This article will be the first part of a series about the configuration of Nexus switches.

More specifically, we will discuss:

  • * The NX-OS user interface and operating system
  • * NX-OS CLI: CLI modes and CLI prompts
  • * Administrative configurations: hostnames, passwords
  • * Device interfaces: Ethernet interfaces, SVIs, switchport settings
  • * Viewing, saving and erasing configurations

We will cover a few of these items in the first part of the series, so let’s start with the user interface.

The NX-OS User Interface and Operating System

As with almost any network device, there are multiple ways to connect to a Nexus device.

One of them is through the console port. This is always used as the initial configuration of the device and on some other occasions, when it’s possible that in-band and out-of-band management will be lost. This console port is a RJ-45 connection located on the device. Nexus fabric extenders do not have a console port as they are managed by other Nexus devices.

I mentioned above about an in-band connection to the Nexus device. This is when the user connects to the device through the network ports (Ethernet ports) of the device. For instance, the user has a central jump point in a network from where he has reachability to any device in the network. Then that user can use telnet or ssh to connect to the Nexus device. Of course, for security reasons, ssh is preferred over telnet. By default telnet is not enabled.

The other method mentioned above is called out-of-band management. This connection is done through the mgmt0 dedicated Ethernet port. The traffic from this interface is separated from the traffic through the regular Ethernet interfaces. Most of the Nexus devices have this port, so out-of-band management is available on those platforms.

The NX-OS software has three components:

  • * Kickstart image—contains the Linux kernel, basic drivers and initial file system
  • * System image—contains the actual operating system, infrastructure, and all the features that NX-OS supports.
  • * Erasable programmable logic device (EPLD) image—the purpose of this image is to enhance hardware functionality.

On the Nexus devices with dual supervisors (Nexus 7000 for instance), NX-OS supports ISSU (in-service software upgrade). This type of upgrade is performed without disrupting the data traffic.

ISSU updates the following images:

  • * Kickstart image
  • * System image
  • * Supervisor module BIOS
  • * Data module image
  • * Data module BIOS
  • * CMP data
  • * CMP BIOS

These are the events that take place in case of ISSU:

  • * Upgrade the BIOS on both supervisors and line cards.
  • * Upgrade the kickstart and system images from the standby supervisor.
  • * Switch over from the active supervisor to the standby supervisor that was just upgraded
  • * Upgrade the kickstart and system images from the standby supervisor.
  • * Upgrade CMP on both supervisors.
  • * Upgrade the linecards without disrupting the data traffic

When the Nexus is booting, this is an update that you should see. Of course, the output might vary based on the platform that you are using. This is from Nexus 5000:

System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Booting kickstart image: bootflash:/n5000-uk9-kickstart.5.0.3.N2.2.bin....
............................................................................Image
verification OK
Starting kernel...
Usage: init 0123456SsQqAaBbCcUu
INIT: version 2.85 bootingI2C - Mezz present
Starting Nexus5020 POST...
Executing Mod 1 1 SEEPROM Test......done
Executing Mod 1 1 GigE Port Test.......done
Executing Mod 1 1 Inband GigE Test.....done
Executing Mod 1 1 NVRAM Test....done
Executing Mod 1 1 PCIE Test...............................done
Mod 1 1 Post Completed Successfully
Executing Mod 1 2 SEEPROM Test....done
Mod 1 2 Post Completed Successfully
POST is completed
autoneg unmodified, ignoring
autoneg unmodified, ignoring
Checking all filesystems..... done.

When the device is booting, it is loading the kickstart image and, once this done and verified, POST is launched. After that, the file system is checked and the next sequence follows:

Loading system software
Uncompressing system image: bootflash:/n5000-uk9.5.0.3.N2.2.bin

Loading plugin 0: core_plugin...
Loading plugin 1: eth_plugin...

As you can see above, the system image is decompressed, various plug-ins are loaded, and the boot continues:

ethernet switching mode
INIT: Entering runlevel: 3Exporting directories for NFS kernel daemon...done.
Starting NFS kernel daemon:rpc.nfsd.
rpc.mountddone.
Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config
Added VLAN with VID == 4042 to IF -:muxif:-
VDC-1 %$ %USER-2-SYSTEM_MSG: CLIS: loading cmd files begin -
clisVDC-1 %KERN-2-SYSTEM_MSG: Starting kernel... - kernel
VDC-1 %KERN-0-SYSTEM_MSG: platform_type cmdline parameter not
found. Asssuming Oregon. - kernelVDC-1 %KERN-0-SYSTEM_MSG: I2C –
Mezz present - kernelVDC-1 %KERN-0-SYSTEM_MSG: sprom_drv_init_platform: nuova_
i2c_register_get_card_index - kernelVDC-1 %USER-2-SYSTEM_MSG:
CLIS: loading cmd files end - clis
VDC-1 %USER-2-SYSTEM_MSG: CLIS: init begin - clis

The processes are initialized and the file system is being mounted.

After these messages you will be prompted to log in to the device or, if it’s the first boot, you will get a wizard to set up the initial configuration of the device.

NX-OS CLI: CLI Modes and CLI Prompts

Cisco Nexus CLI is divided into command modes that define what actions are available to the user. These command modes are nested and are accessed in sequence. As you go deeper in this structure, a more specific set of commands becomes available. Any commands in the higher level are accessible from a lower command mode. For instance, you can issue the command “show” from anywhere in configuration mode.

When you first login, you are placed in EXEC mode. In this mode, you have access to the “show” command that can display device status and the configuration. Generally, in this mode, you access to commands whose actions are not saved in the configuration. For instance, you might want to check the status of an interface:

nexus-1# show interface e2/1 | no-more
show interface e2/1 | no-more
Ethernet2/1 is up
admin state is up, Dedicated Interface
  Hardware:  Ethernet, address: 000c.29f5.3c74 (bia 000c.29f5.3c63)
  Internet Address is 1.1.1.1/24
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, medium is broadcast
  full-duplex, 1000 Mb/s
  Beacon is turned off
  Auto-Negotiation is turned off
  Input flow-control is off, output flow-control is off

-----output truncated for brevity-----

nexus-1#

The other mode available is global configuration command mode, which provides access to most of the available commands. This is called global because whatever you configure here affects the device as a whole. Of course, you might enter a more specific configuration mode and change the behavior for only that feature. For instance, you can modify the IP address of an interface. Below you access the global configuration mode and after that the interface configuration mode:

nexus-1# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
nexus-1(config)# interface ethernet2/1
nexus-1(config-if)# ip address 1.1.1.100/24
nexus-1(config-if)# end
nexus-1# show interface e2/1 | no-more
show interface e2/1 | no-more
Ethernet2/1 is up
admin state is up, Dedicated Interface
  Hardware:  Ethernet, address: 000c.29f5.3c74 (bia 000c.29f5.3c63)
  Internet Address is 1.1.1.100/24
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, medium is broadcast
  full-duplex, 1000 Mb/s

-----output truncated for brevity-----

nexus-1#

As you can see above, the IP address of ethernet2/1 interface was changed from 1.1.1.1/24 to 1.1.1.100/24.

While we are at this and referring interfaces, it’s probably good to mention that NX-OS supports different interface types like Gigabit Ethernet and 10-Gigabit Ethernet interfaces. However, all of them are referred as Ethernet. NX-OS doesn’t designate an interface as 1G or 10G.

The CLI prompt will tell you where you are in the configuration mode. As you can see below, we are in global configuration mode and we are entering the vlan configuration mode:

nexus-2# conf t
conf t
Enter configuration commands, one per line.  End with CNTL/Z.
nexus-2(config)# vlan 100
nexus-2(config-vlan)# end
nexus-2#

As you can see from the prompt, you know that you are in vlan configuration mode. But which vlan? You can use the command “where’ to get more information about where you are in the configuration:

nexus-1(config-vlan)# where
where
  conf; vlan 100      admin@nexus-1%default
nexus-1(config-vlan)#

As a side note, there is a minor change that you will notice pretty quickly if you have experience with Cisco IOS. Cisco has removed the command “write.” On NX-OS you have to use “copy running-config startup-config.” However, you can create an alias for a shortcut.

nexus-1# wr
           ^
% Incomplete command at '^' marker.

This is how you can create your own alias:

nexus-1#

nexus-1# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
nexus-1(config)# cli alias name wr copy running-config startup-config
nexus-1(config)# end
nexus-1# wr
 [########################################] 100%
Copy complete.
nexus-1#

You can check what aliases you have configured on the device like this:

nexus-1# alias
CLI alias commands
==================
alias  :show cli alias
wr     :copy running-config startup-config
nexus-1#

I talked at the beginning of the article about telnet and ssh as methods to access the device. I also mentioned that telnet is disabled by default. Here is how you can enable it:

nexus-1# show feature | i telnet
telnetServer          1         disabled
nexus-1# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
nexus-1(config)# feature telnet
nexus-1(config)# end
nexus-1# show feature | i telnet
telnetServer          1         enabled 
nexus-1#

This is how you can setup ssh on the device:

nexus-1(config)# ssh key rsa 2048
ssh key rsa 2048
deleting old rsa key.....
generating rsa key(2048 bits).....
..
generated rsa key
nexus-1(config)# feature ssh
nexus-1(config)# show ssh key
**************************************
rsa Keys generated:Mon Nov 8 18:15:20 2013

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnpKJXrfp/spKMpm935qi8ISt74WBE3bPsSErrsrQs
JpD44X55weuc05nWDHp0lwuxnC16GcQrTDcuL4XtlBT4IB1GxRgcpWzR8Nmhgab/exY5tpH1J4krOWFU
Zs3NFirF9Nfe+1lAhJKmJND+/avwiJeRzx+ZBOiYayTSu7afgcPMnrk7DIfvOsNkhtEXQpgJNvoZrrjh
eAKmEgS1XocMif5jkR9VtAdQay6qYw3Vb3WjNBj5/cG9TUDMIQW1Fi9RINvffskVWWDW8i2ZIv0e9f6E
vJICw7V5NQ3/IxfjA2q5uXyIO6ixyGCjimChDiPS1jDNDJiTBQoyk2ySpakj

bitcount:2048
fingerprint:
60:58:8e:eb:72:a8:38:d4:7e:4a:6a:56:f8:d2:39:2a
**************************************
could not retrieve dsa key information
**************************************
nexus-1(config)# show ssh server
ssh version 2 is enabled
nexus-1(config)#

Of course, you will have to configure a username with ssh access like this:

nexus-1(config)# username test password C!sc012345
nexus-1(config)# username test sshkey ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnpKJXrfp/spKMpm935qi8ISt74WBE3bPsSErrsrQsJpD44X55weuc05nWDHp0lwuxnC16GcQrTDcuL4XtlBT4IB1GxRgcpWzR8Nmhgab/exY5tpH1J4krOWFUZs3NFirF9Nfe+1lAhJKmJND+/avwiJeRzx+ZBOiYayTSu7afgcPMnrk7DIfvOsNkhtEXQpgJNvoZrrjheAKmEgS1XocMif5jkR9VtAdQay6qYw3Vb3WjNBj5/cG9TUDMIQW1Fi9RINvffskVWWDW8i2ZIv0e9f6EvJICw7V5NQ3/IxfjA2q5uXyIO6ixyGCjimChDiPS1jDNDJiTBQoyk2ySpakj
nexus-1(config)# show user-account
show user-account
user:admin
        this user account has no expiry date
        roles:network-admin 
user:adminbackup
        this user account has no expiry date
        roles:network-operator 
no password set. Local login not allowed
Remote login through RADIUS/TACACS+ is possible
user:test
        this user account has no expiry date
        roles:network-operator 
        ssh public key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnpKJXrfp/spKMpm93
5qi8ISt74WBE3bPsSErrsrQsJpD44X55weuc05nWDHp0lwuxnC16GcQrTDcuL4XtlBT4IB1GxRgcpWzR
8Nmhgab/exY5tpH1J4krOWFUZs3NFirF9Nfe+1lAhJKmJND+/avwiJeRzx+ZBOiYayTSu7afgcPMnrk7
DIfvOsNkhtEXQpgJNvoZrrjheAKmEgS1XocMif5jkR9VtAdQay6qYw3Vb3WjNBj5/cG9TUDMIQW1Fi9R
INvffskVWWDW8i2ZIv0e9f6EvJICw7V5NQ3/IxfjA2q5uXyIO6ixyGCjimChDiPS1jDNDJiTBQoyk2yS
pakj
nexus-1(config)#

The second part will show you how you should configure features that are used much more in the daily operation of the network: configuring interfaces, adding vlans, and operations with files.

References:

  1. CCNA Data Center: Introducing Cisco Data Center Networking, by Todd Lammle & John Swartz
  2. NX-OS and Cisco NEXUS Switching, byRon Fuller, David Jansen, Matthew McPherson