Cisco Nexus 3548 Configuration Manual

Page 1

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

First Published: 2013-05-13

Last Modified: 2016-05-31

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883

Page 2

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWAREOF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://

www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership

relationship between Cisco and any other company. (1110R)

Page 3

Preface

CHAPTER 1

CHAPTER 2

CHAPTER 3

Preface xiii

Audience xiii

Document Conventions xiii

Documentation Feedback xv

New and Changed Information 1

New and Changed Information in this Release 1

Overview 3

System Management Features 3

Configuring PTP 7

Information About PTP 7

PTP Device Types 8

PTP Process 9

High Availability for PTP 10

Licensing Requirements for PTP 10

Guidelines and Limitations for PTP 10

Default Settings for PTP 10

Configuring PTP 11

Configuring PTP Globally 11

Configuring PTP on an Interface 13

Configuring Multiple PTP Domains 14

Configuring PTP Grandmaster Clock 16

Configuring PTP Cost Interface 18

Configuring clock Identity 18

Verifying the PTP Configuration 19

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

iii

Page 4

Contents

CHAPTER 4

Configuring User Accounts and RBAC 21

Information About User Accounts and RBAC 21

User Roles 21

Rules 22

User Role Policies 22

User Account Configuration Restrictions 23

User Password Requirements 24

Guidelines and Limitations for User Accounts 24

Configuring User Accounts 25

Configuring RBAC 26

Creating User Roles and Rules 26

Creating Feature Groups 27

Changing User Role Interface Policies 28

Changing User Role VLAN Policies 28

Verifying the User Accounts and RBAC Configuration 29

Configuring User Accounts Default Settings for the User Accounts and RBAC 30

CHAPTER 5

CHAPTER 6

Configuring Session Manager 31

Information About Session Manager 31

Guidelines and Limitations for Session Manager 31

Configuring Session Manager 32

Creating a Session 32

Configuring ACLs in a Session 32

Verifying a Session 33

Committing a Session 33

Saving a Session 33

Discarding a Session 33

Configuration Example for Session Manager 34

Verifying the Session Manager Configuration 34

Configuring the Scheduler 35

Information About the Scheduler 35

Remote User Authentication 36

Scheduler Log Files 36

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 5

Contents

Licensing Requirements for the Scheduler 36

Guidelines and Limitations for the Scheduler 36

Default Settings for the Scheduler 37

Configuring the Scheduler 37

Enabling the Scheduler 37

Defining the Scheduler Log File Size 38

Configuring Remote User Authentication 38

Defining a Job 39

Deleting a Job 40

Defining a Timetable 40

Clearing the Scheduler Log File 42

Disabling the Scheduler 42

CHAPTER 7

Verifying the Scheduler Configuration 43

Configuration Examples for the Scheduler 43

Creating a Scheduler Job 43

Scheduling a Scheduler Job 44

Displaying the Job Schedule 44

Displaying the Results of Running Scheduler Jobs 44

Standards for the Scheduler 45

Configuring Online Diagnostics 47

Information About Online Diagnostics 47

Bootup Diagnostics 47

Health Monitoring Diagnostics 48

Expansion Module Diagnostics 49

Configuring Online Diagnostics 50

Verifying the Online Diagnostics Configuration 50

Default Settings for Online Diagnostics 51

CHAPTER 8

Configuring NTP 53

Information About NTP 53

NTP as a Time Server 54

Distributing NTP Using CFS 54

Clock Manager 54

Virtualization Support 54

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 6

Contents

Licensing Requirements for NTP 54

Guidelines and Limitations for NTP 55

Default Settings 55

Configuring NTP 56

Configuring NTP Server and Peer 56

Configuring NTP Authentication 57

Configuring NTP Access Restrictions 59

Configuring the NTP Source IP Address 60

Configuring the NTP Source Interface 60

Configuring NTP Logging 60

Enabling CFS Distribution for NTP 61

Commiting NTP Configuration Changes 62

Discarding NTP Configuration Changes 62

CHAPTER 9

Releasing the CFS Session Lock 63

Verifying the NTP Configuration 63

Configuration Examples for NTP 64

Preface

The preface contains the following sections:

Audience, page xiii

•

Document Conventions, page xiii

•

Documentation Feedback, page xv

•

Audience

This publication is for network administrators who configure and maintain Cisco Nexus devices.

Document Conventions

Note

As part of our constant endeavor to remodel our documents to meet our customers' requirements, we have modified the manner in which we document configuration tasks. As a result of this, you may find a deviation in the style used to describe these tasks, with the newly included sections of the document following the new format.

Command descriptions use the following conventions:

DescriptionConvention

bold

Italic

[x | y]

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Bold text indicates the commands and keywords that you enter literally as shown.

Italic text indicates arguments for which the user supplies the values.

Square brackets enclose an optional element (keyword or argument).[x]

Square brackets enclosing keywords or arguments separated by a vertical bar indicate an optional choice.

xiii

Page 14

Document Conventions

Preface

DescriptionConvention

{x | y}

Braces enclosing keywords or arguments separated by a vertical bar indicate a required choice.

[x {y | z}]

Nested set of square brackets or braces indicate optional or required choices within optional or required elements. Braces and a vertical bar within square brackets indicate a required choice within an optional element.

variable

Indicates a variable for which you supply values, in context where italics cannot be used.

string

A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.

Examples use the following conventions:

DescriptionConvention

Terminal sessions and information the switch displays are in screen font.screen font

Information you must enter is in boldface screen font.boldface screen font

italic screen font

Arguments for which you supply values are in italic screen font.

Note

Caution

Nonprinting characters, such as passwords, are in angle brackets.< >

Default responses to system prompts are in square brackets.[ ]

!, #

An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.

This document uses the following conventions:

Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual.

Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.

xiv

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 15

Preface

Documentation Feedback

To provide technical feedback on this document, or to report an error or omission, please send your comments to: .

We appreciate your feedback.

Documentation Feedback

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 16

Documentation Feedback

Preface

xvi

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 17

CHAPTER 1

New and Changed Information

This chapter contains the following sections:

New and Changed Information in this Release, page 1

•

New and Changed Information in this Release

The following table provides an overview of the significant changes made to this configuration guide. The table does not provide an exhaustive list of all changes made to this guide or all new features in a particular release.

Table 1: New and Changed Features

PTP Enhancements

Software Maintenance Upgrades (SMUs)

DescriptionFeature

domains, grandmaster capability, PTP cost on interfaces and clock identity.

Maintenance Upgrades (SMUs).

Changed in Release

6.0(2)A8(3)Added support for configuring PTP on multiple

6.0(2)A8(1)Added support for DOM logging.DOM logging

6.0(2)A7(2)Added support for performing Software

Where DocumentedAdded or

Configuring Multiple PTP Domains, on page 14

Configuring PTP Grandmaster Clock, on page 16

Configuring PTP Cost Interface, on page 18

Configuring clock Identity, on page 18

Enabling DOM Logging, on page 79

About SMUs, on page 179

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 18

New and Changed Information in this Release

New and Changed Information

SPAN guidelines

SPAN and ERSPAN

ERSPAN Marker Packet

DescriptionFeature

hardware profile buffer span-threshold <xx>

CLI command.

packets for these features.

the original UTC timestamp information and provide a reference for the ERSPAN timestamp.

Changed in Release

6.0(2)A4(1)Added guideline about SPAN threshold and the

6.0(2)A4(1)Added the ability to filter, sample and truncate

6.0(2)A4(1)Introduced a periodical marker packet to carry

6.0(2)A1(1)This feature was introduced.Configuring ERSPAN

Where DocumentedAdded or

Guidelines and Limitations for SPAN and ERSPAN Filtering, on page 143

SPAN and ERSPAN Filtering, on page 143

SPAN and ERSPAN Sampling, on page 144

SPAN and ERSPAN Truncation, on page 145

ERSPAN Marker Packet, on page 161

Configuring ERSPAN, on page 159

6.0(2)A1(1)This feature was introduced.Configuring PTP

Configuring PTP, on page 7

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 19

Overview

This chapter contains the following sections:

System Management Features, page 3

•

System Management Features

The system management features documented in this guide are described below:

CHAPTER 2

DescriptionFeature

Active Buffer Monitoring

Warp Mode

User Accounts and RBAC

Session Manager

The Active Buffer Monitoring feature provides detailed buffer occupancy data to help you detect network congestion, review past events to understand when and how network congestion is affecting network operations, understand historical trending, and identify patterns of application traffic flow.

In warp mode, the access path is shortened by consolidating the forwarding table into single table, resulting in faster processing of frames and packets. In warp mode, latency is reduced by up to 20 percent.

User accounts and role-based access control (RBAC) allow you to define the rules for an assigned role. Roles restrict the authorization that the user has to access management operations. Each user role can contain multiple rules and each user can have multiple roles.

Session Manager allows you to create a configuration and apply it in batch mode after the configuration is reviewed and verified for accuracy and completeness.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 20

System Management Features

Overview

DescriptionFeature

Online Diagnostics

System Message Logging

Smart Call Home

Cisco Generic Online Diagnostics (GOLD) define a common framework for diagnostic operations across Cisco platforms. The online diagnostic framework specifies the platform-independent fault-detection architecture for centralized and distributed systems, including the common diagnostics CLI and the platform-independent fault-detection procedures for boot-up and run-time diagnostics.

The platform-specific diagnostics provide hardware-specific fault-detection tests and allow you to take appropriate corrective action in response to diagnostic test results.

You can use system message logging to control the destination and to filter the severity level of messages that system processes generate. You can configure logging to a terminal session, a log file, and syslog servers on remote systems.

System message logging is based on RFC 3164. For more information about the system message format and the messages that the device generates, see the Cisco NX-OS System Messages Reference.

Call Home provides an e-mail-based notification of critical system policies. Cisco NX-OS provides a range of message formats for optimal compatibility with pager services, standard e-mail, or XML-based automated parsing applications. You can use this feature to page a network support engineer, e-mail a Network Operations Center, or use Cisco Smart Call Home services to automatically generate a case with the Technical Assistance Center.

Configuration Rollback

The configuration rollback feature allows users to take a snapshot, or user checkpoint, of the Cisco NX-OS configuration and then reapply that configuration to a switch at any point without having to reload the switch. A rollback allows any authorized administrator to apply this checkpoint configuration without requiring expert knowledge of the features configured in the checkpoint.

SNMP

The Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management of devices in a network.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 21

Overview

System Management Features

DescriptionFeature

RMON

SPAN

RMON is an Internet Engineering Task Force (IETF) standard monitoring specification that allows various network agents and console systems to exchange network monitoring data. Cisco NX-OS supports RMON alarms, events, and logs to monitor Cisco NX-OS devices.

The Switched Port Analyzer (SPAN) feature (sometimes called port mirroring or port monitoring) selects network traffic for analysis by a network analyzer. The network analyzer can be a Cisco SwitchProbe, a Fibre Channel Analyzer, or other Remote Monitoring (RMON) probes.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 22

System Management Features

Overview

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 23

Configuring PTP

This chapter contains the following sections:

Information About PTP, page 7

•

PTP Device Types, page 8

•

PTP Process, page 9

•

High Availability for PTP, page 10

•

Licensing Requirements for PTP, page 10

•

Guidelines and Limitations for PTP, page 10

•

Default Settings for PTP, page 10

•

Configuring PTP, page 11

•

CHAPTER 3

Information About PTP

PTP is a time synchronization protocol for nodes distributed across a network. Its hardware timestamp feature provides greater accuracy than other time synchronization protocols such as the Network Time Protocol (NTP).

A PTP system can consist of a combination of PTP and non-PTP devices. PTP devices include ordinary clocks, boundary clocks, and transparent clocks. Non-PTP devices include ordinary network switches, routers, and other infrastructure devices.

PTP is a distributed protocol that specifies how real-time PTP clocks in the system synchronize with each other. These clocks are organized into a master-slave synchronization hierarchy with the grandmaster clock, which is the clock at the top of the hierarchy, determining the reference time for the entire system. Synchronization is achieved by exchanging PTP timing messages, with the members using the timing information to adjust their clocks to the time of their master in the hierarchy. PTP operates within a logical scope called a PTP domain.

Starting from Cisco NXOS Release 6.0(2)A8(3), PTP supports configuring multiple PTP clocking domains, PTP grandmaster capability, PTP cost on interfaces for slave and passive election, and clock identity.

All the switches in a multi-domain environment, belong to one domain. The switches that are the part of boundary clock, must have multi-domain feature enabled on them. Each domain has user configurable parameters such as domain priority, clock class threshold and clock accuracy threshold. The clocks in each

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 24

PTP Device Types

Configuring PTP

domain remain synchronized with the master clock in that domain. If the GPS in a domain fails, the master clock in the domain synchronizes time and data sets associated with the announce messages from the master clock in the domain where the GPS is active. If the master clock from the highest priority domain does not meet the clock quality attributes, a clock in the subsequent domain that match the criteria is selected. The Best Master Clock Algorithm (BMCA) is used to select the master clock if none of the domains has the desired clock quality attributes. If all the domains have equal priority and the threshold values less than master clock attributes or if the threshold values are greater than the master clock attributes, BMCA is used to select the master clock.

Grandmaster capability feature controls the switch’s ability of propagating its clock to other devices that it is connected to. When the switch receives announce messages on an interface, it checks the clock class threshold and clock accuracy threshold values. If the values of these parameters are within the predefined limits, then the switch acts as per PTP standards specified in IEEE 1588v2. If the switch does not receive announce messages from external sources or if the parameters of the announce messages received are not within the predefined limits, the port state will be changed to listening mode. On a switch with no slave ports, the state of all the PTP enabled ports is rendered as listening and on a switch with one slave port, the BMCA is used to determine states on all PTP enabled ports. Convergence time prevents timing loops at the PTP level when grandmaster capability is disabled on a switch. If the slave port is not selected on the switch, all the ports on the switch will be in listening state for a minimum interval specified in the convergence time. The convergence time range is from 3 to 2600 seconds and the default value is 3 seconds.

The interface cost applies to each PTP enabled port if the switch has more than one path to grandmaster clock. The port with the least cost value is elected as slave and the rest of the ports will remain as passive ports.

The clock identity is a unique 8-octet array presented in the form of a character array based on the switch MAC address. The clock identity is determined from MAC according to the IEEE1588v2-2008 specifications. The clock ID is a combination of bytes in a VLAN MAC address as defined in IEEE1588v2.

Only Cisco Nexus 3000 Series switches support PTP. Cisco Nexus 3100 Series switches do not support this feature.

PTP Device Types

The following clocks are common PTP devices:

Ordinary clock

Communicates with the network based on a single physical port, similar to an end host. An ordinary clock can function as a grandmaster clock.

Boundary clock

Typically has several physical ports, with each port behaving like a port of an ordinary clock. However, each port shares the local clock, and the clock data sets are common to all ports. Each port decides its individual state, either master (synchronizing other ports connected to it) or slave (synchronizing to a downstream port), based on the best clock available to it through all of the other ports on the boundary clock. Messages that are related to synchronization and establishing the master-slave hierarchy terminate in the protocol engine of a boundary clock and are not forwarded.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 25

Configuring PTP

PTP Process

Transparent clock

Forwards all PTP messages like an ordinary switch or router but measures the residence time of a packet in the switch (the time that the packet takes to traverse the transparent clock) and in some cases the link delay of the ingress port for the packet. The ports have no state because the transparent clock does not need to synchronize to the grandmaster clock.

There are two kinds of transparent clocks:

End-to-end transparent clock

Measures the residence time of a PTP message and accumulates the times in the correction field of the PTP message or an associated follow-up message.

Peer-to-peer transparent clock

Measures the residence time of a PTP message and computes the link delay between each port and a similarly equipped port on another node that shares the link. For a packet, this incoming link delay is added to the residence time in the correction field of the PTP message or an associated follow-up message.

Note

PTP operates only in boundary clock mode. We recommend that you deploy a Grand Master Clock (10 MHz) upstream. The servers contain clocks that require synchronization and are connected to the switch.

End-to-end transparent clock and peer-to-peer transparent clock modes are not supported.

PTP Process

The PTP process consists of two phases: establishing the master-slave hierarchy and synchronizing the clocks.

Within a PTP domain, each port of an ordinary or boundary clock follows this process to determine its state:

After the master-slave hierarchy has been established, the clocks are synchronized as follows:

Examines the contents of all received announce messages (issued by ports in the master state)

•

Compares the data sets of the foreign master (in the announce message) and the local clock for priority,

•

clock class, accuracy, and so on

Determines its own state as either master or slave

•

The master sends a synchronization message to the slave and notes the time it was sent.

•

The slave receives the synchronization message and notes the time that it was received. For every

•

synchronization message, there is a follow-up message. The number of sync messages should be equal to the number of follow-up messages.

The slave sends a delay-request message to the master and notes the time it was sent.

•

The master receives the delay-request message and notes the time it was received.

•

The master sends a delay-response message to the slave. The number of delay request messages should

•

be equal to the number of delay response messages.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 26

High Availability for PTP

The slave uses these timestamps to adjust its clock to the time of its master.

•

High Availability for PTP

Stateful restarts are not supported for PTP.

Licensing Requirements for PTP

PTP requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.

Guidelines and Limitations for PTP

Configuring PTP

In a Cisco Nexus 3500 only environment, PTP clock correction is expected to be in the 1- to 2-digit

•

range, from 1 to 99 nanoseconds. However, in a mixed environment, PTP clock correction is expected to be up to 3 digits, from 100 to 999 nanoseconds.

PTP operates only in boundary clock mode. End-to-end transparent clock and peer-to-peer transparent

•

clock modes are not supported.

PTP supports transport over User Datagram Protocol (UDP). Transport over Ethernet is not supported.

•

PTP supports only multicast communication. Negotiated unicast communication is not supported.

•

PTP is limited to a single domain per network.

•

All management messages are forwarded on ports on which PTP is enabled. Handling management

•

messages is not supported.

PTP-capable ports do not identify PTP packets and do not time-stamp or redirect those packets unless

•

you enable PTP on those ports.

1 packet per second (1 pps) input is not supported.

•

PTP over IPv6 is not supported.

•

Cisco Nexus 3500 Switches support a maximum of 32 PTP sessions

•

Cisco Nexus switches should be synchronized from the neighboring master using a synchronization log

• interval that ranges from –3 to 1.

Default Settings for PTP

The following table lists the default settings for PTP parameters.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 27

Configuring PTP

Table 2: Default PTP Parameters

DefaultParameters

DisabledPTP

2PTP version

0. PTP multi domain is disabled by default.PTP domain

255PTP priority 1 value when advertising the clock

255PTP priority 2 value when advertising the clock

1 log secondPTP announce interval

1 log secondPTP sync interval

3 announce intervalsPTP announce timeout

Configuring PTP

Configuring PTP Globally

You can enable or disable PTP globally on a device. You can also configure various PTP clock parameters to help determine which clock in the network has the highest priority to be selected as the grandmaster.

Procedure

Step 1

Step 2

ptp

PurposeCommand or Action

Enters global configuration mode.switch# configure terminal

Enables or disables PTP on the device.switch(config) # [no] feature

Note

1 log secondPTP minimum delay request interval

1PTP VLAN

Enabling PTP on the switch does not enable PTP on each interface.

Step 3

Step 4

ip-address [vrf vrf]

switch(config) # [no] ptp

domain number

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Configures the source IP address for all PTP packets.switch(config) # [no] ptp source

The ip-address can be in IPv4 format.

(Optional) Configures the domain number to use for this clock. PTP domains allow you to use multiple independent PTP clocking subdomains on a single network.

Page 28

Configuring PTP Globally

Configuring PTP

PurposeCommand or Action

The range for the number is from 0 to 128.

Step 5

Step 6

Step 7

Step 8

Step 9

switch(config) # [no] ptp priority1 value

switch(config) # [no] ptp priority2 value

switch(config) # show ptp brief

switch(config) # show ptp clock

switch(config)# copy

running-config startup-config

(Optional) Configures the priority1 value to use when advertising this clock. This value overrides the default criteria (clock quality, clock class, and so on) for the best master clock selection. Lower values take precedence.

The range for the value is from 0 to 255.

(Optional) Configures the priority2 value to use when advertising this clock. This value is used to decide between two devices that are otherwise equally matched in the default criteria. For example, you can use the priority2 value to give a specific switch priority over other identical switches.

The range for the value is from 0 to 255.

(Optional) Displays the PTP status.

(Optional) Displays the properties of the local clock.

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

The following example shows how to configure PTP globally on the device, specify the source IP address for PTP communications, and configure a preference level for the clock:

switch# configure terminal switch(config)# feature ptp switch(config)# ptp source 10.10.10.1 switch(config)# ptp priority1 1 switch(config)# ptp priority2 1 switch(config)# show ptp brief PTP port status

----------------------Port State

------- -------------switch(config)# show ptp clock PTP Device Type: Boundary clock Clock Identity : 0:22:55:ff:ff:79:a4:c1 Clock Domain: 0 Number of PTP ports: 0 Priority1 : 1 Priority2 : 1 Clock Quality: Class : 248 Accuracy : 254 Offset (log variance) : 65535 Offset From Master : 0 Mean Path Delay : 0 Steps removed : 0 Local clock time:Sun Jul 3 14:13:24 2011 switch(config)#

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 29

Configuring PTP

Configuring PTP on an Interface

After you globally enable PTP, it is not enabled on all supported interfaces by default. You must enable PTP interfaces individually.

Before You Begin

Make sure that you have globally enabled PTP on the switch and configured the source IP address for PTP communication.

Procedure

Configuring PTP on an Interface

PurposeCommand or Action

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

switch(config) # interface ethernet

slot/port

switch(config-if) # [no] ptp announce {interval log seconds | timeout count}

switch(config-if) # [no] ptp delay request minimum interval log

seconds

switch(config-if) # [no] ptp sync interval log seconds

Enters global configuration mode.switch# configure terminal

Specifies the interface on which you are enabling PTP and enters interface configuration mode.

Enables or disables PTP on an interface.switch(config-if) # [no] feature ptp

(Optional) Configures the interval between PTP announce messages on an interface or the number of PTP intervals before a timeout occurs on an interface.

The range for the PTP announcement interval is from 0 to 4 seconds, and the range for the interval timeout is from 2 to 10.

(Optional) Configures the minimum interval allowed between PTP delay-request messages when the port is in the master state.

The range is from log(-6) to log(1) seconds. Where, log(-2) = 2 frames per second.

(Optional) Configures the interval between PTP synchronization messages on an interface.

The range for the PTP synchronization interval is from

-3 log second to 1 log second

Step 7

Step 8

switch(config-if) # [no] ptp vlan

vlan-id

switch(config-if) # show ptp brief

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

(Optional) Specifies the VLAN for the interface where PTP is being enabled. You can only enable PTP on one VLAN on an interface.

The range is from 1 to 4094.

(Optional) Displays the PTP status.

Page 30

Configuring Multiple PTP Domains

Configuring PTP

PurposeCommand or Action

Step 9

Step 10

switch(config-if) # show ptp port interface interface slot/port

switch(config-if)# copy running-config startup-config

(Optional) Displays the status of the PTP port.

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

This example shows how to configure PTP on an interface and configure the intervals for the announce, delay-request, and synchronization messages:

switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ptp switch(config-if)# ptp announce interval 3 switch(config-if)# ptp announce timeout 2 switch(config-if)# ptp delay-request minimum interval 4 switch(config-if)# ptp sync interval -1 switch(config-if)# show ptp brief PTP port status

----------------------Port State

------- -------------Eth2/1 Master switch(config-if)# show ptp port interface ethernet 1/1 PTP Port Dataset: Eth1/1 Port identity: clock identity: f4:4e:05:ff:fe:84:7e:7c Port identity: port number: 0 PTP version: 2 Port state: Slave VLAN info: 1 Delay request interval(log mean): 0 Announce receipt time out: 3 Peer mean path delay: 0 Announce interval(log mean): 1 Sync interval(log mean): 1 Delay Mechanism: End to End Cost: 255 Domain: 5 switch(config-if)#

Configuring Multiple PTP Domains

You can configure multiple PTP clocking domains on a single network. Each domain has a priority value associated with it. The default value is 255.

Procedure

Step 1

Step 2

ptp

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

PurposeCommand or Action

Enters global configuration mode.switch# configure terminal

Enables or disables PTP on the device.switch(config) # [no] feature

Note

Enabling PTP on the switch does not enable PTP on each interface.

Page 31

Configuring PTP

Configuring Multiple PTP Domains

PurposeCommand or Action

Step 3

Step 4

Step 5

Step 6

source ip-address [vrf vrf]

switch(config) # [no] ptp

multi-domain

domain value priority value

switch(config) # [no] ptp domain value clock-class-threshold value

Configures the source IP address for all PTP packets.switch(config) # [no] ptp

The ip-address can be in IPv4 format.

Enables configuring multi domain feature on the switch. It also allow you to set the attributes such as priority, clock-class threshold , clock-accuracy threshold, transition priorities etc. on the switch.

Specify the values for the domain and priority.switch(config) # [no] ptp

The range for the domain value is from 0 to 127. The default value of the domain is 0

The range for the priority value is from 0 to 255. The default value of the priority is 255

Specify the values for domain and clock class threshold. The default value is 248.

The range for the domain value is from 0 to 127.

The range for the clock-class-threshold value is from 0 to 255.

Note

It is not necessary that a clock class threshold value ensure election of the slave clock on any ports. The switch uses this value to determine whether the source clock is traceable. If the clock class value from the peer is higher or equal than the clock class threshold value in a domain, the switch runs BMCA to elect the slave port from a domain. If none of the domains has the clock class below the threshold value, the switch runs BMCA on all the PTP enabled ports to elect the best clock.

Step 7

Step 8

Step 9

switch(config) # [no] ptp domain value clock-accuracy-threshold

value

switch(config) # [no] ptp multi-domain transition-attributes priority1 value

switch(config) # [no] ptp multi-domain transition-attributes priority2 value

Specify the values for domain and clock accuracy threshold. The default value is 254.

The range for the domain value is from 0 to 127.

The range for the clock-accuracy-threshold value is from 0 to 255.

Sets the domain transition-attributes priority1 value that is used when sending a packet out from this domain to a peer domain. The value of the priority1 in the announce message from the remote port is replaced by the value of domain transition-attributes priority1 when the announce message has to be transmitted to a peer in a domain, that is different from that of the slave interface. The default value is 255.

The range for the transition-attributes priority1 value is from 0 to

255.

Sets the domain transition-attributes priority2 value that is used when sending a packet out from this domain to a peer domain. The value of the priority2 in the announce message from the remote port is replaced by the value of domain transition-attributes priority2 when the announce message has to be transmitted to a peer in a

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 32

Configuring PTP Grandmaster Clock

Configuring PTP

PurposeCommand or Action

domain, that is different from that of the slave interface. The default value is 255.

The range for the transition-attributes priority2 value is from 0 to

255.

Step 10

switch(config-if) # [no] ptp domain value

Associates a domain on a PTP enabled interface. If you do not configure the domain specifically on an interface, it takes the default value (0).

The range for the domain value is from 0 to 127.

The following example shows the PTP domains configured on a switch:

switch(config)# show ptp domain data MULTI DOMAIN : ENABLED GM CAPABILITY : ENABLED PTP DEFAULT DOMAIN : 0 PTP TRANSITION PRIORITY1 : 20 PTP TRANSITION PRIORITY2 : 255 PTP DOMAIN PROPERTY Domain-Number Domain-Priority Clock-Class Clock-Accuracy Ports 0 255 248 254 Eth1/1 1 1 1 254

switch(config)#

The following example shows the domains associated with each PTP enabled interfaces:

switch(config)# show ptp interface domain PTP port interface domain

-------------------------Port Domain

------- ----------------Eth1/1 0

1 1 254

switch(config)#

Configuring PTP Grandmaster Clock

You can configure convergence time to prevent timing loops at the PTP level when grandmaster capability is disabled on a switch. Grandmaster capability is enabled on the device by default.

Procedure

Step 1

Step 2

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

PurposeCommand or Action

Enters global configuration mode.switch# configure terminal

Enables or disables PTP on the device.switch(config) # [no] feature ptp

Note

Enabling PTP on the switch does not enable PTP on each interface.

Page 33

Configuring PTP

Configuring PTP Grandmaster Clock

PurposeCommand or Action

Step 3

Step 4

Step 5

Step 6

ip-address [vrf vrf]

switch(config) # no ptp grandmaster-capable [ convergence-time]

switch(config) # [no] ptp domain

value clock-class-threshold value

value clock-accuracy-threshold value

Configures the source IP address for all PTP packets.switch(config) # [no] ptp source

The ip-address can be in IPv4 format.

Disables grandmaster capability on the switch. Prevents the device from acting as a grandmaster when there is no external grandmaster available in any domains. The default convergence time is 30 seconds.

Specify the values for domain and clock class threshold. Clock class threshold defines the threshold value of clock class that the device uses to determine whether the source clock can be considered as a grandmaster clock.

The range for the domain value is from 0 to 127.

The range for the clock-class-threshold value is from 0 to 255.

Note

The switch uses this value to determine whether the source clock is traceable. If the clock class value from all the peers is higher than the clock class threshold value, the BMCA may change all the port state to listening.

Specify the values for domain and clock accuracy thresholdswitch(config) # [no] ptp domain

The range for the domain value is from 0 to 127.

The range for the clock-accuracy-threshold value is from 0 to

255.

Step 7

Enables grandmaster capability on a switch.switch(config) # ptp

grandmaster-capable

The following example displays the PTP clock information:

switch(config-if)# show ptp clock PTP Device Type: Boundary clock Clock Identity : f4:4e:05:ff:fe:84:7e:7c Clock Domain: 5 Number of PTP ports: 2 Priority1 : 129 Priority2 : 255 Clock Quality: Class : 248 Accuracy : 254 Offset (log variance) : 65535 Offset From Master : 0 Mean Path Delay : 391 Steps removed : 1 Local clock time:Wed Nov 9 10:31:21 2016 switch(config-if)#

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 34

Configuring PTP Cost Interface

You can configure interface cost on each PTP enabled port on a Cisco Nexus 3500 switch. The cost applies to each PTP enabled port if the switch has more than one path to grandmaster clock.

Procedure

Configuring PTP

PurposeCommand or Action

Step 1

Step 2

Enters global configuration mode.switch# configure terminal

Enables or disables PTP on the device.switch(config) # [no] feature ptp

Note

Enabling PTP on the switch does not enable PTP on each interface.

Step 3

Step 4

Step 5

ip-address [vrf vrf]

switch(config-if) # [no] ptp cost

value

Configures the source IP address for all PTP packets.switch(config) # [no] ptp source

The ip-address can be in IPv4 format.

Enables or disables PTP on the interface.switch(config-if) # [no] feature ptp

Associate cost on a PTP enabled interface. The interface having the least cost becomes the slave interface.

The range for the cost is from 0 to 255. The default value is 255.

The following example shows cost that is associated with each PTP enabled interfaces:

switch(config)# show ptp cost PTP port costs

----------------------Port Cost

------- -------------Eth1/1 255 switch(config)#

Configuring clock Identity

You can configure clock identity on a Cisco Nexus 3500 switch. The default clock identity is a unique 8-octet array presented in the form of a character array based on the switch MAC address.

Procedure

Step 1

Step 2

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

PurposeCommand or Action

Enters global configuration mode.switch# configure terminal

Enables or disables PTP on the device.switch(config) # [no] feature ptp

Page 35

Configuring PTP

PurposeCommand or Action

Note

Verifying the PTP Configuration

Enabling PTP on the switch does not enable PTP on each interface.

Step 3

switch(config-if) # ptp clock-identity MAC Address

Verifying the PTP Configuration

Use one of the following commands to verify the configuration:

Table 3: PTP Show Commands

show ptp clock

show ptp clock foreign-masters-record

PurposeCommand

Displays the PTP status.show ptp brief

Displays the properties of the local clock, including the clock identity.

Displays the state of foreign masters known to the PTP process. For each foreign master, the output displays the clock identity, basic clock properties, and whether the clock is being used as a grandmaster.

show ptp port interface ethernet slot/port

show ptp domain data

show ptp interface domain

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Displays the last few PTP corrections.show ptp corrections

Displays the properties of the PTP parent.show ptp parent

Displays the status of the PTP port on the switch.

Displays multiple domain data, domain priority, clock threshold and information about grandmaster capabilities.

Displays information about the interface to domain association.

Displays PTP port to cost association.show ptp cost

Page 36

Verifying the PTP Configuration

Configuring PTP

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 37

CHAPTER 4

Configuring User Accounts and RBAC

This chapter contains the following sections:

Information About User Accounts and RBAC, page 21

•

Guidelines and Limitations for User Accounts, page 24

•

Configuring User Accounts, page 25

•

Configuring RBAC, page 26

•

Verifying the User Accounts and RBAC Configuration, page 29

•

Configuring User Accounts Default Settings for the User Accounts and RBAC, page 30

•

Information About User Accounts and RBAC

Cisco Nexus Series switches use role-based access control (RBAC) to define the amount of access that each user has when the user logs into the switch.

With RBAC, you define one or more user roles and then specify which management operations each user role is allowed to perform. When you create a user account for the switch, you associate that account with a user role, which then determines what the individual user is allowed to do on the switch.

User Roles

User roles contain rules that define the operations allowed for the user who is assigned the role. Each user role can contain multiple rules and each user can have multiple roles. For example, if role1 allows access only to configuration operations, and role2 allows access only to debug operations, users who belong to both role1 and role2 can access configuration and debug operations. You can also limit access to specific VLANs, and interfaces.

The switch provides the following default user roles:

network-admin (superuser)

Complete read and write access to the entire switch.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 38

Rules

Configuring User Accounts and RBAC

network-operator

Complete read access to the switch.

Rules

Note

If you belong to multiple roles, you can execute a combination of all the commands permitted by these roles. Access to a command takes priority over being denied access to a command. For example, suppose a user has RoleA, which denied access to the configuration commands. However, the user also has RoleB, which has access to the configuration commands. In this case, the user has access to the configuration commands.

Only network-admin user can perform a Checkpoint or Rollback in the RBAC roles. Though other users have these commands as a permit rule in their role, the user access is denied when you try to execute these commands.

The rule is the basic element of a role. A rule defines what operations the role allows the user to perform. You can apply rules for the following parameters:

Command

A command or group of commands defined in a regular expression.

Feature

Commands that apply to a function provided by the Cisco Nexus device. Enter the show role feature command to display the feature names available for this parameter.

Feature group

Default or user-defined group of features. Enter the show role feature-group command to display the default feature groups available for this parameter.

These parameters create a hierarchical relationship. The most basic control parameter is the command. The next control parameter is the feature, which represents all commands associated with the feature. The last control parameter is the feature group. The feature group combines related features and allows you to easily manage the rules.

You can configure up to 256 rules for each role. The user-specified rule number determines the order in which the rules are applied. Rules are applied in descending order. For example, if a role has three rules, rule 3 is applied before rule 2, which is applied before rule 1.

User Role Policies

You can define user role policies to limit the switch resources that the user can access, or to limit access to interfaces and VLANs.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 39

Configuring User Accounts and RBAC

User role policies are constrained by the rules defined for the role. For example, if you define an interface policy to permit access to specific interfaces, the user does not have access to the interfaces unless you configure a command rule for the role to permit the interface command.

If a command rule permits access to specific resources (interfaces, VLANs), the user is permitted to access these resources, even if the user is not listed in the user role policies associated with that user.

User Account Configuration Restrictions

The following words are reserved and cannot be used to configure users:

adm

•

bin

•

daemon

•

ftp

•

ftpuser

•

User Account Configuration Restrictions

games

•

gdm

•

gopher

•

halt

•

mail

•

mailnull

•

man

•

mtsuser

•

news

•

nobody

•

san-admin

•

shutdown

•

sync

•

sys

•

uucp

•

Caution

xfs

•

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 40

User Password Requirements

Cisco Nexus device passwords are case sensitive and can contain alphanumeric characters only. Special characters, such as the dollar sign ($) or the percent sign (%), are not allowed.

Configuring User Accounts and RBAC

Note

Starting from Cisco NX-OS Release 7.2(0)N1(1), special characters, such as the dollar sign ($) or the percent sign (%), can be used in Cisco Nexus device passwords.

If a password is trivial (such as a short, easy-to-decipher password), the Cisco Nexus device rejects the password. Be sure to configure a strong password for each user account. A strong password has the following characteristics:

At least eight characters long

•

Does not contain many consecutive characters (such as "abcd")

•

Does not contain many repeating characters (such as "aaabbb")

•

Does not contain dictionary words

•

Does not contain proper names

•

Contains both uppercase and lowercase characters

•

Contains numbers

•

The following are examples of strong passwords:

If2CoM18

•

2009AsdfLkj30

•

Cb1955S21

•

For security reasons, user passwords do not display in the configuration files.Note

Guidelines and Limitations for User Accounts

User accounts have the following guidelines and limitations when configuring user accounts and RBAC:

Up to 256 rules can be added to a user role.

•

A maximum of 64 user roles can be assigned to a user account.

•

You can assign a user role to more that one user account.

•

Predefined roles such as network-admin, network-operator, and san-admin are not editable.

•

Add, delete, and editing of rules is not supported for the SAN admin user role.

•

The interface, VLAN, and/or VSAN scope cannot be changed for the SAN admin user role.

•

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 41

Configuring User Accounts and RBAC

A user account must have at least one user role.Note

Configuring User Accounts

Changes to user account attributes do not take effect until the user logs in and creates a new session.Note

Procedure

Configuring User Accounts

PurposeCommand or Action

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

switch(config)# show role

switch(config) # username user-id [password password] [expire date] [role role-name]

switch# show user-account

switch# copy running-config

startup-config

Enters global configuration mode.switch# configure terminal

(Optional) Displays the user roles available. You can configure other user roles, if necessary.

Configures a user account.

The user-id is a case-sensitive, alphanumeric character string with a maximum of 28 characters.

The default password is undefined.

Note

If you do not specify a password, the user might

not be able to log into the switch. The expire date option format is YYYY-MM-DD. The default is no expiry date.

Exists global configuration mode.switch(config) # exit

(Optional) Displays the role configuration.

(Optional) Copies the running configuration to the startup configuration.

The following example shows how to configure a user account:

switch# configure terminal switch(config)# username NewUser password 4Ty18Rnt switch(config)# exit switch# show user-account

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 42

Configuring RBAC

Creating User Roles and Rules

The rule number that you specify determines the order in which the rules are applied. Rules are applied in descending order. For example, if a role has three rules, rule 3 is applied before rule 2, which is applied before rule 1.

Procedure

Configuring User Accounts and RBAC

PurposeCommand or Action

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

switch(config) # role name role-name

switch(config-role) # rule number {deny | permit} command

command-string

switch(config-role)# rule number {deny | permit} {read | read-write}

feature feature-name

switch(config-role)# rule number {deny | permit} {read | read-write}

feature-group group-name

Enters global configuration mode.switch# configure terminal

Specifies a user role and enters role configuration mode.

The role-name argument is a case-sensitive, alphanumeric character string with a maximum of 16 characters.

Configures a command rule.

The command-string can contain spaces and regular expressions. For example, interface ethernet * includes all Ethernet interfaces.

Repeat this command for as many rules as needed.

Configures a read-only or read-and-write rule for all operations.

Configures a read-only or read-and-write rule for a feature.

Use the show role feature command to display a list of features.

Repeat this command for as many rules as needed.

Configures a read-only or read-and-write rule for a feature group.

Use the show role feature-group command to display a list of feature groups.

Repeat this command for as many rules as needed.

Step 7

Step 8

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

switch(config-role)# description text

(Optional) Configures the role description. You can include spaces in the description.

Exits role configuration mode.switch(config-role)# end

Page 43

Configuring User Accounts and RBAC

Creating Feature Groups

PurposeCommand or Action

Step 9

Step 10

switch# show role

switch# copy running-config

startup-config

This example shows how to create user roles and specify rules:

switch# configure terminal switch(config)# role name UserA switch(config-role)# rule deny command clear users switch(config-role)# rule deny read-write switch(config-role)# description This role does not allow users to use clear commands switch(config-role)# end switch(config)# show role

Creating Feature Groups

Procedure

(Optional) Displays the user role configuration.

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

PurposeCommand or Action

Step 1

Step 2

switch(config) # role feature-group

group-name

Step 3

Step 4

Step 5

switch# show role feature-group

switch# copy running-config

startup-config

This example shows how to create a feature group:

switch# configure terminal switch(config) # role feature-group group1 switch(config) # exit switch# show role feature-group switch# copy running-config startup-config switch#

Enters global configuration mode.switch# configure terminal

Specifies a user role feature group and enters role feature group configuration mode.

The group-name is a case-sensitive, alphanumeric character string with a maximum of 32 characters.

Exits global configuration mode.switch(config) # exit

(Optional) Displays the role feature group configuration.

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 44

Changing User Role Interface Policies

You can change a user role interface policy to limit the interfaces that the user can access. Specify a list of interfaces that the role can access. You can specify it for as many interfaces as needed.

Procedure

Configuring User Accounts and RBAC

PurposeCommand or Action

Step 1

Step 2

switch(config) # role name role-name

Enters global configuration mode.switch# configure terminal

Specifies a user role and enters role configuration mode.

Step 3

Enters role interface policy configuration mode.switch(config-role) # interface policy

deny

Step 4

interface interface-list

Specifies a list of interfaces that the role can access.switch(config-role-interface) # permit

Repeat this command for as many interfaces as needed.

For this command, you can specify Ethernet interfaces.

Step 5

Step 6

switch(config-role) # show role

Exits role interface policy configuration mode.switch(config-role-interface) # exit

(Optional) Displays the role configuration.

Step 7

switch(config-role) # copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

The following example shows how to change a user role interface policy to limit the interfaces that the user can access:

switch# configure terminal switch(config)# role name UserB switch(config-role)# interface policy deny switch(config-role-interface)# permit interface ethernet 2/1 switch(config-role-interface)# permit interface fc 3/1 switch(config-role-interface)# permit interface vfc 30/1

Changing User Role VLAN Policies

You can change a user role VLAN policy to limit the VLANs that the user can access.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 45

Configuring User Accounts and RBAC

Procedure

Verifying the User Accounts and RBAC Configuration

PurposeCommand or Action

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

switch(config) # role name role-name

vlan-list

switch# show role

switch# copy running-config

startup-config

Enters global configuration mode.switch# configure terminal

Specifies a user role and enters role configuration mode.

Enters role VLAN policy configuration mode.switch(config-role )# vlan policy deny

Specifies a range of VLANs that the role can access.switch(config-role-vlan # permit vlan

Repeat this command for as many VLANs as needed.

Exits role VLAN policy configuration mode.switch(config-role-vlan) # exit

(Optional) Displays the role configuration.

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Verifying the User Accounts and RBAC Configuration

Use one of the following commands to verify the configuration:

PurposeCommand

show role [role-name]

show startup-config security

show running-config security [all]

Displays the user role configuration

Displays the feature list.show role feature

Displays the feature group configuration.show role feature-group

Displays the user account configuration in the startup configuration.

Displays the user account configuration in the running configuration. The all keyword displays the default values for the user accounts.

Displays user account information.show user-account

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 46

Configuring User Accounts and RBAC

Configuring User Accounts Default Settings for the User Accounts and RBAC

The following table lists the default settings for user accounts and RBAC parameters.

Table 4: Default User Accounts and RBAC Parameters

DefaultParameters

Undefined.User account password

None.User account expiry date

All interfaces are accessible.Interface policy

All VLANs are accessible.VLAN policy

All VFCs are accessible.VFC policy

All VETHs are accessible.VETH policy

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 47

Configuring Session Manager

This chapter contains the following sections:

Information About Session Manager, page 31

•

Guidelines and Limitations for Session Manager, page 31

•

Configuring Session Manager, page 32

•

Verifying the Session Manager Configuration, page 34

•

Information About Session Manager

Session Manager allows you to implement your configuration changes in batch mode. Session Manager works in the following phases:

• Configuration session—Creates a list of commands that you want to implement in session manager

mode.

CHAPTER 5

• Validation—Provides a basic semantic check on your configuration. Cisco NX-OS returns an error if

the semantic check fails on any part of the configuration.

• Verification—Verifies the configuration as a whole, based on the existing hardware and software

configuration and resources. Cisco NX-OS returns an error if the configuration does not pass this verification phase.

• Commit— Cisco NX-OS verifies the complete configuration and implements the changes atomically

to the device. If a failure occurs, Cisco NX-OS reverts to the original configuration.

• Abort—Discards the configuration changes before implementation.

You can optionally end a configuration session without committing the changes. You can also save a configuration session.

Guidelines and Limitations for Session Manager

Session Manager has the following configuration guidelines and limitations:

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 48

Configuring Session Manager

Session Manager supports only the access control list (ACL) feature.

•

You can create up to 32 configuration sessions.

•

You can configure a maximum of 20,000 commands across all sessions.

•

Configuring Session Manager

Creating a Session

You can create up to 32 configuration sessions.

Procedure

Configuring Session Manager

PurposeCommand or Action

Step 1

Step 2

Step 3

switch# configure session name

switch(config-s)# show configuration session [name]

switch(config-s)# save location

Configuring ACLs in a Session

You can configure ACLs within a configuration session.

Procedure

Step 1

switch# configure session name

Creates a configuration session and enters session configuration mode. The name can be any alphanumeric string.

Displays the contents of the session.

(Optional) Displays the contents of the session.

(Optional) Saves the session to a file. The location can be in bootflash or volatile.

PurposeCommand or Action

Creates a configuration session and enters session configuration mode. The name can be any alphanumeric string.

Step 2

Step 3

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

switch(config-s)# ip access-list name

switch(config-s-acl)# permit protocol source

destination

Creates an ACL.

(Optional) Adds a permit statement to the ACL.

Page 49

Configuring Session Manager

Verifying a Session

PurposeCommand or Action

Step 4

Step 5

Step 6

Verifying a Session

To verify a session, use the following command in session mode:

Committing a Session

To commit a session, use the following command in session mode:

switch(config-s-acl)# interface interface-type

number

name in

switch# show configuration session [name]

PurposeCommand

Verifies the commands in the configuration session.switch(config-s)# verify [verbose]

Enters interface configuration mode.

Adds a port access group to the interface.switch(config-s-if)# ip port access-group

(Optional) Displays the contents of the session.

Saving a Session

To save a session, use the following command in session mode:

switch(config-s)# save location

Discarding a Session

To discard a session, use the following command in session mode:

PurposeCommand

Commits the commands in the configuration session.switch(config-s)# commit [verbose]

PurposeCommand

(Optional) Saves the session to a file. The location can be in bootflash or volatile.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 50

Configuration Example for Session Manager

Configuring Session Manager

PurposeCommand

switch(config-s)# abort

Discards the configuration session without applying the commands.

Configuration Example for Session Manager

The following example shows how to create a configuration session for ACLs:

switch# configure session name test2 switch(config-s)# ip access-list acl2 switch(config-s-acl)# permit tcp any any switch(config-s-acl)# exit switch(config-s)# interface Ethernet 1/4 switch(config-s-ip)# ip port access-group acl2 in switch(config-s-ip)# exit switch(config-s)# verify switch(config-s)# exit switch# show configuration session test2

Verifying the Session Manager Configuration

To verify Session Manager configuration information, perform one of the following tasks:

PurposeCommand

show configuration session [name]

show configuration session status [name]

Displays the contents of the configuration session.

Displays the status of the configuration session.

Displays a summary of all the configuration sessions.show configuration session summary

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 51

CHAPTER 6

Configuring the Scheduler

This chapter contains the following sections:

Information About the Scheduler, page 35

•

Licensing Requirements for the Scheduler, page 36

•

Guidelines and Limitations for the Scheduler, page 36

•

Default Settings for the Scheduler, page 37

•

Configuring the Scheduler, page 37

•

Verifying the Scheduler Configuration, page 43

•

Configuration Examples for the Scheduler, page 43

•

Standards for the Scheduler, page 45

•

Information About the Scheduler

The scheduler allows you to define and set a timetable for maintenance activities such as the following:

Quality of service policy changes

•

Data backup

•

Saving a configuration

•

Jobs consist of a single command or multiple commands that define routine activities. Jobs can be scheduled one time or at periodic intervals.

The scheduler defines a job and its timetable as follows:

Job

A routine task or tasks defined as a command list and completed according to a specified schedule.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 52

Remote User Authentication

Schedule

Configuring the Scheduler

The timetable for completing a job. You can assign multiple jobs to a schedule.

A schedule is defined as either periodic or one-time only:

• Periodic mode— A recurring interval that continues until you delete the job. You can configure

the following types of intervals:

◦ Daily— Job is completed once a day.

◦ Weekly— Job is completed once a week.

◦ Monthly—Job is completed once a month.

◦ Delta—Job begins at the specified start time and then at specified intervals

(days:hours:minutes).

• One-time mode—Job is completed only once at a specified time.

Remote User Authentication

Before starting a job, the scheduler authenticates the user who created the job. Because user credentials from a remote authentication are not retained long enough to support a scheduled job, you must locally configure the authentication passwords for users who create jobs. These passwords are part of the scheduler configuration and are not considered a locally configured user.

Before starting the job, the scheduler validates the local password against the password from the remote authentication server.

Scheduler Log Files

The scheduler maintains a log file that contains the job output. If the size of the job output is greater than the size of the log file, the output is truncated.

Licensing Requirements for the Scheduler

This feature does not require a license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.

Guidelines and Limitations for the Scheduler

The scheduler can fail if it encounters one of the following while performing a job:

•

If a feature license is expired when a job for that feature is scheduled.

◦

If a feature is disabled at the time when a job for that feature is scheduled.

◦

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 53

Configuring the Scheduler

Verify that you have configured the time. The scheduler does not apply a default timetable. If you create

•

a schedule, assign jobs, and do not configure the time, the job is not started.

While defining a job, verify that no interactive or disruptive commands (for example, copy bootflash:

•

file ftp:URI, write erase, and other similar commands) are specified because the job is started and conducted noninteractively.

Default Settings for the Scheduler

Table 5: Default Command Scheduler Parameters

Default Settings for the Scheduler

DefaultParameters

DisabledScheduler state

16 KBLog file size

Configuring the Scheduler

Enabling the Scheduler

Procedure

Step 1

Step 2

Step 3

Step 4

This example shows how to enable the scheduler:

switch# configure terminal switch(config)# feature scheduler switch(config)# show scheduler config config terminal

feature scheduler

scheduler logfile size 16 end switch(config)#

switch(config) # show scheduler config

switch(config)# copy running-config

startup-config

PurposeCommand or Action

Enters global configuration mode.switch# configure terminal

Enables the scheduler.switch(config) # feature scheduler

(Optional) Displays the scheduler configuration.

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 54

Defining the Scheduler Log File Size

Procedure

Configuring the Scheduler

PurposeCommand or Action

Step 1

Step 2

size value

Step 3

This example shows how to define the scheduler log file size:

switch# configure terminal switch(config)# scheduler logfile size 1024 switch(config)#

switch(config)# copy running-config startup-config

Configuring Remote User Authentication

Remote users must authenticate with their clear text password before creating and configuring jobs.

Remote user passwords are always shown in encrypted form in the output of the show running-config command. The encrypted option (7) in the command supports the ASCII device configuration.

Enters global configuration mode.switch# configure terminal

Defines the scheduler log file size in kilobytes.switch(config) # scheduler logfile

The range is from 16 to 1024. The default log file size is

16.

Note

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

If the size of the job output is greater than the size of the log file, the output is truncated.

Procedure

PurposeCommand or Action

Step 1

Step 2

Step 3

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

switch(config) # scheduler aaa-authentication password [0 | 7]

password

aaa-authentication username name password [0 | 7] password

Enters global configuration mode.switch# configure terminal

Configures a password for the user who is currently logged in.

To configure a clear text password, enter 0.

To configure an encrypted password, enter 7.

Configures a clear text password for a remote user.switch(config) # scheduler

Page 55

Configuring the Scheduler

Defining a Job

PurposeCommand or Action

Defining a Job

Step 4

Step 5

switch(config) # show running-config | include "scheduler aaa-authentication"

switch(config)# copy running-config startup-config

(Optional) Displays the scheduler password information.

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

This example shows how to configure a clear text password for a remote user called NewUser:

switch# configure terminal switch(config) # scheduler aaa-authentication

username NewUser password z98y76x54b

switch(config) # copy running-config startup-config switch(config) #

Once a job is defined, you cannot modify or remove a command. To change the job, you must delete it and create a new one.

Procedure

PurposeCommand or Action

Step 1

Step 2

Step 3

Step 4

Step 5

switch(config) # scheduler job name

name

switch(config-job) # command1 ; [command2 ;command3 ; ...

switch(config-job) # show scheduler job [name]

switch(config-job) # copy

running-config startup-config

Enters global configuration mode.switch# configure terminal

Creates a job with the specified name and enters job configuration mode.

The name is restricted to 31 characters.

Defines the sequence of commands for the specified job. You must separate commands with a space and a semicolon ( ;).

The filename is created using the current time stamp and switch name.

(Optional) Displays the job information.

The name is restricted to 31 characters.

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 56

Deleting a Job

Configuring the Scheduler

This example shows how to create a scheduler job named backup-cfg, save the running configuration to a file in bootflash, copy the file from bootflash to a TFTP server, and save the change to the startup configuration:

switch# configure terminal switch(config) # scheduler job name backup-cfg switch(config-job) # cli var name timestamp

$(timestamp) ;copy running-config bootflash:/$(SWITCHNAME)-cfg.$(timestamp) ;copy bootflash:/$(SWITCHNAME)-cfg.$(timestamp) tftp://1.2.3.4/ vrf management switch(config-job) # copy running-config startup-config

Procedure

PurposeCommand or Action

Step 1

Step 2

Step 3

Step 4

This example shows how to delete a job called configsave:

switch# configure terminal switch(config)# no scheduler job name configsave switch(config-job)# copy running-config startup-config switch(config-job)#

Defining a Timetable

You must configure a timetable. Otherwise, jobs will not be scheduled.

If you do not specify the time for the time commands, the scheduler assumes the current time. For example, if the current time is March 24, 2008, 22:00 hours,jobs are started as follows:

switch(config) # no scheduler job name

name

switch(config-job) # show scheduler job [name]

switch(config-job) # copy

running-config startup-config

Enters global configuration mode.switch# configure terminal

Deletes the specified job and all commands defined within it.

The name is restricted to 31 characters.

(Optional) Displays the job information.

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

For the time start 23:00 repeat 4:00:00 command, the scheduler assumes a start time of March 24,

•

2008, 23:00 hours.

For the time daily 55 command, the scheduler assumes a start time every day at 22:55 hours.

•

For the time weekly 23:00 command, the scheduler assumes a start time every Friday at 23:00 hours.

•

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 57

Configuring the Scheduler

Defining a Timetable

For the time monthly 23:00 command, the scheduler assumes a start time on the 24th of every month

•

at 23:00 hours.

Note

The scheduler will not begin the next occurrence of a job before the last one completes. For example, you have scheduled a job to be completed at one-minute intervals beginning at 22:00; but the job requires two minutes to complete. The scheduler starts the first job at 22:00, completes it at 22:02, and then observes a one-minute interval before starting the next job at 22:03.

Procedure

PurposeCommand or Action

Step 1

Step 2

switch(config) # scheduler schedule name name

Enters global configuration mode.switch# configure terminal

Creates a new scheduler and enters schedule configuration mode for that schedule.

The name is restricted to 31 characters.

Step 3

switch(config-schedule) # job name

name

Associates a job with this schedule. You can add multiple jobs to a schedule.

The name is restricted to 31 characters.

Step 4

Step 5

switch(config-schedule) # time daily

time

weekly [[day-of-week:] HH:] MM

Indicates the job starts every day at a designated time, specified as HH:MM.

Indicates that the job starts on a specified day of the week.switch(config-schedule) # time

The day of the week is represented by an integer (for example, 1 for Sunday, 2 for Monday) or as an abbreviation (for example, sun, mon).

Step 6

Step 7

monthly [[day-of-month:] HH:] MM

{now repeat repeat-interval | delta-time [repeat repeat-interval]}

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

The maximum length for the entire argument is 10 characters.

Indicates that the job starts on a specified day each month.switch(config-schedule) # time

If you specify 29, 30, or 31, the job is started on the last day of each month.

Indicates the job starts periodically.switch(config-schedule) # time start

The start-time format is [[[[yyyy:]mmm:]dd:]HH]:MM.

• delta-time— Specifies the amount of time to wait

after the schedule is configured before starting a job.

• now— Specifies that the job starts two minutes from

now.

• repeat repeat-interval— Specifies the frequency at

which the job is repeated.

Page 58

Clearing the Scheduler Log File

Configuring the Scheduler

PurposeCommand or Action

Step 8

switch(config-schedule) # show scheduler config

Step 9

switch(config-schedule) # copy running-config startup-config

This example shows how to define a timetable where jobs start on the 28th of each month at 23:00 hours:

switch# configure terminal switch(config)# scheduler schedule name weekendbackupqos switch(config-scheduler)# job name offpeakzoning switch(config-scheduler)# time monthly 28:23:00 switch(config-scheduler)# copy running-config startup-config switch(config-scheduler)#

Clearing the Scheduler Log File

Procedure

Step 1

(Optional) Displays the scheduler information.

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

PurposeCommand or Action

Enters global configuration mode.switch# configure terminal

Step 2

This example shows how to clear the scheduler log file:

switch# configure terminal switch(config)# clear scheduler logfile

Disabling the Scheduler

Procedure

Step 1

Step 2

Step 3

switch(config) # show scheduler config

Clears the scheduler log file.switch(config) # clear scheduler logfile

PurposeCommand or Action

Enters global configuration mode.switch# configure terminal

Disables the scheduler.switch(config) # no feature scheduler

(Optional) Displays the scheduler configuration.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 59

Configuring the Scheduler

Verifying the Scheduler Configuration

PurposeCommand or Action

Step 4

switch(config)# copy running-config startup-config

This example shows how to disable the scheduler:

switch# configure terminal switch(config) # no feature scheduler switch(config) # copy running-config startup-config switch(config) #

Verifying the Scheduler Configuration

Use one of the following commands to verify the configuration:

Table 6: Scheduler Show Commands

show scheduler job [name name]

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

PurposeCommand

Displays the scheduler configuration.show scheduler config

Displays the jobs configured.

Displays the contents of the scheduler log file.show scheduler logfile

show scheduler schedule [name name]

Displays the schedules configured.

Configuration Examples for the Scheduler

Creating a Scheduler Job

This example shows how to create a scheduler job that saves the running configuration to a file in bootflash and then copies the file from bootflash to a TFTP server (the filename is created using the current time stamp and switch name):

switch# configure terminal switch(config)# scheduler job name backup-cfg switch(config-job)# cli var name timestamp $(TIMESTAMP) ;copy running-config bootflash:/$(SWITCHNAME)-cfg.$(timestamp) ;copy bootflash:/$(SWITCHNAME)-cfg.$(timestamp) tftp://1.2.3.4/ vrf management switch(config-job)# end switch(config)#

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 60

Scheduling a Scheduler Job

This example shows how to schedule a scheduler job called backup-cfg to run daily at 1 a.m.:

switch# configure terminal switch(config)# scheduler schedule name daily switch(config-schedule)# job name backup-cfg switch(config-schedule)# time daily 1:00 switch(config-schedule)# end switch(config)#

Displaying the Job Schedule

This example shows how to display the job schedule:

switch# show scheduler schedule Schedule Name : daily

--------------------------User Name : admin Schedule Type : Run every day at 1 Hrs 00 Mins Last Execution Time : Fri Jan 2 1:00:00 2009 Last Completion Time: Fri Jan 2 1:00:01 2009 Execution count : 2

----------------------------------------------Job Name Last Execution Status

-----------------------------------------------

back-cfg Success (0) switch(config)#

Configuring the Scheduler

Displaying the Results of Running Scheduler Jobs

This example shows how to display the results of scheduler jobs that have been executed by the scheduler:

switch# show scheduler logfile Job Name : back-cfg Job Status: Failed (1) Schedule Name : daily User Name : admin Completion time: Fri Jan 1 1:00:01 2009

--------------------------------- Job Output ---------------------------------

`cli var name timestamp 2009-01-01-01.00.00` `copy running-config bootflash:/$(HOSTNAME)-cfg.$(timestamp)` `copy bootflash:/switch-cfg.2009-01-01-01.00.00 tftp://1.2.3.4/ vrf management ` copy: cannot access file '/bootflash/switch-cfg.2009-01-01-01.00.00' ============================================================================== Job Name : back-cfg Job Status: Success (0) Schedule Name : daily User Name : admin Completion time: Fri Jan 2 1:00:01 2009

--------------------------------- Job Output ---------------------------------

`cli var name timestamp 2009-01-02-01.00.00` `copy running-config bootflash:/switch-cfg.2009-01-02-01.00.00` `copy bootflash:/switch-cfg.2009--01-02-01.00.00 tftp://1.2.3.4/ vrf management ` Connection to Server Established.

[ ] 0.50KBTrying to connect to tftp server......

[###### ] 24.50KB TFTP put operation was successful ============================================================================== switch#

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 61

Configuring the Scheduler

Standards for the Scheduler

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

Standards for the Scheduler

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 62

Standards for the Scheduler

Configuring the Scheduler

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 63

CHAPTER 7

Configuring Online Diagnostics

This chapter contains the following sections:

Information About Online Diagnostics, page 47

•

Configuring Online Diagnostics, page 50

•

Verifying the Online Diagnostics Configuration, page 50

•

Default Settings for Online Diagnostics, page 51

•

Information About Online Diagnostics

Online diagnostics provide verification of hardware components during switch bootup or reset, and they monitor the health of the hardware during normal switch operation.

Cisco Nexus Series switches support bootup diagnostics and runtime diagnostics. Bootup diagnostics include disruptive tests and nondisruptive tests that run during system bootup and system reset.

Runtime diagnostics (also known as health monitoring diagnostics) include nondisruptive tests that run in the background during normal operation of the switch.

Bootup Diagnostics

Bootup diagnostics detect faulty hardware before bringing the switch online. Bootup diagnostics also check the data path and control path connectivity between the supervisor and the ASICs. The following table describes the diagnostics that are run only during switch bootup or reset.

Table 7: Bootup Diagnostics

DescriptionDiagnostic

Tests PCI express (PCIe) access.PCIe

Verifies the integrity of the NVRAM.NVRAM

Tests connectivity of the inband port to the supervisor.In band port

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 64

Health Monitoring Diagnostics

Bootup diagnostics also include a set of tests that are common with health monitoring diagnostics.

Bootup diagnostics log any failures to the onboard failure logging (OBFL) system. Failures also trigger an LED display to indicate diagnostic test states (on, off, pass, or fail).

You can configure Cisco Nexus device to either bypass the bootup diagnostics or run the complete set of bootup diagnostics.

Health Monitoring Diagnostics

Health monitoring diagnostics provide information about the health of the switch. They detect runtime hardware errors, memory errors, software faults, and resource exhaustion.

Health monitoring diagnostics are nondisruptive and run in the background to ensure the health of a switch that is processing live network traffic.

The following table describes the health monitoring diagnostics for the switch.

Configuring Online Diagnostics

DescriptionDiagnostic

Tests the management port.Management port

Verifies the integrity of the DRAM.Memory

Note

Table 8: Health Monitoring Diagnostics Tests

DescriptionDiagnostic

Monitors port and system status LEDs.LED

Monitors the power supply health state.Power Supply

Monitors temperature sensor readings.Temperature Sensor

Monitors the fan speed and fan control.Test Fan

When the switch reaches the intake temperature threshold and does not go within the limits in 120 seconds, the switch will power off and the power supplies will have to be re-seated to recover the switch

The following table describes the health monitoring diagnostics that also run during system boot or system reset.

Table 9: Health Monitoring and Bootup Diagnostics Tests

DescriptionDiagnostic

SPROM

Verifies the integrity of backplane and supervisor SPROMs.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 65

Configuring Online Diagnostics

Expansion Module Diagnostics

DescriptionDiagnostic

Tests the switch fabric ASICs.Fabric engine

Tests the ports on the switch fabric ASIC.Fabric port

Tests the forwarding engine ASICs.Forwarding engine

Tests the ports on the forwarding engine ASICs.Forwarding engine port

Front port

Note

When the switch exceeds the intake temperature threshold of 40 degrees Celsius and does not decrease to within the threshold limits in 120 seconds, the switch powers off and the power supplies must be re-seated to recover the switch.

Expansion Module Diagnostics

During the switch bootup or reset, the bootup diagnostics include tests for the in-service expansion modules in the switch.

When you insert an expansion module into a running switch, a set of diagnostics tests are run. The following table describes the bootup diagnostics for an expansion module. These tests are common with the bootup diagnostics. If the bootup diagnostics fail, the expansion module is not placed into service.

Table 10: Expansion Module Bootup and Health Monitoring Diagnostics

Tests the components (such as PHY and MAC) on the front ports.

DescriptionDiagnostic

SPROM

Front port

Verifies the integrity of backplane and supervisor SPROMs.

Tests the switch fabric ASICs.Fabric engine

Tests the ports on the switch fabric ASIC.Fabric port

Tests the forwarding engine ASICs.Forwarding engine

Tests the ports on the forwarding engine ASICs.Forwarding engine port

Tests the components (such as PHY and MAC) on the front ports.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 66

Configuring Online Diagnostics

Health monitoring diagnostics are run on in-service expansion modules. The following table describes the additional tests that are specific to health monitoring diagnostics for expansion modules.

Table 11: Expansion Module Health Monitoring Diagnostics

Configuring Online Diagnostics

You can configure the bootup diagnostics to run the complete set of tests, or you can bypass all bootup diagnostic tests for a faster module boot up time.

Configuring Online Diagnostics

DescriptionDiagnostic

Monitors port and system status LEDs.LED

Monitors temperature sensor readings.Temperature Sensor

Note

We recommend that you set the bootup online diagnostics level to complete. We do not recommend bypassing the bootup online diagnostics.

Procedure

PurposeCommand or Action

Step 1

Step 2

Step 3

The following example shows how to configure the bootup diagnostics level to trigger the complete diagnostics:

switch# configure terminal switch(config)# diagnostic bootup level complete

switch(config)# diagnostic bootup level [complete | bypass]

switch# show diagnostic bootup level

Enters global configuration mode.switch# configure terminal

Configures the bootup diagnostic level to trigger diagnostics when the device boots, as follows:

• complete—Performs all bootup diagnostics. This is

the default value.

• bypass—Does not perform any bootup diagnostics.

(Optional) Displays the bootup diagnostic level (bypass or complete) that is currently in place on the switch.

Verifying the Online Diagnostics Configuration

Use the following commands to verify online diagnostics configuration information:

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 67

Configuring Online Diagnostics

Default Settings for Online Diagnostics

PurposeCommand

Displays the bootup diagnostics level.show diagnostic bootup level

show diagnostic result module slot

Displays the results of the diagnostics tests.

Default Settings for Online Diagnostics

The following table lists the default settings for online diagnostics parameters.

Table 12: Default Online Diagnostics Parameters

DefaultParameters

completeBootup diagnostics level

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 68

Default Settings for Online Diagnostics

Configuring Online Diagnostics

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 69

Configuring NTP

This chapter contains the following sections:

Information About NTP, page 53

•

NTP as a Time Server, page 54

•

Distributing NTP Using CFS, page 54

•

Clock Manager, page 54

•

Virtualization Support, page 54

•

Licensing Requirements for NTP, page 54

•

Guidelines and Limitations for NTP, page 55

•

Default Settings, page 55

•

Configuring NTP, page 56

•

Information About NTP

The Network Time Protocol (NTP) synchronizes the time of day among a set of distributed time servers and clients so that you can correlate events when you receive system logs and other time-specific events from multiple network devices. NTP uses the User Datagram Protocol (UDP) as its transport protocol. All NTP communications use Coordinated Universal Time (UTC).

An NTP server usually receives its time from an authoritative time source, such as a radio clock or an atomic clock attached to a time server, and then distributes this time across the network. NTP is extremely efficient; no more than one packet per minute is necessary to synchronize two machines to within a millisecond of each other.

NTP uses a stratum to describe the distance between a network device and an authoritative time source:

A stratum 1 time server is directly attached to an authoritative time source (such as a radio or atomic

•

clock or a GPS time source).

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 70

NTP as a Time Server

Configuring NTP

A stratum 2 NTP server receives its time through NTP from a stratum 1 time server.

•

Before synchronizing, NTP compares the time reported by several network devices and does not synchronize with one that is significantly different, even if it is a stratum 1. Because Cisco NX-OS cannot connect to a radio or atomic clock and act as a stratum 1 server, we recommend that you use the public NTP servers available on the Internet. If the network is isolated from the Internet, Cisco NX-OS allows you to configure the time as though it were synchronized through NTP, even though it was not.

Note

You can create NTP peer relationships to designate the time-serving hosts that you want your network device to consider synchronizing with and to keep accurate time if a server failure occurs.

The time kept on a device is a critical resource, so we strongly recommend that you use the security features of NTP to avoid the accidental or malicious setting of incorrect time. Two mechanisms are available: an access list-based restriction scheme and an encrypted authentication mechanism.

NTP as a Time Server

the Cisco NX-OS device can use NTP to distribute time. Other devices can configure it as a time server. You can also configure the device to act as an authoritative NTP server, enabling it to distribute time even when it is not synchronized to an outside time source.

Distributing NTP Using CFS

Cisco Fabric Services (CFS) distributes the local NTP configuration to all Cisco devices in the network. After enabling CFS on your device, a network-wide lock is applied to NTP whenever an NTP configuration is started. After making the NTP configuration changes, you can discard or commit them. In either case, the CFS lock is then released from the NTP application.

Clock Manager

Clocks are resources that need to be shared across different processes. Multiple time synchronization protocols, such as NTP and Precision Time Protocol (PTP), might be running in the system.

The clock manager allows you to specify the protocol to control the various clocks in the system. Once you specify the protocol, the system clock starts updating.

Virtualization Support

NTP recognizes virtual routing and forwarding (VRF) instances. NTP uses the default VRF if you do not configure a specific VRF for the NTP server and NTP peer.

Licensing Requirements for NTP

The following table shows the licensing requirements for this feature:

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 71

Configuring NTP

Guidelines and Limitations for NTP

License RequirementProduct

Cisco NX-OS

Guidelines and Limitations for NTP

NTP has the following configuration guidelines and limitations:

To configure NTP, you must have connectivity to at least one server that is running NTP.

•

You should have a peer association with another device only when you are sure that your clock is reliable

•

(which means that you are a client of a reliable NTP server).

A peer configured alone takes on the role of a server and should be used as a backup. If you have two

•

servers, you can configure several devices to point to one server and the remaining devices to point to the other server. You can then configure a peer association between these two servers to create a more reliable NTP configuration.

If you have only one server, you should configure all the devices as clients to that server.

•

You can configure up to 64 NTP entities (servers and peers).

•

If CFS is disabled for NTP, then NTP does not distribute any configuration and does not accept a

•

distribution from other devices in the network.

NTP requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you.

After CFS distribution is enabled for NTP, the entry of an NTP configuration command locks the network

•

for NTP configuration until a commit command is entered. During the lock, no changes can be made to the NTP configuration by any other device in the network except the device that initiated the lock.

If you use CFS to distribute NTP, all devices in the network should have the same VRFs configured as

•

you use for NTP.

If you configure NTP in a VRF, ensure that the NTP server and peers can reach each other through the

•

configured VRFs.

You must manually distribute NTP authentication keys on the NTP server and Cisco NX-OS devices

•

across the network.

Default Settings

Table 13: Default NTP Parameters

DefaultParameters

disabledNTP authentication

enabledNTP access

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 72

Configuring NTP

Configuring NTP Server and Peer

You can configure an NTP server and peer.

Before You Begin

Make sure you know the IP address or DNS names of your NTP server and its peers.

If you plan to use CFS to distribute your NTP configuration to other devices, then you should have already completed the following:

Configuring NTP

DefaultParameters

disabledNTP logging

Enabled CFS distribution.

•

Enabled CFS for NTP.

•

Procedure

Step 1

Step 2

{ip-address | ipv6-address | dns-name} [key key-id] [maxpoll max-poll] [minpoll min-poll] [prefer] [use-vrf vrf-name]

PurposeCommand or Action

Enters global configuration mode.switch# configure terminal

Forms an association with a server.switch(config)# [no] ntp server

Use the key keyword to configure a key to be used while communicating with the NTP server. The range for the key-id argument is from 1 to 65535.

Use the maxpoll and minpoll keywords to configure the maximum and minimum intervals in which to poll a peer. The range for the max-poll and min-poll arguments is from 4 to 16 seconds, and the default values are 6 and 4, respectively.

Use the prefer keyword to make this the preferred NTP server for the device.

Use the use-vrf keyword to configure the NTP server to communicate over the specified VRF. The vrf-name argument can be default, management, or any case-sensitive alphanumeric string up to 32 characters.

Note

If you configure a key to be used while communicating with the NTP server, make sure that the key exists as a trusted key on the device.

Step 3

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

switch(config)# [no] ntp peer {ip-address | ipv6-address |

Forms an association with a peer. You can specify multiple peer associations.

Page 73

Configuring NTP

dns-name} [key key-id] [maxpoll max-poll] [minpoll

min-poll] [prefer] [use-vrf vrf-name]

Configuring NTP Authentication

PurposeCommand or Action

Use the key keyword to configure a key to be used while communicating with the NTP peer. The range for the key-id argument is from 1 to 65535.

Use the prefer keyword to make this the preferred NTP server for the device.

Step 4

switch(config)# show ntp peers

Step 5

switch(config)# copy running-config startup-config

This example shows how to configure an NTP server and peer:

switch# config t Enter configuration commands, one per line. End with CNTL/Z. switch(config)# ntp server 192.0.2.10 key 10 use-vrf Red switch(config)# ntp peer 2001:0db8::4101 prefer use-vrf Red switch(config)# show ntp peers

-------------------------------------------------Peer IP Address Serv/Peer

-------------------------------------------------2001:0db8::4101 Peer (configured)

192.0.2.10 Server (configured) switch(config)# copy running-config startup-config [########################################] 100% switch(config)#

Configuring NTP Authentication

(Optional) Displays the configured server and peers.

Note

A domain name is resolved only when you have a DNS server configured.

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

You can configure the device to authenticate the time sources to which the local clock is synchronized. When you enable NTP authentication, the device synchronizes to a time source only if the source carries one of the authentication keys specified by the ntp trusted-key command. The device drops any packets that fail the authentication check and prevents them from updating the local clock. NTP authentication is disabled by default.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 74

Configuring NTP Authentication

Before You Begin

Make sure that you configured the NTP server with the authentication keys that you plan to specify in this procedure.

Procedure

Configuring NTP

PurposeCommand or Action

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

switch(config)# [no] ntp authentication-key number md5

md5-string

switch(config)# show ntp authentication-keys

switch(config)# [no]ntp trusted-key

number

switch(config)# show ntp trusted-keys

switch(config)# [no] ntp authenticate

switch(config)# show ntp authentication-status

Enters global configuration mode.switch# configure terminal

Defines the authentication keys. The device does not synchronize to a time source unless the source has one of these authentication keys and the key number is specified by the ntp trusted-key number command.

(Optional) Displays the configured NTP authentication keys.

Specifies one or more keys that a time source must provide in its NTP packets in order for the device to synchronize to it. The range for trusted keys is from 1 to 65535.

This command provides protection against accidentally synchronizing the device to a time source that is not trusted.

(Optional) Displays the configured NTP trusted keys.

Enables or disables the NTP authentication feature. NTP authentication is disabled by default.

(Optional) Displays the status of NTP authentication.

Step 8

switch(config)# copy running-config startup-config

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

This example shows how to configure the device to synchronize only to time sources that provide authentication key 42 in their NTP packets:

switch# config t Enter configuration commands, one per line. End with CNTL/Z. switch(config)# ntp authentication-key 42 md5 aNiceKey switch(config)# ntp trusted-key 42 switch(config)# ntp authenticate switch(config)# copy running-config startup-config [########################################] 100% switch(config)#

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 75

Configuring NTP

Configuring NTP Access Restrictions

You can control access to NTP services by using access groups. Specifically, you can specify the types of requests that the device allows and the servers from which it accepts responses.

If you do not configure any access groups, NTP access is granted to all devices. If you configure any access groups, NTP access is granted only to the remote device whose source IP address passes the access list criteria.

Procedure

Configuring NTP Access Restrictions

PurposeCommand or Action

Step 1

Step 2

Step 3

switch(config)# [no] ntp access-group {peer | serve | serve-only | query-only}

access-list-name

switch(config)# show ntp access-groups

Enters global configuration mode.switch# configure terminal

Creates or removes an access group to control NTP access and applies a basic IP access list.

The access group options are scanned in the following order, from least restrictive to most restrictive. However, if NTP matches a deny ACL rule in a configured peer, ACL processing stops and does not continue to the next access group option.

The peer keyword enables the device to receive time requests

•

and NTP control queries and to synchronize itself to the servers specified in the access list.

The serve keyword enables the device to receive time requests

•

and NTP control queries from the servers specified in the access list but not to synchronize itself to the specified servers.

The serve-only keyword enables the device to receive only

•

time requests from servers specified in the access list.

The query-only keyword enables the device to receive only

•

NTP control queries from the servers specified in the access list.

(Optional) Displays the NTP access group configuration.

Step 4

switch(config)# copy running-config startup-config

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

This example shows how to configure the device to allow it to synchronize to a peer from access group “accesslist1”:

switch# config t switch(config)# ntp access-group peer accesslist1 switch(config)# show ntp access-groups Access List Type

----------------------------accesslist1 Peer switch(config)# copy running-config startup-config

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 76

Configuring the NTP Source IP Address

[########################################] 100% switch(config)#

Configuring the NTP Source IP Address

NTP sets the source IP address for all NTP packets based on the address of the interface through which the NTP packets are sent. You can configure NTP to use a specific source IP address.

To configure the NTP source IP address, use the following command in global configuration mode:

Procedure

Configuring NTP

PurposeCommand or Action

Step 1

This example shows how to configure NTP to a source IP address:

switch(config)# ntp source 192.0.2.1

switch(config)# [no] ntp source

ip-address

Configuring the NTP Source Interface

You can configure NTP to use a specific interface.

To configure the NTP source interface, use the following command in global configuration mode:

Procedure

Step 1

This example shows how to configure NTP to a specific interface:

switch(config)# ntp source-interface ethernet 2/1

switch(config)# [no] ntp source-interface interface

Configures the source IP address for all NTP packets. The ip-address can be in IPv4 or IPv6 format.

PurposeCommand or Action

Configures the source interface for all NTP packets. Use the ? keyword to display a list of supported interfaces.

Configuring NTP Logging

You can configure NTP logging in order to generate system logs with significant NTP events. NTP logging is disabled by default.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 77

Configuring NTP

Enabling CFS Distribution for NTP

Procedure

PurposeCommand or Action

Step 1

Step 2

Step 3

switch(config)# [no] ntp logging

switch(config)# show ntp

logging-status

Step 4

switch(config)# copy running-config startup-config

This example shows how to enable NTP logging in order to generate system logs with significant NTP events:

switch# config t switch(config)# ntp logging switch(config)# copy running-config startup-config [########################################] 100% switch(config)#

Enabling CFS Distribution for NTP

You can enable CFS distribution for NTP in order to distribute the NTP configuration to other CFS-enabled devices.

Enters global configuration mode.switch# configure terminal

Enables or disables system logs to be generated with significant NTP events. NTP logging is disabled by default.

(Optional) Displays the NTP logging configuration status.

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Before You Begin

Make sure that you have enabled CFS distribution for the device.

Procedure

PurposeCommand or Action

Step 1

Step 2

switch(config)# [no] ntp distribute

Enters global configuration mode.switch# configure terminal

Enables or disables the device to receive NTP configuration updates that are distributed through CFS.

Step 3

switch(config)# show ntp status

(Optional) Displays the NTP CFS distribution status.

Step 4

switch(config)# copy running-config startup-config

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 78

Commiting NTP Configuration Changes

This example shows how to enable CFS distribution for NTP:

switch# config t Enter configuration commands, one per line. End with CNTL/Z. switch(config)# ntp distribute switch(config)# copy running-config

startup-config

Commiting NTP Configuration Changes

When you commit the NTP configuration changes, the effective database is overwritten by the configuration changes in the pending database and all the devices in the network receive the same configuration.

Procedure

Configuring NTP

PurposeCommand or Action

Step 1

Step 2

switch(config)# ntp commit

This example shows how to commit the NTP configuration changes:

switch(config)# ntp commit

Discarding NTP Configuration Changes

After making the configuration changes, you can choose to discard the changes instead of committing them. If you discard the changes, Cisco NX-OS removes the pending database changes and releases the CFS lock.

To discard NTP configuration changes, use the following command in global configuration mode:

Procedure

Step 1

switch(config)# ntp abort

Enters global configuration mode.switch# configure terminal

Distributes the NTP configuration changes to all Cisco NX-OS devices in the network and releases the CFS lock. This command overwrites the effective database with the changes made to the pending database.

PurposeCommand or Action

Discards the NTP configuration changes in the pending database and releases the CFS lock. Use this command on the device where you started the NTP configuration.

This example shows how to discard the NTP configuration changes:

switch(config)# ntp abort

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 79

Configuring NTP

Releasing the CFS Session Lock

If you have performed an NTP configuration and have forgotten to release the lock by either committing or discarding the changes, you or another administrator can release the lock from any device in the network. This action also discards pending database changes.

To release the session lock from any device and discard any pending database changes, use the following command in global configuration mode:

Procedure

Releasing the CFS Session Lock

PurposeCommand or Action

Step 1

This example shows how to release the CFS session lock:

switch(config)# clear ntp session

Verifying the NTP Configuration

To display the NTP configuration, perform one of the following tasks:

Use the clear ntp session command to clear the NTP sessions.

Use the clear ntp statistics command to clear the NTP statistics.

Procedure

Step 1

Step 2

Step 3

Discards the NTP configuration changes in the pending database and releases the CFS lock.

PurposeCommand or Action

Displays the NTP access group configuration.show ntp access-groups

Displays the configured NTP authentication keys.show ntp authentication-keys

Displays the status of NTP authentication.show ntp authentication-status

Step 4

Step 5

Step 6

Step 7

Step 8

Step 9

Displays the NTP logging status.show ntp logging-status

Displays the status for all NTP servers and peers.show ntp peer-status

Displays all the NTP peers.show ntp peers

Displays the temporary CFS database for NTP.show ntp pending

show ntp pending-diff

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Displays the difference between the pending CFS database and the current NTP configuration.

Displays the RTS update status.show ntp rts-update

Page 80

Configuration Examples for NTP

Configuring NTP

PurposeCommand or Action

Step 10

show ntp session status

Step 11

Step 12

Step 13

memory | peer {ipaddr {ipv4-addr | ipv6-addr} | name peer-name}}

Step 14

Step 15

Step 16

Configuration Examples for NTP

This example shows how to configure an NTP server and peer, enable NTP authentication, enable NTP logging, and then save the configuration in startup so that it is saved across reboots and restarts:

switch# config terminal Enter configuration commands, one per line. End with CNTL/Z. switch(config)# ntp server 192.0.2.105 key 42 switch(config)# ntp peer 2001:0db8::4101 switch(config)# show ntp peers

-------------------------------------------------Peer IP Address Serv/Peer

-------------------------------------------------2001:db8::4101 Peer (configured)

192.0.2.105 Server (configured)

switch(config)# ntp authentication-key 42 md5 aNiceKey switch(config)# show ntp authentication-keys

-----------------------------

Auth key MD5 String

----------------------------42 aNicekey

switch(config)# ntp trusted-key 42 switch(config)# show ntp trusted-keys Trusted Keys: 42 switch(config)# ntp authenticate switch(config)# show ntp authentication-status Authentication enabled. switch(config)# ntp logging switch(config)# show ntp logging NTP logging enabled. switch(config)# copy running-config startup-config [########################################] 100% switch(config)#

This example shows an NTP access group configuration with the following restrictions:

Displays the NTP CFS distribution session information.

Displays the configured NTP source IP address.show ntp source

Displays the configured NTP source interface.show ntp source-interface

Displays the NTP statistics.show ntp statistics {io | local |

Displays the NTP CFS distribution status.show ntp status

Displays the configured NTP trusted keys.show ntp trusted-keys

Displays NTP information.show running-config ntp

• Peer restrictions are applied to IP addresses that pass the criteria of the access list named “peer-acl.”

• Serve restrictions are applied to IP addresses that pass the criteria of the access list named “serve-acl.”

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 81

Configuring NTP

Feature History for NTP

This table includes only the updates for those releases that have resulted in additions or changes to the feature.

Document TitleRelated Topic

Cisco Nexus 3548 Switch NX-OS System Management Command Reference Guide

Feature InformationReleasesFeature Name

This feature was introduced.5.0(3)A1(1)NTP

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 82

Feature History for NTP

Configuring NTP

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 83

CHAPTER 9

Configuring System Message Logging

This chapter contains the following sections:

Information About System Message Logging, page 67

•

Licensing Requirements for System Message Logging, page 68

•

Guidelines and Limitations for System Message Logging, page 69

•

Default Settings for System Message Logging, page 69

•

Configuring System Message Logging, page 69

•

Configuring DOM Logging, page 79

•

Verifying the System Message Logging Configuration, page 80

•

Information About System Message Logging

You can use system message logging to control the destination and to filter the severity level of messages that system processes generate. You can configure logging to terminal sessions, a log file, and syslog servers on remote systems.

System message logging is based on RFC 3164. For more information about the system message format and the messages that the device generates, see the Cisco NX-OS System Messages Reference.

By default, the Cisco Nexus device outputs messages to terminal sessions.

By default, the switch logs system messages to a log file.

The following table describes the severity levels used in system messages. When you configure the severity level, the system outputs messages at that level and lower.

Table 14: System Message Severity Levels

DescriptionLevel

0 – emergency

1 – alert

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

System unusable

Immediate action needed

Page 84

Syslog Servers

Configuring System Message Logging

DescriptionLevel

The switch logs the most recent 100 messages of severity 0, 1, or 2 to the NVRAM log. You cannot configure logging to the NVRAM.

You can configure which system messages should be logged based on the facility that generated the message and its severity level.

Syslog Servers

Syslog servers run on remote systems that are configured to log system messages based on the syslog protocol. You can configure the Cisco Nexus Series switch to sends logs to up to eight syslog servers.

To support the same configuration of syslog servers on all switches in a fabric, you can use Cisco Fabric Services (CFS) to distribute the syslog server configuration.

2 – critical

3 – error

4 – warning

5 – notification

6 – informational

7 – debugging

Critical condition

Error condition

Warning condition

Normal but significant condition

Informational message only

Appears during debugging only

When the switch first initializes, messages are sent to syslog servers only after the network is initialized.Note

Licensing Requirements for System Message Logging

License RequirementProduct

Cisco NX-OS

System message logging requires no license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 85

Configuring System Message Logging

Guidelines and Limitations for System Message Logging

System messages are logged to the console and the logfile by default.

Default Settings for System Message Logging

The following table lists the default settings for system message logging parameters.

Table 15: Default System Message Logging Parameters

DefaultParameters

Enabled at severity level 2Console logging

Enabled at severity level 2Monitor logging

Enabled to log messages at severity level 5Log file logging

Enabled at severity level 5Module logging

EnabledFacility logging

SecondsTime-stamp units

DisabledSyslog server logging

DisabledSyslog server configuration distribution

Configuring System Message Logging

Configuring System Message Logging to Terminal Sessions

You can configure the switch to log messages by their severity level to console, Telnet, and Secure Shell sessions.

By default, logging is enabled for terminal sessions.

Procedure

Step 1

switch# terminal monitor

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

PurposeCommand or Action

Copies syslog messages from the console to the current terminal session.

Page 86

Configuring System Message Logging to Terminal Sessions

Configuring System Message Logging

PurposeCommand or Action

Step 2

Step 3

Step 4

Step 5

switch(config)# logging console [severity-level]

switch(config)# no logging console [severity-level]

switch(config)# logging monitor [severity-level]

Enters global configuration mode.switch# configure terminal

Enables the switch to log messages to the console session based on a specified severity level or higher (a lower number value indicates a higher severity level). Severity levels range from 0 to 7:

• 0 – emergency

• 1 – alert

• 2 – critical

• 3 – error

• 4 – warning

• 5 – notification

• 6 – informational

• 7 – debugging

If the severity level is not specified, the default of 2 is used.

(Optional) Disables logging messages to the console.

Enables the switch to log messages to the monitor based on a specified severity level or higher (a lower number value indicates a higher severity level). Severity levels range from 0 to 7:

Step 6

switch(config)# no logging monitor [severity-level]

• 0 – emergency

• 1 – alert

• 2 – critical

• 3 – error

• 4 – warning

• 5 – notification

• 6 – informational

• 7 – debugging

If the severity level is not specified, the default of 2 is used.

The configuration applies to Telnet and SSH sessions.

(Optional) Disables logging messages to Telnet and SSH sessions.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 87

Configuring System Message Logging

Configuring System Message Logging to a File

PurposeCommand or Action

Step 7

switch# show logging console

(Optional) Displays the console logging configuration.

Step 8

switch# show logging monitor

(Optional) Displays the monitor logging configuration.

Step 9

switch# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

The following example shows how to configure a logging level of 3 for the console:

switch# configure terminal switch(config)# logging console 3

The following example shows how to display the console logging configuration:

switch# show logging console Logging console: enabled (Severity: error)

The following example shows how to disable logging for the console:

switch# configure terminal switch(config)# no logging console

The following example shows how to configure a logging level of 4 for the terminal session:

switch# terminal monitor switch# configure terminal switch(config)# logging monitor 4

The following example shows how to display the terminal session logging configuration:

switch# show logging monitor Logging monitor: enabled (Severity: warning)

The following example shows how to disable logging for the terminal session:

switch# configure terminal switch(config)# no logging monitor

Configuring System Message Logging to a File

You can configure the switch to log system messages to a file. By default, system messages are logged to the file log:messages.

Procedure

PurposeCommand or Action

Step 1

Step 2

switch(config)# logging logfile

logfile-name severity-level [size bytes]

Enters global configuration mode.switch# configure terminal

Configures the name of the log file used to store system messages and the minimum severity level to log. You can

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 88

Configuring System Message Logging to a File

Configuring System Message Logging

PurposeCommand or Action

optionally specify a maximum file size. The default severity level is 5 and the file size is 4194304.

Severity levels range from 0 to 7:

• 0 – emergency

• 1 – alert

• 2 – critical

• 3 – error

• 4 – warning

• 5 – notification

• 6 – informational

• 7 – debugging

The file size is from 4096 to 10485760 bytes.

Step 3

switch(config)# no logging logfile [logfile-name severity-level [size bytes]]

(Optional) Disables logging to the log file. You can optionally specify a maximum file size. The default severity level is 5 and the file size is 4194304.

Step 4

switch# show logging info

(Optional) Displays the logging configuration. You can optionally specify a maximum file size. The default severity level is 5 and the file size is 4194304.

Step 5

switch# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

The following example shows how to configure a switch to log system messages to a file:

switch# configure terminal switch(config)# logging logfile my_log 6 size 4194304

The following example shows how to display the logging configuration (some of the output has been removed for brevity):

switch# show logging info Logging console: enabled (Severity: debugging) Logging monitor: enabled (Severity: debugging)

Logging timestamp: Seconds Logging server: disabled Logging logfile: enabled

Facility Default Severity Current Session Severity

-------- ---------------- -----------------------aaa 3 3

afm 3 3 altos 3 3

Name - my_log: Severity - informational Size - 4194304

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 89

Configuring System Message Logging

Configuring Module and Facility Messages Logging

auth 0 0 authpriv 3 3 bootvar 5 5 callhome 2 2 capability 2 2 cdp 2 2 cert_enroll 2 2 ...

Configuring Module and Facility Messages Logging

You can configure the severity level and time-stamp units of messages logged by modules and facilities.

Procedure

PurposeCommand or Action

Step 1

Step 2

Step 3

switch(config)# logging module [severity-level]

switch(config)# logging level

facility severity-level

Enters global configuration mode.switch# configure terminal

Enables module log messages that have the specified severity level or higher. Severity levels range from 0 to 7:

• 0 – emergency

• 1 – alert

• 2 – critical

• 3 – error

• 4 – warning

• 5 – notification

• 6 – informational

• 7 – debugging

If the severity level is not specified, the default of 5 is used.

Enables logging messages from the specified facility that have the specified severity level or higher. Severity levels from 0 to 7:

• 0 – emergency

• 1 – alert

• 2 – critical

• 3 – error

• 4 – warning

• 5 – notification

• 6 – informational

• 7 – debugging

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 90

Configuring Logging Timestamps

Configuring System Message Logging

PurposeCommand or Action

To apply the same severity level to all facilities, use the all facility. For defaults, see the show logging level command.

Note

If the default severity and current session severity of a component is the same, then the logging level for the component will not be displayed in the running configuration.

Step 4

Step 5

switch(config)# no logging module [severity-level]

switch(config)# no logging level [facility severity-level]

(Optional) Disables module log messages.

(Optional) Resets the logging severity level for the specified facility to its default level. If you do not specify a facility and severity level, the switch resets all facilities to their default levels.

Step 6

switch# show logging module

(Optional) Displays the module logging configuration.

Step 7

switch# show logging level [facility]

(Optional) Displays the logging level configuration and the system default level by facility. If you do not specify a facility, the switch displays levels for all facilities.

Step 8

switch# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

The following example shows how to configure the severity level of module and specific facility messages:

switch# configure terminal switch(config)# logging module 3 switch(config)# logging level aaa 2

Configuring Logging Timestamps

You can configure the time-stamp units of messages logged by the Cisco Nexus Series switch.

Procedure

Step 1

Step 2

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

switch(config)# logging timestamp {microseconds | milliseconds | seconds}

PurposeCommand or Action

Enters global configuration mode.switch# configure terminal

Sets the logging time-stamp units. By default, the units are seconds.

Page 91

Configuring System Message Logging

Configuring Syslog Servers

PurposeCommand or Action

Step 3

switch(config)# no logging timestamp {microseconds | milliseconds | seconds}

Step 4

Step 5

switch# show logging timestamp

switch# copy running-config startup-config

The following example shows how to configure the time-stamp units of messages:

switch# configure terminal switch(config)# logging timestamp milliseconds switch(config)# exit switch# show logging timestamp Logging timestamp: Milliseconds

Configuring Syslog Servers

You can configure up to eight syslog servers that reference remote systems where you want to log system messages.

(Optional) Resets the logging time-stamp units to the default of seconds.

(Optional) Displays the logging time-stamp units configured.

(Optional) Copies the running configuration to the startup configuration.

Procedure

Step 1

Step 2

Example:

switch# configure terminal switch(config)#

logging server host [severity-level [use-vrf vrf-name [facility facility]]]

Example:

switch(config)# logging server 172.28.254.254 5 use-vrf default facility local3

PurposeCommand or Action

Enters global configuration mode.configure terminal

Configures a host to receive syslog messages.

The host argument identifies the hostname or the IPv4 or

•

IPv6 address of the syslog server host.

The severity-level argument limits the logging of messages

•

to the syslog server to a specified level. Severity levels range from 0 to 7. See Table 14: System Message Severity

Levels , on page 67.

The use vrf vrf-name keyword and argument identify the

•

default or management values for the virtual routing and forwarding (VRF) name. If a specific VRF is not identified, management is the default. However, if management is configured, it will not be listed in the output of the show-running command because it is the default. If a

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 92

Configuring Syslog Servers

Configuring System Message Logging

PurposeCommand or Action

specific VRF is configured, the show-running command output will list the VRF for each server.

Note

The current Cisco Fabric Services (CFS) distribution does not support VRF. If CFS distribution is enabled, the logging server configured with the default VRF is distributed as the management VRF.

The facility argument names the syslog facility type. The

•

default outgoing facility is local7.

The facilities are listed in the command reference for the Cisco Nexus Series software that you are using.

Note

Debugging is a CLI facility but the debug syslogs are not sent to the server.

Step 3

no logging server host

(Optional) Removes the logging server for the specified host.

Example:

switch(config)# no logging server 172.28.254.254 5

Step 4

show logging server

(Optional) Displays the syslog server configuration.

Example:

switch# show logging server

Step 5

copy running-config startup-config

(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Example:

switch(config)# copy running-config startup-config

The following examples show how to configure a syslog server:

switch# configure terminal switch(config)# logging server 172.28.254.254 5

use-vrf default facility local3

switch# configure terminal switch(config)# logging server 172.28.254.254 5 use-vrf management facility local3

Configuring syslog on a UNIX or Linux System

You can configure a syslog server on a UNIX or Linux system by adding the following line to the /etc/syslog.conf file:

facility.level <five tab characters> action

The following table describes the syslog fields that you can configure.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 93

Configuring System Message Logging

Table 16: syslog Fields in syslog.conf

Configuring syslog Server Configuration Distribution

DescriptionField

Step 1

Facility

Creator of the message, which can be auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, local0 through local7, or an asterisk (*) for all. These facility designators allow you to control the destination of messages based on their origin.

Note

Check your configuration before using a local facility.

Level

Minimum severity level at which messages are logged, which can be debug, info, notice, warning, err, crit, alert, emerg, or an asterisk (*) for all. You can use none to disable a facility.

Action

Destination for messages, which can be a filename, a hostname preceded by the at sign (@), or a comma-separated list of users or an asterisk (*) for all logged-in users.

Procedure

Log debug messages with the local7 facility in the file /var/log/myfile.log by adding the following line to the /etc/syslog.conf file:

debug.local7 /var/log/myfile.log

Step 2

Step 3

Create the log file by entering these commands at the shell prompt:

$ touch /var/log/myfile.log

$ chmod 666 /var/log/myfile.log

Make sure that the system message logging daemon reads the new changes by checking myfile.log after entering this command:

$ kill -HUP ~cat /etc/syslog.pid~

Configuring syslog Server Configuration Distribution

You can distribute the syslog server configuration to other switches in the network by using the Cisco Fabric Services (CFS) infrastructure.

After you enable syslog server configuration distribution, you can modify the syslog server configuration and view the pending changes before committing the configuration for distribution. As long as distribution is enabled, the switch maintains pending changes to the syslog server configuration.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 94

Displaying and Clearing Log Files

Configuring System Message Logging

Note

If the switch is restarted, the syslog server configuration changes that are kept in volatile memory might get lost.

Before You Begin

You must have configured one or more syslog servers.

Procedure

PurposeCommand or Action

Step 1

Step 2

switch(config)# logging distribute

Enters global configuration mode.switch# configure terminal

Enables distribution of the syslog server configuration to network switches using the CFS infrastructure. By default, distribution is disabled.

Step 3

switch(config)# logging commit

Commits the pending changes to the syslog server configuration for distribution to the switches in the fabric.

Step 4

switch(config)# logging abort

Cancels the pending changes to the syslog server configuration.

Step 5

switch(config)# no logging distribute

(Optional) Disables the distribution of the syslog server configuration to network switches using the CFS infrastructure. You cannot disable distribution when configuration changes are pending. See the logging commit and logging abort commands. By default, distribution is disabled.

Step 6

Step 7

switch# show logging pending

switch# show logging

pending-diff

Step 8

switch# copy running-config startup-config

Displaying and Clearing Log Files

You can display or clear messages in the log file and the NVRAM.

(Optional) Displays the pending changes to the syslog server configuration.

(Optional) Displays the differences from the current syslog server configuration to the pending changes of the syslog server configuration.

(Optional) Copies the running configuration to the startup configuration.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 95

Configuring System Message Logging

Procedure

Configuring DOM Logging

PurposeCommand or Action

Step 1

Step 2

Step 3

Step 4

Step 5

The following example shows how to display messages in a log file:

switch# show logging last 40 switch# show logging logfile start-time 2007 nov 1 15:10:0 switch# show logging nvram last 10

The following example shows how to clear messages in a log file:

switch# clear logging logfile switch# clear logging nvram

switch# show logging last

number-lines

switch# show logging logfile [start-time yyyy mmm dd hh:mm:ss] [end-time yyyy mmm dd hh:mm:ss]

switch# show logging nvram [last number-lines]

Displays the last number of lines in the logging file. You can specify from 1 to 9999 for the last number of lines.

Displays the messages in the log file that have a time stamp within the span entered. If you do not enter an end time, the current time is used. You enter three characters for the month time field and digits for the year and day time fields.

Displays the messages in the NVRAM. To limit the number of lines displayed, you can enter the last number of lines to display. You can specify from 1 to 100 for the last number of lines.

Clears the contents of the log file.switch# clear logging logfile

Clears the logged messages in NVRAM.switch# clear logging nvram

Configuring DOM Logging

Enabling DOM Logging

Procedure

Step 1

Step 2

switch(config)# system ethernet dom polling

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

PurposeCommand or Action

Enters global configuration mode.switch# configure terminal

Enables transceiver digital optical monitoring periodic polling.

Page 96

Disabling DOM Logging

The following example shows how to enable DOM logging.

switch# configure terminal switch(config)# system ethernet dom polling

Disabling DOM Logging

Procedure

Configuring System Message Logging

PurposeCommand or Action

Step 1

Step 2

The following example shows how to disable DOM logging.

switch# configure terminal switch(config)# no system ethernet dom polling

switch(config)# no system ethernet dom polling

Enters global configuration mode.switch# configure terminal

Disables transceiver digital optical monitoring periodic polling.

Verifying the DOM Logging Configuration

PurposeCommand

show system ethernet dom polling status

Displays the transceiver digital optical monitoring periodic polling status.

Verifying the System Message Logging Configuration

Use these commands to verify system message logging configuration information:

PurposeCommand

Displays the console logging configuration.show logging console

Displays the logging configuration.show logging info

Displays the IP access list cache.show logging ip access-list cache

show logging ip access-list cache detail

show logging last number-lines

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Displays detailed information about the IP access list cache.

Displays the status of the IP access list cache.show logging ip access-list status

Displays the last number of lines of the log file.

Page 97

Configuring System Message Logging

Verifying the System Message Logging Configuration

PurposeCommand

show logging level [facility]

show logging logfile [start-time yyyy mmm dd hh:mm:ss] [end-time yyyy mmm dd hh:mm:ss]

show logging nvram [last number-lines]

show logging pending

show logging pending-diff

Displays the facility logging severity level configuration.

Displays the messages in the log file.

Displays the module logging configuration.show logging module

Displays the monitor logging configuration.show logging monitor

Displays the messages in the NVRAM log.

Displays the syslog server pending distribution configuration.

Displays the syslog server pending distribution configuration differences.

Displays the syslog server configuration.show logging server

Displays the logging session status.show logging session

Displays the logging status.show logging status

Displays the logging time-stamp units configuration.show logging timestamp

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 98

Verifying the System Message Logging Configuration

Configuring System Message Logging

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 99

CHAPTER 10

Configuring Smart Call Home

This chapter contains the following sections:

Information About Smart Call Home, page 83

•

Guidelines and Limitations for Smart Call Home, page 92

•

Prerequisites for Smart Call Home, page 92

•

Default Call Home Settings, page 93

•

Configuring Smart Call Home, page 93

•

Verifying the Smart Call Home Configuration, page 103

•

Sample Syslog Alert Notification in Full-Text Format, page 104

•

Sample Syslog Alert Notification in XML Format, page 104

•

Information About Smart Call Home

Smart Call Home provides e-mail-based notification of critical system events. Cisco Nexus Series switches provide a range of message formats for optimal compatibility with pager services, standard e-mail, or XML-based automated parsing applications. You can use this feature to page a network support engineer, e-mail a Network Operations Center, or use Cisco Smart Call Home services to automatically generate a case with the Technical Assistance Center (TAC).

If you have a service contract directly with Cisco, you can register your devices for the Smart Call Home service. Smart Call Home provides fast resolution of system problems by analyzing Smart Call Home messages sent from your devices and providing background information and recommendations. For issues that can be identified as known, particularly GOLD diagnostics failures, Automatic Service Requests will be generated by the Cisco TAC.

Smart Call Home offers the following features:

Continuous device health monitoring and real-time diagnostic alerts.

•

Analysis of Smart Call Home messages from your device and, where appropriate, Automatic Service

•

Request generation, routed to the appropriate TAC team, including detailed diagnostic information to speed problem resolution.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Page 100

Smart Call Home Overview

Secure message transport directly from your device or through a downloadable Transport Gateway (TG)

•

aggregation point. You can use a TG aggregation point in cases that require support for multiple devices or in cases where security requirements mandate that your devices may not be connected directly to the Internet.

Web-based access to Smart Call Home messages and recommendations, inventory and configuration

•

information for all Smart Call Home devices, and field notices, security advisories, and end-of-life information.

Smart Call Home Overview

You can use Smart Call Home to notify an external entity when an important event occurs on your device. Smart Call Home delivers alerts to multiple recipients that you configure in destination profiles.

Smart Call Home includes a fixed set of predefined alerts on your switch. These alerts are grouped into alert groups and CLI commands that are assigned to execute when an alert in an alert group occurs. The switch includes the command output in the transmitted Smart Call Home message.

The Smart Call Home feature offers the following:

Configuring Smart Call Home

Automatic execution and attachment of relevant CLI command output.

•

Multiple message format options such as the following:

•

◦ Short Text—Text that is suitable for pagers or printed reports.

◦ Full Text—Fully formatted message information that is suitable for human reading.

◦ XML—Matching readable format that uses the Extensible Markup Language (XML) and the

Adaptive Messaging Language (AML) XML schema definition (XSD). The XML format enables communication with the Cisco TAC.

Multiple concurrent message destinations. You can configure up to 50 e-mail destination addresses for

•

each destination profile.

Smart Call Home Destination Profiles

A Smart Call Home destination profile includes the following information:

• One or more alert groups—The group of alerts that trigger a specific Smart Call Home message if the

alert occurs.

• One or more e-mail destinations—The list of recipients for the Smart Call Home messages that are

generated by alert groups assigned to this destination profile.

• Message format—The format for the Smart Call Home message (short text, full text, or XML).

• Message severity level—The Smart Call Home severity level that the alert must meet before the switch

generates a Smart Call Home message to all e-mail addresses in the destination profile. The switch does not generate an alert if the Smart Call Home severity level of the alert is lower than the message severity level set for the destination profile.

You can also configure a destination profile to allow periodic inventory update messages by using the inventory alert group that will send out periodic messages daily, weekly, or monthly.

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

Cisco Nexus 3548 Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 6.x

CONTENTS

Preface

Audience

Document Conventions

Documentation Feedback

New and Changed Information

New and Changed Information in this Release

Overview

System Management Features

Configuring PTP

Information About PTP

PTP Device Types

PTP Process

High Availability for PTP

Licensing Requirements for PTP

Guidelines and Limitations for PTP

Default Settings for PTP

Configuring PTP

Configuring PTP Globally

Configuring PTP on an Interface

Configuring Multiple PTP Domains

Configuring PTP Grandmaster Clock

Configuring PTP Cost Interface

Configuring clock Identity

Verifying the PTP Configuration

Configuring User Accounts and RBAC

Information About User Accounts and RBAC

User Roles

Rules

User Role Policies

User Account Configuration Restrictions

User Password Requirements

Guidelines and Limitations for User Accounts

Configuring User Accounts

Configuring RBAC

Creating User Roles and Rules

Creating Feature Groups

Changing User Role Interface Policies

Changing User Role VLAN Policies

Verifying the User Accounts and RBAC Configuration

Configuring User Accounts Default Settings for the User Accounts and RBAC

Configuring Session Manager

Information About Session Manager

Guidelines and Limitations for Session Manager

Configuring Session Manager

Creating a Session

Configuring ACLs in a Session

Verifying a Session

Committing a Session

Saving a Session

Discarding a Session

Configuration Example for Session Manager

Verifying the Session Manager Configuration

Configuring the Scheduler

Information About the Scheduler

Remote User Authentication

Scheduler Log Files

Licensing Requirements for the Scheduler

Guidelines and Limitations for the Scheduler

Configuring the Scheduler

Default Settings for the Scheduler

Enabling the Scheduler

Defining the Scheduler Log File Size

Configuring Remote User Authentication

Defining a Job

Deleting a Job

Defining a Timetable

Clearing the Scheduler Log File

Disabling the Scheduler

Verifying the Scheduler Configuration

Configuration Examples for the Scheduler

Creating a Scheduler Job

Scheduling a Scheduler Job

Displaying the Job Schedule

Displaying the Results of Running Scheduler Jobs