This article will be the first part of a series about the configuration of Nexus switches.
More specifically, we will discuss:
* The NX-OS user interface and operating system
* NX-OS CLI: CLI modes and CLI prompts
* Administrative configurations: hostnames, passwords
* Device interfaces: Ethernet interfaces, SVIs, switchport settings
* Viewing, saving and erasing configurations
We will cover a few of these items in the first part of the series, so let’s start with the user interface.
The NX-OS User Interface and Operating System
As with almost any network device, there are multiple ways to connect to a Nexus device.
One of them is through the console port. This is always used as the initial configuration of the device and on some other occasions, when it’s possible that in-band and out-of-band management will be lost. This console port is a RJ-45 connection located on the device. Nexus fabric extenders do not have a console port as they are managed by other Nexus devices.
I mentioned above about an in-band connection to the Nexus device. This is when the user connects to the device through the network ports (Ethernet ports) of the device. For instance, the user has a central jump point in a network from where he has reachability to any device in the network. Then that user can use telnet or ssh to connect to the Nexus device. Of course, for security reasons, ssh is preferred over telnet. By default telnet is not enabled.
The other method mentioned above is called out-of-band management. This connection is done through the mgmt0 dedicated Ethernet port. The traffic from this interface is separated from the traffic through the regular Ethernet interfaces. Most of the Nexus devices have this port, so out-of-band management is available on those platforms.
The NX-OS software has three components:
* Kickstart image—contains the Linux kernel, basic drivers and initial file system
* System image—contains the actual operating system, infrastructure, and all the features that NX-OS supports.
* Erasable programmable logic device (EPLD) image—the purpose of this image is to enhance hardware functionality.
On the Nexus devices with dual supervisors (Nexus 7000 for instance), NX-OS supports ISSU (in-service software upgrade). This type of upgrade is performed without disrupting the data traffic.
ISSU updates the following images:
* Kickstart image
* System image
* Supervisor module BIOS
* Data module image
* Data module BIOS
* CMP data
* CMP BIOS
These are the events that take place in case of ISSU:
* Upgrade the BIOS on both supervisors and line cards.
* Upgrade the kickstart and system images from the standby supervisor.
* Switch over from the active supervisor to the standby supervisor that was just upgraded
* Upgrade the kickstart and system images from the standby supervisor.
* Upgrade CMP on both supervisors.
* Upgrade the linecards without disrupting the data traffic
When the Nexus is booting, this is an update that you should see. Of course, the output might vary based on the platform that you are using. This is from Nexus 5000:
System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1) Booting kickstart image: bootflash:/n5000-uk9-kickstart.5.0.3.N2.2.bin.... ............................................................................Image verification OK Starting kernel... Usage: init 0123456SsQqAaBbCcUu INIT: version 2.85 bootingI2C - Mezz present Starting Nexus5020 POST... Executing Mod 1 1 SEEPROM Test......done Executing Mod 1 1 GigE Port Test.......done Executing Mod 1 1 Inband GigE Test.....done Executing Mod 1 1 NVRAM Test....done Executing Mod 1 1 PCIE Test...............................done Mod 1 1 Post Completed Successfully Executing Mod 1 2 SEEPROM Test....done Mod 1 2 Post Completed Successfully POST is completed autoneg unmodified, ignoring autoneg unmodified, ignoring Checking all filesystems..... done.
When the device is booting, it is loading the kickstart image and, once this done and verified, POST is launched. After that, the file system is checked and the next sequence follows:
Loading system software Uncompressing system image: bootflash:/n5000-uk126.96.36.199.N2.2.bin Loading plugin 0: core_plugin... Loading plugin 1: eth_plugin...
As you can see above, the system image is decompressed, various plug-ins are loaded, and the boot continues:
ethernet switching mode INIT: Entering runlevel: 3Exporting directories for NFS kernel daemon...done. Starting NFS kernel daemon:rpc.nfsd. rpc.mountddone. Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config Added VLAN with VID == 4042 to IF -:muxif:- VDC-1 %$ %USER-2-SYSTEM_MSG: CLIS: loading cmd files begin - clisVDC-1 %KERN-2-SYSTEM_MSG: Starting kernel... - kernel VDC-1 %KERN-0-SYSTEM_MSG: platform_type cmdline parameter not found. Asssuming Oregon. - kernelVDC-1 %KERN-0-SYSTEM_MSG: I2C – Mezz present - kernelVDC-1 %KERN-0-SYSTEM_MSG: sprom_drv_init_platform: nuova_ i2c_register_get_card_index - kernelVDC-1 %USER-2-SYSTEM_MSG: CLIS: loading cmd files end - clis VDC-1 %USER-2-SYSTEM_MSG: CLIS: init begin - clis
The processes are initialized and the file system is being mounted.
After these messages you will be prompted to log in to the device or, if it’s the first boot, you will get a wizard to set up the initial configuration of the device.
NX-OS CLI: CLI Modes and CLI Prompts
Cisco Nexus CLI is divided into command modes that define what actions are available to the user. These command modes are nested and are accessed in sequence. As you go deeper in this structure, a more specific set of commands becomes available. Any commands in the higher level are accessible from a lower command mode. For instance, you can issue the command “show” from anywhere in configuration mode.
When you first login, you are placed in EXEC mode. In this mode, you have access to the “show” command that can display device status and the configuration. Generally, in this mode, you access to commands whose actions are not saved in the configuration. For instance, you might want to check the status of an interface:
nexus-1# show interface e2/1 | no-more show interface e2/1 | no-more Ethernet2/1 is up admin state is up, Dedicated Interface Hardware: Ethernet, address: 000c.29f5.3c74 (bia 000c.29f5.3c63) Internet Address is 188.8.131.52/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, medium is broadcast full-duplex, 1000 Mb/s Beacon is turned off Auto-Negotiation is turned off Input flow-control is off, output flow-control is off -----output truncated for brevity----- nexus-1#
The other mode available is global configuration command mode, which provides access to most of the available commands. This is called global because whatever you configure here affects the device as a whole. Of course, you might enter a more specific configuration mode and change the behavior for only that feature. For instance, you can modify the IP address of an interface. Below you access the global configuration mode and after that the interface configuration mode:
nexus-1# conf t Enter configuration commands, one per line. End with CNTL/Z. nexus-1(config)# interface ethernet2/1 nexus-1(config-if)# ip address 184.108.40.206/24 nexus-1(config-if)# end nexus-1# show interface e2/1 | no-more show interface e2/1 | no-more Ethernet2/1 is up admin state is up, Dedicated Interface Hardware: Ethernet, address: 000c.29f5.3c74 (bia 000c.29f5.3c63) Internet Address is 220.127.116.11/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, medium is broadcast full-duplex, 1000 Mb/s -----output truncated for brevity----- nexus-1#
As you can see above, the IP address of ethernet2/1 interface was changed from 18.104.22.168/24 to 22.214.171.124/24.
While we are at this and referring interfaces, it’s probably good to mention that NX-OS supports different interface types like Gigabit Ethernet and 10-Gigabit Ethernet interfaces. However, all of them are referred as Ethernet. NX-OS doesn’t designate an interface as 1G or 10G.
The CLI prompt will tell you where you are in the configuration mode. As you can see below, we are in global configuration mode and we are entering the vlan configuration mode:
nexus-2# conf t conf t Enter configuration commands, one per line. End with CNTL/Z. nexus-2(config)# vlan 100 nexus-2(config-vlan)# end nexus-2#
As you can see from the prompt, you know that you are in vlan configuration mode. But which vlan? You can use the command “where’ to get more information about where you are in the configuration:
nexus-1(config-vlan)# where where conf; vlan 100 admin@nexus-1%default nexus-1(config-vlan)#
As a side note, there is a minor change that you will notice pretty quickly if you have experience with Cisco IOS. Cisco has removed the command “write.” On NX-OS you have to use “copy running-config startup-config.” However, you can create an alias for a shortcut.
nexus-1# wr ^ % Incomplete command at '^' marker.
This is how you can create your own alias:
nexus-1# nexus-1# conf t Enter configuration commands, one per line. End with CNTL/Z. nexus-1(config)# cli alias name wr copy running-config startup-config nexus-1(config)# end nexus-1# wr [########################################] 100% Copy complete. nexus-1#
You can check what aliases you have configured on the device like this:
nexus-1# alias CLI alias commands ================== alias :show cli alias wr :copy running-config startup-config nexus-1#
I talked at the beginning of the article about telnet and ssh as methods to access the device. I also mentioned that telnet is disabled by default. Here is how you can enable it:
nexus-1# show feature | i telnet telnetServer 1 disabled nexus-1# conf t Enter configuration commands, one per line. End with CNTL/Z. nexus-1(config)# feature telnet nexus-1(config)# end nexus-1# show feature | i telnet telnetServer 1 enabled nexus-1#
This is how you can setup ssh on the device:
nexus-1(config)# ssh key rsa 2048 ssh key rsa 2048 deleting old rsa key..... generating rsa key(2048 bits)..... .. generated rsa key nexus-1(config)# feature ssh nexus-1(config)# show ssh key ************************************** rsa Keys generated:Mon Nov 8 18:15:20 2013 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnpKJXrfp/spKMpm935qi8ISt74WBE3bPsSErrsrQs JpD44X55weuc05nWDHp0lwuxnC16GcQrTDcuL4XtlBT4IB1GxRgcpWzR8Nmhgab/exY5tpH1J4krOWFU Zs3NFirF9Nfe+1lAhJKmJND+/avwiJeRzx+ZBOiYayTSu7afgcPMnrk7DIfvOsNkhtEXQpgJNvoZrrjh eAKmEgS1XocMif5jkR9VtAdQay6qYw3Vb3WjNBj5/cG9TUDMIQW1Fi9RINvffskVWWDW8i2ZIv0e9f6E vJICw7V5NQ3/IxfjA2q5uXyIO6ixyGCjimChDiPS1jDNDJiTBQoyk2ySpakj bitcount:2048 fingerprint: 60:58:8e:eb:72:a8:38:d4:7e:4a:6a:56:f8:d2:39:2a ************************************** could not retrieve dsa key information ************************************** nexus-1(config)# show ssh server ssh version 2 is enabled nexus-1(config)#
Of course, you will have to configure a username with ssh access like this:
nexus-1(config)# username test password C!sc012345 nexus-1(config)# username test sshkey ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnpKJXrfp/spKMpm935qi8ISt74WBE3bPsSErrsrQsJpD44X55weuc05nWDHp0lwuxnC16GcQrTDcuL4XtlBT4IB1GxRgcpWzR8Nmhgab/exY5tpH1J4krOWFUZs3NFirF9Nfe+1lAhJKmJND+/avwiJeRzx+ZBOiYayTSu7afgcPMnrk7DIfvOsNkhtEXQpgJNvoZrrjheAKmEgS1XocMif5jkR9VtAdQay6qYw3Vb3WjNBj5/cG9TUDMIQW1Fi9RINvffskVWWDW8i2ZIv0e9f6EvJICw7V5NQ3/IxfjA2q5uXyIO6ixyGCjimChDiPS1jDNDJiTBQoyk2ySpakj nexus-1(config)# show user-account show user-account user:admin this user account has no expiry date roles:network-admin user:adminbackup this user account has no expiry date roles:network-operator no password set. Local login not allowed Remote login through RADIUS/TACACS+ is possible user:test this user account has no expiry date roles:network-operator ssh public key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnpKJXrfp/spKMpm93 5qi8ISt74WBE3bPsSErrsrQsJpD44X55weuc05nWDHp0lwuxnC16GcQrTDcuL4XtlBT4IB1GxRgcpWzR 8Nmhgab/exY5tpH1J4krOWFUZs3NFirF9Nfe+1lAhJKmJND+/avwiJeRzx+ZBOiYayTSu7afgcPMnrk7 DIfvOsNkhtEXQpgJNvoZrrjheAKmEgS1XocMif5jkR9VtAdQay6qYw3Vb3WjNBj5/cG9TUDMIQW1Fi9R INvffskVWWDW8i2ZIv0e9f6EvJICw7V5NQ3/IxfjA2q5uXyIO6ixyGCjimChDiPS1jDNDJiTBQoyk2yS pakj nexus-1(config)#
The second part will show you how you should configure features that are used much more in the daily operation of the network: configuring interfaces, adding vlans, and operations with files.
CCNA Data Center: Introducing Cisco Data Center Networking, by Todd Lammle & John Swartz
NX-OS and Cisco NEXUS Switching, byRon Fuller, David Jansen, Matthew McPherson