabric.
When you commit the NTP configuration changes, the effective database is overwritten by the
configuration changes in the pending database and all the switches in the fabric receive the same
configuration. When you commit the NTP configuration changes without implementing the session
feature, the NTP configurations are distributed to all the switches in the fabric.
To commit the NTP configuration changes, perform this task:
Command Purpose
Step 1
Step 2
switch# configure terminal
switch(config)# ntp commit
Discarding NTP Configuration Changes
After making the configuration changes, you can choose to discard the changes or to commit them. In
either case, the lock is released.
To discard NTP configuration changes, perform this task:
Command Purpose
Step 1
Step 2
switch# configure terminal
switch(config)# ntp abort
Enters configuration mode.
Distributes the NTP configuration changes to all switches
in the fabric and releases the lock. Overwrites the
effective database with the changes made to the pending
database.
Enters configuration mode.
Discards the NTP configuration changes in the pending
database and releases the fabric lock.
Releasing Fabric Session Lock
If you have performed an NTP fabric task and have forgotten to release the lock by either committing or
discarding the changes, an administrator can release the lock from any switch in the fabric. If the
administrator performs this task, your changes to the pending database are discarded and the fabric lock
is released.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-18
OL-16597-01
Chapter 3 Configuring the Switch
Send feedback to nx5000-docfeedback@cisco.com
Tip The changes are only available in the volatile directory and are subject to being discarded if the switch
is restarted.
To use administrative privileges and release a locked NTP session, use the clear ntp session command.
switch# clear ntp session
Database Merge Guidelines
When merging two fabrics, follow these guidelines:
• Be aware that the merge is a union of the existing and the received database in each switch in the
fabric.
• Do not configure an IP address as a server on one switch and as a peer on another switch. The merge
can fail if this configuration exists.
• Verify that the union of the databases does not exceed the maximum limit of 64.
Management Interface Configuration
NTP Session Status Verification
To verify the status of the NTP session, use the show ntp session-status command.
switch# show ntp session-status
last-action : Distribution Enable Result : Success
Management Interface Configuration
The management interface on the switch allows multiple simultaneous Telnet or SNMP sessions. You
can remotely configure the switch through the management interface (mgmt0), but first you must
configure some IP parameters so that the switch is reachable. You can manually configure the
management interface from the CLI.
This section includes the following sections:
• About the mgmt0 Interface, page 3-19
• Configuring the Management Interface, page 3-20
• Displaying Management Interface Configuration, page 3-20
• Shutting Down the Management Interface, page 3-21
About the mgmt0 Interface
The mgmt0 interface on Cisco NX-OS devices provides out-of-band management, which enables you to
manage the device by its IPv4 or IPv6 address. The mgmt0 interface uses 10/100/1000 Ethernet.
Note Before you begin to configure the management interface manually, obtain the switch’s IP address and
subnet mask. Also make sure that the console cable is connected to the console port.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-19
Management Interface Configuration
Send feedback to nx5000-docfeedback@cisco.com
Configuring the Management Interface
To configure the management (mgmt0) Ethernet interface to connect over IP, perform this task:
Command Purpose
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
switch# configure terminal
switch(config)# interface mgmt 0
switch(config-if)# ip address
ipv4-address[/length]
switch(config-if)# ip address
ipv4-address [subnet-mask]
switch(config-if)# ipv6 address
ipv6-address[/length]
switch(config-if)# no shutdown
switch(config-if)# exit
switch(config)# vrf context
management
switch(config-vrf)# ip route
ipv4-prefix[/length]
ipv4-nexthop-address
switch(config-vrf)# ipv6 route
ipv6-prefix[/length]
ipv6-nexthop-address
switch(config-vrf)# exit
switch# copy running-config
startup-config
Chapter 3 Configuring the Switch
Enters configuration mode.
Selects the management Ethernet interface on the switch
and enters interface configuration submode.
Configures the IPv4 address and its subnet mask.
An alternative method that configures the IPv4 address
and its subnet mask.
Configures the IPv6 address and its subnet mask.
Enables the interface.
Returns to configuration mode.
Enters VRF context management configuration mode.
Configures the IPv4 address of the next hop.
Configures the IPv6 address of the next hop.
Returns to EXEC mode.
(Optional) Saves your configuration changes to the file
system.
In some cases, a switch interface might be administratively shut down. You can check the status of an
interface at any time by using the show interface mgmt 0 command.
Displaying Management Interface Configuration
To display the management interface configuration, use the show interface mgmt 0 command.
switch# show interface mgmt0
mgmt0 is up
Hardware is GigabitEthernet, address is 000d.ec8f.cb00 (bia 000d.ec8f.cb00)
Internet Address is 172.16.131.202/24
MTU 1500 bytes, BW 0 Kbit, DLY 0 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
full-duplex, 1000 Mb/s
Input flow-control is off, output flow-control is off
8540 packets input, 2835036 bytes
5202 multicast frames, 0 compressed
0 input errors, 0 frame, 0 overrun, 0 fifo
570 packets output, 85555 bytes
0 underrun, 0 output errors, 0 collisions
0 fifo, 0 carrier errors
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-20
OL-16597-01
Chapter 3 Configuring the Switch
Send feedback to nx5000-docfeedback@cisco.com
Shutting Down the Management Interface
To shut down the management interface (mgmt0), you use the shutdown command. A system prompt
requests you confirm your action before it executes the command. You can use the force option to bypass
this confirmation.
The following example shuts down the interface without using the force option:
switch# configure terminal
switch(config)# interface mgmt 0
switch(config-if)# shutdown
Shutting down this interface will drop all telnet sessions.
Do you wish to continue (y/n)? y
The following example shuts down the interface using the force option:
switch# configure terminal
switch(config)# interface mgmt 0
switch(config-if)# shutdown force
Managing the Switch Configuration
Managing the Switch Configuration
This section includes the following topics:
• Displaying the Switch Configuration, page 3-21
• Saving a Configuration, page 3-21
• Clearing a Configuration, page 3-22
Displaying the Switch Configuration
You can view the ASCII form of the configuration file when required. To view the current configuration
tree from the EXEC prompt, enter the show running-config command. If the running configuration is
different from the startup configuration, enter the show startup-config command to view the ASCII
version of the current startup configuration that was used to boot the switch if a copy running-config
startup-config command was not entered after the reboot. Use the show startup-config command to
view the contents of the current startup configuration.
You can also gather specific information on the entire switch configuration by entering the relevant show
commands. Configurations are displayed based on a specified feature, interface, module, or VSAN.
Available show commands for each feature are briefly described in this section and listed at the end of
each chapter.
Saving a Configuration
Use the copy running-config startup-config command to save the new configuration into nonvolatile
storage. Once this command is entered, the running and the startup copies of the configuration are
identical.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-21
Using Switch File Systems
Send feedback to nx5000-docfeedback@cisco.com
Clearing a Configuration
Use the write erase command to clear a startup configuration. Once this command is executed, the
switch’s startup configuration reverts to factory defaults. The running configuration is not affected.
Caution The write erase command erases the entire startup configuration with the exception of any
configuration that affects the loader functionality.
The write erase boot command only erases the configuration that affects the loader functionality. The
loader functionality configuration includes the boot variables and the mgmt0 IP configuration
information (IP address, netmask, and default gateway).
switch# write erase boot
This command will erase the boot variables and the IP configuration of interface mgmt 0.
Using Switch File Systems
Chapter 3 Configuring the Switch
This section includes the following topics:
• Setting the Current Directory, page 3-22
• Displaying the Current Directory, page 3-23
• Listing the Files in a Directory, page 3-23
• Creating a Directory, page 3-23
• Deleting an Existing Directory, page 3-23
• Moving Files, page 3-24
• Copying Files, page 3-24
• Deleting Files, page 3-24
• Displaying File Contents, page 3-25
• Saving Command Output to a File, page 3-25
• Compressing and Uncompressing Files, page 3-25
Setting the Current Directory
The cd command changes the current directory level to a specified directory level. The CLI defaults to
the volatile: file system. This command expects a directory name input.
Any file saved in the volatile: file system is erased when the switch reboots.
The syntax for this command is cd directory name.
This command exchanges the current directory to the root directory on the bootflash: file system:
switch# cd bootflash:
This example changes the current directory to a mystorage directory that resides in the current directory:
switch# cd mystorage
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-22
OL-16597-01
Chapter 3 Configuring the Switch
Send feedback to nx5000-docfeedback@cisco.com
Displaying the Current Directory
The pwd command displays the current directory location. This example changes the directory and
displays the current directory:
switch# cd bootflash:
switch# pwd
bootflash:
Listing the Files in a Directory
The dir command displays the contents of the current directory or the specified directory. The syntax
for this command is dir directory or dir filename.
This example shows how to list the files on the default volatile file system:
switch# dir volatile:
Usage for volatile://sup-local
0 bytes used
20971520 bytes free
20971520 bytes total
Using Switch File Systems
Creating a Directory
The mkdir command creates a directory at the current directory level or at a specified directory level.
The syntax for this command is mkdir name.
This example creates a directory called test in the bootflash directory.
switch# mkdir bootflash:test
This example creates a directory called test in the current directory.
switch# mkdir test
Deleting an Existing Directory
The rmdir command deletes an existing directory at the current directory level or at a specified directory
level. The directory must be empty to be deleted.
The syntax for this command is rmdir name.
This example deletes the directory called test in the bootflash directory:
switch# rmdir bootflash:test
This is a directory. Do you want to continue (y/n)? [y] y
The delete command can also delete empty and nonempty directories. When you enter this command, a
warning is displayed to confirm your intention to delete the directory.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-23
Using Switch File Systems
Send feedback to nx5000-docfeedback@cisco.com
Moving Files
Caution If a file with the same name already exists in the destination directory, that file is overwritten by the
Chapter 3 Configuring the Switch
This example deletes the directory called test in the current directory:
switch# delete test
This is a directory. Do you want to continue (y/n)? [y] y
If the current directory is bootflash:mydir, this command deletes the bootflash:mydir/test directory.
The move command removes a file from the source directory and places it in the destination directory.
moved file.
This example moves the file called samplefile from the root directory to the mystorage directory:
switch# move bootflash:samplefile bootflash:mystorage/samplefile
This example moves a file from the current directory level:
switch# move samplefile mystorage/samplefile
Copying Files
Note Use the dir command to ensure that enough space is available in the target file system. If enough space
Deleting Files
If the current directory is bootflash:mydir, this command moves bootflash:mydir/samplefile to
bootflash:mydir/mystorage/samplefile.
The copy command copies a file between file systems within a switch.
is not available, use the delete command to remove unneeded files.
This example copies the file called samplefile from the root directory to the mystorage directory:
switch# copy bootflash:samplefile bootflash:mystorage/samplefile
This example copies a file from the current directory level:
switch# copy samplefile mystorage/samplefile
If the current directory is bootflash:mydir, this command copies bootflash:mydir/samplefile to
bootflash:mydir/mystorage/samplefile.
The delete command deletes a specified file or the specified directory and all its contents.
This example shows how to delete a file from the current working directory:
switch# delete dns_config.cfg
This example deletes the entire bootflash: directory and all its contents:
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-24
OL-16597-01
Chapter 3 Configuring the Switch
Send feedback to nx5000-docfeedback@cisco.com
switch# delete bootflash:my-dir
Caution If you specify a directory, the delete command deletes the entire directory and all its contents.
Displaying File Contents
The show file command displays the contents of a specified file in the file system.
This example displays the contents of a file residing in the current directory:
switch# show file myfile
Saving Command Output to a File
You can force all screen output to go to a file by appending > filename to any command. For example,
enter show interface > Samplefile at the EXEC mode switch prompt to save the interface configuration
to Samplefile which is a file created at the same directory level. At the EXEC mode switch prompt, enter
a dir command to view all files in this directory, including the recently saved Samplefile.
Using Switch File Systems
Compressing and Uncompressing Files
The gzip command compresses (zips) the specified file using LZ77 coding.
This example directs the output of the show tech-support command to a file (Samplefile), and then zips
the file and displays the difference in the space used up in the volatile directory:
switch# show tech-support > Samplefile
Building Configuration ...
switch# dir
1525859 Jul 04 00:51:03 2003 Samplefile
Usage for volatile://
1527808 bytes used
19443712 bytes free
20971520 bytes total
switch# gzip volatile:Samplefile
switch# dir
266069 Jul 04 00:51:03 2003 Samplefile.gz
Usage for volatile://
266240 bytes used
20705280 bytes free
20971520 bytes total
The gunzip command uncompresses (unzips) LZ77 coded files.
This example unzips the file that was compressed in the previous example:
switch# gunzip Samplefile
switch# dir
1525859 Jul 04 00:51:03 2003 Samplefile
Usage for volatile://
1527808 bytes used
19443712 bytes free
20971520 bytes total
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-25
Using Switch File Systems
Send feedback to nx5000-docfeedback@cisco.com
Chapter 3 Configuring the Switch
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
3-26
OL-16597-01
Send feedback to nx5000-docfeedback@cisco.com
CHAPTER
4
Managing Licenses
This chapter describes how to manage licenses on a Cisco Nexus 5000 Series switch.
Licensing allows you to access specified premium features on the switch after you install the appropriate
license for that feature. This chapter contains information related to licensing types, options, procedures,
installation, and management for the Cisco NX-OS software.
This chapter includes the following sections:
• Licensing Terminology, page 4-1
• Licensing Model, page 4-2
• License Installation, page 4-3
• Obtaining the License Key File, page 4-4
• Installing the License Key File, page 4-4
• Backing Up License Files, page 4-6
• Identifying License Features in Use, page 4-6
• Uninstalling Licenses, page 4-6
• Updating Licenses, page 4-8
• Grace Period Alerts, page 4-8
• License Transfers Between Switches, page 4-9
• Verifying the License Configuration, page 4-10
Licensing Terminology
The following terms are used in this chapter:
• Licensed feature—Permission to use a particular feature through a license file, a hardware object,
or a legal contract. This permission is limited to the number of users, number of instances, time span,
and the implemented switch.
• Licensed application—A software feature that requires a license to be used.
• License enforcement—A mechanism that prevents a feature from being used without first obtaining
a license.
• Node-locked license—A license that can only be used on a particular switch using the switch’s
unique host ID.
• Host IDs—A unique chassis serial number that is specific to each switch.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
4-1
Licensing Model
Send feedback to nx5000-docfeedback@cisco.com
Chapter 4 Managing Licenses
• Proof of purchase—A document entitling its rightful owner to use licensed features on one switch
as described in that document. The proof of purchase document is also known as the claim
certificate.
• Product Authorization Key (PAK)—The PAK allows you to obtain a license key from one of the sites
listed in the proof of purchase document. After registering at the specified website, you will receive
your license key file and installation instructions through e-mail.
• License key file—A switch-specific unique file that specifies the licensed features. Each file
contains digital signatures to prevent tampering and modification. License keys are required to use
a licensed feature. License keys are enforced within a specified time span.
• Missing license—If the bootflash has been corrupted or a supervisor module replaced after you have
installed a license, that license shows as “missing.” The feature still works, but the license count is
inaccurate. You should reinstall the license as soon as possible.
• Incremental license—An additional licensed feature that was not in the initial license file. License
keys are incremental. If you purchase some features now and others later, the license file and the
software detect the sum of all features for the specified switch.
• Evaluation license—A temporary license. Evaluation licenses are time bound (valid for a specified
number of days) and are not tied to a host ID (switch serial number).
• Permanent license—A license that is not time bound is called a permanent license.
• Grace period—The amount of time the features in a license package can continue functioning
without a license.
• Support—If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If
you purchased support directly from Cisco Systems, contact Cisco Technical Support at this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Licensing Model
The licensing model for the Cisco NX-OS software is feature-based. Feature-based licenses make
features available to the entire physical switch. Tab le 4-1 lists the feature-based license packages.
Note Any feature not included in the Storage Services license package is bundled with the Cisco NX-OS
software and is provided with the switch hardware at no additional charge (See Base Services Package
in Table 4-1).
Table 4-1 Feature-Based Licenses
Feature License Features
Base Services Package
N5000-AS
This package is included with the switch hardware at no
additional charge. It includes all available Ethernet and
system features, except features explicitly listed in the
Storage Services Package.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
4-2
OL-16597-01
Chapter 4 Managing Licenses
Send feedback to nx5000-docfeedback@cisco.com
Table 4-1 Feature-Based Licenses (continued)
Feature License Features
Storage Services Package
N5020-SS
Advanced Services Package
N5000-AS
License Installation
License Installation
• N5020-SS includes the following services for one
NX5020 system:
• Native Fibre Channel
• FCoE
• NPV
• FC Port Security
• Fabric Binding
• This package will be available in a future release.
You can either obtain a factory-installed license (only applies to new switch orders) or perform a manual
license installation of the license (applies to existing switches in your network).
This section includes the following topics:
• Obtaining a Factory-Installed License, page 4-3
• Performing a Manual Installation, page 4-4
Obtaining a Factory-Installed License
You can obtain factory-installed licenses for a new Cisco Nexus 5000 Series switch.
To obtain a factory-installed license, perform this task:
Step 1 Contact your reseller or Cisco representative and request this service.
Note If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you
purchased support directly from Cisco Systems, contact Cisco Technical Support at this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Your switch is shipped with the required licenses installed in the system. The proof of purchase
document is sent along with the switch.
Step 2 Obtain the host ID from the proof of purchase document for future use.
You can now start to use the switch and the licensed features.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
4-3
Obtaining the License Key File
Send feedback to nx5000-docfeedback@cisco.com
Performing a Manual Installation
All Cisco Nexus 5000 Series licenses are factory-installed. Manual installation is not required.
Obtaining the License Key File
To obtain new or updated license key files, perform this task:
Step 1 Use the show license host-id command to obtain the serial number for your switch. The host ID is also
referred to as the switch serial number.
switch# show license host-id
License hostid: VDH=FOX064317SQ
Tip Use the entire ID that appears after the equal (=) sign. In this example, the host ID is
FOX064317SQ.
Chapter 4 Managing Licenses
Step 2 Obtain either your claim certificate or your proof of purchase document. This document accompanies
every Cisco Nexus 5000 Series switch.
Step 3 Get the product authorization key (PAK) from either the claim certificate or the proof of purchase
document.
Step 4 Locate the website URL from either the claim certificate or the proof of purchase document.
Step 5 Access the specified URL that applies to your switch and enter the switch serial number and the PAK.
The license key file is sent to you by e-mail. The license key file is digitally signed to only authorize use
on the requested switch. The requested features are also enabled once the Cisco NX-OS software on the
specified switch accesses the license key file.
Caution Install the license key file in the specified Cisco Nexus 5000 Series switch without making
any modifications.
A license is either permanent or it expires on a fixed date. If you do not have a license, the grace period
for using that feature starts from the first time you start using a feature offered by that license (see the
“Grace Period Alerts” section on page 4-8).
Step 6 Use the copy licenses command in EXEC mode to save your license file to one of two locations; either
the bootflash: or the volatile: directory (see the “Backing Up License Files” section on page 4-6).
Installing the License Key File
Tip If you need to install multiple licenses in any switch, be sure to provide unique file names for each
license key file.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
4-4
OL-16597-01
Chapter 4 Managing Licenses
Send feedback to nx5000-docfeedback@cisco.com
To install a license key file in any switch, perform this task:
Step 1 Log into the switch through the console port of the active supervisor.
Step 2 Perform the installation by entering the install license command on the active supervisor module from
the switch console.
switch# install license bootflash:license_file.lic
Installing license ..done
Note If you provide a target name for the license key file, the file is installed with the specified name.
Step 3 Back up the license file to a .tar file on bootflash: using the copy licenses command.
switch# copy licenses bootflash:/Enterprise.tar
Backing up license done
Step 4 Exit the switch console and open a new terminal session to view all license files installed on the switch
using the show license command.
switch# show license
Enterprise.lic:
SERVER this_host ANY
VENDOR cisco
INCREMENT ENTERPRISE_PKG cisco 1.0 permanent uncounted \
Installing the License Key File
Otherwise, the filename specified in the license key file is used to install the license.
HOSTID=VDH=FOX0646S017 \
NOTICE=”<LicFileID></LicFileID><LicLineID>0</LicLineID> \
<PAK>dummyPak</PAK>” SIGN=EE9F91EA4B64
Note If the license meets all guidelines when the install license command is entered, all features and
modules continue functioning as configured.
You can use the show license brief command to display a list of license files installed on the switch.
switch# show license brief
Enterprise.lic
FibreChannel.lic
You can use the show license file command to display information about a specific license file installed
on the switch.
switch# show license file Enterprise.lic
Enterprise.lic:
SERVER this_host ANY
VENDOR cisco
INCREMENT ENTERPRISE_PKG cisco 1.0 permanent uncounted \
HOSTID=VDH=FOX0646S017 \
NOTICE=”<LicFileID></LicFileID><LicLineID>0</LicLineID> \
<PAK>dummyPak</PAK>” SIGN=EE9F91EA4B64
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
4-5
Backing Up License Files
Send feedback to nx5000-docfeedback@cisco.com
Backing Up License Files
All installed license files can be backed up as a .tar file in the user specified location. Use the copy
licenses command in EXEC mode to save your license file to one of two locations; bootflash: or volatile:.
The following example saves all licenses to a file named Enterprise.tar:
switch# copy licenses bootflash:/Enterprise.tar
Backing up license done
Tip We recommend backing up your license files immediately after installing them and just before running
a write erase command.
Caution If you erase any existing licenses, you can only install them using the install license command.
Identifying License Features in Use
Chapter 4 Managing Licenses
When a Cisco NX-OS software feature is enabled, it can activate a license grace period. To identify the
features active for a specific license, use the show license usage license-name command.
switch# show license usage FC_FEATURES_PKG
Application
----------PFM
-----------
Use the show license usage command to identify all of the active features on your switch.
switch# show license usage
Feature Ins Lic Status Expiry Date Comments
-------------------------------------------------------------------------------FM_SERVER_PKG No - Unused ENTERPRISE_PKG No - In use Grace 119D 23H
FC_FEATURES_PKG Yes - In use never -
--------------------------------------------------------------------------------
Uninstalling Licenses
You can only uninstall a permanent license that is not in use. If you try to delete a permanent license that
is currently being used, the software rejects the request with an error message. Uninstalling an unused
license initiates the grace period. The grace period is measured from the first use of the feature without
a license and is reset when a valid license file is installed.
Count
Note Permanent licenses cannot be uninstalled if they are currently being used. Features turned on by
permanent licenses must first be disabled, before that license is uninstalled.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
4-6
OL-16597-01
Chapter 4 Managing Licenses
Send feedback to nx5000-docfeedback@cisco.com
Tip If you are using an evaluation license and would like to install a new permanent license, you can do so
without service disruption and before the evaluation license expires. Removing an evaluation license
immediately triggers a grace period without service disruption.
Caution Disable related features before uninstalling a license. The delete procedure fails if the license is in use.
To uninstall a license, perform this task:
Step 1 Save your running configuration to a remote server using the copy command (see Chapter 3,
“Configuring the Switch”).
Step 2 Enter the show license brief command in EXEC mode to view a list of all installed license key files and
identify the file to be uninstalled. In this example, the file to be uninstalled is the FibreChannel.lic file.
switch# show license brief
Enterprise.lic
FibreChannel.lic
Uninstalling Licenses
Step 3 Disable the features provided by the license to be uninstalled. Enter the show license usage
package_name command to view the enabled features for a specified package.
switch# show license usage FC_FEATURES_PKG
Application
----------PFM
-----------
Step 4 Uninstall the FibreChannel.lic file using the clear license filename command, where filename is the
name of the installed license key file.
switch# clear license FibreChannel.lic
Clearing license FibreChannel.lic:
SERVER this_host ANY
VENDOR cisco
Step 5 Enter yes (yes is the default) to continue with the license update.
Do you want to continue? (y/n) y
Clearing license ..done
The FibreChannel.lic license key file is now uninstalled.
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
4-7
Updating Licenses
Send feedback to nx5000-docfeedback@cisco.com
Updating Licenses
If your license is time bound, you must obtain and install an updated license. Contact technical support
to request an updated license.
Note If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased
support directly from Cisco Systems, contact Cisco Technical Support at this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
To update a license, perform this task:
Step 1 Obtain the updated license file using the procedure described in the “Obtaining the License Key File”
section on page 4-4.
Step 2 Save your running configuration to a remote server using the copy command.
Step 3 Enter the show license brief command to verify the name of the file to be updated.
switch# show license brief
Enterprise.lic:
Chapter 4 Managing Licenses
Step 4 Update the license file using the update license url command, where url specifies the bootflash: or
volatile: location of the updated license file.
switch# update license bootflash:Advanced2.lic Advanced1.lic
Updating Advanced1.lic:
SERVER this_host ANY
VENDOR cisco
# An example fcports license
INCREMENT SAN_EXTN_OVER_IP cisco 1.000 permanent 1 HOSTID=VDH=ABCD \
NOTICE=<LicFileID>Advanced1.lic</LicFileID><LicLineID>0</LicLineID> \
SIGN=33088E76F668
with bootflash:/Advanced2.lic:
SERVER this_host ANY
VENDOR cisco
# An example fcports license
INCREMENT SAN_EXTN_OVER_IP cisco 1.000 permanent 1 HOSTID=VDH=ABCD \
NOTICE=<LicFileID>Advanced2.lic</LicFileID><LicLineID>1</LicLineID> \
SIGN=67CB2A8CCAC2
Step 5 Enter yes (yes is the default), to continue with the license update.
Do you want to continue? (y/n) y
Updating license ..done
switch#
The Enterprise.lic license key file is now updated.
Grace Period Alerts
Cisco NX-OS gives you a 120-day grace period. This grace period starts or continues when you are
evaluating a feature for which you have not installed a license.
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
4-8
OL-16597-01
Chapter 4 Managing Licenses
Send feedback to nx5000-docfeedback@cisco.com
The grace period stops if you disable a feature you are evaluating, but if you enable that feature again
without a valid license, the grace period countdown continues from when it had stopped.
The grace period operates across all features in a license package. License packages can contain several
features. If you disable a feature during the grace period and there are other features in that license
package that are still enabled, the countdown does not stop for that license package. To suspend the grace
period countdown for a license package, you must disable every feature in that license package. Use the
show license usage license-name command to determine which applications to disable.
switch# show license usage FC_FEATURES_PKG
Application
----------PFM
-----------
The Cisco NX-OS license counter keeps track of all licenses on a switch. If you are evaluating a feature
and the grace period has started, you will receive console messages, SNMP traps, system messages, and
Call Home messages on a daily basis.
The frequency of these messages become hourly during the last seven days of the grace period.
Note You cannot modify the frequency of the grace period messages.
License Transfers Between Switches
Caution After the final seven days of the grace period, the feature is turned off and your network traffic may be
disrupted. Any future upgrade will enforce license requirements and the 120-day grace period.
Use the show license usage command to display grace period information for a switch.
switch# show license usage
Feature Installed License Status ExpiryDate Comments
-----------------------------------------------------------------------------------------FM_SERVER_PKG Yes - Unused never license missing
MAINFRAME_PKG No - Unused never Grace Period 57days15hrs
ENTERPRISE_PKG Yes - InUse never SAN_EXTN_OVER_IP No 0 Unused never SAN_EXTN_OVER_IP_IPS4 No 0 Unused never -
------------------------------------------------------------------------------------------
Count
License Transfers Between Switches
A license is specific to the switch for which it is issued and is not valid on any other switch. If you need
to transfer a license from one switch to another, contact your customer service representative.
Note If you purchased Cisco support through a Cisco reseller, contact the reseller directly. If you purchased
support directly from Cisco Systems, contact Cisco Technical Support at this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
OL-16597-01
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
4-9
Verifying the License Configuration
Send feedback to nx5000-docfeedback@cisco.com
Verifying the License Configuration
To display the license configuration information, perform one of the following tasks:
.
Command Purpose
switch# show license [brief]
switch# show license file
switch# show license host-id
switch# show license usage
Displays information for all installed license files.
Displays information for a specific license file.
Displays the host ID for the physical switch.
Displays the usage information for installed licenses.
Chapter 4 Managing Licenses
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
4-10
OL-16597-01
Loading...