Cisco NX OS fundamentals configuration guide

cisco nx-os xml interface user guide and cisco nx os troubleshooting guide and cisco nx-os documentation and cisco nx-os upgrade procedure
Dr.MohitBansal Profile Pic
Dr.MohitBansal,Canada,Teacher
Published Date:25-10-2017
Your Website URL(Optional)
Comment
Introduction to Cisco NX-OS This chapter provides an introduction and overview of NX-OS and a comparison between traditional IOS and NX-OS configurations and terminology. The following sec- tions will be covered in this chapter: ■ NX-OS Overview ■ NX-OS User Modes ■ Management Interfaces ■ Managing System Files NX-OS Overview Cisco built the next-generation data center-class operating system designed for maximum scalability and application availability. The NX-OS data center-class operating system was built with modularity, resiliency, and serviceability at its foundation. NX-OS is based on the industry-proven Cisco Storage Area Network Operating System (SAN-OS) Software and helps ensure continuous availability to set the standard for mission-critical data cen- ter environments. The self-healing and highly modular design of Cisco NX-OS enables for operational excellence increasing the service levels and enabling exceptional operational flexibility. Several advantages of Cisco NX-OS include the following: ■ Unified data center operating system ■ Robust and rich feature set with a variety of Cisco innovations ■ Flexibility and scalability ■ Modularity ■ Virtualization ■ Resiliency2 NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures ■ IPv4 and IPv6 IP routing and multicast features ■ Comprehensive security, availability, serviceability, and management features Key features and benefits of NX-OS include ■ Virtual device contexts (VDC): Cisco Nexus 7000 Series switches can be segmented into virtual devices based on customer requirements. VDCs offer several benefits such as fault isolation, administration plane, separation of data traffic, and enhanced security. ■ Virtual Port Channels (vPC): Enables a server or switch to use an EtherChannel across two upstream switches without an STP-blocked port to enable use of all avail- able uplink bandwidth. ■ Continuous system operation: Maintenance, upgrades, and software certification can be performed without service interruptions due to the modular nature of NX- OS and features such as In-Service Software Upgrade (ISSU) and the capability for processes to restart dynamically. ■ Security: Cisco NX-OS provides outstanding data confidentiality and integrity, sup- porting standard IEEE 802.1AE link-layer cryptography with 128-bit Advanced Encryption Standard (AES) cryptography. In addition to CTS, there are many addi- tional security features such as access control lists (ACL) and port-security, for example. ■ Base services: The default license that ships with NX-OS covers Layer 2 protocols including such features such as Spanning Tree, virtual LANs (VLAN), Private VLANS, and Unidirectional Link Detection (UDLD). ■ Enterprise Services Package: Provides Layer 3 protocols such as Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Intermediate System-to- Intermediate System (ISIS), Enhanced Interior Gateway Routing Protocol (EIGRP), Policy-Based Routing (PBR), Protocol Independent Multicast (PIM), and Generic Routing Encapsulation (GRE). ■ Advanced Services Package: Provides Virtual Device Contexts (VDC), Cisco Trustsec (CTS), and Overlay Transport Virtualization (OTV). ■ Transport Services License: Provides Overlay Transport Virtualization (OTV) and Multiprotocol Label Switching (MPLS) (when available). Example 1-1 shows the simplicity of installing the NX-OS license file. Example 1-1 Displaying and Installing the NX-OS License File Once a license file is obtained from Cisco.com and copied to flash, it can be in- stalled for the chassis. Displaying the host-id for License File Creation on Cisco.com:Chapter 1: Introduction to Cisco NX-OS 3 congo show license host-id License hostid: VDH=TBM14404807 Installing a License File: congo install license bootflash:license_file.lic Installing license ..done congo Note NX-OS offers feature testing for a 120-day grace period. Here is how to enable a 120-day grace period: congo(config) license grace-period The feature is disabled after the 120-day grace period begins. The license grace period is enabled only for the default admin VDC, VDC1. Using the grace period enables customers to test, configure, and fully operate a feature without the need for a license to be purchased. This is particularly helpful for testing a feature prior to purchasing a license. NX-OS Supported Platforms NX-OS data center-class operating system, designed for maximum scalability and appli- cation availability, has a wide variety of platform support, including the following: ■ Nexus 7000 ■ Nexus 5000 ■ Nexus 2000 ■ Nexus 1000V ■ Cisco MDS 9000 ■ Cisco Unified Computing System (UCS) ■ Nexus 4000 Cisco NX-OS and Cisco IOS Comparison If you are familiar with traditional Cisco IOS command-line interface (CLI), the CLI for NX-OS is similar to Cisco IOS. There are key differences that should be understood prior to working with NX-OS, however: ■ When you first log into NX-OS, you go directly into EXEC mode. ■ NX-OS has a setup utility that enables a user to specify the system defaults, per- form basic configuration, and apply a predefined Control Plane Policing (CoPP) security policy. www.allitebooks.com4 NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures ■ NX-OS uses a feature-based license model. An Enterprise or Advanced Services license is required depending on the features required. ■ A 120-day license grace period is supported for testing, but features are automati- cally removed from the configuration after the expiration date is reached. ■ NX-OS has the capability to enable and disable features such as OSPF, BGP, and so on via the feature configuration command. Configuration and verification com- mands are not available until you enable the specific feature. ■ Interfaces are labeled in the configuration as Ethernet. There aren’t any speed desig- nations in the interface name. Interface speed is dynamically learned and reflected in the appropriate show commands and interface metrics. ■ NX-OS supports Virtual Device Contexts (VDC), which enable a physical device to be partitioned into logical devices. When you log in for the first time, you are in the default VDC. ■ The Cisco NX-OS has two preconfigured instances of VPN Routing Forwarding (VRF) by default (management, default). By default, all Layer 3 interfaces and routing protocols exist in the default VRF. The mgmt0 interface exists in the management VRF and is accessible from any VDC. If VDCs are configured, each VDC has a unique IP address for the mgmt0 interface. ■ Secure Shell version 2 (SSHv2) is enabled by default. (Telnet is disabled by default.) ■ Default login administrator user is predefined as admin; a password has to be speci- fied when the system is first powered up. With NX-OS, you must enter a username and password; you cannot disable the username and password login. In contrast, in IOS you can simply type a password; you can optionally set the login to require the use of a username. ■ NX-OS uses a kickstart image and a system image. Both images are identified in the configuration file as the kickstart and system boot variables; this is the same as the Cisco Multilayer Director Switch (MDS) Fibre Channel switches running SAN-OS. ■ NX-OS removed the write memory command; use the copy running-config startup-config; there is also the alias command syntax. ■ The default Spanning Tree mode in NX-OS is Rapid-PVST+. Caution In NX-OS, you have to enable features such as OSPF, BGP, and CTS; if you remove a feature via the no feature command, all relevant commands related to that feature are removed from the running configuration. For example, when configuring vty timeouts and session limits, consider Example 1-2, which illustrates the difference between IOS and NX-OS syntax.Chapter 1: Introduction to Cisco NX-OS 5 Example 1-2 vty Configurations and Session Limits, Comparing the Differences Between Traditional IOS and NX-OS IOS: congo congo(config) line vty 0 9 congo(config) exec-timeout 15 0 congo(config) login congo copy running-config startup-config - NX-OS: congo(config) line vty congo(config) session-limit 10 congo(config) exec-timeout 15 congo copy running-config startup-config NX-OS User Modes Cisco NX-OS CLI is divided into command modes, which define the actions available to the user. Command modes are “nested” and must be accessed in sequence. As you navi- gate from one command mode to another, an increasingly larger set of commands become available. All commands in a higher command mode are accessible from lower command modes. For example, the show commands are available from any configuration command mode. Figure 1-1 shows how command access builds from EXEC mode to global configuration mode. Nx7000 (config) Global Configuration Command Mode – Configure features on the device – Includes EXEC commands Nx7000 EXEC Mode – Connect to Remote Devices – Change Terminal Line Settings – Perform Basic Tests – Save Device Configuration – Display Device Information (show commands) Figure 1-1 NX-OS Command Access from EXEC Mode to Global Configuration Mode6 NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures EXEC Command Mode When you first log in, Cisco NX-OS Software places you in EXEC mode. As demon- strated in Example 1-3, the commands available in EXEC mode include the show com- mands that display device status and configuration information, the clear commands, and other commands that perform actions that you do not save in the device configuration. Example 1-3 Cisco NX-OS EXEC Mode Congo show interface ethernet 1/15 Ethernet1/15 is down (SFP not inserted) Hardware: 10000 Ethernet, address: 001b.54c2.bbc1 (bia 001b.54c1.e4da) MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA auto-duplex, auto-speed Beacon is turned off Auto-Negotiation is turned off Input flow-control is off, output flow-control is off Switchport monitor is off Last link flapped never Last clearing of “show interface” counters never 30 seconds input rate 0 bits/sec, 0 packets/sec 30 seconds output rate 0 bits/sec, 0 packets/sec Load-Interval 2: 5 minute (300 seconds) input rate 0 bps, 0 pps; output rate 0 bps, 0 pps L3 in Switched: ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes L3 out Switched: ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes Output omitted for brevity Congo Global Configuration Command Mode Global configuration mode provides access to the broadest range of commands. The term global indicates characteristics or features that affect the device as a whole. You can enter commands in global configuration mode to configure your device globally or enter more specific configuration modes to configure specific elements such as interfaces or proto- cols as demonstrated here: Nx7000 conf t Nx7000(config) interface ethernet 1/15Chapter 1: Introduction to Cisco NX-OS 7 Interface Configuration Command Mode One example of a specific configuration mode that you enter from global configuration mode is interface configuration mode. To configure interfaces on your device, you must specify the interface and enter interface configuration mode. You must enable many features on a per-interface basis. Interface configuration com- mands modify the operation of the interfaces on the device, such as Ethernet interfaces or management interfaces (mgmt 0). Example 1-4 demonstrates moving between the different command modes in NX-OS. Example 1-4 Interface Ethernet1/5 Is a 10Gigabit Ethernet Interface—Show How the Interface Is Designated at Ethernet and Not Interface Ten1/15. congo conf t congo(config) interface ethernet 1/15 congo(config-if) exit Congo show interface ethernet 1/15 Ethernet1/15 is down (SFP not inserted) Hardware: 10000 Ethernet, address: 001b.54c2.bbc1 (bia 001b.54c1.e4da) MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA auto-duplex, auto-speed Beacon is turned off Auto-Negotiation is turned off Input flow-control is off, output flow-control is off Switchport monitor is off Last link flapped never Last clearing of “show interface” counters never 30 seconds input rate 0 bits/sec, 0 packets/sec 30 seconds output rate 0 bits/sec, 0 packets/sec Load-Interval 2: 5 minute (300 seconds) input rate 0 bps, 0 pps; output rate 0 bps, 0 pps L3 in Switched: ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes L3 out Switched: ucast: 0 pkts, 0 bytes - mcast: 0 pkts, 0 bytes Congo NX-OS supports different Ethernet interface types such as Gigabit Ethernet and 10- Gigabit Ethernet interfaces. All interfaces are referred to Ethernet; NX-OS does not des- ignate Gigabit or 10-Gigabit Ethernet interfaces. In Example 1-4, interface 1/15 is a 10-Gigabit Ethernet interface.8 NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures Management Interfaces NX-OS has many different type of management interfaces, all of which the following sec- tion covers: ■ Controller Processor (CP)/Supervisor: Has both the management plane and control plane and is critical to the operation of the network. ■ Connectivity Management Processor (CMP): Provides a second network interface to the device for use even when the CP is not reachable. The CMP interface is used for out-of-band management and monitoring; the CMP interface is independent from the primary operating system. ■ MGMT0: Provides true out-of-band management through a dedicated interface and VRF to ensure 100 percent isolation from either control plane or data plane. MGMT0 enables you to manage the devices by the IPv4 or IPv6 address on the MGMT0 interface; the mgmt0 interface is a 10/100/1000 Ethernet interface. When implementing Virtual port-channel (vPC), a best practice is to use the MGMT0 inter- face for the VPC keepalive link. ■ Telnet: Provides an unsecure management connection to the NX-OS device. ■ SSH: Provides a secure management connection to the NX-OS device. ■ Extended Markup Language (XML) management interfaces: Use the XML-based Network Configuration Protocol (NETCONF) that enables management, monitoring, and communication over the interface with an XML management tool or program. ■ Simple Network Management Protocol (SNMP): Used by management systems to monitor and configure devices via a set of standards for communication over the TCP/IP protocol. Controller Processor (Supervisor Module) The Cisco Nexus 7000 series supervisor module is designed to deliver scalable control plane and management functions for the Cisco Nexus 7000 Series chassis. The Nexus 7000 supervisor module is based on an Intel dual-core processor that enables a scalable control plane. The supervisor modules controls the Layer 2 and Layer 3 services, redun- dancy capabilities, configuration management, status monitoring, power, and environ- mental management. The supervisor module also provides centralized arbitration to the system fabric for all line cards. The fully distributed forwarding architecture enables the supervisor to support transparent upgrades to higher forwarding capacity-capable I/O and fabric modules. Two supervisors are required for a fully redundant system, with one supervisor module running as the active device and the other in hot standby mode, pro- viding exceptional high-availability features in data center-class products. Additional fea- tures and benefits of the Nexus 7000 supervisor modules to meet demanding data center requirements follow:Chapter 1: Introduction to Cisco NX-OS 9 ■ Active and standby supervisor. ■ In-Service Software Upgrade (ISSU) with dual supervisor modules. ■ Virtual output queuing (VoQ), which is a quality of service (QoS)-aware lossless fab- ric, avoids the problems associated with head-of-line blocking. ■ USB interfaces that enable access to USB flash memory devices for software image loading and recovery. ■ Central arbitration that provides symmetrical control of the flow of traffic through the switch fabric helps ensure transparent switchover with no losses. ■ Segmented and redundant out-of-band provisioning and management paths. ■ Virtualization of the management plane via Virtual Device Contexts (vDC). ■ Integrated diagnostics and protocol decoding with an embedded control plane packet analyzer; this is based on the Wireshark open source. (No additional licenses are required.) ■ Fully decoupled control plane and data plane with no hardware forwarding on the module. ■ Distributed forwarding architecture, enabling independent upgrades of the supervi- sor and fabric. ■ With Central arbitration and VoQ, this enables for Unified Fabric. ■ Transparent upgrade capacity and capability; designed to support 40-Gigabit and 100-Gigabit Ethernet. ■ System locator and beacon LEDs for simplified operations. ■ Dedicated out-of-band management processor for “lights out” management. Connectivity Management Processor (CMP) The supervisor incorporates an innovative dedicated connectivity management processor (CMP) to support remote management and troubleshooting of the complete system. The CMP provides a complete out-of-band management and monitoring capability independ- ent from the primary operating system. The CMP enables lights out management of the supervisor module, all modules, and the Cisco Nexus 7000 Series system without the need for separate terminal servers with the associated additional complexity and cost. The CMP delivers the remote control through its own dedicated processor, memory, and boot flash memory and a separate Ethernet management port. The CMP can reset all sys- tem components, including power supplies; it can also reset the host supervisor module to which it is attached, enabling a complete system restart. The CMP offer many benefits, including the following: ■ Dedicated processor and memory, and boot flash. ■ The CMP interface can reset all the system components, which include power, super- visor module, and system restart.10 NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures ■ An independent remote system management and monitoring capability enables lights out management of the system. ■ Remote monitoring of supervisor status and initiation of resets that removes the need for separate terminal server devices for out-of-band management. ■ System reset while retaining out-of-band Ethernet connectivity, which reduces the need for onsite support during system maintenance. ■ Capability to remotely view boot-time messages during the entire boot process. ■ Capability to initiate a complete system power shutdown and restart, which elimi- nates the need for local operator intervention to reset power for devices. ■ Login authentication, which provides secure access to the out-of-band management environment. ■ Access to supervisor logs that enables rapid detection and prevention of potential system problems. ■ Capability to take full console control of the supervisor. ■ Complete control is delivered to the operating environment. Example 1-5 shows how to connect to the CMP interface and the available show com- mands available from the CMP interface. Also, note the escape sequence of “,” to get back to the main NX-OS interface. You can also connect from the CMP back to the CP module. Example 1-5 Connecting to the CMP Interface, Displaying Available show Commands N7010-1 attach cmp Connected Escape character is ‘,’ tilde comma N7010-1-cmp5 login: admin Password: Last login: Tue Aug 11 23:58:12 2009 on ttyS1 N7010-1-cmp5 attach cp This command will disconnect the front-panel console on this supervisor, and will clear all console attach sessions on the CP - proceed(y/n)? y N7010-1 N7010-1 attach cmp Connected Escape character is ‘,’ tilda comma N7010-1-cmp5 login: admin Password: Last login: Wed Aug 12 00:06:12 2009 on ttyS1Chapter 1: Introduction to Cisco NX-OS 11 N7010-1-cmp5 show ? attach Serial attach/monitor processes clock Display current date cores Show all core dumps for CMP cp Show CP status information hardware Show cmp hardware information interface Display interface information line Show cmp line information logging Show logging configuration and contents of logfile logs Show all log files for CMP processes Show cmp processes information running-config Current operating configuration sprom Show SPROM contents ssh SSH information system Show system information users Show the current users logged in the system version Show cmp boot information Telnet NX-OS enables for Telnet server and client. The Telnet protocol enables TCP/IP terminal connections to a host. Telnet enables a user at one site to establish a TCP connection to a login server at another site and then passes the keystrokes from one device to the other. Telnet can accept either an IP address or a domain name as the remote device address. Note Remember that the Telnet server is disabled by default in NX-OS. The Telnet server is disabled by default on an NX-OS device. Example 1-6 demonstrates how to enable a Telnet server in NX-OS. Example 1-6 Enabling a Telnet Server in NX-OS N7010-1 conf t Enter configuration commands, one per line. End with CNTL/Z. N7010-1(config) feature telnet N7010-1(config) show telnet server telnet service enabled N7010-1(config) copy running-config startup-config 100%12 NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures SSH NX-OS supports SSH Server and SSH Client. Use SSH server to enable an SSH client to make a secure, encrypted connection to a Cisco NX-OS device; SSH uses strong encryp- tion for authentication. The SSH server in Cisco NX-OS Software can interoperate with publicly and commercially available SSH clients. The user authentication mechanisms supported for SSH are Remote Authentication Dial-In User Service (RADIUS), Terminal Access Controller Access Control System Plus (TACACS+), and the use of locally stored usernames and passwords. The SSH client application enables the SSH protocol to provide device authentication and encryption. The SSH client enables a Cisco NX-OS device to make a secure, encrypted connection to another Cisco NX-OS device or to any other device that runs the SSH server. SSH requires server keys for secure communications to the Cisco NX-OS device. You can use SSH server keys for the following SSH options: ■ SSH version 2 using Rivest, Shamir, and Adelman (RSA) public-key cryptography ■ SSH version 2 using the Digital System Algorithm (DSA) Be sure to have an SSH server key-pair with the appropriate version before allowing the SSH service. You can generate the SSH server key-pair according to the SSH client version used. The SSH service accepts two types of key-pairs for use by SSH version 2: ■ The dsa option generates the DSA key-pair for the SSH version 2 protocol. ■ The rsa option generates the RSA key-pair for the SSH version 2 protocol. By default, Cisco NX-OS Software generates an RSA key using 1024 bits. SSH supports the following public key formats: ■ OpenSSH ■ IETF Secure Shell (SECSH) Example 1-7 demonstrates how to enable SSH server and configure the SSH server keys. Example 1-7 Enabling SSH Server and Configuring SSH Server Keys N7010-1 conf t Enter configuration commands, one per line. End with CNTL/Z. N7010-1(config) no feature ssh XML interface to system may become unavailable since ssh is disabled N7010-1(config) ssh key rsa 2048 generating rsa key(2048 bits).....Chapter 1: Introduction to Cisco NX-OS 13 .. generated rsa key N7010-1(config) feature ssh N7010-1(config) exit N7010-1 show ssh key rsa Keys generated:Thu Aug 13 23:33:41 2009 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6+TdX+ABH/mq1gQbfhhsjBmm65ksgfQb3Mb3qbwUbNlc Aa6fjJCGdHuf3kJox/hjgPDChJOdkUXHjESlV59OhZP/NHlBrBq0TGRr+hfdAssD3wG5oPkywgM4+bR/ ssCzoj6jVG41tGmfPip4pr3dqsMzR21DXSKK/tdj7bipWKy1wSkYQzZwatIVPIXRqTJY7L9a+JqVIJEA 0QlJM1l0wZ5YbxccB2GKNKCM2x2BZl4okVgl80CCJg7vmn+8RqIOQ5jNAPNeb9kFw9nsPj/r5xFC1RcS KeQbdYAjItU6cX1TslRnKjlWewCgIa26dEaGdawMVuftgu0uM97VCOxZPQ== bitcount:2048 fingerprint: 1f:b7:a3:3b:f5:ca:a6:36:19:93:98:c7:37:ba:27:db could not retrieve dsa key information N7010-1 show ssh server ssh version 2 is enabled N7010-1(config) username nxos-admin password C1sc0123 N7010-1(config) username nxos-admin sshkey ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6+TdX+ABH/mq1gQbfhhsjBmm65ksgfQb3Mb3qbwUbNlcAa6fjJCGdHu f3kJox/hjgP DChJOd- kUXHjESlV59OhZP/NHlBrBq0TGRr+hfdAssD3wG5oPkywgM4+bR/ssCzoj6jVG41tGmfPip4pr3dqsMzR21 DXSKK/tdj7b ip- WKy1wSkYQzZwatIVPIXRqTJY7L9a+JqVIJEA0QlJM1l0wZ5YbxccB2GKNKCM2x2BZl4okVgl80CCJg7vmn+ 8RqIOQ5jNAP Neb9kFw9nsPj/r5xFC1RcSKeQbdYAjItU6cX1TslRnKjlWewCgIa26dEaGdawMVuftgu0uM97VCOxZPQ== N7010-1(config) show user-account user:admin this user account has no expiry date roles:network-admin user:nxos-admin this user account has no expiry date roles:network-operator ssh public key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6+TdX+ABH/mq1gQbfhhsjBmm65ksgfQb3Mb3qbwUbNlcAa6fjJCGdHu f3kJox/hjgP DChJOd- kUXHjESlV59OhZP/NHlBrBq0TGRr+hfdAssD3wG5oPkywgM4+bR/ssCzoj6jVG41tGmfPip4pr3dqsMzR21 DXSKK/tdj7b www.allitebooks.com14 NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures ip- WKy1wSkYQzZwatIVPIXRqTJY7L9a+JqVIJEA0QlJM1l0wZ5YbxccB2GKNKCM2x2BZl4okVgl80CCJg7vmn+ 8RqIOQ5jNAP Neb9kFw9nsPj/r5xFC1RcSKeQbdYAjItU6cX1TslRnKjlWewCgIa26dEaGdawMVuftgu0uM97VCOxZPQ== N7010-1(config) N7010-1 copy running-config startup-config 100% N7010-1 XML NX-OS has a robust XML management interface, which can be used to configure the entire switch. The interface uses the XML-based Network Configuration Protocol (NET- CONF) that enables you to manage devices and communicate over the interface with an XML management tool or a program. NETCONF is based on RFC 4741 and the NX-OS implementation requires you to use a Secure Shell (SSH) session for communication with the device. NETCONF is implemented with an XML Schema (XSD) that enables you to enclose device configuration elements within a remote procedure call (RPC) message. From within an RPC message, you select one of the NETCONF operations that matches the type of command that you want the device to execute. You can configure the entire set of CLI commands on the device with NETCONF. The XML management interface does not require any additional licensing. XML manage- ment is included with no additional charge. XML/NETCONF can be enabled via a web2.0/ajax browser application that uses XML/NETCONF to pull all statistics off all interfaces on the Nexus 7000 running NX- OS in a dynamically updating table. Figures 1-2, 1-3, and 1-4 demonstrate sample output from the XML/NETCONF interface. SNMP The Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitor- ing and management of devices in a network. SNMP has different versions such as SNMPv1, v2, and v3. Each SNMP version has differ- ent security models or levels. Most Enterprise customers are looking to implement SNMPv3 because it offers encryption to pass management information (or traffic) across the network. The security level determines if an SNMP message needs to be protected and authenticated. Various security levels exist within a security model: ■ noAuthNoPriv: Security level that does not provide authentication or encryption.Chapter 1: Introduction to Cisco NX-OS 15 ■ authNoPriv: Security level that provides authentication but does not provide encryption. ■ authPriv: Security level that provides both authentication and encryption. Figure 1-2 Obtaining NX-OS Real-Time Interface Statistics via NETCONF/XML. The IP Address Entered Is the NX-OS mgmt0 Interface. Figure 1-3 Login Results to the NX-OS Devices via NETCONF/XML16 NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures Figure 1-4 Results of the Selected Attributes, Such as Speed, Duplex, Errors, Counters, MAC Address. The Page Refreshes Every 10 Seconds. Cisco NX-OS supports the following SNMP standards: ■ SNMPv1: Simple community-string based access. ■ SNMPv2c: RFC 2575-based group access that can be tied into RBAC model. ■ SNMPv3: Enables for two independent security mechanisms, authentication (Hashed Message Authentication leveraging either Secure Hash Algorithm SHA-1 or Message Digest 5 MD5 algorithms) and encryption (Data Encryption Standard DES as the default and Advanced Encryption Standard AES) to ensure secure com- munication between NMS station and N7K/NX-OS. Both mechanisms are imple- mented as demonstrated in Example 1-8. As NX-OS is truly modular and highly available, the NX-OS implementation of SNMP supports stateless restarts for SNMP. NX-OS has also implemented virtualization support for SNMP; NX-OS supports one instance of SNMP per virtual device context (VDC). SNMP is also VRF-aware, which allows you to configure SNMP to use a particular VRF to reach the network management host. Example 1-8 demonstrates how to enable SNMPv3 on NX-OS. Example 1-8 Enabling SNMPv3 on NX-OS N7010-1 conf t Enter configuration commands, one per line. End with CNTL/Z. N7010-1(config) snmp-server user NMS auth sha Cisc0123 priv Cisc0123 engineIDChapter 1: Introduction to Cisco NX-OS 17 00:00:00:63:00:01:00:10:20:15:10:03 N7010-1(config) snmp-server host 10.100.22.254 informs version 3 auth NMS N7010-1(config) snmp-server community public ro N7010-1(config) snmp-server community nxos rw N7010-1(config) show snmp sys contact: sys location: 0 SNMP packets input 0 Bad SNMP versions 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 0 No such name PDU 0 Bad value PDU 0 Read Only PDU 0 General errors 0 Get Responses 45 SNMP packets output 45 Trap PDU 0 Too big errors 0 No such name errors 0 Bad values errors 0 General errors 0 Get Requests 0 Get Next Requests 0 Set Requests 0 Get Responses 0 Silent drops Community Group / Access context acl_filter - - nxos network-admin public network-operator ______________________________________________________________ SNMP USERS ______________________________________________________________ User Auth Priv(enforce) Groups ____ ____ _____________ ______ admin md5 des(no) network-admin18 NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures nxos-admin sha des(no) network-operator ______________________________________________________________ NOTIFICATION TARGET USERS (configured for sending V3 Inform) ______________________________________________________________ User Auth Priv ____ ____ ____ NMS sha des (EngineID 0:0:0:63:0:1:0:10:20:15:10:3) SNMP Tcp Authentication Flag : Enabled. - Port Monitor : enabled - Policy Name : default Admin status : Not Active Oper status : Not Active Port type : All Ports - Counter Threshold Interval Rising Threshold event Falling Threshold event In Use - - - Link Loss Delta 60 5 4 1 4 Yes Sync Loss Delta 60 5 4 1 4 Yes Protocol Error Delta 60 1 4 0 4 Yes Signal Loss Delta 60 5 4 1 4 Yes Invalid Words Delta 60 1 4 0 4 Yes Invalid CRC’s Delta 60 5 4 1 4 Yes RX Performance Delta 60 2147483648 4 524288000 4 Yes TX Performance Delta 60 2147483648 4 524288000 4 Yes - SNMP protocol : Enabled - Context Protocol instance, VRF, Topology N7010-1 show snmp user ______________________________________________________________Chapter 1: Introduction to Cisco NX-OS 19 SNMP USERS ______________________________________________________________ User Auth Priv(enforce) Groups ____ ____ _____________ ______ admin md5 des(no) network-admin nxos-admin sha des(no) network-operator ______________________________________________________________ NOTIFICATION TARGET USERS (configured for sending V3 Inform) ______________________________________________________________ User Auth Priv ____ ____ ____ NMS sha des (EngineID 0:0:0:63:0:1:0:10:20:15:10:3) N7010-1(config) exit N7010-1 copy running-config startup-config 100% N7010-1 DCNM Cisco Data Center Network Manager (DCNM) is a management solution that supports NX-OS devices. DCNM maximizes the overall data center infrastructure uptime and reli- ability, which improves service levels. Focused on the operational management require- ments of the data center, DCNM provides a robust framework and rich feature set that fulfills the switching, application, automation, provisioning, and services needs of today’s data centers and tomorrow’s data center requirements. DCNM is a client-server application supporting a Java-based client-server application. The DCNM client communicates with the DCNM server only, never directly with man- aged Cisco NX-OS devices. The DCNM server uses the XML management interface of Cisco NX-OS devices to manage and monitor them. The XML management interface is a programmatic method based on the NETCONF protocol that complements the CLI functionality. DCNM has a robust configuration and feature support on the NX-OS platform. The fol- lowing features can be configured, provisioned, and monitored through DCNM enter- prise management: ■ Physical ports ■ Port channels and virtual port channels (vPC) ■ Loopback and management interfaces20 NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures ■ VLAN network interfaces (sometimes referred to as switched virtual interfaces SVI) ■ VLAN and private VLAN (PVLAN) ■ Spanning Tree Protocol, including Rapid Spanning Tree (RST) and Multi-Instance Spanning Tree Protocol (MST) ■ Virtual Device Contexts ■ Gateway Load Balancing Protocol (GLBP) and object tracking ■ Hot Standby Router Protocol (HSRP) ■ Access control lists ■ IEEE 802.1X ■ Authentication, authorization, and accounting (AAA) ■ Role-based access control ■ Dynamic Host Configuration Protocol (DHCP) snooping ■ Dynamic Address Resolution Protocol (ARP) inspection ■ IP Source Guard ■ Traffic storm control ■ Port security ■ Hardware resource utilization with Ternary Content Addressable Memory (TCAM) statistics ■ Switched Port Analyzer (SPAN) DCNM also includes end-end enterprise visibility including topology views, event browsers, configuration change management, device operating system management, hard- ware asset inventory, logging, and statistical data collection management. Managing System Files Directories can be created on bootflash: and external flash memory (slot0:, usb1:, and usb2:); you can also navigate through these directories and use them for files. Files can be created and accessed on bootflash:, volatile:, slot0:, usb1:, and usb2: file systems. Files can be accessed only on the system: file systems. Debug file system can be used for debug log files specified in the debug logfile command. System image files, from remote servers using FTP, Secure Copy (SCP), Secure Shell FTP (SFTP), and TFTP can also be downloaded.

Advise: Why You Wasting Money in Costly SEO Tools, Use World's Best Free SEO Tool Ubersuggest.