Nexus 7000 NX OS PDF
Nexus 7000 NX OS PDF
Nexus 7000 NX OS PDF
INDEX
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 IN-1
Index
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
IN-2 OL-20635-03
Index
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 IN-3
Index
L M
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
IN-4 OL-20635-03
Index
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 IN-5
Index
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
IN-6 OL-20635-03
Index
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 IN-7
Index
mapping message levels to syslog levels (table) 7-5 example configuration 11-27
message formats feature history (table) 11-29
full text (table) 7-29, 7-30 filtering SNMP requests 11-10
full-text format, example 7-32 group-based access 11-5
inventory events (table) 7-31 guidelines 11-7
options 7-2 high availability 11-6
proactive events (table) 7-31 licensing requirements 11-6
reactive events (table) 7-31 limitations 11-7
short text (table) 7-29 manager 11-2
XML (table) 7-29, 7-30 MIBs 11-2
XML format, example 7-35 MIBs supported 11-29
message levels 7-5 multiple instance support 11-5
MIBs 7-39 notifications
modifying an alert group 7-17 configuring LinkUp/LinkDown
notifications 11-22
prerequisites 7-8
configuring notification receivers 11-11
registration requirements 7-6
sending a test message 7-26
configuring notification receivers with
VRFs 11-13
SMARTnet registration 7-6
configuring source interface for 11-12
verifying configuration 7-26
configuring the notification target user 11-12
virtualization support 7-7
description 11-2
SNMP
enabling individual notifications 11-16
agent 11-2
informs 11-2
assigning contact 11-23
trap 11-2
assigning location 11-23
notification source interface 11-12
assigning multiple user roles 11-9
prerequisites 11-6
authentication 11-4
RFCs 11-2
configuring a user 11-8
RMON 12-1
configuring context to network entity mapping 11-24
user synchronization with CLI 11-4
context mapping 11-6
versions
contexts 11-5
security models and levels 11-3
creating communities 11-10
SNMPv3 11-2
default settings 11-7
USM 11-4
description 11-1 to 11-6
virtualization support 11-6
disabling protocol 11-26
VRFs 11-6
display ifIndex values 11-23
SNMP requests
EEM support 11-5
filtering 11-10
enabling one-time authentication 11-23
source rate limit, configuring for SPAN sessions 16-17
enforcing encryption 11-9
SPAN
engine ID format 11-8
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
IN-8 OL-20635-03
Index
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 IN-9
Index
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
IN-10 OL-20635-03
Send document comments to [email protected].
This chapter provides release-specific information for each new and changed feature in the Cisco Nexus
7000 Series NX-OS System Management Configuration Guide, Release 5.x. The latest version of this
document is available at the following Cisco website:
http://www.cisco.com/en/US/products/ps9402/products_installation_and_configuration_guides_list.ht
ml
To check for additional information about Cisco NX-OS Release 5.x, see the Cisco Nexus 7000 Series
NX-OS Release Notes, Release 5.x available at the following Cisco website:
http://www.cisco.com/en/US/products/ps9402/prod_release_notes_list.html
Table 1 summarizes the new and changed features for the Cisco Nexus 7000 Series NX-OS System
Management Configuration Guide, Release 5.x and tells you where they are documented.
Change
d in
Feature Description Release Where Documented
NTP Increased the length of NTP authentication keys 5.2(3) Chapter 1, “Configuring NTP
from 8 to 15 alphanumeric characters. Authentication”
CFS protocol Added CFS over Fibre Channel (CFSoFC) 5.2(1) Chapter 1, “Configuring CFS”
distribution support for device alias, DPVM, FC
domain, FC port security, FC timer, IVR, and
RSCN.
EEM event correlation Added support for multiple event triggers in a 5.2(1) Chapter 1, “Configuring the
single EEM policy. Embedded Event Manager”
ERSPAN Added ERSPAN source support for Cisco Nexus 5.2(1) Chapter 1, “Configuring ERSPAN”
2000 Series Fabric Extender interfaces.
ERSPAN Added the ability to configure the multicast best 5.2(1) Chapter 1, “Configuring ERSPAN”
effort mode for an ERSPAN session.
HTTP proxy server for Added the ability to send HTTP messages 5.2(1) Chapter 1, “Configuring Smart
Smart Call Home through an HTTP proxy server. Call Home”
LLDP Added LLDP support for the Cisco Nexus 2000 5.2(1) Chapter 1, “Configuring LLDP”
Series Fabric Extender.
NetFlow Added NetFlow support on switch virtual 5.2(1) Chapter 1, “Configuring NetFlow”
interfaces (SVIs) for F1 Series ports.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 11
New and Changed Information
Change
d in
Feature Description Release Where Documented
NTP Added NTP support for all VDCs, enabling them 5.2(1) Chapter 1, “Virtualization
to act as time servers. Support”
NTP Added the ability to configure the device as an 5.2(1) Chapter 1, “Configuring the Device
authoritative NTP server, enabling it to distribute as an Authoritative NTP Server”
time even when it is not synchronized to an
existing time server.
NTP Changed the command to enable or disable NTP 5.2(1) Chapter 1, “Enabling or Disabling
from [no] ntp enable to [no] feature ntp. NTP”
NTP access groups Added the serve, serve-only, and query-only 5.2(1) Chapter 1, “Configuring NTP
access group options to control access to Access Restrictions”
additional NTP services.
Online diagnostics Enabled the SpineControlBus test on the standby 5.2(1) Chapter 1, “Configuring Online
(GOLD) supervisor. Diagnostics”
Online diagnostics Deprecated the SnakeLoopback test on F1 Series 5.2(1) Chapter 1, “Configuring Online
(GOLD) modules. Diagnostics”
PTP Added support for the Precision Time Protocol 5.2(1) Chapter 1, “Configuring PTP”
(PTP).
SPAN Added SPAN source support for Cisco Nexus 5.2(1) Chapter 1, “Configuring SPAN”
2000 Series Fabric Extender interfaces.
SPAN Added the ability to configure MTU truncation, 5.2(1) Chapter 1, “Configuring SPAN”
the source rate limit, and the multicast best effort
mode for each SPAN session.
System message logging Added the ability to add the description for 5.2(1) Chapter 1, “Configuring System
physical Ethernet interfaces and subinterfaces in Message Logging”
the system message log.
Online diagnostics Added support for the SnakeLoopback test on F1 5.1(2) Chapter 1, “Configuring Online
(GOLD) Series modules. Diagnostics”
Bridged NetFlow Added support for VLAN configuration mode, 5.1(1) Chapter 1, “Configuring Bridged
which enables you to configure VLANs NetFlow on a VLAN”
independently of their creation, when configuring
bridged NetFlow on a VLAN.
DCBXP This link layer protocol is used to announce, 5.1(1) Chapter 1, “Configuring LLDP”
exchange, and negotiate node parameters
between peers.
ERSPAN and ERSPAN You can configure ERSPAN to monitor traffic 5.1(1) Chapter 1, “Configuring ERSPAN”
ACLs across the IP network.
Online diagnostics Added support for FIPS and 5.1(1) Chapter 1, “Configuring Online
(GOLD) BootupPortLoopback tests. Diagnostics”
RMON Enabled RMON by default. 5.1(1) Chapter 1, “Configuring RMON”
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
12 OL-20635-03
New and Changed Information
Change
d in
Feature Description Release Where Documented
SPAN Added support for F1 Series modules and 5.1(1) Chapter 1, “Configuring SPAN”
increased the number of supported SPAN
sessions from 18 to 48.
Syslog as EEM publisher You can monitor syslog messages from the 5.1(1) Chapter 1, “Configuring the
switch. Embedded Event Manager” and
Appendix 1, “Embedded Event
Manager System Events and
Configuration Examples”
Syslog servers Increased the number of supported syslog servers 5.1(1) Chapter 1, “Configuring System
from three to eight. Message Logging”
SMTP server You can configure multiple SMTP servers for 5.0(2) Chapter 1, “Configuring Smart
configuration for Smart Smart Call Home. Call Home”
Call Home
VRF support for HTTP VRFs can be used to send e-mail and other Smart 5.0(2) Chapter 1, “Configuring Smart
transport of Smart Call Call Home messages over HTTP. Call Home”
Home messages
Smart Call Home crash Messages are sent for process crashes on line 5.0(2) Chapter 1, “Configuring Smart
notifications cards (as well as supervisor modules). Call Home”
EEM system policies Fan EEM policies are modified for the Cisco 5.0(2) Appendix 1, “Embedded Event
Nexus 7000 10-Slot Switch. Manager System Events and
Configuration Examples”
LLDP You can configure the Link Layer Discovery 5.0(2) Chapter 1, “Configuring LLDP”
Protocol (LLDP) in order to discover other
devices on the local network.
NetFlow You can specify the NetFlow instance for which 5.0(2) Chapter 1, “Verifying the NetFlow
you want to display NetFlow IPv4 flows and Configuration”
NetFlow table utilization.
NTP access groups You can control access to NTP services by using 5.0(2) Chapter 1, “Configuring NTP
access groups. Authentication”
NTP authentication You can configure the device to authenticate the 5.0(2) Chapter 1, “Configuring NTP
time sources to which the local clock is Authentication”
synchronized.
NTP logging You can configure NTP logging in order to 5.0(2) Chapter 1, “Configuring NTP
generate system logs with significant NTP events. Authentication”
NTP server configuration Added the optional key keyword to the ntp 5.0(2) Chapter 1, “Configuring NTP
server command to configure a key to be used Authentication”
while communicating with the NTP server.
SNMP notifications Updated the snmp-server enable traps 5.0(2) Chapter 1, “Configuring SNMP”
commands.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13
New and Changed Information
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
14 OL-20635-03
Send document comments to [email protected].
Preface
This preface describes the audience, organization and conventions of the Cisco Nexus 7000 Series
NX-OS System Management Configuration Guide, Release 5.x. It also provides information on how to
obtain related documentation.
This chapter includes the following sections:
• Audience, page 15
• Document Organization, page 15
• Document Conventions, page 17
• Related Documentation, page 17
• Obtaining Documentation and Submitting a Service Request, page 19
Audience
This publication is for experienced network administrators who configure and maintain Cisco NX-OS
devices.
Document Organization
This document is organized into the following chapters:
Title Description
Chapter 1, “Overview” Provides an overview of the features in this
document.
Chapter 1, “Configuring CFS” Describes how to use Cisco Fabric Services (CFS)
to distribute data, including configuration
changes, to all Cisco NX-OS devices in a
network.
Chapter 1, “Configuring NTP” Describes how to configure the Network Time
Protocol (NTP).
Chapter 1, “Configuring PTP” Describes how to configure the Precision Time
Protocol (PTP).
Chapter 1, “Configuring CDP” Describes how to configure the Cisco Discovery
Protocol (CDP).
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 15
Preface
Title Description
Chapter 1, “Configuring System Message Describes how to configure logging for system
Logging” messages.
Chapter 1, “Configuring Smart Call Home” Describes how to configure the smart Call Home
feature for e-mail-based notification of critical
system policies.
Chapter 1, “Configuring Rollback” Describes how to create configuration snapshots
with the rollback feature and how to apply
commands in batch mode with the Session
Manager.
Chapter 1, “Configuring Session Manager” Describes how to apply commands in batch mode
with the Session Manager.
Chapter 1, “Configuring the Scheduler” Describes how to schedule batch configuration
jobs.
Chapter 1, “Configuring SNMP” Describes how to configure SNMP and enable
SNMP notifications.
Chapter 1, “Configuring RMON” Describes how to monitor the device by
configuring RMON alarms and events.
Chapter 1, “Configuring Online Diagnostics” Describes how to configure online diagnostics to
monitor the software and hardware.
Chapter 1, “Configuring the Embedded Event Describes how to configure the Embedded Event
Manager” Manager.
Chapter 1, “Configuring Onboard Failure Describes how to configure on-board failure
Logging” logging to log failure data to persistent storage.
Chapter 1, “Configuring SPAN” Describes how to configure SPAN to monitor
traffic into and out of a port.
Chapter 1, “Configuring ERSPAN” Describes how to configure ERSPAN to transport
mirrored traffic in an IP network on Cisco NX-OS
devices.
Chapter 1, “Configuring LLDP” Describes how to configure Link Layer Discovery
Protocol (LLDP) in order to discover servers that
are connected to your device.
Chapter 1, “Configuring NetFlow” Describes how to configure NetFlow to gather
statistics on input and output traffic.
Appendix 1, “IETF RFCs supported by Cisco Lists supported IETF RFCs.
NX-OS System Management”
Appendix 1, “Embedded Event Manager System Lists the EEM system policies.
Events and Configuration Examples”
Appendix 1, “Configuration Limits for Cisco Lists the maximum system management
NX-OS System Management” configuration limits.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
16 OL-20635-03
Preface
Document Conventions
Command descriptions use these conventions:
Convention Description
boldface font Commands and keywords are in boldface.
italic font Arguments for which you supply values are in italics.
[ ] Elements in square brackets are optional.
[x|y|z] Optional alternative keywords are grouped in brackets and separated by vertical
bars.
string A nonquoted set of characters. Do not use quotation marks around the string or
the string will include the quotation marks.
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.
Caution Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Related Documentation
Cisco NX-OS includes the following documents:
Release Notes
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 17
Preface
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18 OL-20635-03
Preface
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 19
Preface
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
20 OL-20635-03
Send document comments to [email protected].
CHAPTER 3
Overview
This chapter describes the system management features that you can use to monitor and manage Cisco
NX-OS devices.
This chapter includes the following sections:
• Cisco NX-OS Device Configuration Methods, page 3-22
• Cisco Fabric Services, page 3-23
• Network Time Protocol, page 3-23
• Precision Time Protocol, page 3-23
• Cisco Discovery Protocol, page 3-24
• System Messages, page 3-24
• Call Home, page 3-24
• Rollback, page 3-24
• Session Manager, page 3-24
• Scheduler, page 3-25
• SNMP, page 3-25
• RMON, page 3-25
• Online Diagnostics, page 3-25
• Embedded Event Manager, page 3-25
• On-Board Failure Logging, page 3-25
• SPAN, page 3-26
• ERSPAN, page 3-26
• LLDP, page 3-26
• NetFlow, page 3-26
• FabricPath, page 3-27
• Troubleshooting Features, page 3-27
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 3-21
Chapter 3 Overview
Cisco NX-OS Device Configuration Methods
User PC
CLI
CLI DCNM Client
XML Management Interface
XML Management Custom GUI
SNMP Interface
XML Management
Interface
NX-OS Device DCNM Server
280156
DCNM server configuration path
Table 3-1 lists the configuration method and the document where you can find more information.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
3-22 OL-20635-03
Chapter 3 Overview
Cisco Fabric Services
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 3-23
Chapter 3 Overview
Cisco Discovery Protocol
System Messages
You can use system message logging to control the destination and to filter the severity level of messages
that system processes generate. You can configure logging to a terminal session, a log file, and syslog
servers on remote systems.
System message logging is based on RFC 3164. For more information about the system message format
and the messages that the device generates, see the Cisco NX-OS System Messages Reference. For
information about configuring system messages, see Chapter 1, “Configuring System Message
Logging.”
Call Home
Call Home provides an e-mail-based notification of critical system policies. Cisco NX-OS provides a
range of message formats for optimal compatibility with pager services, standard e-mail, or XML-based
automated parsing applications. You can use this feature to page a network support engineer, e-mail a
Network Operations Center, or use Cisco Smart Call Home services to automatically generate a case
with the Technical Assistance Center. For information about configuring Call Home, see Chapter 1,
“Configuring Smart Call Home.”
Rollback
The rollback feature allows you to take a snapshot, or checkpoint, of the device configuration and then
reapply that configuration at any point without having to reload. Rollback allows any authorized
administrator to apply this checkpoint configuration without requiring expert knowledge of the features
configured in the checkpoint.
Session Manager allows you to create a configuration session and apply all commands within that
session atomically. For more information, see the Chapter 1, “Configuring Rollback.”
Session Manager
Session Manager allows you to create a configuration and apply it in batch mode after the configuration
is reviewed and verified for accuracy and completeness. For more information, see Chapter 1,
“Configuring Session Manager.”
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
3-24 OL-20635-03
Chapter 3 Overview
Scheduler
Scheduler
The scheduler allows you to create and manage jobs such as routinely backing up data or making QoS
policy changes. The scheduler can start a job according to your needs—only once at a specified time or
at periodic intervals. For more information, see Chapter 1, “Configuring the Scheduler.”
SNMP
The Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a
message format for communication between SNMP managers and agents. SNMP provides a
standardized framework and a common language used for the monitoring and management of devices in
a network. For more information, see Chapter 1, “Configuring SNMP.”
RMON
RMON is an Internet Engineering Task Force (IETF) standard monitoring specification that allows
various network agents and console systems to exchange network monitoring data. Cisco NX-OS
supports RMON alarms, events, and logs to monitor Cisco NX-OS devices. For more information, see
Chapter 1, “Configuring RMON.”
Online Diagnostics
Cisco Generic Online Diagnostics (GOLD) define a common framework for diagnostic operations across
Cisco platforms. The online diagnostic framework specifies the platform-independent fault-detection
architecture for centralized and distributed systems, including the common diagnostics CLI and the
platform-independent fault-detection procedures for boot-up and run-time diagnostics.
The platform-specific diagnostics provide hardware-specific fault-detection tests and allow you to take
appropriate corrective action in response to diagnostic test results. For information about configuring
online diagnostics, see Chapter 1, “Configuring Online Diagnostics.”
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 3-25
Chapter 3 Overview
SPAN
SPAN
You can configure an Ethernet switched port analyzer (SPAN) to monitor traffic in and out of your
device. The SPAN features allow you to duplicate packets from source ports to destination ports. For
information about configuring SPAN, see Chapter 1, “Configuring SPAN.”
ERSPAN
Encapsulated remote switched port analyzer (ERSPAN) is used to transport mirrored traffic in an IP
network. ERSPAN supports source ports, source VLANs, and destinations on different switches, which
provide remote monitoring of multiple switches across your network. ERSPAN uses a generic routing
encapsulation (GRE) tunnel to carry traffic between switches.
ERSPAN consists of an ERSPAN source session, routable ERSPAN GRE-encapsulated traffic, and an
ERSPAN destination session. You separately configure ERSPAN source sessions and destination
sessions on different switches.
To configure an ERSPAN source session on one switch, you associate a set of source ports or VLANs
with a destination IP address, ERSPAN ID number, and virtual routing and forwarding (VRF) name. To
configure an ERSPAN destination session on another switch, you associate the destinations with the
source IP address, the ERSPAN ID number, and a VRF name.
The ERSPAN source session copies traffic from the source ports or source VLANs and forwards the
traffic using routable GRE-encapsulated packets to the ERSPAN destination session. The ERSPAN
destination session switches the traffic to the destinations. For information about configuring ERSPAN,
see Chapter 1, “Configuring ERSPAN.”
LLDP
Link Layer Discovery Protocol (LLDP) is a vendor-neutral, one-way device discovery protocol that
allows network devices to advertise information about themselves to other devices on the network. This
protocol runs over the data-link layer, which allows two systems running different network layer
protocols to learn about each other. You can enable LLDP globally or per interface. For information
about configuring LLDP, see Chapter 1, “Configuring LLDP.”
NetFlow
NetFlow allows you to identify packet flows for both ingress and egress IP packets and provide statistics
based on these packet flows. NetFlow does not require any change to either the packets themselves or to
any networking device. For information about configuring NetFlow, see Chapter 1, “Configuring
NetFlow.”
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
3-26 OL-20635-03
Chapter 3 Overview
FabricPath
FabricPath
FabricPath brings the benefits of Layer 3 routing to Layer 2 switched networks to build a highly resilient
and scalable Layer 2 fabric. The system manager is responsible for starting the FabricPath resources
process and monitoring its heartbeats. For information about configuring FabricPath, see the Cisco
Nexus 7000 Series NX-OS FabricPath Configuration Guide.
Troubleshooting Features
Cisco NX-OS provides troubleshooting tools such as ping, traceroute, Ethanalyzer, and the Blue Beacon
feature. See the Cisco Nexus 7000 Series NX-OS Troubleshooting Guide for details on these features.
When a service fails, the system generates information that can be used to determine the cause of the
failure. The following sources of information are available:
• Every service restart generates a syslog message of level LOG_ERR.
• If the Smart Call Home service is enabled, every service restart generates a Smart Call Home event.
• If SNMP traps are enabled, the SNMP agent sends a trap when a service is restarted.
• When a service failure occurs on a local module, you can view a log of the event by entering the
show processes log command in that module. The process logs are persistent across supervisor
switchovers and resets.
• When a service fails, a system core image file is generated. You can view recent core images by
entering the show cores command on the active supervisor. Core files are not persistent across
supervisor switchovers and resets, but you can configure the system to export core files to an
external server using a file transfer utility such as Trivial File Transfer Protocol (TFTP) by entering
the system cores command.
• CISCO-SYSTEM-MIB contains a table for cores (cseSwCoresTable).
For information on collecting and using the generated information relating to service failures, see the
Cisco Nexus 7000 Series NX-OS Troubleshooting Guide.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 3-27
Chapter 3 Overview
Troubleshooting Features
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
3-28 OL-20635-03
Send document comments to [email protected].
CHAPTER 4
Configuring CFS
This chapter describes how to use Cisco Fabric Services (CFS), a Cisco proprietary feature that
distributes data, including configuration changes, to all Cisco NX-OS devices in a network.
This chapter includes the following sections:
• Information About CFS, page 4-29
• Licensing Requirements for CFS, page 4-33
• Prerequisites for CFS, page 4-33
• Guidelines and Limitations, page 4-33
• Default Settings, page 4-34
• Configuring CFS Distribution, page 4-34
• Verifying the CFS Configuration, page 4-60
• Additional References, page 4-60
• Feature History for CFS, page 4-62
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-29
Chapter 4 Configuring CFS
Information About CFS
CFS Distribution
CFS distributes configuration changes to multiple devices across a complete network. CFS supports the
following types of distribution:
• CFS over Ethernet (CFSoE)—Distributes application data over an Ethernet network.
• CFS over IP (CFSoIP)—Distributes application data over an IPv4 network.
• CFS over Fibre Channel (CFSoFC)—Distributes application data over a Fibre Channel, such as a
virtual storage area network (VSAN). If the device is provisioned with Fibre Channel ports, CFSoFC
is enabled by default.
Beginning with Cisco NX-OS Release 5.2, you can configure Fibre Channel over Ethernet (FCoE),
which allows Fibre Channel traffic to be encapsulated over a physical Ethernet link. To run FCoE
on a Cisco Nexus 7000 Series switch, you must configure a dedicated storage virtual device context
(VDC). If FCoE is enabled on the device, CFSoFC services can be used. The applications that
require CFS distribution to be enabled in the storage VDC are noted in the configuration instructions
throughout this chapter. For more information on FCoE and storage VDCs, see the Cisco NX-OS
FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500 and the Cisco Nexus 7000
Series NX-OS Virtual Device Context Configuration Guide, Release 5.x.
Note All of the information in this chapter applies to both CFSoIP and CFSoFC, unless otherwise noted.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-30 OL-20635-03
Chapter 4 Configuring CFS
Information About CFS
Note Some applications are not compatible with their instances running on different platforms. Therefore,
Cisco recommends that you carefully read the client guidelines for CFS distribution before committing
the configuration.
For more information on CFS for the Cisco Nexus 5000 Series and Cisco MDS 9000 switches, see the
Cisco Nexus 5000 Series NX-OS System Management Configuration Guide and the Cisco MDS 9000
Family NX-OS System Management Configuration Guide, respectively.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-31
Chapter 4 Configuring CFS
Information About CFS
CFS Regions
A CFS region is a user-defined subset of devices for a given feature or application. You usually define
regions to localize or restrict distribution based on devices that are close to one another. When a network
covers many geographies with many different administrators who are responsible for subsets of devices,
you can manage the scope of an application by setting up a CFS region.
CFS regions are identified by numbers ranging from 0 through 200. Region 0 is reserved as the default
region and contains every device in the network. You can configure regions from 1 through 200.
Note If an application is moved (that is, assigned to a new region), its scope is restricted to that region, and it
ignores all other regions for distribution or merging purposes. The assignment of the region to an
application has precedence in distribution over its initial scope.
You can configure a CFS region to distribute configurations for multiple applications. However, on a
given device, you can configure only one CFS region at a time to distribute the configuration for a given
application. Once you assign an application to a CFS region, its configuration cannot be distributed
within another CFS region.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-32 OL-20635-03
Chapter 4 Configuring CFS
Licensing Requirements for CFS
High Availability
Stateless restarts are supported for CFS. After a reboot or a supervisor switchover, the running
configuration is applied. For more information on high availability, see the Cisco Nexus 7000 Series
NX-OS High Availability and Redundancy Guide, Release 5.x.
Virtualization Support
CFS is configured per VDC. When you access Cisco NX-OS, it places you in the default VDC unless
you specify a different VDC. For more information on VDCs, see the Cisco Nexus 7000 Series NX-OS
Virtual Device Context Configuration Guide, Release 5.x.
• All CFSoIP-enabled devices with similar multicast addresses form one CFSoIP fabric.
• Make sure that CFS is enabled for the applications that you want to configure. For detailed
information, see the “Enabling CFS Distribution for Applications” procedure on page 4-35.
• Anytime you lock a fabric, your username is remembered across restarts and switchovers.
• Anytime you lock a fabric, configuration changes attempted by anyone else are rejected.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-33
Chapter 4 Configuring CFS
Default Settings
• While a fabric is locked, the application holds a working copy of configuration changes in a pending
database or temporary storage area—not in the running configuration.
• Configuration changes that have not been committed yet (still saved as a working copy) are not in
the running configuration and do not display in the output of show commands.
• If you start a CFS session that requires a fabric lock but forget to end the session, an administrator
can clear the session. For more information, see the “Clearing a Locked Session” procedure on
page 4-57.
• An empty commit is allowed if configuration changes are not previously made. In this case, the
commit command results in a session that acquires locks and distributes the current database.
• You can only use the commit command on the specific device where the fabric lock was acquired.
• CFSoIP and CFSoE are not supported for use together.
• CFS regions can be applied only to CFSoIP and CFSoFC applications.
• You cannot distribute the user role configuration between a Cisco MDS 9500 Series switch and the
storage VDC configured for a Cisco Nexus 7000 Series switch. To prevent this distribution, make
sure to assign the user role configuration in Cisco MDS and the Cisco Nexus 7000 storage VDC to
different CFS regions.
Default Settings
Table 4-2 lists the default settings for CFS parameters.
Parameters Default
CFS distribution on the device Enabled
CFSoIP Disabled
IPv4 multicast address 239.255.70.83
CFSoFC Enabled, if FCoE is present
CFSoE Disabled
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-34 OL-20635-03
Chapter 4 Configuring CFS
Configuring CFS Distribution
Note See Chapter 1, “Configuring Smart Call Home” for more information on Call Home, and see Chapter 1,
“Configuring NTP” for more information on NTP. See the Cisco Nexus 7000 Series NX-OS Security
Configuration Guide, Release 5.x for more information on CFS for RADIUS, TACACS+, and user roles.
See the Cisco Nexus 7000 Series NX-OS SAN Switching Configuration Guide for more information on
device alias, DPVM, FC domain, FC port security, FC timer, IVR, and RSCN.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. callhome
3. distribute
4. (Optional) show application-name status
5. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-35
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 callhome Places you in callhome configuration mode.
Example:
switch(config)# callhome
switch(config-callhome)#
Step 3 distribute Enables CFS to distribute Call Home configuration
updates.
Example:
switch(config-callhome)# distribute
Step 4 show application-name status (Optional) For the specified application, displays the
CFS distribution status.
Example:
switch(config-callhome)# show callhome
status
Step 5 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config-callhome)# copy
configuration to the startup configuration.
running-config startup-config
This example shows how to enable CFS to distribute Call Home configurations:
switch(config)# callhome
switch(config-callhome)# distribute
switch(config-callhome)# show callhome status
Distribution : Enabled
switch(config-callhome)# copy running-config startup-config
[########################################] 100%
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe
command.
SUMMARY STEPS
1. config t
2. device-alias distribute
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-36 OL-20635-03
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 device-alias distribute Enables CFS to distribute device alias configuration
updates.
Example:
switch(config)# device-alias distribute
Step 3 show cfs application (Optional) Displays the CFS distribution status.
Example:
switch(config)# show cfs application
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
This example shows how to enable CFS to distribute device alias configurations:
switch(config)# device-alias distribute
switch(config)# show cfs application
----------------------------------------------
Application Enabled Scope
----------------------------------------------
device-alias Yes Physical-fc
switch(config)# copy running-config startup-config
[########################################] 100%
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe
command.
Make sure that you enable the DPVM feature. To do so, use the feature dpvm command.
SUMMARY STEPS
1. config t
2. dpvm distribute
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-37
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 dpvm distribute Enables CFS to distribute DPVM configuration
updates.
Example:
switch(config)# dpvm distribute
Step 3 show application-name status (Optional) For the specified application, displays the
CFS distribution status.
Example:
switch(config)# show dpvm status
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe
command.
SUMMARY STEPS
1. config t
2. fcdomain distribute
3. (Optional) show application-name status
4. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-38 OL-20635-03
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 fcdomain distribute Enables CFS to distribute FC domain configuration
updates.
Example:
switch(config)# fcdomain distribute
Step 3 show application-name status (Optional) For the specified application, displays the
CFS distribution status.
Example:
switch(config)# show fcdomain status
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe
command.
Make sure that you enable the FC port security feature. To do so, use the feature fc-port-security
command.
SUMMARY STEPS
1. config t
2. fc-port-security distribute
3. (Optional) show cfs application
4. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-39
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 fc-port-security distribute Enables CFS to distribute FC port security
configuration updates.
Example:
switch(config)# fc-port-security
distribute
Step 3 show cfs application (Optional) Displays the CFS distribution status.
Example:
switch(config)# show cfs application
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
This example shows how to enable CFS to distribute FC port security configurations:
switch(config)# fc-port-security distribute
switch(config)# show cfs application
----------------------------------------------
Application Enabled Scope
----------------------------------------------
fc-port-securi Yes Logical
switch(config)# copy running-config startup-config
[########################################] 100%
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe
command.
SUMMARY STEPS
1. config t
2. fctimer distribute
3. (Optional) show application-name status
4. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-40 OL-20635-03
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 fctimer distribute Enables CFS to distribute FC timer configuration
updates.
Example:
switch(config)# fctimer distribute
Step 3 show application-name status (Optional) For the specified application, displays the
CFS distribution status.
Example:
switch(config)# show fctimer status
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe
command.
Make sure that you install the Advanced SAN Services license.
Make sure that you enable the IVR feature. To do so, use the feature ivr command.
SUMMARY STEPS
1. config t
2. ivr distribute
3. (Optional) show cfs application
4. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-41
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 ivr distribute Enables CFS to distribute IVR configuration updates.
Example: Note You must enable IVR distribution on all
switch(config)# ivr distribute IVR-enabled switches in the fabric.
Step 3 show cfs application (Optional) Displays the CFS distribution status.
Example:
switch(config)# show cfs application
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
----------------------------------------------
Application Enabled Scope
----------------------------------------------
ivr Yes Physical-fc
switch(config)# copy running-config startup-config
[########################################] 100%
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Make sure that you enable the NTP feature. To enable NTP in a Cisco NX-OS Release prior to 5.2, use
the ntp enable command. To enable NTP in Cisco NX-OS Release 5.2 or a later release, use the feature
ntp command.
SUMMARY STEPS
1. config t
2. ntp distribute
3. (Optional) show application-name status
4. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-42 OL-20635-03
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 ntp distribute Enables CFS to distribute NTP configuration updates.
Example:
switch(config)# ntp distribute
Step 3 show application-name status (Optional) For the specified application, displays the
CFS distribution status.
Example:
switch(config)# show ntp status
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. radius distribute
3. (Optional) show application-name status
4. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-43
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 radius distribute Enables CFS to distribute RADIUS configuration
updates.
Example:
switch(config)# radius distribute
Step 3 show application-name status (Optional) For the specified application, displays the
CFS distribution status.
Example:
switch(config)# show radius status
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Make sure that you are in the storage VDC. To change to the storage VDC, use the switchto vdc fcoe
command.
SUMMARY STEPS
1. config t
2. rscn distribute
3. (Optional) show cfs application
4. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-44 OL-20635-03
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 rscn distribute Enables CFS to distribute RSCN configuration
updates.
Example:
switch(config)# rscn distribute
Step 3 show cfs application (Optional) Displays the CFS distribution status.
Example:
switch(config)# show cfs application
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
----------------------------------------------
Application Enabled Scope
----------------------------------------------
rscn Yes Logical
switch(config)# copy running-config startup-config
[########################################] 100%
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Make sure that you enable the TACACS+ feature. To do so, use the feature tacacs+ command.
SUMMARY STEPS
1. config t
2. tacacs+ distribute
3. (Optional) show application-name status
4. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-45
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 tacacs+ distribute Enables CFS to distribute configuration updates for
TACACS+.
Example:
switch(config)# tacacs+ distribute
Step 3 show application-name status (Optional) For the specified application, displays the
CFS distribution status.
Example:
switch(config)# show tacacs+ status
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. role distribute
3. (Optional) show application-name status
4. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-46 OL-20635-03
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 role distribute Enables CFS to distribute role configurations.
Example:
switch(config)# role distribute
Step 3 show application-name status (Optional) For the specified application, displays the
CFS distribution status.
Example:
switch(config)# show role status
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. cfs {eth | ipv4} distribute
3. (Optional) show cfs status
4. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-47
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 cfs {eth | ipv4} distribute Globally enables CFS distribution over one of the
following for all applications on the device.
Example:
switch(config)# cfs ipv4 distribute • Ethernet
• IPv4
In this example, CFS distribution is enabled over
IPv4.
Step 3 show cfs status (Optional) Shows the current state of CFS including
the distribution mode.
Example:
switch(config)# show cfs status In this example, CFS is shown as being distributed
over IPv4.
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
This example shows how to enable the Ethernet CFS distribution mode:
switch(config)# cfs eth distribute
switch(config)# show cfs status
Distribution : Enabled
Distribution over IP : Disabled
Distribution over Ethernet : Enabled
switch(config)# copy running-config startup-config
[########################################] 100%
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
You must disable CFS IP distribution before changing the multicast address.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-48 OL-20635-03
Chapter 4 Configuring CFS
Configuring CFS Distribution
SUMMARY STEPS
1. config t
2. no cfs ipv4 distribute
3. cfs ipv4 mcast-address ip-address
4. cfs ipv4 distribute
5. (Optional) show cfs status
6. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per line.
End with CNTL/Z.
switch(config)#
Step 2 no cfs ipv4 distribute Globally disables CFSoIP distribution for all
applications on the device.
Example:
switch(config)# no cfs ipv4 distribute Note CFSoIP must be disabled before you can
This will prevent CFS from distributing change the multicast address.
over IPv4 network.
Are you sure? (y/n) [n] y
Step 3 cfs ipv4 mcast-address ip-address Configures the multicast address for CFS
distribution over IPv4. The ranges of valid IPv4
Example:
switch(config)# cfs ipv4 mcast-address
addresses are 239.255.0.0 through
239.255.1.1 239.255.255.255 and 239.192/16 through
Distribution over this IP type will be 239.251/16. The default IPv4 address is
affected 239.255.70.83.
Change multicast address for CFS-IP ?
Are you sure? (y/n) [n] y
Step 4 cfs ipv4 distribute Globally enables CFSoIP distribution for all
applications on the device.
Example:
switch(config)# cfs ipv4 distribute
Step 5 show cfs status (Optional) Shows the current state of CFS
including whether it is enabled, its IP mode, and
Example:
switch(config)# show cfs status
its multicast addresses.
In this example, CFS is shown as being distributed
over IPv4 on 239.255.1.1.
Step 6 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-49
Chapter 4 Configuring CFS
Configuring CFS Distribution
This example shows how to configure the IP multicast address used to distribute CFSoIP for IPv4:
switch(config)# no cfs ipv4 distribute
switch(config)# cfs ipv4 mcast-address 239.255.1.1
switch(config)# cfs ipv4 distribute
switch(config)# show cfs status
Distribution : Enabled
Distribution over IP : Enabled - mode IPv4
IPv4 multicast address : 239.255.1.1
switch(config)# copy running-config startup-config
[########################################] 100%
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. cfs region region-number
3. application-name
4. (Optional) show cfs regions brief
5. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-50 OL-20635-03
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 cfs region region-number Creates the region and places you into configuration
mode for the specified region.
Example:
switch(config)# cfs region 4 In this example, region 4 is created.
switch(config-cfs-region)#
Step 3 application-name For the specified region, adds the named application.
Example:
switch(config-cfs-region)# callhome
Step 4 show cfs regions brief (Optional) Shows all configured regions and
applications but does not show peers.
Example:
switch(config-cfs-region)# show cfs In this example, the Call Home application is shown
regions brief in region 4.
---------------------------------------
Region Application Enabled
---------------------------------------
4 callhome yes
Step 5 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Note When an application is moved, its scope is restricted to the new region. It ignores all other regions for
distribution or merging purposes.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. cfs region region-number
3. application-name
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-51
Chapter 4 Configuring CFS
Configuring CFS Distribution
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 cfs region region-number Places you in the configuration mode for the
target/destination region.
Example:
switch(config)# cfs region 2
switch(config-cfs-region)#
Step 3 application-name Specifies applications to be moved.
Example: In this example, the Call Home and RADIUS
switch(config-cfs-region)# callhome applications are moved to region 2.
switch(config-cfs-region)# radius
Step 4 show cfs regions name application-name (Optional) Displays peers and region information for
a given application.
Example:
switch(config-cfs-region)# show cfs
regions name callhome
Step 5 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
This example shows how to move the Call Home application to CFS region 2:
switch# config t
switch(config)# cfs region 2
switch(config-cfs-region)# callhome
switch(config-cfs-region)# show cfs regions name callhome
Region-ID : 2
Application: callhome
Scope : Physical-fc-ip
-------------------------------------------------------------------------
Switch WWN IP Address
-------------------------------------------------------------------------
20:00:00:22:55:79:a4:c1 172.28.230.85 [Local]
switch
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-52 OL-20635-03
Chapter 4 Configuring CFS
Configuring CFS Distribution
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. cfs region region-number
3. no application-name
4. (Optional) Repeat Step 3 for each application that you want to remove from this region.
5. (Optional) show cfs regions brief
6. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 cfs region region-number Places you in the configuration mode for the specified
region.
Example:
switch(config)# cfs region 2
switch(config-cfs-region)#
Step 3 no application-name Removes the specified application from the region.
Example:
switch(config-cfs-region)# no ntp
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-53
Chapter 4 Configuring CFS
Configuring CFS Distribution
Command Purpose
Step 5 show cfs regions brief (Optional) Shows all configured regions and
applications but does not show peers.
Example:
switch(config-cfs-region)# show cfs
regions brief
---------------------------------------
Region Application Enabled
---------------------------------------
4 tacacs+ yes
6 radius yes
Step 6 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. no cfs region region-number
3. (Optional) show cfs regions brief
4. (Optional) show cfs application name application-name
5. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 no cfs region region-number Deletes the specified region after warning that this
action causes all applications in the region to move to
Example:
switch(config)# no cfs region 4
the default region.
WARNING: All applications in the region After deleting the region, you are returned to the
will be moved to default region.
global configuration mode.
Are you sure? (y/n) [n]
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-54 OL-20635-03
Chapter 4 Configuring CFS
Configuring CFS Distribution
Command Purpose
Step 3 show cfs regions brief (Optional) Shows all configured regions and
applications but does not show peers.
Example:
switch(config)# show cfs regions brief In this example, region 4 is absent.
---------------------------------------
Region Application Enabled
---------------------------------------
6 radius no
Step 4 show cfs application name (Optional) Shows local application information by
application-name name.
Example: In this case, the Call Home application is shown as
switch(config)# show cfs application now belonging to the default region.
name callhome
Enabled : Yes
Timeout : 20s
Merge Capable : Yes
Scope : Physical-fc-ip
Region : Default
Step 5 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Caution If you do not commit the changes, they are not distributed and saved in the running configuration of
application peer devices.
Caution If you do not save the changes to the startup configuration in every application peer device where
distributed, then changes are retained only in their running configurations.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. application-name
3. application-command
4. (Optional) Repeat Step 3 for each configuration command that you want to make.
5. (Optional) show application-name status
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-55
Chapter 4 Configuring CFS
Configuring CFS Distribution
6. commit
7. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 application-name Specifies that CFS starts a session for the specified
application name and locks the fabric.
Example:
switch(config)# callhome
switch(config-callhome)#
Step 3 application-command Specifies that configuration changes are saved as a
working copy and are not saved in the running
Example:
switch(config-callhome)# email-contact
configuration until you enter the commit command.
[email protected]
Step 4 (Optional) Repeat Step 3 for each —
configuration command that you want to
make.
Step 5 show application-name status (Optional) For the specified application, displays the
CFS distribution status.
Example:
switch(config-callhome)# show callhome In this example, the output shows that distribution is
status enabled for Call Home.
Distribution : Enabled
Step 6 commit CFS distributes the configuration changes to the
running configuration of every application peer
Example:
switch(config-callhome)# commit
device.
If one or more external devices report a successful
status, the software overwrites the running
configuration with the changes from the CFS
working copy and releases the fabric lock.
If none of the external devices report a successful
status, no changes are made, and the fabric lock
remains in place.
Step 7 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration in all
startup-config devices in the fabric.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-56 OL-20635-03
Chapter 4 Configuring CFS
Configuring CFS Distribution
This example shows how to configure and distribute the contact information for Call Home:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# snmp-server contact [email protected]
switch(config)# callhome
switch(config-callhome)# email-contact [email protected]
switch(config-callhome)# phone-contact +1-800-123-4567
switch(config-callhome)# street-address 123 Anystreet st. Anytown,AnyWhere
switch(config-callhome)# commit
switch(config-callhome)# copy running-config startup-config
[######################################] 100%
Caution When you clear a lock in the fabric, any pending configurations in any device in the fabric are discarded.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
DETAILED STEPS
Command Purpose
Step 1 show application-name status (Optional) Shows the current application state.
switch(config)# show ntp status In this example, NTP is shown as locked.
Distribution : Enabled
Last operational state: Fabric Locked
Step 2 clear application-name session Clears the application configuration session and
releases the lock on the fabric.
Example:
switch(config)# clear ntp session All pending changes are discarded.
Step 3 show application-name status (Optional) Shows the current application state.
Example: This example shows that the lock is removed from the
switch(config)# show ntp status NTP application.
Distribution : Enabled
Last operational state: No session
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-57
Chapter 4 Configuring CFS
Configuring CFS Distribution
Discarding a Configuration
You can discard configuration changes and release the lock.
Caution If you discard configuration changes, the application flushes the pending database and releases locks in
the fabric.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
1. application-name abort
2. (Optional) show application-name session status
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per line.
End with CNTL/Z.
switch(config)#
Step 2 application-name abort Aborts the application configuration after
y requesting confirmation.
Example: In this case, the NTP configuration is aborted, the
switch(config)# ntp abort changes to the configuration are discarded, the
This will prevent CFS from distributing the
CFS session is closed, and the fabric lock is
configuration to other switches.
Are you sure? (y/n) [n] y released.
Note The abort command is supported only on
the device where the fabric lock is
acquired.
Step 3 show application-name session status (Optional) For the specified application, displays
the CFS session status.
Example:
switch(config)# show ntp session status In this example, the output shows that the CFS
Last Action Time Stamp : Wed Nov 12 session was aborted.
16:07:25 2010
Last Action : Abort
Last Action Result : Success
Last Action Failure Reason : none
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-58 OL-20635-03
Chapter 4 Configuring CFS
Configuring CFS Distribution
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. no cfs distribute
3. (Optional) show cfs status
4. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per line.
End with CNTL/Z.
switch(config)#
Step 2 no cfs distribute Globally disables CFS distribution for all
applications on the device.
Example:
switch(config)# no cfs distribute Note If the virtual port channel (vPC) feature is
This will prevent CFS from distributing the enabled, then only IP distribution is
configuration to other switches.
disabled. You must first disable vPC
Are you sure? (y/n) [n] y
switch(config)# before you can disable CFS distribution.
Step 3 show cfs status (Optional) Displays the global CFS distribution
status for the device.
Example:
switch(config)# show cfs status
Distribution : Enabled
Distribution over IP : Disabled
IPv4 multicast address : 239.255.70.83
Distribution over Ethernet : Disabled
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-59
Chapter 4 Configuring CFS
Verifying the CFS Configuration
Command Purpose
show application-name session Displays the configuration session status, including the last
status action, the result, and the reason if there was a failure.
show application-name status For the specified application, displays the CFS distribution
status.
show cfs application Displays the applications that are currently CFS enabled.
show cfs application name Displays the details for a particular application, including the
application-name enabled or disabled state, timeout as registered with CFS,
merge capability if registered with CFS for merge support,
distribution scope, and distribution region.
show cfs internal Displays information internal to CFS including memory
statistics, event history, and so on.
show cfs lock Displays all active locks.
show cfs merge status name name Displays the merge status for a given application.
[detail]
show cfs peers Displays all the peers in the physical fabric.
show cfs regions Displays all the applications with peers and region
information.
show cfs status Displays the status of CFS distribution on the device as well
as IP distribution information.
show logging level cfs Displays the CFS logging configuration.
show tech-support cfs Displays information about the CFS configuration required by
technical support when resolving a CFS issue.
Additional References
For additional information, see the following sections:
• Related Documents, page 4-61
• MIBs, page 4-61
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-60 OL-20635-03
Chapter 4 Configuring CFS
Additional References
Related Documents
Related Topic Document Title
CFS CLI commands Cisco Nexus 7000 Series NX-OS System Management Command
Reference
Cisco Nexus 7000 Series NX-OS SAN Switching Command Reference
CFS configuration for Call Home Configuring Smart Call Home, page 1-1
CFS configuration for device alias Cisco Nexus 7000 Series NX-OS SAN Switching Configuration Guide
CFS configuration for DPVM Cisco Nexus 7000 Series NX-OS SAN Switching Configuration Guide
CFS configuration for FC domain Cisco Nexus 7000 Series NX-OS SAN Switching Configuration Guide
CFS configuration for FC port security Cisco Nexus 7000 Series NX-OS SAN Switching Configuration Guide
CFS configuration for FC timer Cisco Nexus 7000 Series NX-OS SAN Switching Configuration Guide
CFS configuration for IVR Cisco Nexus 7000 Series NX-OS SAN Switching Configuration Guide
CFS configuration for NTP Configuring NTP, page 1-1
CFS configuration for RADIUS Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release
5.x
CFS configuration for RSCN Cisco Nexus 7000 Series NX-OS SAN Switching Configuration Guide
CFS configuration for TACACS+ Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release
5.x
CFS configuration for roles Cisco Nexus 7000 Series NX-OS Security Configuration Guide, Release
5.x
FCoE Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and
Cisco MDS 9500
VDCs and VRFs Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration
Guide, Release 5.x
MIBs
MIBs MIBs Link
• CISCO-CFS-MIB Cisco NX-OS MIB Support
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 4-61
Chapter 4 Configuring CFS
Feature History for CFS
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
4-62 OL-20635-03
Send document comments to [email protected].
CHAPTER 5
Configuring NTP
This chapter describes how to configure the Network Time Protocol (NTP) on Cisco NX-OS devices.
This chapter includes the following sections:
• Information About NTP, page 5-63
• Licensing Requirements for NTP, page 5-65
• Prerequisites for NTP, page 5-65
• Guidelines and Limitations, page 5-65
• Default Settings, page 5-66
• Configuring NTP, page 5-66
• Verifying the NTP Configuration, page 5-79
• Configuration Examples for NTP, page 5-80
• Additional References, page 5-81
• Feature History for NTP, page 5-82
NTP Overview
The Network Time Protocol (NTP) synchronizes the time of day among a set of distributed time servers
and clients so that you can correlate events when you receive system logs and other time-specific events
from multiple network devices. NTP uses the User Datagram Protocol (UDP) as its transport protocol.
All NTP communications use Coordinated Universal Time (UTC).
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 5-63
Chapter 5 Configuring NTP
Information About NTP
An NTP server usually receives its time from an authoritative time source, such as a radio clock or an
atomic clock attached to a time server, and then distributes this time across the network. NTP is
extremely efficient; no more than one packet per minute is necessary to synchronize two machines to
within a millisecond of each other.
NTP uses a stratum to describe the distance between a network device and an authoritative time source:
• A stratum 1 time server is directly attached to an authoritative time source (such as a radio or atomic
clock or a GPS time source).
• A stratum 2 NTP server receives its time through NTP from a stratum 1 time server.
Before synchronizing, NTP compares the time reported by several network devices and does not
synchronize with one that is significantly different, even if it is a stratum 1. Because Cisco NX-OS
cannot connect to a radio or atomic clock and act as a stratum 1 server, we recommend that you use the
public NTP servers available on the Internet. If the network is isolated from the Internet, Cisco NX-OS
allows you to configure the time as though it were synchronized through NTP, even though it was not.
Note You can create NTP peer relationships to designate the time-serving hosts that you want your network
device to consider synchronizing with and to keep accurate time if a server failure occurs.
The time kept on a device is a critical resource, so we strongly recommend that you use the security
features of NTP to avoid the accidental or malicious setting of incorrect time. Two mechanisms are
available: an access list-based restriction scheme and an encrypted authentication mechanism.
Clock Manager
Clocks are resources that need to be shared across different processes and across different VDCs.
Multiple time synchronization protocols, such as NTP and Precision Time Protocol (PTP), might be
running in the system, and multiple instances of the same protocol might be running in different VDCs.
Beginning with Cisco NX-OS Release 5.2, the clock manager allows you to specify the protocol and a
VDC running that protocol to control the various clocks in the system. Once you specify the protocol
and VDC, the system clock starts updating. For information on configuring the clock manager, see the
Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
5-64 OL-20635-03
Chapter 5 Configuring NTP
Licensing Requirements for NTP
High Availability
Stateless restarts are supported for NTP. After a reboot or a supervisor switchover, the running
configuration is applied. For more information on high availability, see the Cisco Nexus 7000 Series
NX-OS High Availability and Redundancy Guide, Release 5.x.
You can configure NTP peers to provide redundancy in case an NTP server fails.
Virtualization Support
If you are running a Cisco NX-OS Release prior to 5.2, up to one instance of NTP is supported on the
entire platform. You must configure NTP in the default virtual device context (VDC), and you are
automatically placed in the default VDC unless you specify otherwise.
If you are running Cisco NX-OS Release 5.2 or later, multiple instances of NTP are supported, one
instance per VDC. By default, Cisco NX-OS places you in the default VDC unless you specifically
configure another VDC.
Only one VDC (the default VDC by default) synchronizes the system clock at any given time. The NTP
daemon in all other VDCs acts only as an NTP server for the other devices. To change which VDC
synchronizes the system clock, use the clock protocol ntp vdc vdc-id command.
NTP recognizes virtual routing and forwarding (VRF) instances. NTP uses the default VRF if you do not
configure a specific VRF for the NTP server and NTP peer. See the Cisco Nexus 7000 Series NX-OS
Unicast Routing Configuration Guide, Release 5.x for more information about VRFs.
For more information about VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 5-65
Chapter 5 Configuring NTP
Default Settings
Default Settings
Table 5-1 lists the default settings for NTP parameters.
Parameters Default
NTP Enabled in all VDCs
NTP authentication Disabled
NTP access Enabled
NTP logging Disabled
Configuring NTP
This section includes the following topics:
• Enabling or Disabling NTP, page 5-67
• Configuring the Device as an Authoritative NTP Server, page 5-68
• Configuring an NTP Server and Peer, page 5-69
• Configuring NTP Authentication, page 5-72
• Configuring NTP Access Restrictions, page 5-73
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
5-66 OL-20635-03
Chapter 5 Configuring NTP
Configuring NTP
Note Be aware that the Cisco NX-OS commands for this feature may differ from those commands used in
Cisco IOS.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. [no] feature ntp
3. (Optional) show ntp status
4. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 [no] feature ntp Enables or disables NTP in a particular VDC. NTP is
enabled by default.
Example:
switch(config)# feature ntp Note If you are running a Cisco NX-OS Release
prior to 5.2, NTP is enabled or disabled using
the [no] ntp enable command.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 5-67
Chapter 5 Configuring NTP
Configuring NTP
Command Purpose
Step 3 show ntp status (Optional) Displays the status of the NTP application.
Example:
switch(config)# show ntp status
Distribution: Enabled
Last operational state: Fabric Locked
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. [no] ntp master [stratum]
3. (Optional) show running-config ntp
4. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 [no] ntp master [stratum] Configures the device as an authoritative NTP server.
Example: You can specify a different stratum level from which
switch(config)# ntp master NTP clients get their time synchronized. The range is
from 1 to 15.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
5-68 OL-20635-03
Chapter 5 Configuring NTP
Configuring NTP
Command Purpose
Step 3 show running-config ntp (Optional) Displays the NTP configuration.
Example:
switch(config)# show running-config ntp
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
This example shows how to configure the Cisco NX-OS device as an authoritative NTP server with a
different stratum level:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# ntp master 5
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Make sure you know the IP address or DNS names of your NTP server and its peers.
If you plan to use CFS to distribute your NTP configuration to other devices, then you should have
already completed the following:
– Enabled CFS distribution using the “Configuring CFS Distribution” section on page 4-34.
– Enabled CFS for NTP using the “Enabling CFS Distribution for NTP” section on page 5-77.
SUMMARY STEPS
1. config t
2. [no] ntp server {ip-address | ipv6-address | dns-name} [key key-id] [maxpoll max-poll] [minpoll
min-poll] [prefer] [use-vrf vrf-name]
3. [no] ntp peer {ip-address | ipv6-address | dns-name} [key key-id] [maxpoll max-poll] [minpoll
min-poll] [prefer] [use-vrf vrf-name]
4. (Optional) show ntp peers
5. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 5-69
Chapter 5 Configuring NTP
Configuring NTP
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per line.
End with CNTL/Z.
switch(config)#
Step 2 [no] ntp server {ip-address | ipv6-address | Forms an association with a server.
dns-name} [key key-id] [maxpoll max-poll]
[minpoll min-poll] [prefer] [use-vrf Use the key keyword to configure a key to be
vrf-name] used while communicating with the NTP server.
The range for the key-id argument is from 1 to
Example:
65535.
switch(config)# ntp server 192.0.2.10
Use the maxpoll and minpoll keywords to
configure the maximum and minimum intervals
in which to poll a peer. The range for the
max-poll and min-poll arguments is from 4 to 16
seconds, and the default values are 6 and 4,
respectively.
Use the prefer keyword to make this the
preferred NTP server for the device.
Use the use-vrf keyword to configure the NTP
server to communicate over the specified VRF.
The vrf-name argument can be default,
management, or any case-sensitive
alphanumeric string up to 32 characters.
Note If you configure a key to be used while
communicating with the NTP server,
make sure that the key exists as a trusted
key on the device. For more information
on trusted keys, see the “Configuring
NTP Authentication” section on
page 5-72.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
5-70 OL-20635-03
Chapter 5 Configuring NTP
Configuring NTP
Command Purpose
Step 3 [no] ntp peer {ip-address | ipv6-address | Forms an association with a peer. You can
dns-name} [key key-id] [maxpoll max-poll] specify multiple peer associations.
[minpoll min-poll] [prefer] [use-vrf
vrf-name] Use the key keyword to configure a key to be
used while communicating with the NTP peer.
Example:
The range for the key-id argument is from 1 to
switch(config)# ntp peer 2001:0db8::4101
65535.
Use the maxpoll and minpoll keywords to
configure the maximum and minimum intervals
in which to poll a peer. The range for the
max-poll and min-poll arguments is from 4 to 17
seconds, and the default values are 6 and 4,
respectively.
Use the prefer keyword to make this the
preferred NTP peer for the device.
Use the use-vrf keyword to configure the NTP
peer to communicate over the specified VRF.
The vrf-name argument can be default,
management, or any case-sensitive
alphanumeric string up to 32 characters.
Step 4 show ntp peers (Optional) Displays the configured server and
peers.
Example:
switch(config)# show ntp peers Note A domain name is resolved only when
you have a DNS server configured.
Step 5 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 5-71
Chapter 5 Configuring NTP
Configuring NTP
Make sure that you configured the NTP server with the authentication keys that you plan to specify in
this procedure. See the “Configuring an NTP Server and Peer” section on page 5-69 for information.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. [no] ntp authentication-key number md5 md5-string
3. (Optional) show ntp authentication-keys
4. [no] ntp trusted-key number
5. (Optional) show ntp trusted-keys
6. [no] ntp authenticate
7. (Optional) show ntp authentication-status
8. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per line.
End with CNTL/Z.
switch(config)#
Step 2 [no] ntp authentication-key number md5 Defines the authentication keys. The device does
md5-string not synchronize to a time source unless the
switch(config)# ntp authentication-key 42 md5
source has one of these authentication keys and
aNiceKey the key number is specified by the ntp
trusted-key number command.
The range for authentication keys is from 1 to
65535. Cisco NX-OS Release 5.2(3) and later
5.x releases support up to 15 alphanumeric
characters for the MD5 string. Earlier releases
support up to 8 alphanumeric characters.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
5-72 OL-20635-03
Chapter 5 Configuring NTP
Configuring NTP
Command Purpose
Step 3 show ntp authentication-keys (Optional) Displays the configured NTP
authentication keys.
Example:
switch(config)# show ntp authentication-keys
Step 4 [no] ntp trusted-key number Specifies one or more keys (defined in Step 2)
that a time source must provide in its NTP
Example:
switch(config)# ntp trusted-key 42
packets in order for the device to synchronize to
it. The range for trusted keys is from 1 to 65535.
This command provides protection against
accidentally synchronizing the device to a time
source that is not trusted.
Step 5 show ntp trusted-keys (Optional) Displays the configured NTP trusted
keys.
Example:
switch(config)# show ntp trusted-keys
Step 6 [no] ntp authenticate Enables or disables the NTP authentication
feature. NTP authentication is disabled by
Example:
switch(config)# ntp authenticate
default.
Step 7 show ntp authentication-status (Optional) Displays the status of NTP
authentication.
Example:
switch(config)# show ntp
authentication-status
Step 8 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
This example shows how to configure the device to synchronize only to time sources that provide
authentication key 42 in their NTP packets:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# ntp authentication-key 42 md5 aNiceKey
switch(config)# ntp trusted-key 42
switch(config)# ntp authenticate
switch(config)# copy running-config startup-config
[########################################] 100%
switch(config)#
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 5-73
Chapter 5 Configuring NTP
Configuring NTP
SUMMARY STEPS
1. config t
2. [no] ntp access-group {peer | serve | serve-only | query-only} access-list-name
3. (Optional) show ntp access-groups
4. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per line.
End with CNTL/Z.
switch(config)#
Step 2 [no] ntp access-group {peer | serve | Creates or removes an access group to control
serve-only | query-only} access-list-name NTP access and applies a basic IP access list.
Example: The access group options are scanned in the
switch(config)# ntp access-group peer following order, from least restrictive to most
accesslist1
restrictive. However, if NTP matches a deny
ACL rule in a configured peer, ACL processing
stops and does not continue to the next access
group option.
• The peer keyword enables the device to
receive time requests and NTP control
queries and to synchronize itself to the
servers specified in the access list.
• The serve keyword enables the device to
receive time requests and NTP control
queries from the servers specified in the
access list but not to synchronize itself to the
specified servers.
• The serve-only keyword enables the device
to receive only time requests from servers
specified in the access list.
• The query-only keyword enables the device
to receive only NTP control queries from the
servers specified in the access list.
Step 3 show ntp access-groups (Optional) Displays the NTP access group
configuration.
Example:
switch(config)# show ntp access-groups
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
5-74 OL-20635-03
Chapter 5 Configuring NTP
Configuring NTP
This example shows how to configure the device to allow it to synchronize to a peer from access group
“accesslist1”:
switch# config t
switch(config)# ntp access-group peer accesslist1
switch(config)# show ntp access-groups
Access List Type
-----------------------------
accesslist1 Peer
switch(config)# copy running-config startup-config
[########################################] 100%
switch(config)#
Command Purpose
[no] ntp source ip-address Configures the source IP address for all NTP
packets. The ip-address can be in IPv4 or IPv6
Example:
switch(config)# ntp source 192.0.2.1
format.
Command Purpose
[no] ntp source-interface interface Configures the source interface for all NTP
packets. Use the ? keyword to display a list of
Example:
switch(config)# ntp source-interface
supported interfaces.
ethernet 2/1
Use the switchto vdc command to switch to the desired non-default VDC.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 5-75
Chapter 5 Configuring NTP
Configuring NTP
SUMMARY STEPS
1. config t
2. feature ntp
3. ntp master
4. (Optional) ntp source-interface interface
5. (Optional) ntp source ip-address
6. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per line.
End with CNTL/Z.
switch(config)#
Step 2 feature ntp Enables NTP in the non-default VDC.
Example:
switch(config)# feature ntp
Step 3 ntp master Configures the device as an authoritative NTP
server.
Example:
switch(config)# ntp master
Step 4 ntp source-interface interface (Optional) Configures the source interface for all
NTP packets. Use the ? keyword to display a list
Example:
switch(config)# ntp source-interface ethernet
of supported interfaces.
2/1
Step 5 ntp source ip-address (Optional) Configures the source IP address for
all NTP packets. The ip-address can be in IPv4
Example:
switch(config)# ntp source 192.0.2.1
or IPv6 format.
Step 6 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
5-76 OL-20635-03
Chapter 5 Configuring NTP
Configuring NTP
SUMMARY STEPS
1. config t
2. [no] ntp logging
3. (Optional) show ntp logging-status
4. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per line.
End with CNTL/Z.
switch(config)#
Step 2 [no] ntp logging Enables or disables system logs to be generated
with significant NTP events. NTP logging is
Example:
switch(config)# ntp logging
disabled by default.
Step 3 show ntp logging-status (Optional) Displays the NTP logging
configuration status.
Example:
switch(config)# show ntp logging-status
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
This example shows how to enable NTP logging in order to generate system logs with significant NTP
events:
switch# config t
switch(config)# ntp logging
switch(config)# copy running-config startup-config
[########################################] 100%
switch(config)#
Make sure that you have enabled CFS distribution for the device using the “Configuring CFS
Distribution” section on page 4-34.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 5-77
Chapter 5 Configuring NTP
Configuring NTP
SUMMARY STEPS
1. config t
2. [no] ntp distribute
3. (Optional) show ntp status
4. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 [no] ntp distribute Enables or disables the device to receive NTP
configuration updates that are distributed through
Example:
switch(config)# ntp distribute
CFS.
Step 3 show ntp status (Optional) Displays the NTP CFS distribution status.
Example:
switch(config)# show ntp status
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Command Purpose
ntp commit Distributes the NTP configuration changes to all
Cisco NX-OS devices in the network and releases
Example:
switch(config)# ntp commit
the CFS lock. This command overwrites the
effective database with the changes made to the
pending database.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
5-78 OL-20635-03
Chapter 5 Configuring NTP
Verifying the NTP Configuration
Command Purpose
ntp abort Discards the NTP configuration changes in the
pending database and releases the CFS lock. Use
Example:
switch(config)# ntp abort
this command on the device where you started the
NTP configuration.
Command Purpose
clear ntp session Discards the NTP configuration changes in the
pending database and releases the CFS lock.
Example:
switch(config)# clear ntp session
Command Purpose
show ntp access-groups Displays the NTP access group configuration.
show ntp authentication-keys Displays the configured NTP authentication keys.
show ntp authentication-status Displays the status of NTP authentication.
show ntp internal Displays internal NTP information.
show ntp logging-status Displays the NTP logging status.
show ntp peer-status Displays the status for all NTP servers and peers.
show ntp peers Displays all the NTP peers.
show ntp pending Displays the temporary CFS database for NTP.
show ntp pending-diff Displays the difference between the pending CFS
database and the current NTP configuration.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 5-79
Chapter 5 Configuring NTP
Configuration Examples for NTP
Command Purpose
show ntp rts-update Displays the RTS update status.
show ntp session status Displays the NTP CFS distribution session
information.
show ntp source Displays the configured NTP source IP address.
show ntp source-interface Displays the configured NTP source interface.
show ntp statistics {io | local | memory | peer Displays the NTP statistics.
{ipaddr {ipv4-addr | ipv6-addr} | name
peer-name}}
show ntp status Displays the NTP CFS distribution status.
show ntp trusted-keys Displays the configured NTP trusted keys.
show running-config ntp Displays NTP information.
Use the clear ntp session command to clear the NTP sessions.
Use the clear ntp statistics command to clear the NTP statistics.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
5-80 OL-20635-03
Chapter 5 Configuring NTP
Additional References
This example shows an NTP access group configuration with the following restrictions:
• Peer restrictions are applied to IP addresses that pass the criteria of the access list named “peer-acl.”
• Serve restrictions are applied to IP addresses that pass the criteria of the access list named
“serve-acl.”
• Serve-only restrictions are applied to IP addresses that pass the criteria of the access list named
“serve-only-acl.”
• Query-only restrictions are applied to IP addresses that pass the criteria of the access list named
“query-only-acl.”
switch# config t
switch(config)# ntp peer 10.1.1.1
switch(config)# ntp peer 10.2.2.2
switch(config)# ntp peer 10.3.3.3
switch(config)# ntp peer 10.4.4.4
switch(config)# ntp peer 10.5.5.5
switch(config)# ntp peer 10.6.6.6
switch(config)# ntp peer 10.7.7.7
switch(config)# ntp peer 10.8.8.8
switch(config)# ntp access-group peer peer-acl
switch(config)# ntp access-group serve serve-acl
switch(config)# ntp access-group serve-only serve-only-acl
switch(config)# ntp access-group query-only query-only-acl
Additional References
For additional information related to implementing NTP, see the following sections:
• Related Documents, page 5-82
• MIBs, page 5-82
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 5-81
Chapter 5 Configuring NTP
Feature History for NTP
Related Documents
Related Topic Document Title
NTP CLI commands Cisco Nexus 7000 Series NX-OS System Management Command
Reference
Clock manager Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide,
Release 5.x
VDCs and VRFs Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration
Guide, Release 5.x
MIBs
MIBs MIBs Link
• CISCO-NTP-MIB To locate and download MIBs, go to the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
5-82 OL-20635-03
Chapter 5 Configuring NTP
Feature History for NTP
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 5-83
Chapter 5 Configuring NTP
Feature History for NTP
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
5-84 OL-20635-03
Send document comments to [email protected].
CHAPTER 6
Configuring PTP
This chapter describes how to configure the Precision Time Protocol (PTP) on Cisco NX-OS devices.
This chapter includes the following sections:
• Information About PTP, page 6-85
• Licensing Requirements for PTP, page 6-88
• Prerequisites for PTP, page 6-88
• Guidelines and Limitations, page 6-88
• Default Settings, page 6-89
• Configuring PTP, page 6-89
• Verifying the PTP Configuration, page 6-93
• Configuration Examples for PTP, page 6-93
• Additional References, page 6-94
• Feature History for PTP, page 6-95
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 6-85
Chapter 6 Configuring PTP
Information About PTP
PTP Overview
PTP is a time synchronization protocol for nodes distributed across a network. Its hardware timestamp
feature provides greater accuracy than other time synchronization protocols such as Network Time
Protocol (NTP).
A PTP system can consist of a combination of PTP and non-PTP devices. PTP devices include ordinary
clocks, boundary clocks, and transparent clocks. Non-PTP devices include ordinary network switches,
routers, and other infrastructure devices.
PTP is a distributed protocol that specifies how real-time PTP clocks in the system synchronize with
each other. These clocks are organized into a master-member synchronization hierarchy with the
grandmaster clock, the clock at the top of the hierarchy, determining the reference time for the entire
system. Synchronization is achieved by exchanging PTP timing messages, with the members using the
timing information to adjust their clocks to the time of their master in the hierarchy. PTP operates within
a logical scope called a PTP domain.
Note In Cisco NX-OS Release 5.2, PTP operates only in boundary clock mode. End-to-end transparent clock
and peer-to-peer transparent clock modes are not supported.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
6-86 OL-20635-03
Chapter 6 Configuring PTP
Information About PTP
PTP Process
The PTP process consists of two phases: establishing the master-member hierarchy and synchronizing
the clocks.
Within a PTP domain, each port of an ordinary or boundary clock follows this process to determine its
state:
• Examines the contents of all received announce messages (issued by ports in the master state)
• Compares the data sets of the foreign master (in the announce message) and the local clock for
priority, clock class, accuracy, and so on
• Based on this comparison, determines its own state as either master or member
After the master-member hierarchy has been established, the clocks are synchronized as follows:
• The master sends a synchronization message to the member and notes the time it was sent.
• The member receives the synchronization message and notes the time it was received.
• The member sends a delay-request message to the master and notes the time it was sent.
• The master receives the delay-request message and notes the time it was received.
• The master sends a delay-response message to the member.
• The member uses these timestamps to adjust its clock to the time of its master.
Pong
The network-monitoring tool Pong leverages the PTP’s time synchronization infrastructure to diagnose
the health of the network. Pong measures port-to-port delays and is similar to the network-monitoring
utility Ping but provides for a greater depth of network diagnostics. For more information on Pong, see
the Cisco Nexus 7000 Series NX-OS Troubleshooting Guide.
Clock Manager
Clocks are resources that need to be shared across different processes and across different VDCs.
Multiple time synchronization protocols (such as NTP and PTP) might be running in the system, and
multiple instances of the same protocol might be running in different VDCs. The clock manager allows
you to specify the protocol and a VDC running that protocol to control the various clocks in the system.
For information on configuring the clock manager, see the Cisco Nexus 7000 Series NX-OS
Fundamentals Configuration Guide, Release 5.x.
High Availability
Stateful restarts are supported for PTP. After a reboot or a supervisor switchover, the running
configuration is applied. For more information on high availability, see the Cisco Nexus 7000 Series
NX-OS High Availability and Redundancy Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 6-87
Chapter 6 Configuring PTP
Licensing Requirements for PTP
Virtualization Support
Cisco NX-OS supports multiple instances of PTP, one instance per virtual device context (VDC). By
default, Cisco NX-OS places you in the default VDC unless you specifically configure another VDC.
For more information about VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
6-88 OL-20635-03
Chapter 6 Configuring PTP
Default Settings
Default Settings
Table 6-1 lists the default settings for PTP parameters.
Parameters Default
PTP Disabled
PTP domain 0
PTP priority1 value when advertising the clock 255
PTP priority2 value when advertising the clock 255
PTP announce interval 1 (one packet every 2 seconds)
PTP sync interval 2 (one packet every 4 seconds)
PTP announce timeout 3
PTP minimum delay request interval 2 (one packet every 4 seconds)
PTP VLAN 1
Configuring PTP
This section includes the following topics:
• Configuring PTP Globally, page 6-89
• Configuring PTP on an Interface, page 6-91
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. [no] feature ptp
3. [no] ptp source ip-address [vrf vrf]
4. (Optional) [no] ptp domain number
5. (Optional) [no] ptp priority1 value
6. (Optional) [no] ptp priority2 value
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 6-89
Chapter 6 Configuring PTP
Configuring PTP
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 [no] feature ptp Enables or disables PTP on the device.
Example:
switch(config)# feature ptp
Step 3 [no] ptp source ip-address [vrf vrf] Configures the source IP address for all PTP packets.
The ip-address can be in IPv4 format.
Example:
switch(config)# ptp source 192.0.2.1
Step 4 [no] ptp domain number (Optional) Configures the domain number to use for
this clock. PTP domains allow you to use multiple
Example:
switch(config)# ptp domain 1
independent PTP clocking subdomains on a single
network. The range is from 0 to 128.
Step 5 [no] ptp priority1 value (Optional) Configures the priority1 value to use when
advertising this clock. This value overrides the default
Example:
switch(config)# ptp priority1 10
criteria (clock quality, clock class, and so on) for best
master clock selection. Lower values take precedence.
The range is from 0 to 255.
Step 6 [no] ptp priority2 value (Optional) Configures the priority2 value to use when
advertising this clock. This value is used to decide
Example:
switch(config)# ptp priority2 20
between two devices that are otherwise equally
matched in the default criteria. For example, you can
use the priority2 value to give a specific switch priority
over other identical switches. The range is from 0 to
255.
Step 7 show ptp brief (Optional) Displays the PTP status.
Example:
switch(config)# show ptp brief
Step 8 show ptp clock (Optional) Displays the properties of the local clock.
Example:
switch(config)# show ptp clock
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
6-90 OL-20635-03
Chapter 6 Configuring PTP
Configuring PTP
Command Purpose
Step 9 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Make sure that you have globally enabled PTP on the device and configured the source IP address for
PTP communication.
SUMMARY STEPS
1. config t
2. interface ethernet slot/port
3. [no] ptp
4. (Optional) [no] ptp announce {interval seconds | timeout count}
5. (Optional) [no] ptp delay-request minimum interval seconds
6. (Optional) [no] ptp sync interval seconds
7. (Optional) [no] ptp vlan vlan
8. (Optional) show ptp brief
9. (Optional) show ptp port interface interface slot/port
10. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 6-91
Chapter 6 Configuring PTP
Configuring PTP
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per line.
End with CNTL/Z.
switch(config)#
Step 2 interface ethernet slot/port Specifies the interface on which you are enabling
PTP and enters the interface configuration mode.
Example:
switch(config)# interface ethernet 7/1
switch(config-if)
Step 3 [no] ptp Enables or disables PTP on an interface.
Example:
switch(config-if)# ptp
Step 4 [no] ptp announce {interval seconds | timeout (Optional) Configures the interval between PTP
count} announce messages on an interface or the
Example:
number of PTP intervals before a timeout occurs
switch(config-if)# ptp announce interval 1 on an interface.
The range for the PTP announcement interval is
from 0 to 4 log seconds, and the range for the
interval timeout is from 2 to 10.
Step 5 [no] ptp delay-request minimum interval (Optional) Configures the minimum interval
seconds allowed between PTP delay-request messages
Example:
when the port is in the master state. The range is
switch(config-if)# ptp delay-request minimum from –1 to 6 log seconds.
interval 3
Step 6 [no] ptp sync interval seconds (Optional) Configures the interval between PTP
synchronization messages on an interface. The
Example:
switch(config-if)# ptp sync interval 1
range is from –1 to 2 log seconds.
Step 7 [no] ptp vlan vlan (Optional) Configures the PTP VLAN value on
an interface. The range is from 1 to 4094.
Example:
switch(config-if)# ptp vlan 10
Step 8 show ptp brief (Optional) Displays the PTP status.
Example:
switch(config)# show ptp brief
Step 9 show ptp port interface interface slot/port (Optional) Displays the status of the PTP port.
Example:
switch(config-if)# show ptp port interface
ethernet 7/1
Step 10 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config-if)# copy running-config
configuration to the startup configuration.
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
6-92 OL-20635-03
Chapter 6 Configuring PTP
Verifying the PTP Configuration
Command Purpose
show ptp brief Displays the PTP status.
show ptp clock Displays the properties of the local clock.
show ptp clock foreign-masters record Displays the state of foreign masters known to the
[interface interface slot/port] PTP process. For each foreign master, the output
displays the clock identity, basic clock properties,
and whether the clock is being used as a
grandmaster.
show ptp corrections Displays the last few PTP corrections.
show ptp parent Displays the properties of the PTP parent.
show ptp port interface interface slot/port Displays the status of the PTP port.
show ptp time-property Displays the properties of the PTP clock.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 6-93
Chapter 6 Configuring PTP
Additional References
This example shows how to configure PTP on an interface and configure the intervals for the announce,
delay-request, and synchronization messages:
switch# config t
switch(config)# interface ethernet 2/1
switch(config-if)# ptp
switch(config-if)# ptp announce interval 3
switch(config-if)# ptp announce timeout 2
switch(config-if)# ptp delay-request minimum interval 4
switch(config-if)# ptp sync interval -1
switch(config-if)# show ptp brief
PTP port status
-----------------------
Port State
------- --------------
Eth2/1 Master
switch(config-if)# show ptp port interface ethernet 2/1
PTP Port Dataset: Eth2/1
Port identity: clock identity: 0:22:55:ff:ff:79:a4:c1
Port identity: port number: 1028
PTP version: 2
Port state: Master
Delay request interval(log mean): 4
Announce receipt time out: 2
Peer mean path delay: 0
Announce interval(log mean): 3
Sync interval(log mean): -1
Delay Mechanism: End to End
Peer delay request interval(log mean): 0
Additional References
For additional information related to implementing PTP, see the following sections:
• Related Documents, page 6-94
• MIBs, page 6-95
Related Documents
Related Topic Document Title
PTP CLI commands Cisco Nexus 7000 Series NX-OS System Management Command
Reference, Release 5.x
Pong Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide,
Release 5.x
Clock manager Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide,
Release 5.x
VDCs Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration
Guide, Release 5.x
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
6-94 OL-20635-03
Chapter 6 Configuring PTP
Feature History for PTP
MIBs
MIBs MIBs Link
• CISCO-PTP-MIB To locate and download MIBs, go to the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 6-95
Chapter 6 Configuring PTP
Feature History for PTP
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
6-96 OL-20635-03
Send document comments to [email protected].
CHAPTER 7
Configuring CDP
This chapter describes how to configure the Cisco Discovery Protocol (CDP) on Cisco NX-OS devices.
This chapter includes the following sections:
• Information About CDP, page 7-97
• Licensing Requirements for CDP, page 7-99
• Prerequisites for CDP, page 7-99
• Guidelines and Limitations, page 7-99
• Default Settings, page 7-100
• Configuring CDP, page 7-100
• Verifying the CDP Configuration, page 7-103
• Configuration Example for CDP, page 7-104
• Additional References, page 7-104
• Feature History for CDP, page 7-105
CDP Overview
The Cisco Discovery Protocol (CDP) is a media-independent and protocol-independent protocol that
runs on all Cisco-manufactured equipment including routers, bridges, access and communication
servers, and switches. You can use CDP to discover and view information about all the Cisco devices
that are directly attached to the device.
CDP gathers protocol addresses of neighboring devices and discovers the platform of those devices. CDP
runs over the data link layer only. Two systems that support different Layer 3 protocols can learn about
each other.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 7-97
Chapter 7 Configuring CDP
Information About CDP
Each device that you configure for CDP sends periodic advertisements to a multicast address. Each
device advertises at least one address at which it can receive SNMP messages. The advertisements also
contain hold-time information, which indicates the length of time that a receiving device should hold
CDP information before removing it. You can configure the advertisement or refresh timer and the hold
timer.
CDP Version-2 (CDPv2) allows you to track instances where the native VLAN ID or port duplex states
do not match between connecting devices.
CDP advertises the following type-length-value fields (TLVs):
• Device ID
• Address
• Port ID
• Capabilities
• Version
• Platform
• Native VLAN
• Full/Half Duplex
• MTU
• SysName
• SysObjectID
• Management Address
• Physical Location
• VTP
All CDP packets include a VLAN ID. If you configure CDP on a Layer 2 access port, the CDP packets
sent from that access port include the access port VLAN ID. If you configure CDP on a Layer 2 trunk
port, the CDP packets sent from that trunk port include the lowest configured VLAN ID allowed on that
trunk port. The trunk port can receive CDP packets that include any VLAN ID in the allowed VLAN list
for that trunk port. For more information on VLANs, see the Cisco Nexus 7000 Series NX-OS Layer 2
Switching Configuration Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
7-98 OL-20635-03
Chapter 7 Configuring CDP
Licensing Requirements for CDP
High Availability
Cisco NX-OS supports stateless restarts for CDP. After a reboot or a supervisor switchover, Cisco
NX-OS applies the running configuration. For more information on high availability, see the Cisco
Nexus 7000 Series NX-OS High Availability and Redundancy Guide, Release 5.x.
Virtualization Support
Cisco NX-OS supports multiple instances of CDP, one instance per virtual device context (VDC). By
default, Cisco NX-OS places you in the default VDC unless you specifically configure another VDC.
For more information on VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 7-99
Chapter 7 Configuring CDP
Default Settings
Default Settings
Table 7-1 lists the CDP default settings.
Parameters Default
CDP Enabled globally and on all interfaces
CDP version Version 2
CDP device ID Serial number
CDP timer 60 seconds
CDP hold timer 180 seconds
Configuring CDP
This section includes the following topics:
• Enabling or Disabling CDP Globally, page 7-100
• Enabling or Disabling CDP on an Interface, page 7-101
• Configuring Optional CDP Parameters, page 7-103
Note Be aware that the Cisco NX-OS commands may differ from the Cisco IOS commands.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. cdp enable
3. copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
7-100 OL-20635-03
Chapter 7 Configuring CDP
Configuring CDP
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 cdp enable Enables the CDP feature on the entire device. This is
enabled by default.
Example:
switch(config)# cdp enable
Step 3 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
Use the no cdp enable command to disable the CDP feature on the device.
Command Purpose
no cdp enable Disables the CDP feature on the device.
Example:
switch(config)# no cdp enable
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. interface interface-type slot/port
3. cdp enable
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 7-101
Chapter 7 Configuring CDP
Configuring CDP
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 interface interface-type slot/port Enters interface configuration mode.
Example:
switch(config)# interface ethernet 1/2
switch(config-if)#
Step 3 cdp enable Enables CDP on this interface. This is enabled by
default.
Example:
switch(config-if)# cdp enable Note Ensure that CDP is enabled on the device (see
the “Enabling or Disabling CDP Globally”
section on page 7-100).
Step 4 show cdp interface interface-type (Optional) Displays CDP information for an interface.
slot/port
Example:
switch(config-if)# show cdp interface
ethernet 1/2
Step 5 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config-if)# copy running-config
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
7-102 OL-20635-03
Chapter 7 Configuring CDP
Verifying the CDP Configuration
Command Purpose
cdp advertise {v1 | v2} Sets the CDP version supported by the device. The
default is v2.
Example:
switch(config)# cdp advertise v1
cdp format device-id {mac-address | Sets the CDP device ID. The options are as follows:
serial-number | system-name}
• mac-address—MAC address of the chassis.
Example:
• serial-number—Chassis serial
switch(config)# cdp format device-id
mac-address number/Organizationally Unique Identifier
(OUI)
• system-name—The system name or fully
qualified domain name.
The default displays system-name and
serial-number information.
cdp holdtime seconds Sets the time that CDP holds onto neighbor
information before removing it. The range is from
Example:
switch(config)# cdp holdtime 150
10 to 255 seconds. The default is 180 seconds.
cdp timer seconds Sets the refresh time when CDP sends
advertisements to neighbors. The range is from 5 to
Example:
switch(config)# cdp timer 50
254 seconds. The default is 60 seconds.
Command Purpose
show cdp all Displays all interfaces that have CDP enabled.
show cdp entry {all | name entry-name} Displays the CDP database entries.
show cdp global Displays the CDP global parameters.
show cdp interface interface-type slot/port Displays the CDP interface status.
show cdp neighbors {device-id | interface Displays the CDP neighbor status.
interface-type slot/port} [detail]
show cdp traffic interface interface-type Displays the CDP traffic statistics on an interface.
slot/port
Use the clear cdp counters command to clear CDP statistics on an interface.
Use the clear cdp table command to clear the CDP cache for one or all interfaces.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 7-103
Chapter 7 Configuring CDP
Configuration Example for CDP
switch88(FOX1518GRE6)
Eth1/25 164 R S I s N5K-C5596UP Eth1/25
switch89(FOX1518GQJ2)
Eth1/26 163 R S I s N5K-C5596UP Eth1/25
Additional References
For additional information related to implementing CDP, see the following sections:
• Related Documents, page 7-104
• MIBs, page 7-104
Related Documents
MIBs
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
7-104 OL-20635-03
Chapter 7 Configuring CDP
Feature History for CDP
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 7-105
Chapter 7 Configuring CDP
Feature History for CDP
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
7-106 OL-20635-03
Send document comments to [email protected].
CHAPTER 8
Configuring System Message Logging
This chapter describes how to configure system message logging on Cisco NX-OS devices.
This chapter includes the following sections:
• Information About System Message Logging, page 8-107
• Licensing Requirements for System Message Logging, page 8-109
• Guidelines and Limitations, page 8-109
• Default Settings, page 8-109
• Configuring System Message Logging, page 8-109
• Verifying the System Message Logging Configuration, page 8-117
• Configuration Example for System Message Logging, page 8-118
• Additional References, page 8-118
• Feature History for System Message Logging, page 8-119
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 8-107
Chapter 8 Configuring System Message Logging
Information About System Message Logging
Level Description
0 – emergency System unusable
1 – alert Immediate action needed
2 – critical Critical condition
3 – error Error condition
4 – warning Warning condition
5 – notification Normal but significant condition
6 – informational Informational message only
7 – debugging Appears during debugging only
The device logs the most recent 100 messages of severity 0, 1, or 2 to the NVRAM log. You cannot
configure logging to the NVRAM.
You can configure which system messages should be logged based on the facility that generated the
message and its severity level. For information about facilities, see the Cisco Nexus 7000 Series NX-OS
System Management Command Reference. For information about configuring the severity level by
module and facility, see the “Configuring Module and Facility Messages Logged” section on page 8-113.
This section includes the following topics:
• syslog Servers, page 8-108
• Virtualization Support, page 8-108
syslog Servers
The syslog servers run on remote systems that log system messages based on the syslog protocol. You
can configure up to eight IPv4 or IPv6 syslog servers. For information about configuring syslog servers,
see the “Configuring syslog Servers” section on page 8-114.
Note When the device first initializes, messages are sent to syslog servers only after the network is initialized.
Virtualization Support
A virtual device context (VDC) is a logical representation of a set of system resources. System message
logging applies only to the VDC where commands are entered.
For information about configuring VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device
Context Configuration Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
8-108 OL-20635-03
Chapter 8 Configuring System Message Logging
Licensing Requirements for System Message Logging
Default Settings
Table 8-2 lists the default settings for system message logging parameters.
Parameters Default
Console logging Enabled at severity level 2
Monitor logging Enabled at severity level 5
Log file logging Enabled to log messages at severity level 5
Module logging Enabled at severity level 5
Facility logging Enabled; for severity levels, see the Cisco Nexus
7000 Series NX-OS System Management
Command Reference
Time-stamp units Seconds
syslog server logging Disabled
Note Be aware that the Cisco NX-OS commands for this feature may differ from those commands used in
Cisco IOS.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 8-109
Chapter 8 Configuring System Message Logging
Configuring System Message Logging
Tip The current critical (default) logging level is maintained if the console baud speed is 9600 baud (default).
All attempts to change the console logging level generate an error message. To increase the logging level
(above critical), you must change the console baud speed to 38400 baud.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. terminal monitor
2. config t
3. logging console [severity-level]
no logging console
4. show logging console
5. logging monitor [severity-level]
no logging monitor
6. show logging monitor
7. logging message interface type ethernet description
no logging message interface type ethernet description
8. copy running-config startup-config
Command Purpose
Step 1 terminal monitor Enables the device to log messages to the console.
Example:
switch# terminal monitor
Step 2 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
8-110 OL-20635-03
Chapter 8 Configuring System Message Logging
Configuring System Message Logging
Command Purpose
Step 3 logging console [severity-level] Configures the device to log messages to the console
session based on a specified severity level or higher.
Example:
switch(config)# logging console 3
Severity levels, which can range from 0 to 7, are
listed in Table 8-1. If the severity level is not
specified, the default of 2 is used.
no logging console [severity-level] Disables the device’s ability to log messages to the
console.
Example:
switch(config)# no logging console
Step 4 show logging console (Optional) Displays the console logging
configuration.
Example:
switch(config)# show logging console
Step 5 logging monitor [severity-level] Enables the device to log messages to the monitor
based on a specified severity level or higher. The
Example:
switch(config)# logging monitor 3
configuration applies to Telnet and SSH sessions.
Severity levels, which can range from 0 to 7, are
listed in Table 8-1. If the severity level is not
specified, the default of 2 is used.
no logging monitor [severity-level] Disables logging messages to Telnet and SSH
sessions.
Example:
switch(config)# no logging monitor
Step 6 show logging monitor (Optional) Displays the monitor logging
configuration.
Example:
switch(config)# show logging monitor
Step 7 logging message interface type ethernet Enables you to add the description for physical
description Ethernet interfaces and subinterfaces in the system
Example:
message log. The description is the same description
switch(config)# logging message interface that was configured on the interface.
type ethernet description
no logging message interface type ethernet Disables the printing of the interface description in
description the system message log for physical Ethernet
Example:
interfaces.
switch(config)# no logging message
interface type ethernet description
Step 8 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config)# copy running-config
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 8-111
Chapter 8 Configuring System Message Logging
Configuring System Message Logging
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. logging logfile logfile-name severity-level [size bytes]
no logging logfile [logfile-name severity-level [size bytes]]
3. logging event {link-status | trunk-status} {enable | default}
4. show logging info
5. copy running-config startup-config
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 logging logfile logfile-name Configures the name of the log file used to store
severity-level [size bytes] system messages and the minimum severity level to
Example:
log. You can optionally specify a maximum file size.
switch(config)# logging logfile my_log 6 The default severity level is 5 and the file size is
10485760. Severity levels are listed in Table 8-1.
The file size is from 4096 to 10485760 bytes.
no logging logfile [logfile-name Disables logging to the log file.
severity-level [size bytes]]
Example:
switch(config)# no logging logfile
Step 3 logging event {link-status | trunk-status} Logs interface events.
{enable | default}
• link-status—Logs all UP/DOWN and
Example: CHANGE messages.
switch(config)# logging event link-status
default • trunk-status—Logs all TRUNK status
messages.
• enable—Specifies to enable logging to override
the port level configuration.
• default—Specifies that the default logging
configuration is used by interfaces not explicitly
configured.
Step 4 show logging info (Optional) Displays the logging configuration.
Example:
switch(config)# show logging info
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
8-112 OL-20635-03
Chapter 8 Configuring System Message Logging
Configuring System Message Logging
Command Purpose
Step 5 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config)# copy running-config
startup-config
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. logging module [severity-level]
no logging module
3. show logging module
4. logging level facility severity-level
no logging level [facility severity-level]
5. show logging level [facility]
6. logging timestamp {microseconds | milliseconds | seconds}
no logging timestamp {microseconds | milliseconds | seconds}
7. show logging timestamp
8. copy running-config startup-config
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 logging module [severity-level] Enables module log messages that have the specified
severity level or higher. Severity levels, which range
Example:
switch(config)# logging module 3
from 0 to 7, are listed in Table 8-1. If the severity
level is not specified, the default of 5 is used.
no logging module [severity-level] Disables module log messages.
Example:
switch(config)# no logging module
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 8-113
Chapter 8 Configuring System Message Logging
Configuring System Message Logging
Command Purpose
Step 3 show logging module (Optional) Displays the module logging
configuration.
Example:
switch(config)# show logging module
Step 4 logging level facility severity-level Enables logging messages from the specified facility
that have the specified severity level or higher. The
Example:
switch(config)# logging level aaa 2
facilities are listed in the Cisco Nexus 7000 Series
NX-OS System Management Command Reference.
Severity levels, which range from 0 to 7, are listed in
Table 8-1. To apply the same severity level to all
facilities, use the all facility. For defaults, see the
show logging level command.
no logging level [facility severity-level] Resets the logging severity level for the specified
facility to its default level. If you do not specify a
Example:
switch(config)# no logging level aaa 3
facility and severity level, the device resets all
facilities to their default levels.
Step 5 show logging level [facility] (Optional) Displays the logging level configuration
and the system default level by facility. If you do not
Example:
switch(config)# show logging level aaa
specify a facility, the device displays levels for all
facilities.
Step 6 logging timestamp {microseconds | Sets the logging time-stamp units. By default, the
milliseconds | seconds} units are seconds.
Example: Note This command applies to logs that are kept
switch(config)# logging timestamp in the switch. It does not apply to the
milliseconds
external logging server.
no logging timestamp {microseconds | Resets the logging time-stamp units to the default of
milliseconds | seconds} seconds.
Example: Note This command applies to logs that are kept
switch(config)# no logging timestamp in the switch. It does not apply to the
milliseconds
external logging server.
Step 7 show logging timestamp (Optional) Displays the logging time-stamp units
configured.
Example:
switch(config)# show logging timestamp
Step 8 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config)# copy running-config
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
8-114 OL-20635-03
Chapter 8 Configuring System Message Logging
Configuring System Message Logging
Note We recommend that you configure the syslog server to use the management virtual routing and
forwarding (VRF) instance. For more information on VRFs, see the Cisco Nexus 7000 Series NX-OS
Unicast Routing Configuration Guide, Release 5.x.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. logging server host [severity-level [use-vrf vrf-name]]
no logging server host
3. logging source-interface loopback virtual-interface
4. show logging server
5. copy running-config startup-config
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 logging server host [severity-level Configures a syslog server at the specified hostname
[use-vrf vrf-name]] or IPv4 or IPv6 address. You can limit logging of
Example 1:
messages to a particular VRF by using the use-vrf
switch(config)# logging server 192.0.2.253 keyword. In Cisco NX-OS Release 4.2 or higher, the
default VRF is default. Severity levels, which range
Example 2: from 0 to 7, are listed in Table 8-1. The default
switch(config)# logging server outgoing facility is local7.
2001::)db*::3 5 use-vrf red
Example 1 forwards all messages on facility local 7.
Example 2 forwards messages with severity level 5
or lower for VRF red.
no logging server host Removes the logging server for the specified host.
Example:
switch(config)# no logging server host
Step 3 logging source-interface loopback Enables a source interface for the remote syslog
virtual-interface server. The range for the virtual-interface argument
Example:
is from 0 to 1023.
switch(config)# logging source-interface
loopback 5
Step 4 show logging server (Optional) Displays the syslog server configuration.
Example:
switch(config)# show logging server
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 8-115
Chapter 8 Configuring System Message Logging
Configuring System Message Logging
Command Purpose
Step 5 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config)# copy running-config
startup-config
You can configure a syslog server on a UNIX or Linux system by adding the following line to the
/etc/syslog.conf file:
facility.level <five tab characters> action
Table 8-3 describes the syslog fields that you can configure.
.
Table 8-3 syslog Fields in syslog.conf
Field Description
Facility Creator of the message, which can be auth, authpriv, cron, daemon, kern, lpr, mail,
mark, news, syslog, user, local0 through local7, or an asterisk (*) for all. These facility
designators allow you to control the destination of messages based on their origin.
Note Check your configuration before using a local facility.
Level Minimum severity level at which messages are logged, which can be debug, info,
notice, warning, err, crit, alert, emerg, or an asterisk (*) for all. You can use none to
disable a facility.
Action Destination for messages, which can be a filename, a hostname preceded by the at sign
(@), a comma-separated list of users, or an asterisk (*) for all logged-in users.
Step 1 Log debug messages with the local7 facility in the file /var/log/myfile.log by adding the following line
to the /etc/syslog.conf file:
debug.local7 /var/log/myfile.log
Step 2 Create the log file by entering these commands at the shell prompt:
$ touch /var/log/myfile.log
$ chmod 666 /var/log/myfile.log
Step 3 Make sure the system message logging daemon reads the new changes by checking myfile.log after
entering this command:
$ kill -HUP ~cat /etc/syslog.pid~
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
8-116 OL-20635-03
Chapter 8 Configuring System Message Logging
Verifying the System Message Logging Configuration
SUMMARY STEPS
Command Purpose
Step 1 show logging last number-lines Displays the last number of lines in the logging file.
You can specify from 1 to 9999 for the last number
Example:
switch# show logging last 40
of lines.
Step 2 show logging logfile [start-time yyyy mmm Displays the messages in the log file that have a time
dd hh:mm:ss] [end-time yyyy mmm dd stamp within the span entered. If you do not enter an
hh:mm:ss]
end time, the current time is used. You enter three
Example: characters for the month time field, and digits for the
switch# show logging logfile start-time year and day time fields.
2007 nov 1 15:10:0
Step 3 show logging nvram [last number-lines] Displays the messages in the NVRAM. To limit the
number of lines displayed, you can enter the last
Example:
switch# show logging nvram last 10
number of lines to display. You can specify from 1
to 100 for the last number of lines.
Step 4 clear logging logfile Clears the contents of the log file.
Example:
switch# clear logging logfile
Step 5 clear logging nvram Clears the logged messages in NVRAM.
Example:
switch# clear logging nvram
Command Purpose
show logging console Displays the console logging configuration.
show logging info Displays the logging configuration.
show logging last number-lines Displays the last number of lines of the log file.
show logging level [facility] Displays the facility logging severity level
configuration.
show logging logfile [start-time yyyy mmm dd Displays the messages in the log file.
hh:mm:ss] [end-time yyyy mmm dd hh:mm:ss]
show logging module Displays the module logging configuration.
show logging monitor Displays the monitor logging configuration.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 8-117
Chapter 8 Configuring System Message Logging
Configuration Example for System Message Logging
Command Purpose
show logging nvram [last number-lines] Displays the messages in the NVRAM log.
show logging server Displays the syslog server configuration.
show logging timestamp Displays the logging time-stamp units
configuration.
Example:
switch(config)# show logging timestamp
Logging timestamp: Seconds
For detailed information about the fields in the output from these commands, see the Cisco Nexus 7000
Series NX-OS System Management Command Reference.
Additional References
For additional information related to implementing system message logging, see the following sections:
• Related Documents, page 8-118
• Standards, page 8-119
Related Documents
Related Topic Document Title
System messages CLI commands Cisco Nexus 7000 Series NX-OS System Management Command
Reference
System messages Cisco NX-OS System Messages Reference
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
8-118 OL-20635-03
Chapter 8 Configuring System Message Logging
Feature History for System Message Logging
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 8-119
Chapter 8 Configuring System Message Logging
Feature History for System Message Logging
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
8-120 OL-20635-03
Send document comments to [email protected].
CHAPTER 9
Configuring Smart Call Home
This chapter describes how to configure the Smart Call Home feature of the Cisco NX-OS devices.
This chapter includes the following sections:
• Information About Smart Call Home, page 9-121
• Licensing Requirements for Smart Call Home, page 9-128
• Prerequisites for Smart Call Home, page 9-128
• Guidelines and Limitations, page 9-128
• Default Settings, page 9-129
• Configuring Smart Call Home, page 9-129
• Verifying the Smart Call Home Configuration, page 9-147
• Configuration Example for Smart Call Home, page 9-148
• Additional References, page 9-148
• Feature History for Smart Call Home, page 9-161
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-121
Chapter 9 Configuring Smart Call Home
Information About Smart Call Home
Destination Profiles
A destination profile includes the following information:
• One or more alert groups—The group of alerts that trigger a specific Smart Call Home message if
the alert occurs.
• One or more e-mail destinations—The list of recipients for the Smart Call Home messages
generated by alert groups assigned to this destination profile.
• Message format—The format for the Smart Call Home message (short text, full text, or XML).
• Message severity level—The Smart Call Home severity level that the alert must meet before Cisco
NX-OS generates a Smart Call Home message to all e-mail addresses in the destination profile. For
more information about Smart Call Home severity levels, see the “Smart Call Home Message
Urgency Levels” section on page 9-125. Cisco NX-OS does not generate an alert if the Smart Call
Home severity level of the alert is lower than the message severity level set for the destination
profile.
You can also configure a destination profile to allow periodic inventory update messages by using the
inventory alert group that will send out periodic messages daily, weekly, or monthly.
Cisco NX-OS supports the following predefined destination profiles:
• CiscoTAC-1—Supports the Cisco-TAC alert group in XML message format. This profile is
preconfigured with the [email protected] e-mail contact, maximum message size, and message
severity level 0. You cannot change any of the default information for this profile.
• full-text-destination—Supports the full text message format.
• short-text-destination—Supports the short text message format.
See the “Message Formats” section on page 9-150 for more information about the message formats.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-122 OL-20635-03
Chapter 9 Configuring Smart Call Home
Information About Smart Call Home
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-123
Chapter 9 Configuring Smart Call Home
Information About Smart Call Home
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-124 OL-20635-03
Chapter 9 Configuring Smart Call Home
Information About Smart Call Home
Smart Call Home maps the syslog severity level to the corresponding Smart Call Home severity level for
syslog port group messages (see the “Smart Call Home Message Urgency Levels” section on
page 9-125).
You can customize predefined alert groups to execute additional CLI show commands when specific
events occur and send that show output with the Smart Call Home message.
You can add show commands only to full text and XML destination profiles. Short text destination
profiles do not support additional show commands because they only allow 128 bytes of text.
Note Smart Call Home does not change the syslog message level in the message text. The syslog messages in
the Smart Call Home log appear as they are described in the Cisco NX-OS System Messages Reference.
Table 9-2 lists each Smart Call Home message level keyword and the corresponding syslog level for the
syslog port alert group.
Smart Call
Home Level Keyword syslog Level Description
9 Catastrophic N/A Network-wide catastrophic failure.
8 Disaster N/A Significant network impact.
7 Fatal Emergency (0) System is unusable.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-125
Chapter 9 Configuring Smart Call Home
Information About Smart Call Home
Smart Call
Home Level Keyword syslog Level Description
6 Critical Alert (1) Critical conditions that indicate that immediate
attention is needed.
5 Major Critical (2) Major conditions.
4 Minor Error (3) Minor conditions.
3 Warning Warning (4) Warning conditions.
2 Notification Notice (5) Basic notification and informational messages.
Possibly independently insignificant.
1 Normal Information (6) Normal event signifying return to normal state.
0 Debugging Debug (7) Debugging messages.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-126 OL-20635-03
Chapter 9 Configuring Smart Call Home
Information About Smart Call Home
High Availability
Stateless restarts are supported for Smart Call Home. After a reboot or supervisor switchover, the
running configuration is applied.
Virtualization Support
One instance of Smart Call Home is supported per virtual device context (VDC). Smart Call Home uses
the contact information from the first registered VDC as the administrator contact for all VDCs on the
physical device. For example, if you want the Smart Call Home to use the contact information from the
default VDC, you should register using that VDC. You can update this information at the Smart Call
Home web site at the following URL:
http://www.cisco.com/go/smartcall/
Smart Call Home registers the contacts for all other VDCs as users that can see all the Smart Call Home
data for the physical device but cannot act as administrators. All registered users and the registered
administrator receive all Smart Call Home notifications from all VDCs on the physical device.
By default, you are placed in the default VDC. In the default VDC, you can test Smart Call Home using
the callhome send and callhome test commands. In a nondefault VDC, only the callhome test command
is available. For more information on VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device
Context Configuration Guide.
Smart Call Home is virtual routing and forwarding (VRF) aware. You can configure Smart Call Home
to use a particular VRF to reach the Smart Call Home SMTP server.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-127
Chapter 9 Configuring Smart Call Home
Licensing Requirements for Smart Call Home
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-128 OL-20635-03
Chapter 9 Configuring Smart Call Home
Default Settings
Default Settings
Table 9-3 lists the default settings for Smart Call Home parameters.
Parameters Default
Destination message size for a message sent in full 2,500,000
text format
Destination message size for a message sent in 2,500,000
XML format
Destination message size for a message sent in 4000
short text format
SMTP server port number if no port is specified 25
SMTP server priority if no priority is specified 50
Alert group association with profile All for full-text-destination and
short-text-destination profiles. The cisco-tac alert
group for the CiscoTAC-1 destination profile.
Format type XML
Smart Call Home message level 0 (zero)
HTTP proxy server use Disabled and no proxy server configured
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-129
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
Note Be aware that the Cisco NX-OS commands may differ from the Cisco IOS commands.
We recommend that you complete the Smart Call Home configuration procedures in the following
sequence:
1. Configuring Contact Information, page 9-130
2. Creating a Destination Profile, page 9-132
3. Associating an Alert Group and a Destination Profile, page 9-136
4. (Optional) Adding show Commands to an Alert Group, page 9-138
5. (Optional) Creating and Distributing a CFS Configuration, page 4-55
6. Enabling or Disabling Smart Call Home, page 9-146
7. (Optional) Testing Smart Call Home Communications, page 9-147
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. snmp-server contact sys-contact
3. callhome
4. email-contact email-address
5. phone-contact international-phone-number
6. streetaddress address
7. contract-id contract-number
8. customer-id customer-number
9. site-id site-number
10. switch-priority number
11. commit
12. show callhome
13. copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-130 OL-20635-03
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 snmp-server contact sys-contact Configures the SNMP sysContact.
Example:
switch(config)# snmp-server contact
[email protected]
Step 3 callhome Enters callhome configuration mode.
Example:
switch(config)# callhome
switch(config-callhome)#
Step 4 email-contact email-address Configures the e-mail address for the person primarily
responsible for the device. Up to 255 alphanumeric
Example:
switch(config-callhome)# email-contact
characters are accepted in an e-mail address format.
[email protected] Note You can use any valid e-mail address. You
cannot use spaces.
Step 5 phone-contact Configures the phone number in international phone
international-phone-number number format for the primary person responsible for
Example:
the device. Up to 17 alphanumeric characters are
switch(config-callhome)# phone-contact accepted in international format.
+1-800-123-4567
Note You cannot use spaces. Be sure to use the +
prefix before the number.
Step 6 streetaddress address Configures the street address as an alphanumeric string
with white spaces for the primary person responsible
Example:
switch(config-callhome)# streetaddress
for the device. Up to 255 alphanumeric characters are
123 Anystreet st. Anytown,AnyWhere accepted, including spaces.
Step 7 contract-id contract-number (Optional) Configures the contract number for this
device from the service agreement. The contract
Example:
switch(config-callhome)# contract-id
number can be up to 255 alphanumeric characters in
Contract5678 free format.
Step 8 customer-id customer-number (Optional) Configures the customer number for this
device from the service agreement. The customer
Example:
switch(config-callhome)# customer-id
number can be up to 255 alphanumeric characters in
Customer123456 free format.
Step 9 site-id site-number (Optional) Configures the site number for this device.
The site number can be up to 255 alphanumeric
Example:
switch(config-callhome)# site-id Site1
characters in free format.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-131
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
Command Purpose
Step 10 switch-priority number (Optional) Configures the switch priority for this
device. The range is from 0 to 7, with 0 being the
Example:
switch(config-callhome)# switch-priority
highest priority and 7 the lowest. The default is 7.
3
Step 11 commit Commits the callhome configuration commands.
Example:
switch(config-callhome)# commit
Step 12 show callhome (Optional) Displays a summary of the Smart Call
Home configuration.
Example:
switch(config-callhome)# show callhome
Step 13 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
This example shows how to configure the contact information for Smart Call Home:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# snmp-server contact [email protected]
switch(config)# callhome
switch(config-callhome)# email-contact [email protected]
switch(config-callhome)# phone-contact +1-800-123-4567
switch(config-callhome)# streetaddress 123 Anystreet st. Anytown,AnyWhere
switch(config-callhome)# commit
Make sure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1. config t
2. callhome
3. destination-profile name
4. destination-profile name format {XML | full-txt | short-txt}
5. commit
6. show callhome destination-profile [profile name]
7. copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-132 OL-20635-03
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 callhome Enters callhome configuration mode.
Example:
switch(config)# callhome
switch(config-callhome)#
Step 3 destination-profile name Creates a new destination profile. The name can be any
alphanumeric string up to 31 characters.
Example:
switch(config-callhome)#
destination-profile Noc101
Step 4 destination-profile name format {XML | Sets the message format for the profile. The name can
full-txt | short-txt} be any alphanumeric string up to 31 characters.
Example:
switch(config-callhome)#
destination-profile Noc101 format
full-txt
Step 5 commit Commits the callhome configuration commands.
Example:
switch(config-callhome)# commit
Step 6 show callhome destination-profile (Optional) Displays information about one or more
[profile name] destination profiles.
Example:
switch(config-callhome)# show callhome
destination-profile profile Noc101
Step 7 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
This example shows how to create a destination profile for Smart Call Home:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# callhome
switch(config-callhome)# destination-profile Noc101
switch(config-callhome)# destination-profile Noc101 format full-text
switch(config-callhome)# commit
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-133
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. callhome
3. destination-profile {name | CiscoTAC-1 | full-txt-destination | short-txt-destination}
email-addr address
4. destination-profile {name | CiscoTAC-1 | full-txt-destination | short-txt-destination} http
address
5. destination-profile {name | CiscoTAC-1 | full-txt-destination | short-txt-destination}
transport-method {email | http}
6. destination-profile {name | CiscoTAC-1 | full-txt-destination | short-txt-destination}
message-level number
7. destination-profile {name | CiscoTAC-1 | full-txt-destination | short-txt-destination}
message-size number
8. commit
9. show callhome destination-profile [profile name]
10. copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-134 OL-20635-03
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 callhome Enters callhome configuration mode.
Example:
switch(config)# callhome
switch(config-callhome)#
Step 3 destination-profile {name | CiscoTAC-1 | Configures an e-mail address for a user-defined or
full-txt-destination | predefined destination profile.
short-txt-destination} email-addr
address Tip You can configure up to 50 e-mail addresses in
a destination profile.
Example:
switch(config-callhome)#
destination-profile full-txt-destination
email-addr [email protected]
Step 4 destination-profile {name | CiscoTAC-1 | Configures an HTTP or HTTPS URL for a
full-txt-destination | user-defined or predefined destination profile. The
short-txt-destination} http address
URL can be up to 255 characters.
Example: Note This command is not distributable with CFS.
switch(config-callhome)#
As a workaround, enter this command after the
destination-profile CiscoTAC-1 http
http://site.com/service/callhome commit command.
Step 5 destination-profile {name | CiscoTAC-1 | Configures an e-mail or HTTP transport method for a
full-txt-destination | user-defined or predefined destination profile. The
short-txt-destination} transport-method
{email | http}
type of transport method that you choose determines
the configured destination addresses of that type.
Example:
Note This command is not distributable with CFS.
switch(config-callhome)#
destination-profile CiscoTAC-1 http As a workaround, enter this command after the
http://site.com/service/callhome commit command.
Step 6 destination-profile {name | CiscoTAC-1 | Configures the Smart Call Home message severity
full-txt-destination | level for this destination profile. Cisco NX-OS sends
short-txt-destination} message-level
number
only alerts that have a matching or higher Smart Call
Home severity level to destinations in this profile. The
Example: range is from 0 to 9, where 9 is the highest severity
switch(config-callhome)# level.
destination-profile full-txt-destination
message-level 5
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-135
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
Command Purpose
Step 7 destination-profile {name | CiscoTAC-1 | Configures the maximum message size for this
full-txt-destination | destination profile The range is from 0 to 5000000.
short-txt-destination} message-size
number
The default is 2500000.
Example:
switch(config-callhome)#
destination-profile full-txt-destination
message-size 100000
Step 8 commit Commits the callhome configuration commands.
Example:
switch(config-callhome)# commit
Step 9 show callhome destination-profile (Optional) Displays information about one or more
[profile name] destination profiles.
Example:
switch(config-callhome)# show callhome
destination-profile profile
full-text-destination
Step 10 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
This example shows how to modify a destination profile for Smart Call Home:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# callhome
switch(config-callhome)# destination-profile full-text-destination email-addr
[email protected]
switch(config-callhome)# destination-profile full-text-destination message-level 5
switch(config-callhome)# destination-profile full-text-destination message-size 10000
switch(config-callhome)# commit
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. callhome
3. destination-profile {name | CiscoTAC-1 | full-txt-destination | short-txt-destination}
alert-group {All | Cisco-TAC | Configuration | Diagnostic | EEM | Environmental | Inventory |
License | Linecard-Hardware | Supervisor-Hardware | Syslog-group-port | System | Test}
4. commit
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-136 OL-20635-03
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 callhome Enters callhome configuration mode.
Example:
switch(config)# callhome
switch(config-callhome)#
Step 3 destination-profile {name | CiscoTAC-1 | Associates an alert group with this destination profile.
full-txt-destination | Use the All keyword to associate all alert groups with
short-txt-destination} alert-group {All
| Cisco-TAC | Configuration | Diagnostic
the destination profile.
| EEM | Environmental | Inventory |
License | Linecard-Hardware |
Supervisor-Hardware | Syslog-group-port
| System | Test}
Example:
switch(config-callhome)#
destination-profile Noc101 alert-group
All
Step 4 commit Commits the callhome configuration commands.
Example:
switch(config-callhome)# commit
Step 5 show callhome destination-profile (Optional) Displays information about one or more
[profile name] destination profiles.
Example:
switch(config-callhome)# show callhome
destination-profile profile Noc101
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
This example shows how to associate all alert groups with the destination profile Noc101:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# callhome
switch(config-callhome)# destination-profile Noc101 alert-group All
switch(config-callhome)# commit
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-137
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
Note You cannot add user-defined CLI show commands to the CiscoTAC-1 destination profile.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. callhome
3. alert-group {Configuration | Diagnostic | EEM | Environmental | Inventory | License |
Linecard-Hardware | Supervisor-Hardware | Syslog-group-port | System | Test} user-def-cmd
show-cmd
4. commit
5. show call-home user-def-cmds
6. copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 callhome Enters callhome configuration mode.
Example:
switch(config)# callhome
switch(config-callhome)#
Step 3 alert-group {Configuration | Diagnostic Adds the show command output to any Smart Call
| EEM | Environmental | Inventory | Home messages sent for this alert group. Only valid
License | Linecard-Hardware |
Supervisor-Hardware | Syslog-group-port
show commands are accepted.
| System | Test} user-def-cmd show-cmd
Example:
switch(config-callhome)# alert-group
Configuration user-def-cmd show ip route
Step 4 commit Commits the callhome configuration commands.
Example:
switch(config-callhome)# commit
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-138 OL-20635-03
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
Command Purpose
Step 5 show callhome user-def-cmds (Optional) Displays information about all user-defined
show commands added to alert groups.
Example:
switch(config-callhome)# show callhome
user-def-cmds
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
This example shows how to add the show ip route command to the Cisco-TAC alert group:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# callhome
switch(config-callhome)# alert-group Configuration user-def-cmd show ip route
switch(config-callhome)# commit
Configuring E-Mail
You must configure the SMTP server address for the Smart Call Home functionality to work. You can
also configure the from and reply-to e-mail addresses.
You can configure up to five SMTP servers for Smart Call Home. The servers are tried based on their
priority. The highest priority server is tried first. If the message fails to be sent, the next server in the list
is tried until the limit is exhausted. If two servers have equal priority, the one that was configured earlier
is tried first.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. callhome
3. transport email mail-server ip-address [port number] [priority number] [use-vrf vrf-name]
4. transport email from email-address
5. transport email reply-to email-address
6. commit
7. show callhome transport
8. copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-139
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 callhome Enters callhome configuration mode.
Example:
switch(config)# callhome
switch(config-callhome)#
Step 3 transport email mail-server ip-address Configures the SMTP server as the domain name
[port number] [priority number] [use-vrf server (DNS) name, IPv4 address, or IPv6 address.
vrf-name]
Optionally configures the port number. The port range
Example: is from 1 to 65535. The default port number is 25.
switch(config-callhome)# transport email
Also optionally configures the priority of the SMTP
mail-server 192.0.2.1 use-vrf Red
server. The priority range is from 1 to 100, with 1 being
the highest priority and 100 the lowest. If you do not
specify a priority, the default value of 50 is used.
Also optionally configures the VRF to use when
communicating with this SMTP server. The VRF
specified is not used to send messages using HTTP. To
use HTTP, see the “Configuring VRFs To Send
Messages Using HTTP” section on page 9-141.
Note To distribute the SMTP server configuration to
devices that run Release 4.2 or earlier, you
must use the transport email smtp-server
command, which configures only one SMTP
server.
Step 4 transport email from email-address (Optional) Configures the e-mail from field for Smart
Call Home messages.
Example:
switch(config-callhome)# transport email
from [email protected]
Step 5 transport email reply-to email-address (Optional) Configures the e-mail reply-to field for
Smart Call Home messages.
Example:
switch(config-callhome)# transport email
reply-to [email protected]
Step 6 commit Commits the callhome configuration commands.
Example:
switch(config-callhome)# commit
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-140 OL-20635-03
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
Command Purpose
Step 7 show callhome transport (Optional) Displays the transport-related configuration
for Smart Call Home.
Example:
switch(config-callhome)# show callhome
transport
Step 8 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
This example shows how to configure the e-mail options for Smart Call Home messages:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# callhome
switch(config-callhome)# transport email mail-server 192.0.2.10 use-vrf Red
switch(config-callhome)# transport email from [email protected]
switch(config-callhome)# transport email reply-to [email protected]
switch(config-callhome)# commit
This example shows how to configure multiple SMTP servers for Smart Call Home messages:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# callhome
switch(config-callhome)# transport email mail-server 192.0.2.10 priority 4
switch(config-callhome)# transport email mail-server 172.21.34.193
switch(config-callhome)# transport email smtp-server 10.1.1.174
switch(config-callhome)# transport email mail-server 64.72.101.213 priority 60
switch(config-callhome)# transport email from [email protected]
switch(config-callhome)# transport email reply-to [email protected]
switch(config-callhome)# commit
Based on the configuration above, the SMTP servers would be tried in this order:
10.1.1.174 (priority 0)
192.0.2.10 (priority 4)
172.21.34.193 (priority 50, which is the default)
64.72.101.213 (priority 60)
When CFS distribution is enabled, devices that run Release 4.2 or earlier accept only the transport
email smtp-server command configurations while devices that run Release 5.0(1) or later accept both
the transport email smtp-server and transport email mail-server command configurations.
Note When a device accepts both the transport email smtp-server and transport email mail-server
commands, the transport email smtp-server command has a priority of 0, which is the highest. The
server specified by this command is tried first followed by the servers specified by the transport email
mail-server commands in order of priority.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-141
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. callhome
3. transport http use-vrf vrf-name
4. commit
5. show callhome
6. copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 callhome Enters callhome configuration mode.
Example:
switch(config)# callhome
switch(config-callhome)#
Step 3 transport http use-vrf vrf-name Configures the VRF used to send e-mail and other
Smart Call Home messages over HTTP.
Example:
switch(config-callhome)# transport http
use-vrf Blue
Step 4 commit Commits the callhome configuration commands.
Example:
switch(config-callhome)# commit
Step 5 show callhome (Optional) Displays information about Smart Call
Home.
Example:
switch(config-callhome)# show callhome
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-142 OL-20635-03
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
This example shows how to configure a VRF to send Smart Call Home messages using HTTP:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# callhome
switch(config-callhome)# transport http use-vrf Blue
switch(config-callhome)# commit
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. callhome
3. transport http proxy server ip-address [port number]
4. transport http proxy enable
5. commit
6. show callhome transport
7. copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 callhome Enters callhome configuration mode.
Example:
switch(config)# callhome
switch(config-callhome)#
Step 3 transport http proxy server ip-address Configures the HTTP proxy server domain name
[port number] server (DNS) name, IPv4 address, or IPv6 address.
Example:
Optionally configures the port number. The port range
switch(config-callhome)# transport http is from 1 to 65535. The default port number is 8080.
proxy server 192.0.2.1
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-143
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
Command Purpose
Step 4 transport http proxy enable Enables Smart Call Home to send all HTTP messages
through the HTTP proxy server.
Example:
switch(config-callhome)# transport http Note You can execute this command only after the
proxy enable proxy server address has been configured.
This example shows how to configure Smart Call Home to send HTTP messages through an HTTP proxy
server:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# callhome
switch(config-callhome)# transport http proxy server 10.10.10.1 port 4
switch(config-callhome)# transport http proxy enable
switch(config-callhome)# commit
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. callhome
3. periodic-inventory notification [interval days | timeofday time]
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-144 OL-20635-03
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
4. commit
5. show callhome
6. copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 callhome Enters callhome configuration mode.
Example:
switch(config)# callhome
switch(config-callhome)#
Step 3 periodic-inventory notification Configures the periodic inventory messages. The
[interval days] [timeofday time] interval range is from 1 to 30 days, and the default is 7.
Example:
The time argument is in HH:MM format. It defines at
switch(config-callhome)# what time of the day every X days an update is sent
periodic-inventory notification interval (where X is the update interval).
20
Step 4 commit Commits the callhome configuration commands.
Example:
switch(config-callhome)# commit
Step 5 show callhome (Optional) Displays information about Smart Call
Home.
Example:
switch(config-callhome)# show callhome
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
This example shows how to configure the periodic inventory messages to generate every 20 days:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# callhome
switch(config-callhome)# periodic-inventory notification interval 20
switch(config-callhome)# commit
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-145
Chapter 9 Configuring Smart Call Home
Configuring Smart Call Home
Command Purpose
Step 1 no duplicate-message throttle Disables duplicate message throttling for Smart Call
Home. Enabled by default.
Example:
switch(config-callhome)# no
duplicate-message throttle
Step 2 commit Commits the callhome configuration commands.
Example:
switch(config-callhome)# commit
Command Purpose
Step 1 enable Enables Smart Call Home. Disabled by default.
Example: Note To disable Smart Call Home, use the no enable
switch(config-callhome)# enable command in Smart Call Home configuration
mode.
Step 2 commit Commits the callhome configuration commands.
Example:
switch(config-callhome)# commit
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-146 OL-20635-03
Chapter 9 Configuring Smart Call Home
Verifying the Smart Call Home Configuration
Command Purpose
callhome send [configuration | diagnostic] Sends the specified Smart Call Home test message
to all configured destinations.
Example:
switch(config-callhome)# callhome send Note This command is available only in the
diagnostic default VDC.
callhome test Sends a test message to all configured
destinations.
Example:
switch(config-callhome)# callhome test
Command Purpose
show callhome Displays the Smart Call Home configuration.
show callhome destination-profile name Displays one or more Smart Call Home
destination profiles.
show callhome merge Displays the status of the last CFS merger for
Smart Call Home.
show callhome pending Displays the Smart Call Home configuration
changes in the pending CFS database.
show callhome pending-diff Displays the differences between the pending and
running Smart Call Home configuration.
show callhome session status Displays the status of the last CFS commit or
abort operation.
show callhome status Displays the CFS distribution state (enabled or
disabled) for Smart Call Home.
show callhome transport Displays the transport-related configuration for
Smart Call Home.
show callhome user-def-cmds Displays CLI commands added to any alert
groups.
show running-config callhome [all] Displays the running configuration for Smart Call
Home.
show startup-config callhome Displays the startup configuration for Smart Call
Home.
show tech-support callhome Displays the technical support output for Smart
Call Home.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-147
Chapter 9 Configuring Smart Call Home
Configuration Example for Smart Call Home
Additional References
For additional information related to implementing Smart Call Home, see the following sections:
• Event Triggers, page 9-148
• Message Formats, page 9-150
• Sample syslog Alert Notification in Full-Text Format, page 9-153
• Sample syslog Alert Notification in XML Format, page 9-156
• Related Documents, page 9-160
• Standards, page 9-160
• MIBs, page 9-160
Event Triggers
Table 9-4 lists the event triggers and their Smart Call Home message severity levels.
Smart
Call
Home
Severity
Alert Group Event Name Description Level
Configuration PERIODIC_CONFIGURATION Periodic configuration update message. 2
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-148 OL-20635-03
Chapter 9 Configuring Smart Call Home
Additional References
Smart
Call
Home
Severity
Alert Group Event Name Description Level
Diagnostic DIAGNOSTIC_MAJOR_ALERT GOLD generated a major alert. 7
DIAGNOSTIC_MINOR_ALERT GOLD generated a minor alert. 4
DIAGNOSTIC_NORMAL_ALERT Smart Call Home generated a normal diagnostic alert. 2
Environmental FAN_FAILURE Cooling fan has failed. 5
and POWER_SUPPLY_ALERT Power supply warning has occurred. 6
CISCO_TAC
POWER_SUPPLY_FAILURE Power supply has failed. 6
POWER_SUPPLY_SHUTDOWN Power supply has shut down. 6
TEMPERATURE_ALARM Thermal sensor going bad. 6
TEMPERATURE_MAJOR_ALARM Thermal sensor indicates temperature has reached 6
operating major threshold.
TEMPERATURE_MINOR_ALARM Thermal sensor indicates temperature has reached 4
operating minor threshold.
Inventory and COLD_BOOT Switch is powered up and reset to a cold boot sequence. 2
CISCO_TAC HARDWARE_INSERTION New piece of hardware has been inserted into the 2
chassis.
HARDWARE_REMOVAL Hardware has been removed from the chassis. 2
PERIODIC_INVENTORY Periodic inventory message has been generated. 2
License LICENSE_VIOLATION Feature in use is not licensed and is turned off after 6
grace period expiration.
Line module LINEmodule_FAILURE Module operation has failed. 7
Hardware and
CISCO_TAC
Supervisor CMP_FAILURE CMP module operation has failed. 5
Hardware and SUP_FAILURE Supervisor module operation has failed. 7
CISCO_TAC
Syslog-group- PORT_FAILURE syslog message that corresponds to the port facility has 6
port been generated.
SYSLOG_ALERT syslog alert message has been generated. 5
System and SW_CRASH Software process has failed with a stateless restart, 5
CISCO_TAC indicating an interruption of a service. Messages are
sent for process crashes on supervisor modules and line
cards.
SW_SYSTEM_INCONSISTENT Inconsistency has been detected in software or file 5
system.
Test and TEST User generated test has occurred. 2
CISCO_TAC
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-149
Chapter 9 Configuring Smart Call Home
Additional References
Message Formats
Smart Call Home supports the following message formats:
• Short Text Message Format
• Common Fields for Full Text and XML Messages
• Fields Specific to Alert Group Messages for Full Text and XML Messages
• Inserted Fields for a Reactive and Proactive Event Message
• Inserted Fields for an Inventory Event Message
• Inserted Fields for a User-Generated Test Message
Table 9-5 describes the short text formatting option for all message types.
Table 9-6 describes the first set of common event message fields for full text or XML messages.
Table 9-6 Common Fields for Full Text and XML Messages
Data Item
(Plain Text and Description XML Tag
XML) (Plain Text and XML) (XML Only)
Time stamp Date and time stamp of event in ISO time notation: /aml/header/time
YYYY-MM-DD HH:MM:SS GMT+HH:MM.
Message name Name of message. Specific event names are listed in Table 9-4. /aml/header/name
Message type Name of message type, such as reactive or proactive. /aml/header/type
Message group Name of alert group, such as syslog. /aml/header/group
Severity level Severity level of message (see the “Smart Call Home Message Urgency /aml/header/level
Levels” section on page 9-125).
Source ID Product type for routing, such as the Catalyst 6500 series switch. /aml/header/source
Device ID Unique device identifier (UDI) for the end device that generated the /aml/ header/deviceId
message. This field should be empty if the message is nonspecific to a
device. The format is type@Sid@serial.
• type is the product model number from the backplane IDPROM.
• @ is a separator character.
• Sid is C, identifying the serial ID as a chassis serial number·
• serial is the number identified by the Sid field.
An example is WS-C6509@C@12345678
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-150 OL-20635-03
Chapter 9 Configuring Smart Call Home
Additional References
Table 9-6 Common Fields for Full Text and XML Messages (continued)
Data Item
(Plain Text and Description XML Tag
XML) (Plain Text and XML) (XML Only)
Customer ID Optional user-configurable field used for contract information or other /aml/ header/customerID
ID by any support service.
Contract ID Optional user-configurable field used for contract information or other /aml/ header /contractId
ID by any support service.
Site ID Optional user-configurable field used for Cisco-supplied site ID or /aml/ header/siteId
other data meaningful to alternate support service.
Server ID If the message is generated from the device, this is the unique device /aml/header/serverId
identifier (UDI) of the device.
The format is type@Sid@serial.
• type is the product model number from the backplane IDPROM.
• @ is a separator character.
• Sid is C, identifying the serial ID as a chassis serial number.
• serial is the number identified by the Sid field.
An example is WS-C6509@C@12345678.
Message description Short text that describes the error. /aml/body/msgDesc
Device name Node that experienced the event (hostname of the device). /aml/body/sysName
Contact name Name of person to contact for issues associated with the node that /aml/body/sysContact
experienced the event.
Contact e-mail E-mail address of person identified as the contact for this unit. /aml/body/sysContactEmail
Contact phone Phone number of the person identified as the contact for this unit. /aml/body/sysContactPhone
number Number
Street address Optional field that contains the street address for RMA part shipments /aml/body/sysStreetAddress
associated with this unit.
Model name Model name of the device (the specific model as part of a product /aml/body/chassis/name
family name).
Serial number Chassis serial number of the unit. /aml/body/chassis/serialNo
Chassis part number Top assembly number of the chassis. /aml/body/chassis/partNo
Table 9-7 describes the fields specific to alert group messages for full text and XML. These fields may
be repeated if multiple CLI commands are executed for an alert group.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-151
Chapter 9 Configuring Smart Call Home
Additional References
Table 9-7 Fields Specific to Alert Group Messages for Full Text and XML Messages
Data Item
(Plain Text and Description XML Tag
XML) (Plain Text and XML) (XML Only)
Command output Exact name of the issued CLI command. /aml/attachments/attachment/na
name me
Attachment type Specific command output. /aml/attachments/attachment/typ
e
MIME type Either plain text or encoding type. /aml/attachments/attachment/mi
me
Command output Output of command automatically executed (see the “Smart Call /aml/attachments/attachment/atd
text Home Alert Groups” section on page 9-123). ata
Table 9-8 describes the reactive and proactive event message format for full text or XML messages.
Table 9-8 Inserted Fields for a Reactive and Proactive Event Message
Data Item
(Plain Text and Description XML Tag
XML) (Plain Text and XML) (XML Only)
Chassis hardware Hardware version of chassis. /aml/body/chassis/hwVersion
version
Supervisor module Top-level software version. /aml/body/chassis/swVersion
software version
Affected FRU name Name of the affected FRU that is generating the event message. /aml/body/fru/name
Affected FRU serial Serial number of the affected FRU. /aml/body/fru/serialNo
number
Affected FRU part Part number of the affected FRU. /aml/body/fru/partNo
number
FRU slot Slot number of the FRU that is generating the event message. /aml/body/fru/slot
FRU hardware Hardware version of the affected FRU. /aml/body/fru/hwVersion
version
FRU software Software version(s) that is running on the affected FRU. /aml/body/fru/swVersion
version
Table 9-9 describes the inventory event message format for full text or XML messages.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-152 OL-20635-03
Chapter 9 Configuring Smart Call Home
Additional References
Data Item
(Plain Text and Description XML Tag
XML) (Plain Text and XML) (XML Only)
Chassis hardware Hardware version of the chassis. /aml/body/chassis/hwVersio
version n
Supervisor module Top-level software version. /aml/body/chassis/swVersion
software version
FRU name Name of the affected FRU that is generating the event message. /aml/body/fru/name
FRU s/n Serial number of the FRU. /aml/body/fru/serialNo
FRU part number Part number of the FRU. /aml/body/fru/partNo
FRU slot Slot number of the FRU. /aml/body/fru/slot
FRU hardware Hardware version of the FRU. /aml/body/fru/hwVersion
version
FRU software Software version(s) that is running on the FRU. /aml/body/fru/swVersion
version
Table 9-10 describes the user-generated test message format for full text or XML.
Data Item
(Plain Text and Description XML Tag
XML) (Plain Text and XML) (XML Only)
Process ID Unique process ID. /aml/body/process/id
Process state State of process (for example, running or halted). /aml/body/process/processSt
ate
Process exception Exception or reason code. /aml/body/process/exception
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-153
Chapter 9 Configuring Smart Call Home
Additional References
syslog_facility:ETHPORT
start chassis information:
Affected Chassis:N7K-C7010
Affected Chassis Serial Number:TXX12345678 Affected Chassis Hardware Version:0.405
Affected Chassis Software Version:4.1(1) Affected Chassis Part No:73-10900-04 end chassis
information:
start attachment
name:show logging logfile | tail -n 200
type:text
data:
2008 Jan 17 10:57:51 dc3-test %SYSLOG-1-SYSTEM_MSG : Logging logfile (messages)
cleared by user
2008 Jan 17 10:57:53 dc3-test %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from
/dev/ttyS0 /dev/ttyS0_console
2008 Jan 17 10:58:35 dc3-test %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from
/dev/ttyS0 /dev/ttyS0_console
2008 Jan 17 10:59:00 dc3-test %DAEMON-3-SYSTEM_MSG: error: setsockopt IP_TOS 16:
Invalid argument: - sshd[14484]
2008 Jan 17 10:59:05 dc3-test %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from
/dev/ttyS0 /dev/ttyS0_console
2008 Jan 17 12:11:18 dc3-test %SYSMGR-STANDBY-5-SUBPROC_TERMINATED: "System Manager
(gsync controller)" (PID 12000) has finished with error code
SYSMGR_EXITCODE_GSYNCFAILED_NONFATAL (12).
2008 Jan 17 16:28:03 dc3-test %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from
/dev/ttyS0 /dev/ttyS0_console
2008 Jan 17 16:28:44 dc3-test %SYSMGR-3-BASIC_TRACE: core_copy: PID 2579 with message
Core not generated by system for eltm(0). WCOREDUMP(9) returned zero .
2008 Jan 17 16:28:44 dc3-test %SYSMGR-2-SERVICE_CRASHED: Service "eltm" (PID 3504)
hasn't caught signal 9 (no core).
2008 Jan 17 16:29:08 dc3-test %SYSMGR-3-BASIC_TRACE: core_copy: PID 2579 with message
Core not generated by system for eltm(0). WCOREDUMP(9) returned zero.
2008 Jan 17 16:29:08 dc3-test %SYSMGR-2-SERVICE_CRASHED: Service "eltm" (PID 23210)
hasn't caught signal 9 (no core).
2008 Jan 17 16:29:17 dc3-test %SYSMGR-3-BASIC_TRACE: core_copy: PID 2579 with message
Core not generated by system for eltm(0). WCOREDUMP(9) returned zero.
2008 Jan 17 16:29:17 dc3-test %SYSMGR-2-SERVICE_CRASHED: Service "eltm" (PID 23294)
hasn't caught signal 9 (no core).
2008 Jan 17 16:29:25 dc3-test %SYSMGR-2-HASWITCHOVER_PRE_START: This supervisor is
becoming active (pre-start phase).
2008 Jan 17 16:29:25 dc3-test %SYSMGR-2-HASWITCHOVER_START: This supervisor is
becoming active.
2008 Jan 17 16:29:26 dc3-test %USER-3-SYSTEM_MSG: crdcfg_get_srvinfo: mts_send failed
- device_test
2008 Jan 17 16:29:27 dc3-test %NETSTACK-3-IP_UNK_MSG_MAJOR: netstack [4336]
Unrecognized message from MRIB. Major type 1807
2008 Jan 17 16:29:27 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is DOWN in vdc 1
2008 Jan 17 16:29:27 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is DOWN in vdc 2
2008 Jan 17 16:29:27 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is DOWN in vdc 3
2008 Jan 17 16:29:27 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is DOWN in vdc 4
2008 Jan 17 16:29:28 dc3-test %SYSMGR-2-SWITCHOVER_OVER: Switchover completed.
2008 Jan 17 16:29:28 dc3-test %DAEMON-3-SYSTEM_MSG: ntp:socket family : 2 -
ntpd[19045]
2008 Jan 17 16:29:28 dc3-test %DAEMON-3-SYSTEM_MSG: ntp:socket family : 10 -
ntpd[19045]
2008 Jan 17 16:29:28 dc3-test %DAEMON-3-SYSTEM_MSG: ntp:ipv6 only defined -
ntpd[19045]
2008 Jan 17 16:29:28 dc3-test %DAEMON-3-SYSTEM_MSG: ntp:bindv6 only defined -
ntpd[19045]
2008 Jan 17 16:29:28 dc3-test %DAEMON-3-SYSTEM_MSG: ntp:socket family : 2 -
ntpd[19045]
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-154 OL-20635-03
Chapter 9 Configuring Smart Call Home
Additional References
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-155
Chapter 9 Configuring Smart Call Home
Additional References
end attachment
start attachment
name:show vdc current-vdc
type:text
data:
Current vdc is 1 - dc3-test
end attachment
start attachment
name:show license usage
type:text
data:
Feature Ins
Lic Status Expiry Date Comments
Count
--------------------------------------------------------------------------------
LAN_ADVANCED_SERVICES_PKG Yes - In use Never -
LAN_ENTERPRISE_SERVICES_PKG Yes - Unused Never -
--------------------------------------------------------------------------------
end attachment
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-156 OL-20635-03
Chapter 9 Configuring Smart Call Home
Additional References
<aml-session:Session xmlns:aml-session="http://www.cisco.com/2004/01/aml-session"
soap-env:mustUnderstand="true"
soap-env:role="http://www.w3.org/2003/05/soap-envelope/role/next">
<aml-session:To>http://tools.cisco.com/neddce/services/DDCEService</aml-session:To>
<aml-session:Path>
<aml-session:Via>http://www.cisco.com/appliance/uri</aml-session:Via>
</aml-session:Path>
<aml-session:From>http://www.cisco.com/appliance/uri</aml-session:From>
<aml-session:MessageId>1004:TXX12345678:478F82E6</aml-session:MessageId>
</aml-session:Session>
</soap-env:Header>
<soap-env:Body>
<aml-block:Block xmlns:aml-block="http://www.cisco.com/2004/01/aml-block">
<aml-block:Header>
<aml-block:Type>http://www.cisco.com/2005/05/callhome/syslog</aml-block:Type>
<aml-block:CreationDate>2008-01-17 16:31:33 GMT+0000</aml-block:CreationDate>
<aml-block:Builder> <aml-block:Name>DC3</aml-block:Name>
<aml-block:Version>4.1</aml-block:Version>
</aml-block:Builder>
<aml-block:BlockGroup>
<aml-block:GroupId>1005:TXX12345678:478F82E6</aml-block:GroupId>
<aml-block:Number>0</aml-block:Number>
<aml-block:IsLast>true</aml-block:IsLast>
<aml-block:IsPrimary>true</aml-block:IsPrimary>
<aml-block:WaitForPrimary>false</aml-block:WaitForPrimary>
</aml-block:BlockGroup>
<aml-block:Severity>5</aml-block:Severity>
</aml-block:Header>
<aml-block:Content>
<ch:CallHome xmlns:ch="http://www.cisco.com/2005/05/callhome" version="1.0">
<ch:EventTime>2008-01-17 16:31:33 GMT+0000</ch:EventTime>
<ch:MessageDescription>SYSLOG_ALERT 2008 Jan 17 16:31:33 dc3-test %ETHPORT-2-IF_SEQ_ERROR:
Error (0x20) while communicating with component MTS_SAP_ELTM
opcode:MTS_OPC_ETHPM_PORT_PHY_CLEANUP (for:RID_PORT: Ethernet3/1) </ch:MessageDescription>
<ch:Event> <ch:Type>syslog</ch:Type> <ch:SubType></ch:SubType> <ch:Brand>Cisco</ch:Brand>
<ch:Series>Nexus7000</ch:Series> </ch:Event> <ch:CustomerData> <ch:UserData>
<ch:Email>[email protected]</ch:Email>
</ch:UserData>
<ch:ContractData>
<ch:DeviceId>N7K-C7010@C@TXX12345678</ch:DeviceId>
</ch:ContractData>
<ch:SystemInfo>
<ch:Name>dc3-test</ch:Name>
<ch:Contact>Jay Tester</ch:Contact> <ch:ContactEmail>[email protected]</ch:ContactEmail>
<ch:ContactPhoneNumber>+91-80-1234-5678</ch:ContactPhoneNumber>
<ch:StreetAddress>#1, Any Street</ch:StreetAddress> </ch:SystemInfo> </ch:CustomerData>
<ch:Device> <rme:Chassis xmlns:rme="http://www.cisco.com/rme/4.1">
<rme:Model>N7K-C7010</rme:Model>
<rme:HardwareVersion>0.405</rme:HardwareVersion>
<rme:SerialNumber>TXX12345678</rme:SerialNumber>
</rme:Chassis>
</ch:Device>
</ch:CallHome>
</aml-block:Content>
<aml-block:Attachments>
<aml-block:Attachment type="inline">
<aml-block:Name>show logging logfile | tail -n 200</aml-block:Name> <aml-block:Data
encoding="plain">
<![CDATA[2008 Jan 17 10:57:51 dc3-test %SYSLOG-1-SYSTEM_MSG : Logging logfile (messages)
cleared by user
2008 Jan 17 10:57:53 dc3-test %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from
/dev/ttyS0 /dev/ttyS0_console
2008 Jan 17 10:58:35 dc3-test %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from
/dev/ttyS0 /dev/ttyS0_console
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-157
Chapter 9 Configuring Smart Call Home
Additional References
2008 Jan 17 10:59:00 dc3-test %DAEMON-3-SYSTEM_MSG: error: setsockopt IP_TOS 16: Invalid
argument: - sshd[14484]
2008 Jan 17 10:59:05 dc3-test %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from
/dev/ttyS0 /dev/ttyS0_console
2008 Jan 17 12:11:18 dc3-test %SYSMGR-STANDBY-5-SUBPROC_TERMINATED: \"System Manager
(gsync controller)\" (PID 12000) has finished with error code
SYSMGR_EXITCODE_GSYNCFAILED_NONFATAL (12).
2008 Jan 17 16:28:03 dc3-test %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configuring console from
/dev/ttyS0 /dev/ttyS0_console
2008 Jan 17 16:28:44 dc3-test %SYSMGR-3-BASIC_TRACE: core_copy: PID 2579 with message Core
not generated by system for eltm(0). WCOREDUMP(9) returned zero .
2008 Jan 17 16:28:44 dc3-test %SYSMGR-2-SERVICE_CRASHED: Service \"eltm\" (PID 3504)
hasn't caught signal 9 (no core).
2008 Jan 17 16:29:08 dc3-test %SYSMGR-3-BASIC_TRACE: core_copy: PID 2579 with message Core
not generated by system for eltm(0). WCOREDUMP(9) returned zero .
2008 Jan 17 16:29:08 dc3-test %SYSMGR-2-SERVICE_CRASHED: Service \"eltm\" (PID 23210)
hasn't caught signal 9 (no core).
2008 Jan 17 16:29:17 dc3-test %SYSMGR-3-BASIC_TRACE: core_copy: PID 2579 with message Core
not generated by system for eltm(0). WCOREDUMP(9) returned zero .
2008 Jan 17 16:29:17 dc3-test %SYSMGR-2-SERVICE_CRASHED: Service \"eltm\" (PID 23294)
hasn't caught signal 9 (no core).
2008 Jan 17 16:29:25 dc3-test %SYSMGR-2-HASWITCHOVER_PRE_START: This supervisor is
becoming active (pre-start phase).
2008 Jan 17 16:29:25 dc3-test %SYSMGR-2-HASWITCHOVER_START: This supervisor is becoming
active.
2008 Jan 17 16:29:26 dc3-test %USER-3-SYSTEM_MSG: crdcfg_get_srvinfo: mts_send failed -
device_test
2008 Jan 17 16:29:27 dc3-test %NETSTACK-3-IP_UNK_MSG_MAJOR: netstack [4336] Unrecognized
message from MRIB. Major type 1807
2008 Jan 17 16:29:27 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is DOWN in vdc 1
2008 Jan 17 16:29:27 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is DOWN in vdc 2
2008 Jan 17 16:29:27 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is DOWN in vdc 3
2008 Jan 17 16:29:27 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is DOWN in vdc 4
2008 Jan 17 16:29:28 dc3-test %SYSMGR-2-SWITCHOVER_OVER: Switchover completed.
2008 Jan 17 16:29:28 dc3-test %DAEMON-3-SYSTEM_MSG: ntp:socket family : 2 - ntpd[19045]
2008 Jan 17 16:29:28 dc3-test %DAEMON-3-SYSTEM_MSG: ntp:socket family : 10 - ntpd[19045]
2008 Jan 17 16:29:28 dc3-test %DAEMON-3-SYSTEM_MSG: ntp:ipv6 only defined - ntpd[19045]
2008 Jan 17 16:29:28 dc3-test %DAEMON-3-SYSTEM_MSG: ntp:bindv6 only defined - ntpd[19045]
2008 Jan 17 16:29:28 dc3-test %DAEMON-3-SYSTEM_MSG: ntp:socket family : 2 - ntpd[19045]
2008 Jan 17 16:29:28 dc3-test %DAEMON-3-SYSTEM_MSG: ntp:socket family : 0 - ntpd[19045]
2008 Jan 17 16:29:28 dc3-test %DAEMON-3-SYSTEM_MSG: ntp:socket family : 0 - ntpd[19045]
2008 Jan 17 16:29:28 dc3-test %NETSTACK-3-CLIENT_GET: netstack [4336] HA client filter
recovery failed (0)
2008 Jan 17 16:29:28 dc3-test %NETSTACK-3-CLIENT_GET: netstack [4336] HA client filter
recovery failed (0)
2008 Jan 17 16:29:29 dc3-test %DAEMON-3-SYSTEM_MSG: ssh disabled, removing -
dcos-xinetd[19072]
2008 Jan 17 16:29:29 dc3-test %DAEMON-3-SYSTEM_MSG: Telnet disabled, removing -
dcos-xinetd[19072]
2008 Jan 17 16:29:31 dc3-test %DAEMON-3-SYSTEM_MSG: Telnet disabled, removing -
dcos-xinetd[19073]
2008 Jan 17 16:29:32 dc3-test %DAEMON-3-SYSTEM_MSG: ssh disabled, removing -
dcos-xinetd[19079]
2008 Jan 17 16:29:32 dc3-test %DAEMON-3-SYSTEM_MSG: Telnet disabled, removing -
dcos-xinetd[19079]
2008 Jan 17 16:29:34 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is UP in vdc 1
2008 Jan 17 16:29:34 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is UP in vdc 2
2008 Jan 17 16:29:34 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is UP in vdc 3
2008 Jan 17 16:29:34 dc3-test %IM-5-IM_INTF_STATE: mgmt0 is UP in vdc 4
2008 Jan 17 16:29:34 dc3-test %DAEMON-3-SYSTEM_MSG: ssh disabled, removing -
dcos-xinetd[19105]
2008 Jan 17 16:29:34 dc3-test %DAEMON-3-SYSTEM_MSG: Telnet disabled, removing -
dcos-xinetd[19105]
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-158 OL-20635-03
Chapter 9 Configuring Smart Call Home
Additional References
2008 Jan 17 16:29:35 dc3-test %PLATFORM-2-PS_AC_IN_MISSING: Power supply 2 present but all
AC inputs are not connected, ac-redundancy might be affected
2008 Jan 17 16:29:35 dc3-test %PLATFORM-2-PS_AC_IN_MISSING: Power supply 3 present but all
AC inputs are not connected, ac-redundancy might be affected
2008 Jan 17 16:29:38 dc3-test %CALLHOME-2-EVENT: SUP_FAILURE
2008 Jan 17 16:29:46 dc3-test vsh[19166]: CLIC-3-FAILED_EXEC: Can not exec command
<more> return code <14>
2008 Jan 17 16:30:24 dc3-test vsh[23810]: CLIC-3-FAILED_EXEC: Can not exec command
<more> return code <14>
2008 Jan 17 16:30:24 dc3-test vsh[23803]: CLIC-3-FAILED_EXEC: Can not exec command
<more> return code <14>
2008 Jan 17 16:30:24 dc3-test vsh[23818]: CLIC-3-FAILED_EXEC: Can not exec command
<more> return code <14>
2008 Jan 17 16:30:47 dc3-test %SYSMGR-3-BASIC_TRACE: core_copy: PID 2630 with message Core
not generated by system for eltm(0). WCOREDUMP(9) returned zero .
2008 Jan 17 16:30:47 dc3-test %SYSMGR-2-SERVICE_CRASHED: Service \"eltm\" (PID 4820)
hasn't caught signal 9 (no core).
2008 Jan 17 16:31:02 dc3-test %SYSMGR-3-BASIC_TRACE: core_copy: PID 2630 with message Core
not generated by system for eltm(0). WCOREDUMP(9) returned zero .
2008 Jan 17 16:31:02 dc3-test %SYSMGR-2-SERVICE_CRASHED: Service \"eltm\" (PID 24239)
hasn't caught signal 9 (no core).
2008 Jan 17 16:31:14 dc3-test %SYSMGR-3-BASIC_TRACE: core_copy: PID 2630 with message Core
not generated by system for eltm(0). WCOREDUMP(9) returned zero .
2008 Jan 17 16:31:14 dc3-test %SYSMGR-2-SERVICE_CRASHED: Service \"eltm\" (PID 24401)
hasn't caught signal 9 (no core).
2008 Jan 17 16:31:23 dc3-test %CALLHOME-2-EVENT: SW_CRASH alert for service: eltm
2008 Jan 17 16:31:23 dc3-test %SYSMGR-3-BASIC_TRACE: core_copy: PID 2630 with message Core
not generated by system for eltm(0). WCOREDUMP(9) returned zero .
2008 Jan 17 16:31:23 dc3-test %SYSMGR-2-SERVICE_CRASHED: Service \"eltm\" (PID 24407)
hasn't caught signal 9 (no core).
2008 Jan 17 16:31:24 dc3-test vsh[24532]: CLIC-3-FAILED_EXEC: Can not exec command
<more> return code <14>
2008 Jan 17 16:31:24 dc3-test vsh[24548]: CLIC-3-FAILED_EXEC: Can not exec command
<more> return code <14>
2008 Jan 17 16:31:24 dc3-test vsh[24535]: CLIC-3-FAILED_EXEC: Can not exec command
<more> return code <14>
2008 Jan 17 16:31:33 dc3-test %NETSTACK-3-INTERNAL_ERROR: netstack [4336] (null)
2008 Jan 17 16:31:33 dc3-test %ETHPORT-2-IF_SEQ_ERROR: Error (0x20) while communicating
with component MTS_SAP_ELTM opcode:MTS_OPC_ETHPM_PORT_PHY_CLEANUP (for:RID_PORT:
Ethernet3/1) ]]> </aml-block:Data> </aml-block:Attachment> <aml-block:Attachment
type="inline"> <aml-block:Name>show vdc membership</aml-block:Name> <aml-block:Data
encoding="plain"> <![CDATA[
vdc_id: 1 vdc_name: dc3-test interfaces:
Ethernet3/1 Ethernet3/2 Ethernet3/3
Ethernet3/4 Ethernet3/5 Ethernet3/6
Ethernet3/7 Ethernet3/8 Ethernet3/9
Ethernet3/10 Ethernet3/11 Ethernet3/12
Ethernet3/13 Ethernet3/14 Ethernet3/15
Ethernet3/16 Ethernet3/17 Ethernet3/18
Ethernet3/19 Ethernet3/20 Ethernet3/21
Ethernet3/22 Ethernet3/23 Ethernet3/24
Ethernet3/25 Ethernet3/26 Ethernet3/27
Ethernet3/28 Ethernet3/29 Ethernet3/30
Ethernet3/31 Ethernet3/32 Ethernet3/33
Ethernet3/34 Ethernet3/35 Ethernet3/36
Ethernet3/37 Ethernet3/38 Ethernet3/39
Ethernet3/40 Ethernet3/41 Ethernet3/42
Ethernet3/43 Ethernet3/44 Ethernet3/45
Ethernet3/46 Ethernet3/47 Ethernet3/48
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-159
Chapter 9 Configuring Smart Call Home
Additional References
]]>
</aml-block:Data>
</aml-block:Attachment>
<aml-block:Attachment type="inline">
<aml-block:Name>show vdc current-vdc</aml-block:Name> <aml-block:Data encoding="plain">
<![CDATA[Current vdc is 1 - dc3-test ]]> </aml-block:Data> </aml-block:Attachment>
<aml-block:Attachment type="inline"> <aml-block:Name>show license usage</aml-block:Name>
<aml-block:Data encoding="plain">
<![CDATA[Feature Ins Lic Status Expiry Date Comments
Count
--------------------------------------------------------------------------------
LAN_ADVANCED_SERVICES_PKG Yes - In use Never -
LAN_ENTERPRISE_SERVICES_PKG Yes - Unused Never -
--------------------------------------------------------------------------------
]]>
</aml-block:Data>
</aml-block:Attachment>
</aml-block:Attachments>
</aml-block:Block>
</soap-env:Body>
</soap-env:Envelope>
Related Documents
Related Topic Document Title
Smart Call Home CLI commands Cisco Nexus 7000 Series NX-OS System Management Command
Reference
VDCs and VRFs Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
MIBs
MIBs MIBs Link
• CISCO-CALLHOME-MIB To locate and download MIBs, go to the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-160 OL-20635-03
Chapter 9 Configuring Smart Call Home
Feature History for Smart Call Home
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 9-161
Chapter 9 Configuring Smart Call Home
Feature History for Smart Call Home
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
9-162 OL-20635-03
Send document comments to [email protected].
CHAPTER 10
Configuring Rollback
This chapter describes how to configure the Rollback feature on Cisco NX-OS devices.
This chapter includes the following sections:
• Information About Rollback, page 10-163
• Licensing Requirements, page 10-165
• Prerequisites for Rollback, page 10-165
• Guidelines and Limitations, page 10-165
• Default Settings, page 10-166
• Configuring Rollback, page 10-166
• Verifying the Rollback Configuration, page 10-168
• Configuration Example for Rollback, page 10-169
• Additional References, page 10-169
• Feature History for Rollback, page 10-170
Rollback Overview
The rollback feature allows you to take a snapshot, or user checkpoint, of the Cisco NX-OS configuration
and then reapply that configuration to your device at any point without having to reload the device. A
rollback allows any authorized administrator to apply this checkpoint configuration without requiring
expert knowledge of the features configured in the checkpoint.
Cisco NX-OS automatically creates system checkpoints as described in the “Automatically Generated
System Checkpoints” section on page 10-164. You can use either a user or system checkpoint to perform
a rollback.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 10-163
Chapter 10 Configuring Rollback
Information About Rollback
You can create a checkpoint copy of the current running configuration at any time. Cisco NX-OS saves
this checkpoint as an ASCII file which you can use to roll back the running configuration to the
checkpoint configuration at a future time. You can create multiple checkpoints to save different versions
of your running configuration.
When you roll back the running configuration, you can trigger the following rollback types:
• atomic—Implement a rollback only if no errors occur.
• best-effort—Implement a rollback and skip any errors.
• stop-at-first-failure—Implement a rollback that stops if an error occurs.
The default rollback type is atomic.
When you are ready to roll back to a checkpoint configuration, you can view the changes that will be
applied to your current running configuration before committing to the rollback operation. If an error
occurs during the rollback operation, you can choose to cancel the operation, or ignore the error and
proceed with the rollback. If you cancel the operation, Cisco NX-OS provides a list of changes already
applied before the error occurred. You need to clean up these changes manually.
High Availability
Whenever a checkpoint is created using the checkpoint or checkpoint checkpoint_name commands, the
checkpoint is synchronized to the standby unit.
Rollback remembers the states of the checkpoint operation, so if the checkpoint operation is interrupted
and the system is left in an inconsistent state, rollback can complete the checkpoint operation
(synchronize the checkpoint with the standby unit) before proceeding with the rollback operation.
Your checkpoint files are still available after a process restart or supervisor switchover. Even if there is
an interruption during the process restart or supervisor switchover, the checkpoint will complete
successfully before proceeding with the operation. In a supervisor switchover, the checkpoint is
completed on the new active unit.
If a process restart or supervisor switchover occurs during a rollback operation, after the restart or
switchover completes, the rollback will resume from its previous state and complete successfully.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
10-164 OL-20635-03
Chapter 10 Configuring Rollback
Licensing Requirements
Virtualization Support
Cisco NX-OS creates a checkpoint of the running configuration in the virtual device context (VDC) that
you are logged into. You can create different checkpoint copies in each VDC. You cannot apply the
checkpoint of one VDC into another VDC. By default, Cisco NX-OS places you in the default VDC. See
the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x.
VDC configuration does not support checkpoints for any operations, including (but not limited to) VDC
creation, VDC deletion, VDC suspension, VDC reloading, VDC renaming, VDC interface allocation,
shared interface allocation, FCoE VLAN allocation, resource allocation, and resource templates. You
should create your checkpoint from within a specific VDC.
Licensing Requirements
Product License Requirement
Cisco NX-OS The rollback feature requires no license. Any feature not included in a license package is bundled with the
Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the
Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 10-165
Chapter 10 Configuring Rollback
Default Settings
• A rollback fails for NetFlow if during a rollback, you try to modify a record that is programmed in
the hardware.
• Although rollback is not supported for checkpoints across software versions, users can perform
rollback at their own discretion and can use the best-effort mode to recover from errors.
• When checkpoints are created on bootflash, differences with the running-system configuration
cannot be performed before performing the rollback, and the system reports “No Changes.”
• Checkpoints are local to a virtual device context (VDC).
• Checkpoints created using the checkpoint and checkpoint checkpoint_name commands are present
upon a switchover for all VDCs.
• Checkpoints created in the default VDC are present upon reload unless a write-erase command is
issued before a reload.
• Checkpoints created in nondefault VDCs are present upon reload only if a copy running-config
startup-config command is issued in the applicable VDC and the default VDC.
• Rollback to files on bootflash is supported only on files created using the checkpoint
checkpoint_name command and not on any other type of ASCII file.
• Checkpoint names must be unique. You cannot overwrite previously saved checkpoints with the
same name.
• Rollback is not supported in the storage VDC.
Default Settings
Table 10-1 lists the default settings for rollback parameters.
Parameters Default
rollback type atomic
Configuring Rollback
This section includes the following topics:
• Creating a Checkpoint, page 10-166
• Implementing a Rollback, page 10-167
Note Be aware that the Cisco NX-OS commands may differ from the Cisco IOS commands.
Creating a Checkpoint
You can create up to ten checkpoints of your configuration per VDC.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
10-166 OL-20635-03
Chapter 10 Configuring Rollback
Configuring Rollback
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
DETAILED STEPS
Command Purpose
Step 1 checkpoint {[cp-name] [description Creates a checkpoint of the running configuration to
descr] | file filename} either a user checkpoint name or a file. The checkpoint
Example:
name can be any alphanumeric string up to 80
switch# checkpoint stable characters but cannot contain spaces. If you do not
provide a name, Cisco NX-OS sets the checkpoint
name to user-checkpoint-number where number is
from 1 to 10.
The description can contain up to 80 alphanumeric
characters, including spaces.
no checkpoint cp-name You can use the no form of the checkpoint command
to remove a checkpoint name.
Example:
switch# no checkpoint stable Use the delete command to remove a checkpoint file.
Step 2 show checkpoint cp-name [all] (Optional) Displays the contents of the checkpoint
name.
Example:
switch# show checkpoint stable
Implementing a Rollback
You can implement a rollback to a checkpoint name or file. Before you implement a rollback, you can
view the differences between source and destination checkpoints that reference current or saved
configurations.
For information about automatically generated system checkpoints, see the “Automatically Generated
System Checkpoints” section on page 10-164.
Note If you make a configuration change during an atomic rollback, the rollback will fail.
You are logged in to the device in EXEC mode for the correct VDC. To go to the correct VDC, use the
switchto vdc command.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 10-167
Chapter 10 Configuring Rollback
Verifying the Rollback Configuration
SUMMARY STEPS
DETAILED STEPS
Command Purpose
Step 1 show diff rollback-patch {checkpoint Displays the differences between the source and
src-cp-name | running-config | destination checkpoint selections.
startup-config | file source-file}
{checkpoint dest-cp-name |
running-config | startup-config | file
dest-file}
Example:
switch# show diff rollback-patch
checkpoint stable running-config
Step 2 rollback running-config {checkpoint Creates a rollback to the specified checkpoint name or
cp-name | file cp-file} [atomic | file. You can implement the following rollback types:
best-effort | stop-at-first-failure]
• atomic—Implement a rollback only if no errors
Example: occur.
switch# rollback running-config
checkpoint stable • best-effort—Implement a rollback and skip any
errors.
• stop-at-first-failure—Implement a rollback that
stops if an error occurs.
The default is atomic.
This example shows how to implement a rollback to a
user checkpoint name.
Command Purpose
show checkpoint name [all] Displays the contents of the checkpoint name.
show checkpoint all [user | system] Displays the contents of all checkpoints in the
current VDC. You can limit the displayed
checkpoints to user or system generated
checkpoints.
show checkpoint summary [user | system] Displays a list of all checkpoints in the current
VDC. You can limit the displayed checkpoints to
user or system generated checkpoints.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
10-168 OL-20635-03
Chapter 10 Configuring Rollback
Configuration Example for Rollback
Command Purpose
show diff rollback-patch {checkpoint Displays the differences between the source and
src-cp-name | running-config | startup-config | destination checkpoint selections.
file source-file} {checkpoint dest-cp-name |
running-config | startup-config | file dest-file}
show rollback log {exec | verify} Displays the contents of the rollback log.
Use the clear checkpoint database command to delete all checkpoint files.
Additional References
For additional information related to implementing a rollback, see the following sections:
• Related Documents, page 10-169
• Standards, page 10-169
Related Documents
Related Topic Document Title
Rollback CLI commands Cisco Nexus 7000 Series NX-OS System Management Command
Reference
Configuration files Cisco Nexus 7000 Series NX-OS Fundamentals Configuration
Guide, Release 5.x
VDCs Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 10-169
Chapter 10 Configuring Rollback
Feature History for Rollback
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
10-170 OL-20635-03
Send document comments to [email protected].
CHAPTER 11
Configuring Session Manager
This chapter describes how to configure Session Manager on Cisco NX-OS devices.
This chapter includes the following sections:
• Information About Session Manager, page 11-171
• Licensing Requirements for Session Manager, page 11-172
• Prerequisites for Session Manager, page 11-172
• Guidelines and Limitations, page 11-172
• Configuring Session Manager, page 11-173
• Verifying the Session Manager Configuration, page 11-176
• Configuration Example for Session Manager, page 11-176
• Additional References, page 11-177
• Feature History for Session Manager, page 11-177
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 11-171
Chapter 11 Configuring Session Manager
Licensing Requirements for Session Manager
• Commit—Cisco NX-OS verifies the complete configuration and applies the changes to the device.
If a failure occurs, Cisco NX-OS reverts to the original configuration.
• Abort—Discards the configuration changes before implementation.
You can optionally end a configuration session without committing the changes. You can also save a
configuration session.
High Availability
Session Manager sessions remain available after a supervisor switchover. Sessions are not persistent
across a software reload.
Virtualization Support
By default, Cisco NX-OS places you in the default VDC. See the Cisco Nexus 7000 Series NX-OS Virtual
Device Context Configuration Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
11-172 OL-20635-03
Chapter 11 Configuring Session Manager
Configuring Session Manager
• You cannot simultaneously execute configuration commands in more then one configuration session
or configuration terminal mode. Parallel configurations (for example, one configuration session and
one configuration terminal) may cause validation or verification failures in the configuration
session.
• If an interface reloads while you are configuring that interface in a configuration session, Session
Manager may accept the commands even though the interface is not present in the device at that
time.
Note Be aware that the Cisco NX-OS commands may differ from Cisco IOS commands.
Creating a Session
You can create up to 32 configuration sessions.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 11-173
Chapter 11 Configuring Session Manager
Configuring Session Manager
DETAILED STEPS
Command Purpose
Step 1 configure session name Creates a configuration session and enters session
configuration mode. The name can be any
Example:
switch# configure session myACLs
alphanumeric string.
switch(config-s)#
Step 2 show configuration session [name] (Optional) Displays the contents of the session.
Example:
switch(config-s)# show configuration
session myACLs
Step 3 save location (Optional) Saves the session to a file. The location can
be in bootflash:, slot0:, or volatile:
Example:
switch(config-s)# save
bootflash:sessions/myACLs
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
DETAILED STEPS
Command Purpose
Step 1 configure session name Creates a configuration session and enters session
configuration mode. The name can be any
Example:
switch# configure session myacls
alphanumeric string.
switch(config-s)#
Step 2 ip access-list name Creates an ALC and enters a configuration mode for
that ACL.
Example:
switch(config-s)# ip access-list acl1
switch(config-s-acl)#
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
11-174 OL-20635-03
Chapter 11 Configuring Session Manager
Configuring Session Manager
Command Purpose
Step 3 permit protocol source destination (Optional) Adds a permit statement to the ACL
Example:
switch(config-s-acl)# permit tcp any any
Step 4 interface interface-type number Enters interface configuration mode
Example:
switch(config-s-acl)# interface e 2/1
switch(config-s-if)#
Step 5 ip access-group name {in | out} Specifies the direction of traffic the access group is
applied to.
Example:
switch(config-s-if)# ip access-group
acl1 in
Step 6 show configuration session [name] (Optional) Displays the contents of the session.
Example:
switch(config-s)# show configuration
session myacls
Verifying a Session
Use the following command in session mode to verify a session:
Command Purpose
verify [verbose] Verifies the configuration as a whole, based on the
existing hardware and software configuration and
Example:
switch(config-s)# verify
resources. Cisco NX-OS returns an error if the
configuration does not pass this verification.
Committing a Session
Use the following command in session mode to commit a session:
Command Purpose
commit [verbose] Validates the configuration changes made in the current
session and applies valid changes to the device.
Example:
switch(config-s)# commit If the validation fails, Cisco NX-OS reverts to the
original configuration.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 11-175
Chapter 11 Configuring Session Manager
Verifying the Session Manager Configuration
Saving a Session
Use the following command in session mode to save a session:
Command Purpose
save location (Optional) Saves the session to a file. The location can
be in bootflash:, slot0:, or volatile:.
Example:
switch(config-s)# save
bootflash:sessions/myACLs
Discarding a Session
Use the following command in session mode to discard a session:
Command Purpose
abort Discards the configuration session without applying the
changes.
Example:
switch(config-s)# abort
switch#
Command Purpose
show configuration session [name] Displays the contents of the configuration session.
show configuration session status [name] Displays the status of the configuration session.
show configuration session summary Displays a summary of all the configuration session.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
11-176 OL-20635-03
Chapter 11 Configuring Session Manager
Additional References
switch(config-s)# commit
Commit Successful
switch#
Additional References
For additional information related to implementing Session Manager, see the following sections:
• Related Documents, page 11-177
• Standards, page 11-177
Related Documents
Related Topic Document Title
Session Manager CLI commands Cisco Nexus 7000 Series NX-OS System Management Command
Reference
Configuration files Cisco Nexus 7000 Series NX-OS Fundamentals Configuration
Guide, Release 5.x
VDCs Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 11-177
Chapter 11 Configuring Session Manager
Feature History for Session Manager
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
11-178 OL-20635-03
Send document comments to [email protected].
CHAPTER 12
Configuring the Scheduler
This chapter describes how to configure the scheduler on Cisco NX-OS devices.
This chapter includes the following sections:
• Information About the Scheduler, page 12-179
• Licensing Requirements for the Scheduler, page 12-181
• Prerequisites for the Scheduler, page 12-181
• Guidelines and Limitations, page 12-181
• Default Settings, page 12-181
• Configuring the Scheduler, page 12-182
• Verifying the Scheduler Configuration, page 12-191
• Configuration Examples for Scheduler, page 12-191
• Additional References, page 12-192
• Feature History for the Scheduler, page 12-193
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 12-179
Chapter 12 Configuring the Scheduler
Information About the Scheduler
Scheduler Overview
The scheduler defines a job and its timetable as follows:
• Job—A routine task or tasks defined as a command list and completed according to a specified
schedule.
• Schedule—The timetable for completing a job. You can assign multiple jobs to a schedule. A
schedule is defined as either periodic or one-time only:
– Periodic mode—A recurring interval that continues until you delete the job. You can configure
the following types of intervals:
Daily—Job is completed once a day.
Weekly—Job is completed once a week.
Monthly—Job is completed once a month.
Delta—Job begins at the specified start time and then at specified intervals
(days:hours:minutes).
– One-time mode—Job is completed only once at a specified time.
Logs
The scheduler maintains a log file containing the job output. If the size of the job output is greater than
the size of the log file, then the output is truncated. For more information, see the “Defining the
Scheduler Log File Size” procedure on page 12-183.
High Availability
Scheduled jobs remain available after a supervisor switchover or a software reload.
Virtualization Support
Jobs are created in the virtual device context (VDC) that you are logged into. By default, Cisco NX-OS
places you in the default VDC. For more information, see the Cisco Nexus 7000 Series NX-OS Virtual
Device Context Configuration Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
12-180 OL-20635-03
Chapter 12 Configuring the Scheduler
Licensing Requirements for the Scheduler
Default Settings
Table 12-1 lists the scheduler default settings.
Parameters Default
Scheduler state Disabled.
Log file size 16 KB.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 12-181
Chapter 12 Configuring the Scheduler
Configuring the Scheduler
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. feature scheduler
3. show scheduler config
4. copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
12-182 OL-20635-03
Chapter 12 Configuring the Scheduler
Configuring the Scheduler
DETAILED STEPS
switch(config)#
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. scheduler logfile size value
3. copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 12-183
Chapter 12 Configuring the Scheduler
Configuring the Scheduler
DETAILED STEPS
Note Remote users must authenticate with their clear text password before creating and configuring jobs.
Note Remote user passwords are always shown in encrypted form in the output of the show running-config
command. The encrypted option (7) in the command supports the ASCII device configuration.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. scheduler aaa-authentication password [0 | 7] password
3. scheduler aaa-authentication username name password [0 | 7] password
4. show running-config | include “scheduler aaa-authentication”
5. copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
12-184 OL-20635-03
Chapter 12 Configuring the Scheduler
Configuring the Scheduler
DETAILED STEPS
Example:
switch(config)# scheduler
aaa-authentication username newuser
password Z98y76X54b
Step 4 show running-config | include “scheduler (Optional) Displays the scheduler password
aaa-authentication” information.
Example:
switch(config)# show running-config |
include “scheduler aaa-authentication”
Step 5 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Defining a Job
You can define a job including the job name and the command sequence.
Caution Once a job is defined, you cannot modify or remove a command. To change the job, you must delete it
and create a new one.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. scheduler job name string
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 12-185
Chapter 12 Configuring the Scheduler
Configuring the Scheduler
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per line.
End with CNTL/Z.
switch(config)#
Step 2 scheduler job name string Creates a job and enters job configuration mode.
Example: This example creates a scheduler job named
switch(config)# scheduler job name backup-cfg.
backup-cfg
switch(config-job)
Step 3 command1 ;[command2 ;command3 ;...] Defines the sequence of commands for the
specified job. You must separate commands with a
Example:
switch(config-job)# cli var name timestamp
space and a semicolon (for example, “ ;”).
$(TIMESTAMP) ;copy running-config This example creates a scheduler job that saves the
bootflash:/$(SWITCHNAME)-cfg.$(timestamp)
running configuration to a file in bootflash and
;copy
bootflash:/$(SWITCHNAME)-cfg.$(timestamp) then copies the file from bootflash to a TFTP
tftp://1.2.3.4/ vrf management server. The file name is created using the current
switch(config-job)# time stamp and switch name.
Step 4 show scheduler job [name name] (Optional) Displays the job information.
Example:
switch(config-job)# show scheduler job
Step 5 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config-job)# copy running-config
configuration to the startup configuration.
startup-config
Deleting a Job
You can delete a job from the scheduler.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. no scheduler job name string
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
12-186 OL-20635-03
Chapter 12 Configuring the Scheduler
Configuring the Scheduler
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per line.
End with CNTL/Z.
switch(config)#
Step 2 no scheduler job name string Deletes the specified job and all commands
defined within it.
Example:
switch(config)# no scheduler job name
configsave
switch(config-job)
Step 3 show scheduler job [name name] (Optional) Displays the job information.
Example:
switch(config-job)# show scheduler job name
configsave
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Defining a Timetable
You can define a timetable in the scheduler to be used with one or more jobs.
If you do not specify the time for the time commands, the scheduler assumes the current time. For
example, if the current time is March 24, 2008, 22:00 hours, then jobs are started as follows:
• For the time start 23:00 repeat 4:00:00 command, the scheduler assumes a start time of March 24,
2008, 23:00 hours.
• For the time daily 55 command, the scheduler assumes a start time every day at 22:55 hours.
• For the time weekly 23:00 command, the scheduler assumes a start time every Friday at 23:00
hours.
• For the time monthly 23:00 command, the scheduler assumes a start time on the 24th of every
month at 23:00 hours.
Note The scheduler will not begin the next occurrence of a job before the last one completes. For example,
you have scheduled a job to be completed at one-minute intervals beginning at 22:00; but the job requires
two minutes to complete. The scheduler starts the first job at 22:00, completes it at 22:02, and then
observes a one-minute interval before starting the next job at 22:03.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 12-187
Chapter 12 Configuring the Scheduler
Configuring the Scheduler
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. scheduler schedule name string
3. job name string
4. time daily time
time weekly [[dow:] HH:]MM
time monthly [[dm:] HH:] MM
time start {now repeat repeat-interval | delta-time [repeat repeat-interval]}
5. show scheduler schedule [name]
6. copy running-config startup-config
DETAILED STEPS
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
12-188 OL-20635-03
Chapter 12 Configuring the Scheduler
Configuring the Scheduler
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
DETAILED STEPS
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 12-189
Chapter 12 Configuring the Scheduler
Configuring the Scheduler
The scheduler feature must be enabled before you can configure and schedule jobs.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. no feature scheduler
3. show scheduler config
4. copy running-config startup-config
DETAILED STEPS
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
12-190 OL-20635-03
Chapter 12 Configuring the Scheduler
Verifying the Scheduler Configuration
Command Purpose
show scheduler config Displays the scheduler configuration.
show scheduler job [name string] Displays the jobs configured.
show scheduler logfile Displays the contents of the scheduler log file.
show scheduler schedule [name string] Displays the schedules configured.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 12-191
Chapter 12 Configuring the Scheduler
Additional References
Additional References
For additional information related to the scheduler, see the following sections:
• Related Documents, page 12-193
• Standards, page 12-193
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
12-192 OL-20635-03
Chapter 12 Configuring the Scheduler
Feature History for the Scheduler
Related Documents
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 12-193
Chapter 12 Configuring the Scheduler
Feature History for the Scheduler
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
12-194 OL-20635-03
Send document comments to [email protected].
CHAPTER 13
Configuring SNMP
This chapter describes how to configure the SNMP feature on Cisco NX-OS devices.
This chapter includes the following sections:
• Information About SNMP, page 13-195
• Licensing Requirements for SNMP, page 13-201
• Prerequisites for SNMP, page 13-201
• Guidelines and Limitations, page 13-202
• Default Settings, page 13-202
• Configuring SNMP, page 13-202
• Verifying the SNMP Configuration, page 13-222
• Configuration Examples for SNMP, page 13-222
• Additional References, page 13-223
• Feature History for SNMP, page 13-224
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-195
Chapter 13 Configuring SNMP
Information About SNMP
SNMP Notifications
A key feature of SNMP is the ability to generate notifications from an SNMP agent. These notifications
do not require that requests be sent from the SNMP manager. Notifications can indicate improper user
authentication, restarts, the closing of a connection, loss of a connection to a neighbor router, or other
significant events.
Cisco NX-OS generates SNMP notifications as either traps or informs. A trap is an asynchronous,
unacknowledged message sent from the agent to the SNMP managers listed in the host receiver table
(see the “Configuring SNMP Notification Receivers with VRFs” section on page 13-208). Informs are
asynchronous messages sent from the SNMP agent to the SNMP manager which the manager must
acknowledge receipt of.
Traps are less reliable than informs because the SNMP manager does not send any acknowledgment
when it receives a trap. Cisco NX-OS cannot determine if the trap was received. An SNMP manager that
receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU).
If Cisco NX-OS never receives a response, it can send the inform request again.
You can configure Cisco NX-OS to send notifications to multiple host receivers. See the “Configuring
SNMP Notification Receivers” section on page 13-206 for more information about host receivers.
Table 13-1 lists the SNMP traps that are enabled by default.
Table 13-1 SNMP Traps Enabled By Default
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-196 OL-20635-03
Chapter 13 Configuring SNMP
Information About SNMP
SNMPv3
SNMPv3 provides secure access to devices by a combination of authenticating and encrypting frames
over the network. The security features provided in SNMPv3 are as follows:
• Message integrity—Ensures that a packet has not been tampered with while it was in-transit.
• Authentication—Determines that the message is from a valid source.
• Encryption—Scrambles the packet contents to prevent it from being seen by unauthorized sources.
SNMPv3 provides for both security models and security levels. A security model is an authentication
strategy that is set up for a user and the role in which the user resides. A security level is the permitted
level of security within a security model. A combination of a security model and a security level
determines which security mechanism is employed when handling an SNMP packet.
This section includes the following topics:
• Security Models and Levels for SNMPv1, v2, v3, page 13-198
• User-Based Security Model, page 13-198
• CLI and SNMP User Synchronization, page 13-199
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-197
Chapter 13 Configuring SNMP
Information About SNMP
Encryptio
Model Level Authentication n What Happens
v1 noAuthNoPriv Community string No Uses a community string match for
authentication.
v2c noAuthNoPriv Community string No Uses a community string match for
authentication.
v3 noAuthNoPriv Username No Uses a username match for
authentication.
v3 authNoPriv HMAC-MD5 or No Provides authentication based on the
HMAC-SHA Hash-Based Message Authentication
Code (HMAC) Message Digest 5
(MD5) algorithm or the HMAC
Secure Hash Algorithm (SHA).
v3 authPriv HMAC-MD5 or DES Provides authentication based on the
HMAC-SHA HMAC-MD5 or HMAC-SHA
AES-128
algorithms. By default, the switch
provides Data Encryption Standard
(DES) 56-bit encryption in addition to
authentication based on the Cipher
Block Chaining (CBC) DES
(DES-56) standard. The switch also
provides an option to use a 128-bit
AES algorithm for privacy.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-198 OL-20635-03
Chapter 13 Configuring SNMP
Information About SNMP
• Message origin authentication—Ensures that the claimed identity of the user on whose behalf
received data was originated is confirmed.
• Message confidentiality—Ensures that information is not made available or disclosed to
unauthorized individuals, entities, or processes.
SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages.
Cisco NX-OS uses two authentication protocols for SNMPv3:
• HMAC-MD5-96 authentication protocol
• HMAC-SHA-96 authentication protocol
Cisco NX-OS uses Advanced Encryption Standard (AES) as one of the privacy protocols for SNMPv3
message encryption and conforms with RFC 3826.
The priv option offers a choice of DES or 128-bit AES encryption for SNMP security encryption. The
priv option and the aes-128 token indicate that this privacy password is for generating a 128-bit AES
key.The AES priv password can have a minimum of eight characters. If the passphrases are specified in
clear text, you can specify a maximum of 64 case-sensitive alphanumeric characters. If you use the
localized key, you can specify a maximum of 130 characters.
Note For an SNMPv3 operation that uses the external AAA server, you must use AES for the privacy protocol
in the user configuration on the external AAA server.
Note When you configure a passphrase/password in localized key/encrypted format, Cisco NX-OS
does not synchronize the user information (password, roles, and so on).
Cisco NX-OS holds the synchronized user configuration for 60 minutes by default. See the “Modifying
the AAA Synchronization Time” section on page 13-221 for information on how to modify this default
value.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-199
Chapter 13 Configuring SNMP
Information About SNMP
Note Because group is a standard SNMP term used industry-wide, we refer to role(s) as group(s) in this SNMP
section.
SNMP access rights are organized by groups. Each group in SNMP is similar to a role through the CLI.
Each group is defined with read access or read-write access.
You can begin communicating with the agent once your username is created, your roles are set up by
your administrator, and you are added to the roles.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-200 OL-20635-03
Chapter 13 Configuring SNMP
Licensing Requirements for SNMP
For more information, see the “Configuring the Context to Network Entity Mapping” section on
page 13-219.
High Availability
Cisco NX-OS supports stateless restarts for SNMP. After a reboot or supervisor switchover, Cisco
NX-OS applies the running configuration.
Virtualization Support
Cisco NX-OS supports one instance of the SNMP per virtual device context (VDC). By default, Cisco
NX-OS places you in the default VDC. For more information, see the Cisco Nexus 7000 Series NX-OS
Virtual Device Context Configuration Guide, Release 5.x.
SNMP supports multiple MIB module instances and maps them to logical network entities. For more
information, see the “Multiple Instance Support” section on page 13-200.
SNMP is also VRF aware. You can configure SNMP to use a particular VRF to reach the SNMP
notification host receiver. You can also configure SNMP to filter notifications to an SNMP host receiver
based on the VRF where the notification occurred. For more information, see the “Configuring SNMP
Notification Receivers with VRFs” section on page 13-208.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-201
Chapter 13 Configuring SNMP
Guidelines and Limitations
Default Settings
Table 13-3 lists the default settings for SNMP parameters.
Parameters Default
license notifications Enabled.
Configuring SNMP
This section includes the following topics:
• Configuring SNMP Users, page 13-203
• Enforcing SNMP Message Encryption, page 13-204
• Assigning SNMPv3 Users to Multiple Roles, page 13-204
• Creating SNMP Communities, page 13-205
• Filtering SNMP Requests, page 13-205
• Configuring SNMP Notification Receivers, page 13-206
• Configuring a Source Interface for SNMP Notifications, page 13-206
• Configuring the Notification Target User, page 13-207
• Configuring SNMP Notification Receivers with VRFs, page 13-208
• Configuring SNMP to Send Traps Using an Inband Port, page 13-209
• Enabling SNMP Notifications, page 13-211
• Disabling LinkUp/LinkDown Notifications on an Interface, page 13-217
• Displaying SNMP ifIndex for an Interface, page 13-218
• Enabling a One-time Authentication for SNMP over TCP, page 13-218
• Assigning the SNMP Device Contact and Location Information, page 13-218
• Configuring the Context to Network Entity Mapping, page 13-219
• Disabling SNMP, page 13-221
• Modifying the AAA Synchronization Time, page 13-221
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-202 OL-20635-03
Chapter 13 Configuring SNMP
Configuring SNMP
Note Be aware that the Cisco NX-OS commands for this feature may differ from those commands used in
Cisco IOS.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. snmp-server user name [auth {md5 | sha} passphrase [auto] [priv [aes-128] passphrase]
[engineID id] [localizedkey]]
3. show snmp user
4. copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 snmp-server user name [auth {md5 | sha} Configures an SNMP user with authentication and
passphrase [auto] [priv [aes-128] privacy parameters. The passphrase can be any
passphrase] [engineID id]
[localizedkey]]
case-sensitive alphanumeric string up to 64 characters.
If you use the localizedkey keyword, the passphrase
Example: can be any case-sensitive alphanumeric string up to
switch(config)# snmp-server user Admin 130 characters.
auth sha abcd1234 priv abcdefgh
The engineID format is a 12-digit colon-separated
decimal number.
Step 3 show snmp user (Optional) Displays information about one or more
SNMP users.
Example:
switch(config-callhome)# show snmp user
Step 4 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-203
Chapter 13 Configuring SNMP
Configuring SNMP
This example shows how to configure the SNMP contact and location information:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# snmp-server user Admin auth sha abcd1234 priv abcdefgh
Command Purpose
snmp-server user name enforcePriv Enforces SNMP message encryption for this user.
Example:
switch(config)# snmp-server user Admin
enforcePriv
Use the following command in global configuration mode to enforce SNMP message encryption for all
users:
Command Purpose
snmp-server globalEnforcePriv Enforces SNMP message encryption for all users.
Example:
switch(config)# snmp-server
globalEnforcePriv
Note Only users belonging to a network-admin role can assign roles to other users.
Use the following command in global configuration mode to assign a role to an SNMP user:
Command Purpose
snmp-server user name group Associates this SNMP user with the configured
user role.
Example:
switch(config)# snmp-server user Admin
superuser
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-204 OL-20635-03
Chapter 13 Configuring SNMP
Configuring SNMP
Command Purpose
snmp-server community name group {ro | rw} Creates an SNMP community string.
Example:
switch(config)# snmp-server community
public ro
Command Purpose
snmp-server community community-name Assigns an ACL to an SNMP community to filter
use-acl acl-name SNMP requests.
Example:
switch(config)# snmp-server community
public use-acl my_acl_for_public
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-205
Chapter 13 Configuring SNMP
Configuring SNMP
Command Purpose
snmp-server host ip-address traps version Configures a host receiver for SNMPv1 traps. The
1 community [udp_port number] ip-address can be an IPv4 or IPv6 address. The
Example:
community can be any alphanumeric string up to
switch(config)# snmp-server host 192.0.2.1 255 characters. The UDP port number range is
traps version 1 public from 0 to 65535.
Use the following command in global configuration mode to configure a host receiver for SNMPv2c
traps or informs:
Command Purpose
snmp-server host ip-address {traps | Configures a host receiver for SNMPv2c traps or
informs} version 2c community [udp_port informs. The ip-address can be an IPv4 or IPv6
number]
address. The community can be any alphanumeric
Example: string up to 255 characters. The UDP port number
switch(config)# snmp-server host 192.0.2.1 range is from 0 to 65535.
informs version 2c public
Use the following command in global configuration mode to configure a host receiver for SNMPv3 traps
or informs:
Command Purpose
snmp-server host ip-address {traps | Configures a host receiver for SNMPv3 traps or
informs} version 3 {auth | noauth | priv} informs. The ip-address can be an IPv4 or IPv6
username [udp_port number]
address. The username can be any alphanumeric
Example: string up to 255 characters. The UDP port number
switch(config)# snmp-server host 192.0.2.1 range is from 0 to 65535.
informs version 3 auth NMS
Note The SNMP manager must know the user credentials (authKey/PrivKey) based on the SNMP engine ID
of the Cisco NX-OS device to authenticate and decrypt the SNMPv3 messages.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-206 OL-20635-03
Chapter 13 Configuring SNMP
Configuring SNMP
Note Configuring the source interface IP address for outgoing trap packets does not guarantee that the device
will use the same interface to send the trap. The source interface IP address defines the source address
inside of the SNMP trap, and the connection is opened with the address of the egress interface as source.
Use the following command in global configuration mode to configure a host receiver on a source
interface:
Command Purpose
snmp-server host ip-address Configures a host receiver for SNMPv2c traps or
source-interface if-type if-number informs. The ip-address can be an IPv4 or IPv6
[udp_port number]
address. Use ? to determine the supported
Example: interface types. The UDP port number range is
switch(config)# snmp-server host 192.0.2.1 from 0 to 65535.
source-interface ethernet 2/1
This configuration overrides the global source
interface configuration.
Use the following command in global configuration mode to configure a source interface for sending out
all SNMP notifications:
Command Purpose
snmp-server source-interface {traps | Configures a source interface for sending out
informs} if-type if-number SNMPv2c traps or informs. Use ? to determine
Example:
the supported interface types.
switch(config)# snmp-server
source-interface traps ethernet 2/1
Use the show snmp source-interface command to display information about configured source
interfaces.
Note For authenticating and decrypting the received inform PDU, the notification host receiver should have
the same user credentials as configured in Cisco NX-OS to authenticate and decrypt the informs.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-207
Chapter 13 Configuring SNMP
Configuring SNMP
Use the following command in global configuration mode to configure the notification target user:
Command Purpose
snmp-server user name [auth {md5 | sha} Configures the notification target user with the
passphrase [auto] [priv [aes-128] specified engine ID for the notification host
passphrase] [engineID id]
receiver. The engineID format is a 12-digit
Example: colon-separated decimal number.
switch(config)# snmp-server user NMS auth
sha abcd1234 priv abcdefgh engineID
00:00:00:63:00:01:00:10:20:15:10:03
Note You must configure the host before configuring the VRF reachability or filtering options.
You can configure Cisco NX-OS to use a configured VRF to reach the host receiver.
Use the following command in global configuration mode to configure a VRF to use for sending
notifications to the host receiver:
Command Purpose
snmp-server host ip-address use-vrf Configures SNMP to use the selected VRF to
vrf_name [udp_port number] communicate with the host receiver. The
Example:
ip-address can be an IPv4 or IPv6 address. The
switch(config)# snmp-server host 192.0.2.1 VRF name can be any alphanumeric string up to
use-vrf Blue 255 characters. The UDP port number range is
from 0 to 65535. This command adds an entry into
thc ExtSnmpTargetVrfTable of the
CISCO-SNMP-TARGET-EXT-MB.
no snmp-server host ip-address use-vrf Removes the VRF reachability information for
vrf_name [udp_port number] the configured host, and removes the entry from
Example:
thc ExtSnmpTargetVrfTable of the
switch(config)# no snmp-server host CISCO-SNMP-TARGET-EXT-MB.
192.0.2.1 use-vrf Blue
The ip-address can be an IPv4 or IPv6 address.
Does not remove the host configuration.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-208 OL-20635-03
Chapter 13 Configuring SNMP
Configuring SNMP
You can configure Cisco NX-OS filter notifications based on the VRF in which the notification occurred.
Use the following command in global configuration mode to filter notifications based on a configured
VRF:
Command Purpose
snmp-server host ip-address filter-vrf Filters notifications to the notification host
vrf_name [udp_port number] receiver based on the configured VRF. The
Example:
ip-address can be an IPv4 or IPv6 address. The
switch(config)# snmp-server host 192.0.2.1 VRF name can be any alphanumeric string up to
filter-vrf Red 255 characters. The UDP port number range is
from 0 to 65535.
This command adds an entry into thc
ExtSnmpTargetVrfTable of the
CISCO-SNMP-TARGET-EXT-MB.
no snmp-server host ip-address filter-vrf Removes the VRF filter information for the
vrf_name configured host, and removes the entry from thc
Example:
ExtSnmpTargetVrfTable of the
switch(config)# no snmp-server host CISCO-SNMP-TARGET-EXT-MB.
192.0.2.1 filter-vrf Red
The ip-address can be an IPv4 or IPv6 address.
This command does not remove the host
configuration.
SUMMARY STEPS
1. config t
2. snmp-server source-interface traps if-type if-number
3. show snmp source-interface
4. snmp-server host ip-address use-vrf vrf_name [udp_port number]
5. show snmp host
6. copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-209
Chapter 13 Configuring SNMP
Configuring SNMP
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 snmp-server source-interface traps Globally configures a source interface for sending out
if-type if-number SNMP traps. Use ? to determine the supported
Example:
interface types.
switch(config)# snmp-server You can configure the source interface at the global
source-interface traps ethernet 1/2
level or at a host level. When the source interface is
configured globally, any new host configuration uses
the global configuration to send the traps.
Note To configure a source interface at the host
level, use this command: snmp-server host
ip-address source-interface if-type if-number.
Step 3 show snmp source-interface (Optional) Displays information about configured
source interfaces.
Example:
switch(config)# show snmp
source-interface
Step 4 snmp-server host ip-address use-vrf Configures SNMP to use the selected VRF to
vrf_name [udp_port number] communicate with the host receiver. The ip-address
Example:
can be an IPv4 or IPv6 address. The VRF name can be
switch(config)# snmp-server host any alphanumeric string up to 255 characters. The
171.71.48.164 use_vrf default UDP port number range is from 0 to 65535. This
command adds an entry into the
ExtSnmpTargetVrfTable of the
CISCO-SNMP-TARGET-EXT-MB.
Note By default, SNMP sends the traps using the
management VRF. If you do not want to use
the management VRF, you must use this
command to specify the desired VRF.
Step 5 show snmp host (Optional) Displays information about configured
SNMP hosts.
Example:
switch(config)# show snmp host
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-210 OL-20635-03
Chapter 13 Configuring SNMP
Configuring SNMP
This example shows how to configure SNMP to send traps using a globally configured inband port:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# snmp-server source-interface traps ethernet 1/2
switch(config)# show snmp source-interface
-------------------------------------------------------------------
Notification source-interface
-------------------------------------------------------------------
trap Ethernet1/2
inform -
-------------------------------------------------------------------
Note The snmp-server enable traps command enables both traps and informs, depending on the configured
notification host receivers.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-211
Chapter 13 Configuring SNMP
Configuring SNMP
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-212 OL-20635-03
Chapter 13 Configuring SNMP
Configuring SNMP
Use the following commands in global configuration mode to enable the specified notification:
Command Purpose
snmp-server enable traps Enables all SNMP notifications.
Example:
switch(config)# snmp-server enable traps
snmp-server enable traps aaa Enables AAA SNMP notifications. Optionally,
[server-state-change] enables the following specific notifications:
Example: • server-state-change—Enables AAA server
switch(config)# snmp-server enable traps state-change notifications.
aaa
snmp-server enable traps bgp Enables BGP SNMP notifications.
Example:
switch(config)# snmp-server enable traps
bgp
snmp-server enable traps bridge Enables STP bridge SNMP notifications.
[newroot] Optionally, enables the following specific
[topologychange]
notifications:
Example: • newroot—Enables STP new root bridge
switch(config)# snmp-server enable traps
notifications.
bridge
• topologychange—Enables STP bridge
topology-change notifications.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-213
Chapter 13 Configuring SNMP
Configuring SNMP
Command Purpose
snmp-server enable traps callhome Enables Call Home notifications. Optionally,
[event-notify] enables the following specific notifications:
[smtp-send-fail]
• event-notify—Enables Call Home external
Example: event notifications.
switch(config)# snmp-server enable traps
callhome • smtp-send-fail—Enables Simple Mail
Transfer Protocol (SMTP) message send fail
notifications.
snmp-server enable traps cfs Enables Cisco Fabric Services (CFS)
[merge-failure] notifications. Optionally, enables the following
[state-change-notif]
specific notifications:
Example: • merge-failure—Enables CFS merge-failure
switch(config)# snmp-server enable traps
notifications.
cfs
• state-change-notif—Enables CFS
state-change notifications.
snmp-server enable traps config Enables SNMP notifications for configuration
[ccmCLIRunningConfigChanged] changes.
Example: • ccmCLIRunningConfigChanged—Enables
switch(config)# snmp-server enable traps SNMP notifications for configuration
config
changes in the running or startup
configuration.
snmp-server enable traps eigrp [tag] Enables CISCO-EIGRP-MIB SNMP
notifications.
Example:
switch(config)# snmp-server enable traps
eigrp
snmp-server enable traps entity Enables ENTITY-MIB SNMP notifications.
[entity_fan_status_change] Optionally, enables the following specific
[entity_mib_change]
[entity_module_inserted]
notifications:
[entity_module_removed] • entity_fan_status_change—Enables entity
[entity_module_status_change]
fan status-change notifications.
[entity_power_out_change]
[entity_power_status_change] • entity_mib_change—Enables entity MIB
[entity_unrecognised_module] change notifications.
Example: • entity_module_inserted—Enables entity
switch(config)# snmp-server enable traps module inserted notifications.
entity
• entity_module_removed—Enables entity
module removed notifications.
• entity_module_status_change—Enables
entity module status-change notifications.
• entity_power_out_change—Enables entity
power-out change notifications.
• entity_power_status_change—Enables
entity power status-change notifications.
• entity_unrecognised_module—Enables
entity unrecognized module notifications.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-214 OL-20635-03
Chapter 13 Configuring SNMP
Configuring SNMP
Command Purpose
snmp-server enable traps feature-control Enables feature-control SNMP notifications.
[FeatureOpStatusChange] Optionally, enables the following specific
Example:
notifications:
switch(config)# snmp-server enable traps • FeatureOpStatusChange—Enables feature
feature-control
operation status-change notifications.
snmp-server enable traps hsrp Enables CISCO-HSRP-MIB SNMP notifications.
[state-change] Optionally, enables the following specific
Example:
notifications:
switch(config)# snmp-server enable traps • state-change—Enables HSRP state-change
hsrp
notifications.
snmp-server enable traps license Enables license SNMP notifications. Optionally,
[notify-license-expiry] enables the following specific notifications:
[notify-license-expiry-warning]
[notify-licensefile-missing] • notify-license-expiry—Enables license
[notify-no-license-for-feature] expiry notifications.
Example: • notify-license-expiry-warning—Enables
switch(config)# snmp-server enable traps license expiry warning notifications.
license
• notify-licensefile-missing—Enables license
file-missing notifications.
• notify-no-license-for-feature—Enables
no-license-installed-for-feature notifications.
snmp-server enable traps link Enables IF-MIB link notifications. Optionally,
[IETF-extended-linkDown] enables the following specific notifications:
[IETF-extended-linkUp]
[cisco-extended-linkDown] • IETF-extended-linkDown—Enables
[cisco-extended-linkUp] Internet Engineering Task Force (IETF)
[linkDown]
extended link state down notifications.
[linkUp]
• IETF-extended-linkUp—Enables Internet
Example: Engineering Task Force (IETF) extended link
switch(config)# snmp-server enable traps
link
state up notifications.
• cisco-extended-linkDown—Enables Cisco
extended link state down notifications.
• cisco-extended-linkUp—Enables Cisco
extended link state up notifications.
• linkDown—Enables IETF link state down
notifications.
• linkUp—Enables IETF link state up
notifications.
snmp-server enable traps ospf [tag] Enables open shortest path first (OSPF)
[lsa] notifications. Optionally, enables the following
[rate-limit rate]
specific notifications:
Example: • lsa—Enables OSPF LSA notifications.
switch(config)# snmp-server enable traps
ospf • rate-limit rate—Enables rate limits on OSPF
notifications. The range is from 2 to 60
seconds. The default is 10 seconds.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-215
Chapter 13 Configuring SNMP
Configuring SNMP
Command Purpose
snmp-server enable traps port-security Enables port-security SNMP notifications.
[access-secure-mac-violation] Optionally, enables the following specific
[trunk-secure-mac-violation]
notifications:
Example: • access-secure-mac-violation—Enables
switch(config)# snmp-server enable traps
secure machine access control (MAC)
port-security
violation notifications.
• trunk-secure-mac-violation—Enables
virtual LAN (VLAN) secure MAC violation
notifications.
snmp-server enable traps rf Enables redundancy framework (RF) SNMP
[redundancy-framework] notifications. Optionally, enables the following
Example:
specific notifications:
switch(config)# snmp-server enable traps rf • redundancy-framework—Enables RF
Supervisor switchover MIB notifications.
snmp-server enable traps rmon Enables remote monitoring (RMON) SNMP
[fallingAlarm] notifications. Optionally, enables the following
[hcFallingAlarm]
[hcRisingAlarm]
specific notifications:
[risingAlarm] • fallingAlarm—Enables RMON falling alarm
notifications.
Example:
switch(config)# snmp-server enable traps • hcFallingAlarm—Enables RMON
rmon high-capacity falling alarm notifications.
• hcRisingAlarm—Enables RMON
high-capacity rising alarm notifications.
• risingAlarm—Enables RMON rising alarm
notifications.
snmp-server enable traps snmp Enables general SNMP notifications. Optionally,
[authentication] enables the following specific notifications:
Example: • authentication—Enables SNMP
switch(config)# snmp-server enable traps authentication notifications.
snmp
snmp-server enable traps stpx Enables STPX MIB notifications. Optionally,
[inconsistency] enables the following specific notifications:
[loop-inconsistency]
[root-inconsistency] • inconsistency—Enables SNMP STPX MIB
inconsistency update notifications.
Example:
switch(config)# snmp-server enable traps • loop-inconsistency—Enables SNMP STPX
stpx MIB loop-inconsistency update notifications.
• root-inconsistency—Enables SNMP STPX
MIB root-inconsistency update notifications.
snmp-server enable traps sysmgr Enables software change notifications.
[cseFailSwCoreNotifyExtended] Optionally, enables the following specific
Example:
notifications:
switch(config)# snmp-server enable traps • cseFailSwCoreNotifyExtended—Enables
sysmgr
software core notifications.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-216 OL-20635-03
Chapter 13 Configuring SNMP
Configuring SNMP
Command Purpose
snmp-server enable traps upgrade Enables upgrade notifications. Optionally,
[UpgradeJobStatusNotify] enables the following specific notifications:
[UpgradeOpNotifyOnCompletion]
• UpgradeJobStatusNotify—Enables upgrade
Example: job status notifications.
switch(config)# snmp-server enable traps
upgrade • UpgradeOpNotifyOnCompletion—Enables
upgrade global status notifications.
snmp-server enable traps vtp Enables upgrade notifications. Optionally,
[notifs] enables the following specific notifications:
[vlancreate]
[vlandelete] • notifs—Enables VTP notifications.
Example: • vlancreate—Enables VLAN creation
switch(config)# snmp-server enable traps notifications.
vtp
• vlandelete—Enables VLAN deletion
notifications.
snmp-server enable traps zone Enables default zone change notifications.
[default-zone-behavior-change] Optionally, enables the following specific
[merge-failure]
[merge-success]
notifications:
[request-reject1] • default-zone-behavior-change—Enables
[unsupp-mem]
default zone behavior change notifications.
Example: • merge-failure—Enables merge failure
switch(config)# snmp-server enable traps notifications.
zone
• merge-success—Enables merge success
notifications.
• request-reject1—Enables request reject
notifications.
• unsupp-mem—Enables unsupported
member notifications.
Command Purpose
no snmp trap link-status Disables SNMP link-state traps for the interface.
This command is enabled by default.
Example:
switch(config-if)# no snmp trap link-status
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-217
Chapter 13 Configuring SNMP
Configuring SNMP
Command Purpose
show interface snmp-ifindex Displays the persistent SNMP ifIndex value from
IF-MIB for all interfaces. Optionally, use the |
Example:
switch# show interface snmp-ifindex | grep
keyword and the grep keyword to search for a
-i Eth12/1 particular interface in the output.
Eth12/1 441974784 (0x1a580000)
Command Purpose
snmp-server tcp-session [auth] Enables a one-time authentication for SNMP over
a TCP session. The default is disabled.
Example:
switch(config)# snmp-server tcp-session
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. snmp-server contact name
3. snmp-server location name
4. show snmp
5. copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-218 OL-20635-03
Chapter 13 Configuring SNMP
Configuring SNMP
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 snmp-server contact name Configures sysContact, which is the SNMP contact
name.
Example:
switch(config)# snmp-server contact
Admin
Step 3 snmp-server location name Configures sysLocation, which is the SNMP location.
Example:
switch(config)# snmp-server location
Lab-7
Step 4 show snmp (Optional) Displays information about one or more
destination profiles.
Example:
switch(config)# show snmp
Step 5 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
This example shows how to configure the SNMP contact and location information:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# snmp contact Admin
switch(config)# snmp location Lab-7
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Determine the logical network entity instance. For more information on VRFs and protocol instances,
see the Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 5.x, or the Cisco
Nexus 7000 Series NX-OS Multicast Routing Configuration Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-219
Chapter 13 Configuring SNMP
Configuring SNMP
SUMMARY STEPS
1. config t
2. snmp-server context context-name [instance instance-name] [vrf vrf-name] [topology
topology-name]
3. snmp-server mib community-map community-name context context-name
4. show snmp context
5. copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 snmp-server context context-name Maps an SNMP context to a protocol instance, VRF, or
[instance instance-name] [vrf vrf-name] topology. The names can be any alphanumeric string
[topology topology-name]
up to 32 characters.
Example:
switch(config)# snmp-server context
public1 vrf red
Step 3 snmp-server mib community-map (Optional) Maps an SNMPv2c community to an
community-name context context-name SNMP context. The names can be any alphanumeric
Example:
string up to 32 characters.
switch(config)# snmp-server mib
community-map public context public1
Step 4 show snmp context (Optional) Displays information about one or more
SNMP contexts.
Example:
switch(config)# show snmp context
Step 5 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
This example shows how to map VRF red to the SNMPv2c public community string:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# vrf context red
switch(config-vrf)# exit
switch(config)# snmp-server context public1 vrf red
switch(config)# snmp-server mib community-map public context public1
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-220 OL-20635-03
Chapter 13 Configuring SNMP
Configuring SNMP
This example shows how to map OSPF instance Enterprise to the same SNMPv2c public community
string:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# feature ospf
switch(config)# router ospf Enterprise
switch(config-router)# exit
switch(config)# snmp-server context public1 instance Enterprise
switch(config)# snmp-server mib community-map public context public1
Use the following command in global configuration mode to delete the mapping between an SNMP
context and a logical network entity:
Command Purpose
no snmp-server context context-name Deletes the mapping between an SNMP context
[instance instance-name] [vrf vrf-name] and a protocol instance, VRF, or topology. The
[topology topology-name]
names can be any alphanumeric string up to 32
Example: characters.
switch(config)# no snmp-server context
Note Do not enter an instance, VRF, or
public1
topology to delete a context mapping. If
you use the instance, vrf, or topology
keywords, you configure a mapping
between the context and a zero-length
string.
Disabling SNMP
You can disable SNMP on a device.
Use the following command in global configuration mode to disable SNMP:
Command Purpose
no snmp-server protocol enable Disables SNMP. This command is enabled by
default.
Example:
switch(config)# no snmp-server protocol
enable
Command Purpose
snmp-server aaa-user cache-timeout seconds Configures how long the AAA synchronized user
configuration stays in the local cache. The range
Example:
switch(config)# snmp-server aaa-user
is from 1 to 86400 seconds. The default is 3600.
cache-timeout 1200.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-221
Chapter 13 Configuring SNMP
Verifying the SNMP Configuration
Command Purpose
show interface snmp-ifindex Displays the SNMP ifIndex value for all
interfaces (from IF-MIB).
show running-config snmp [all] Displays the SNMP running configuration.
show snmp Displays the SNMP status.
show snmp community Displays the SNMP community strings.
show snmp context Displays the SNMP context mapping.
show snmp engineID Displays the SNMP engineID.
show snmp group Displays SNMP roles.
show snmp host Displays information about configured SNMP
hosts.
show snmp session Displays SNMP sessions.
show snmp source-interface Displays information about configured source
interfaces.
show snmp trap Displays the SNMP notifications enabled or
disabled.
show snmp user Displays SNMPv3 users.
This example shows how to configure SNMP to send traps using an inband port configured at the host
level:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# snmp-server host 171.71.48.164 version 2c public
switch(config)# snmp-server host 171.71.48.164 source-interface ethernet 1/2
switch(config)# show snmp host
-------------------------------------------------------------------
Host Port Version Level Type SecName
-------------------------------------------------------------------
171.71.48.164 162 v2c noauth trap public
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-222 OL-20635-03
Chapter 13 Configuring SNMP
Additional References
Additional References
For additional information related to implementing SNMP, see the following sections:
• Related Documents, page 13-223
• Standards, page 13-223
• MIBs, page 13-224
Related Documents
Related Topic Document Title
SNMP CLI commands Cisco Nexus 7000 Series NX-OS System Management Command
Reference
VDCs and VRFs Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x
MIBs http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 13-223
Chapter 13 Configuring SNMP
Feature History for SNMP
MIBs
MIBs MIBs Link
• SNMP-COMMUNITY-MIB To locate and download MIBs, go to the following URL:
• SNMP-FRAMEWORK-MIB http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
• SNMP-NOTIFICATION-MIB
• SNMP-TARGET-MIB
• SNMPv2-MIB
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
13-224 OL-20635-03
Send document comments to [email protected].
CHAPTER 14
Configuring RMON
This chapter describes how to configure the RMON feature on Cisco NX-OS devices.
This chapter includes the following sections:
• Information About RMON, page 14-225
• Licensing Requirements for RMON, page 14-227
• Prerequisites for RMON, page 14-227
• Guidelines and Limitations, page 14-227
• Default Settings, page 14-227
• Configuring RMON, page 14-228
• Verifying the RMON Configuration, page 14-231
• Configuration Example for RMON, page 14-231
• Related Topics, page 14-231
• Additional References, page 14-231
• Feature History for RMON, page 14-232
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 14-225
Chapter 14 Configuring RMON
Information About RMON
RMON Alarms
You can set an alarm on any MIB object that resolves into an SNMP INTEGER type. The specified object
must be an existing SNMP MIB object in standard dot notation (for example, 1.3.6.1.2.1.2.2.1.14
represents ifInOctets.14).
When you create an alarm, you specify the following parameters:
• MIB object to monitor.
• Sampling interval—The interval that Cisco NX-OS uses to collect a sample value of the MIB object.
• Sample type—Absolute samples take the current snapshot of the MIB object value. Delta samples
take two consecutive samples and calculate the difference between them.
• Rising threshold—The value at which Cisco NX-OS triggers a rising alarm or resets a falling alarm.
• Falling threshold—The value at which Cisco NX-OS triggers a falling alarm or resets a rising alarm.
• Events—The action that Cisco NX-OS takes when an alarm (rising or falling) triggers.
Note Use the hcalarms option to set an alarm on a 64-bit integer MIB object.
For example, you can set a delta type rising alarm on an error counter MIB object. If the error counter
delta exceeds this value, you can trigger an event that sends an SNMP notification and logs the rising
alarm event. This rising alarm will not occur again until the delta sample for the error counter drops
below the falling threshold.
Note The falling threshold must be less than the rising threshold.
RMON Events
You can associate a particular event to each RMON alarm. RMON supports the following event types:
• SNMP notification—Sends an SNMP risingAlarm or fallingAlarm notification when the associated
alarm triggers.
• Log—Adds an entry in the RMON log table when the associated alarm triggers.
• Both—Sends an SNMP notification and adds an entry in the RMON log table when the associated
alarm triggers.
You can specify a different event for a falling alarm and a rising alarm.
High Availability
Cisco NX-OS supports stateless restarts for RMON. After a reboot or supervisor switchover, Cisco
NX-OS applies the running configuration.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
14-226 OL-20635-03
Chapter 14 Configuring RMON
Licensing Requirements for RMON
Virtualization Support
Cisco NX-OS supports one instance of the RMON per virtual device context (VDC). By default, Cisco
NX-OS places you in the default VDC. See the Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x.
RMON is virtual routing and forwarding (VRF) aware. You can configure RMON to use a particular
VRF to reach the RMON SMTP server.
Default Settings
Table 14-1 lists the default settings for RMON parameters.
Parameters Default
RMON Enabled beginning with Cisco NX-OS Release 5.1
Alarms None configured
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 14-227
Chapter 14 Configuring RMON
Configuring RMON
Configuring RMON
This section includes the following topics:
• Configuring RMON Alarms, page 14-228
• Configuring RMON Events, page 14-230
Note Be aware that the Cisco NX-OS commands for this feature may differ from those commands used in
Cisco IOS.
Ensure that you have configured an SNMP user and enabled SNMP notifications (see the “Configuring
SNMP” section on page 13-202).
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. rmon alarm index mib-object sample-interval {absolute | delta} rising-threshold value
[event-index] falling-threshold value [event-index] [owner name]
or
rmon hcalarm index mib-object sample-interval {absolute | delta} rising-threshold-high value
rising-threshold-low value [event-index] falling-threshold-high value falling-threshold-low
value [event-index] [owner name] [storagetype type]
3. show rmon [alarms | hcalarms]
4. copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
14-228 OL-20635-03
Chapter 14 Configuring RMON
Configuring RMON
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 rmon alarm index mib-object Creates an RMON alarm. The value range is from
sample-interval {absolute | delta} –2147483647 to 2147483647. The owner name can be
rising-threshold value [event-index]
falling-threshold value [event-index]
any alphanumeric string.
[owner name]
Example:
switch(config)# rmon alarm 20
1.3.6.1.2.1.2.2.1.14.1 2900 delta
rising-threshold 1500 1
falling-threshold 0 owner test
rmon hcalarm index mib-object Creates an RMON high capacity alarm. The value
sample-interval {absolute | delta} range is from –2147483647 to 2147483647. The owner
rising-threshold-high value
rising-threshold-low value [event-index]
name can be any alphanumeric string.
falling-threshold-high value The storage type range is from 1 to 5.
falling-threshold-low value
[event-index] [owner name] [storagetype
type]
Example:
switch(config)# rmon alarm 20
1.3.6.1.2.1.2.2.1.14.16777216 2900 delta
rising-threshold-high 15
rising-threshold-low 151
falling-threshold-high 0
falling-threshold-low 0 owner test
Step 3 show rmon {alarms | hcalarms} (Optional) Displays information about rmon alarms or
high capacity alarms.
Example:
switch(config)# show rmon alarms
Step 4 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 14-229
Chapter 14 Configuring RMON
Configuring RMON
Ensure that you have configured an SNMP user and enabled SNMP notifications (see the “Configuring
SNMP” section on page 13-202).
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. rmon event index [log] [trap string] [owner name] [description string]
3. show rmon events
4. copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 rmon event index [log] [trap string] Configures an RMON event. The trap string, owner
[owner name] [description string] name, and description string can be any alphanumeric
Example:
string.
switch(config)# rmon event 1 trap trap1
Step 3 show rmon events (Optional) Displays information about rmon events.
Example:
switch(config)# show rmon events
Step 4 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
14-230 OL-20635-03
Chapter 14 Configuring RMON
Verifying the RMON Configuration
Command Purpose
show rmon alarms Displays information about RMON alarms.
show rmon events Displays information about RMON events.
show rmon hcalarms Displays information about RMON hcalarms.
show rmon logs Displays information about RMON logs.
Related Topics
See the following related topics:
• Configuring SNMP, page 13-195
Additional References
For additional information related to implementing RMON, see the following sections:
• Related Documents, page 14-231
• Standards, page 14-232
• MIBs, page 14-232
Related Documents
Related Topic Document Title
RMON CLI commands Cisco Nexus 7000 Series NX-OS System Management Command
Reference
VDCs and VRFs Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 14-231
Chapter 14 Configuring RMON
Feature History for RMON
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
MIBs
MIBs MIBs Link
• RMON-MIB To locate and download MIBs, go to the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
14-232 OL-20635-03
Send document comments to [email protected].
CHAPTER 15
Configuring Online Diagnostics
This chapter describes how to configure the generic online diagnostics (GOLD) feature on Cisco NX-OS
devices.
This chapter includes the following sections:
• Information About Online Diagnostics, page 15-233
• Licensing Requirements for Online Diagnostics, page 15-237
• Prerequisites for Online Diagnostics, page 15-238
• Guidelines and Limitations, page 15-238
• Default Settings, page 15-238
• Configuring Online Diagnostics, page 15-238
• Verifying the Online Diagnostics Configuration, page 15-243
• Configuration Examples for Online Diagnostics, page 15-244
• Additional References, page 15-244
• Feature History for Online Diagnostics, page 15-245
Note For complete syntax and usage information for the commands in this chapter, see the
Cisco Nexus 7000 Series NX-OS System Management Command Reference.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 15-233
Chapter 15 Configuring Online Diagnostics
Information About Online Diagnostics
Bootup Diagnostics
Bootup diagnostics run during bootup and detect faulty hardware before Cisco NX-OS brings a module
online. For example, if you insert a faulty module in the device, bootup diagnostics test the module and
take it offline before the device uses the module to forward traffic.
Bootup diagnostics also check the connectivity between the supervisor and module hardware and the
data and control paths for all the ASICs. Table 15-1 describes the bootup diagnostic tests for a module
and a supervisor.
Diagnostic Description
Module
EOBCPortLoopback Disruptive test, not an on-demand test
Ethernet out of band
OBFL Verifies the integrity of the onboard failure logging (OBFL) flash.
1
PortLoopback Disruptive test, not an on-demand test
Sends and receives data on the same port to verify that the port is
operational.
FIPS2 Disruptive test; run only when FIPS is enabled on the system
An internal test that runs during module bootup to validate the
security device on the module.
BootupPortLoopback Disruptive test, not an on-demand test
A PortLoopback test that runs only during module bootup.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
15-234 OL-20635-03
Chapter 15 Configuring Online Diagnostics
Information About Online Diagnostics
Diagnostic Description
Supervisor
USB Nondisruptive test
Checks the USB controller initialization on a module.
CryptoDevice Nondisruptive test
Checks the Cisco Trusted Security (CTS) device initialization on a
module.
ManagementPortLoopback Disruptive test, not an on-demand test
Tests loopback on the management port of a module.
EOBCPortLoopback Disruptive test, not an on-demand test
Ethernet out of band
OBFL Verifies the integrity of the onboard failure logging (OBFL) flash.
1. The PortLoopback test is supported on all modules except the 48-port 1G copper Ethernet module.
2. F1 Series modules do not support the FIPS test.
Bootup diagnostics log failures to onboard failure logging (OBFL) and syslog and trigger a diagnostic
LED indication (on, off, pass, or fail).
You can configure Cisco NX-OS to either bypass the bootup diagnostics or run the complete set of
bootup diagnostics. See the “Setting the Bootup Diagnostic Level” section on page 15-239.
Default Default
Diagnostic Interval Setting Description
Module
ASICRegisterCheck 1 minute active Checks read/write access to scratch registers
for the ASICs on a module.
PrimaryBootROM 30 minutes active Verifies the integrity of the primary boot
device on a module.
SecondaryBootROM 30 minutes active Verifies the integrity of the secondary boot
device on a module.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 15-235
Chapter 15 Configuring Online Diagnostics
Information About Online Diagnostics
Default Default
Diagnostic Interval Setting Description
1
PortLoopback 15 minutes active Verifies connectivity through every port that
is administratively down on every module in
the system.
RewriteEngineLoopback 1 minute active Verifies the integrity of the nondisruptive
loopback for all ports up to the Rewrite
Engine ASIC device.
SnakeLoopback test2 20 minutes active Performs a nondisruptive loopback on all
ports, even those ports that are not in the shut
state. The ports are formed into a snake
during module bootup, and the supervisor
checks the snake connectivity periodically.
Note This test is deprecated in Cisco
NX-OS Release 5.2.
FIPS3 Not Not Runs on CTS-enabled ports when the
applicable applicable interface is enabled with a no shut command.
This internal test validates the security
device on the module.
Supervisor
ASICRegisterCheck 20 seconds active Checks read/write access to scratch registers
for the ASICs on the supervisor.
NVRAM 5 minutes active Verifies the sanity of the NVRAM blocks on
a supervisor.
RealTimeClock 5 minutes active Verifies that the real-time clock on the
supervisor is ticking.
PrimaryBootROM 30 minutes active Verifies the integrity of the primary boot
device on the supervisor.
SecondaryBootROM 30 minutes active Verifies the integrity of the secondary boot
device on the supervisor.
CompactFlash 30 minutes active Verifies access to the internal compact flash
devices.
ExternalCompactFlash 30 minutes active Verifies access to the external compact flash
devices.
PwrMgmtBus 30 seconds active Verifies the standby power management
control bus.
SpineControlBus4 30 seconds active Verifies the availability of the standby spine
module control bus.
SystemMgmtBus 30 seconds active Verifies the availability of the standby system
management bus.
StatusBus 30 seconds active Verifies the status transmitted by the status
bus for the supervisor, modules, and fabric
cards.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
15-236 OL-20635-03
Chapter 15 Configuring Online Diagnostics
Licensing Requirements for Online Diagnostics
Default Default
Diagnostic Interval Setting Description
StandbyFabricLoopback 30 seconds active Verifies the connectivity of the standby
supervisor to the crossbars on the spine card.
1. The PortLoopback test is supported on all modules except the 48-port 1G copper Ethernet module.
2. Only F1 Series modules support the SnakeLoopback test.
3. F1 Series modules do not support the FIPS test.
4. Beginning with Cisco NX-OS Release 5.2, the SpineControlBus test is enabled by default on the standby supervisor.
On-Demand Diagnostics
On-demand tests help localize faults and are usually needed in one of the following situations:
• To respond to an event that has occurred, such as isolating a fault.
• In anticipation of an event that may occur, such as a resource exceeding its utilization limit.
You can run all the health monitoring tests on demand.
You can schedule on-demand diagnostics to run immediately. See the “Starting or Stopping an
On-Demand Diagnostic Test” section on page 15-241 for more information.
You can also modify the default interval for a health monitoring test. See the “Activating a Diagnostic
Test” section on page 15-239 for more information.
High Availability
A key part of high availability is detecting hardware failures and taking corrective action while the
device runs in a live network. Online diagnostics in high availability detect hardware failures and provide
feedback to high availability software components to make switchover decisions.
Cisco NX-OS supports stateless restarts for online diagnostics. After a reboot or supervisor switchover,
Cisco NX-OS applies the running configuration.
Virtualization Support
Cisco NX-OS supports online diagnostics in the default virtual device context (VDC). By default, Cisco
NX-OS places you in the default VDC. See the Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x for more information.
Online diagnostics are virtual routing and forwarding (VRF) aware. You can configure online
diagnostics to use a particular VRF to reach the online diagnostics SMTP server.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 15-237
Chapter 15 Configuring Online Diagnostics
Prerequisites for Online Diagnostics
Default Settings
Table 15-3 lists the default settings for online diagnostic parameters.
Parameters Default
Bootup diagnostics level complete
Nondisruptive tests active
Note Be aware that the Cisco NX-OS commands for this feature may differ from those commands used in
Cisco IOS.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
15-238 OL-20635-03
Chapter 15 Configuring Online Diagnostics
Configuring Online Diagnostics
Note We recommend that you set the bootup online diagnostics level to complete. We do not recommend
bypassing the bootup online diagnostics.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. diagnostic bootup level {complete | bypass}
3. (Optional) show diagnostic bootup level
4. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per line. End
with CNTL/Z.
switch(config)#
Step 2 diagnostic bootup level {complete | bypass} Configures the bootup diagnostic level to trigger
diagnostics as follows when the device boots:
Example:
switch(config)# diagnostic bootup level complete • complete—Perform all bootup diagnostics. The
default is complete.
• bypass—Do not perform any bootup diagnostics.
Step 3 show diagnostic bootup level (Optional) Displays the bootup diagnostic level (bypass
or complete) that is currently in place on the device.
Example:
switch(config)# show diagnostic bootup level
Step 4 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config)# copy running-config
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 15-239
Chapter 15 Configuring Online Diagnostics
Configuring Online Diagnostics
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. (Optional) diagnostic monitor interval module slot test [test-id | name | all] hour hour min
minutes second sec
3. diagnostic monitor module slot test [test-id | name | all]
4. (Optional) show diagnostic content module {slot | all}
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per line. End
with CNTL/Z.
switch(config)#
Step 2 diagnostic monitor interval module slot test (Optional) Configures the interval at which the specified
[test-id | name | all] hour hour min minutes test is run. If no interval is set, the test runs at the interval
second sec
set previously, or the default interval.
Example: The argument ranges are as follows:
switch(config)# diagnostic monitor interval
module 6 test 3 hour 1 min 0 sec 0 • slot—The range is from 1 to 10.
• test-id—The range is from 1 to 14.
• name—Can be any case-sensitive alphanumeric
string up to 32 characters.
• hour —The range is from 0 to 23 hours.
• minute—The range is from 0 to 59 minutes.
• second —The range is from 0 to 59 seconds.
Step 3 diagnostic monitor module slot test [test-id | Activates the specified test.
name | all]
The argument ranges are as follows:
Example:
• slot—The range is from 1 to 10.
switch(config)# diagnostic monitor interval
module 6 test 3 • test-id—The range is from 1 to 14.
• name—Can be any case-sensitive alphanumeric
string up to 32 characters.
Step 4 show diagnostic content module {slot | all} (Optional) Displays information about the diagnostics
and their attributes.
Example:
switch(config)# show diagnostic content module 6
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
15-240 OL-20635-03
Chapter 15 Configuring Online Diagnostics
Configuring Online Diagnostics
Command Purpose
no diagnostic monitor module slot test Inactivates the specified test.
[test-id | name | all]
The argument ranges are as follows:
Example:
• slot—The range is from 1 to 10.
switch(config)# no diagnostic monitor
interval module 6 test 3 • test-id—The range is from 1 to 14.
• name—Can be any case-sensitive
alphanumeric string up to 32 characters.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 15-241
Chapter 15 Configuring Online Diagnostics
Configuring Online Diagnostics
DETAILED STEPS
Command Purpose
Step 1 diagnostic ondemand iteration number (Optional) Configures the number of times that the
on-demand test runs. The range is from 1 to 999. The
Example:
switch# diagnostic ondemand iteration 5
default is 1.
Step 2 diagnostic ondemand action-on-failure {continue (Optional) Configures the action to take if the on-demand
failure-count num-fails | stop} test fails. The num-fails range is from 1 to 999. The
Example:
default is 1.
switch# diagnostic ondemand action-on-failure
stop
Step 3 diagnostic start module slot test [test-id | name Starts one or more diagnostic tests on a module. The
| all | non-disruptive] [port port-number | all] module slot range is from 1 to 10. The test-id range is
Example:
from 1 to 14. The test name can be any case-sensitive
switch# diagnostic start module 6 test all alphanumeric string up to 32 characters. The port range
is from 1 to 48.
Step 4 diagnostic stop module slot test [test-id | name Stops one or more diagnostic tests on a module. The
| all] module slot range is from 1 to 10. The test-id range is
Example:
from 1 to 14. The test name can be any case-sensitive
switch# diagnostic stop module 6 test all alphanumeric string up to 32 characters.
Step 5 show diagnostic status module slot (Optional) Verifies that the diagnostic has been
scheduled.
Example:
switch# show diagnostic status module 6
Command Purpose
diagnostic clear result module [slot | all] Clears the test result for the specified test.
test {test-id | all}
The argument ranges are as follows:
Example:
• slot—The range is from 1 to 10.
switch# diagnostic clear result module 2
test all • test-id—The range is from 1 to 14.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
15-242 OL-20635-03
Chapter 15 Configuring Online Diagnostics
Verifying the Online Diagnostics Configuration
Command Purpose
diagnostic test simulation module slot test Simulates a test result. The test-id range is from 1
test-id {fail | random-fail | success} to 14. The port range is from 1 to 48.
[port number | all]
Example:
switch# diagnostic test simulation module 2
test 2 fail
Use the following command in any mode to clear the simulated diagnostic test result:
Command Purpose
diagnostic test simulation module slot test Clears the simulated test result. The test-id range
test-id clear is from 1 to 14.
Example:
switch# diagnostic test simulation module 2
test 2 clear
Command Purpose
show diagnostic bootup level Displays information about bootup diagnostics.
show diagnostic content module {slot | all} Displays information about diagnostic test
content for a module.
show diagnostic description module slot test Displays the diagnostic description.
[test-name | all]
show diagnostic events [error | info] Displays diagnostic events by error and
information event type.
show diagnostic ondemand setting Displays information about on-demand
diagnostics.
show diagnostic result module slot [test Displays information about the results of a
[test-name | all]] [detail] diagnostic.
show diagnostic simulation module slot Displays information about a simulated
diagnostic.
show diagnostic status module slot Displays the test status for all tests on a module.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 15-243
Chapter 15 Configuring Online Diagnostics
Configuration Examples for Online Diagnostics
Command Purpose
show hardware capacity [eobc | Displays information about the hardware
fabric-utilization | forwarding | interface | capabilities and current hardware utilization by
module | power] the system.
show module Displays module information including the online
diagnostic test status.
This example shows how to activate test 2 and set the test interval on module 6:
conf t
diagnostic monitor module 6 test 2
diagnostic monitor interval module 6 test 2 hour 3 min 30 sec 0
Additional References
For additional information related to implementing online diagnostics, see the following sections:
• Related Documents, page 15-244
• Standards, page 15-244
Related Documents
Related Topic Document Title
Online diagnostics CLI commands Cisco Nexus 7000 Series NX-OS System Management Command
Reference
VDCs and VRFs Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
15-244 OL-20635-03
Chapter 15 Configuring Online Diagnostics
Feature History for Online Diagnostics
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 15-245
Chapter 15 Configuring Online Diagnostics
Feature History for Online Diagnostics
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
15-246 OL-20635-03
Send document comments to [email protected].
CHAPTER 16
Configuring the Embedded Event Manager
This chapter describes how to configure the Embedded Event Manager (EEM) to detect and handle
critical events on Cisco NX-OS devices.
This chapter includes the following sections:
• Information About EEM, page 16-247
• Licensing Requirements for EEM, page 16-252
• Prerequisites for EEM, page 16-252
• Guidelines and Limitations, page 16-252
• Default Settings, page 16-253
• Configuring EEM, page 16-253
• Verifying the EEM Configuration, page 16-266
• Configuration Examples for EEM, page 16-267
• Additional References, page 16-268
• Feature History for EEM, page 16-268
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 16-247
Chapter 16 Configuring the Embedded Event Manager
Information About EEM
EEM Overview
EEM consists of three major components:
• Event statements—Events to monitor from another Cisco NX-OS component that may require some
action, workaround, or notification.
• Action statements —An action that EEM can take, such as sending an e-mail, or disabling an
interface, to recover from an event.
• Policies—An event paired with one or more actions to troubleshoot or recover from the event.
Policies
An EEM policy consists of an event statement and one or more action statements. The event statement
defines the event to look for as well as the filtering characteristics for the event. The action statement
defines the action EEM takes when the event occurs.
Figure 16-1 shows the two basic statements in an EEM policy.
EEM Policy
Tells your system: Look for this Tells your system: If that event
specific event to happen. happens, do these things.
You can configure EEM policies using the CLI or a VSH script.
EEM gives you a device-wide view of policy management. You configure EEM policies on the
supervisor, and EEM pushes the policy to the correct module based on the event type. EEM takes any
actions for a triggered event either locally on the module or on the supervisor (the default option).
EEM maintains event logs on the supervisor.
Cisco NX-OS has a number of preconfigured system policies. These system policies define many
common events and actions for the device. System policy names begin with two underscore characters
(__).
You can create user policies to suit your network. If you create a user policy, any actions in your policy
occur after EEM triggers any system policy actions related to the same event as your policy. To configure
a user policy, see the “Defining a User Policy Using the CLI” section on page 16-254.
You can also override some system policies. The overrides that you configure take the place of the
system policy. You can override the event or the actions.
Use the show event manager system-policy command to view the preconfigured system policies and
determine which policies that you can override.
To configure an overriding policy, see the “Overriding a Policy” section on page 16-261.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
16-248 OL-20635-03
Chapter 16 Configuring the Embedded Event Manager
Information About EEM
Note You should use the show running-config eem command to check the configuration of each policy. An
override policy that consists of an event statement and no action statement triggers no action and no
notification of failures.
Note Your override policy should always include an event statement. An override policy without an event
statement overrides all possible events in the system policy.
Event Statements
An event is any device activity for which some action, such as a workaround or a notification, should be
taken. In many cases, these events are related to faults in the device such as when an interface or a fan
malfunctions.
EEM defines event filters so only critical events or multiple occurrences of an event within a specified
time period trigger an associated action.
Figure 16-2 shows events that are handled by EEM.
Events
System_switchover
File_system_events
HAP_reset
OIR
fanabsent
fanbad
tempsensor
module_failure
Event Manager
Validates and records user-defined Dynamically registers the following:
User-defined Policy policy information.
– event names
(Defined in CLI in Directs event notifications.
– event descriptions
an applet or script.)
Dir ects policy actions. – event actions
Logs e vents. event parameters
–
Filters events and matches with policies
186904
Event Log
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 16-249
Chapter 16 Configuring the Embedded Event Manager
Information About EEM
Event statements specify the event that triggers a policy to run. In Cisco NX-OS Releases prior to 5.2,
you can configure only one event statement per policy. However, beginning in Cisco NX-OS Release 5.2,
you can configure multiple event triggers. For more information on configuring multiple events, see the
“EEM Event Correlation” section on page 16-251.
EEM schedules and runs policies on the basis of event statements. EEM examines the event and action
commands and runs them as defined.
Note If you want to allow the triggered event to process any default actions, you must configure the EEM
policy to allow the event default action statement.
Action Statements
Action statements describe the action triggered by a policy. Each policy can have multiple action
statements. If no action is associated with a policy, EEM still observes events but takes no actions.
EEM supports the following actions in action statements:
• Execute any CLI commands.
• Update a counter.
• Log an exception.
• Force the shutdown of any module.
• Reload the device.
• Shut down specified modules because the power is over budget.
• Generate a syslog message.
• Generate a Call Home event.
• Generate an SNMP notification.
• Use the default action for the system policy.
Note If you want to allow the triggered event to process any default actions, you must configure the EEM
policy to allow the default action. For example, if you match a CLI command in a match statement, you
must add the event-default action statement to the EEM policy or EEM will not allow the CLI command
to execute.
Note Verify that your action statements within your user policy or overriding policy do not negate each other
or adversely affect the associated system policy.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
16-250 OL-20635-03
Chapter 16 Configuring the Embedded Event Manager
Information About EEM
Environment Variables
You can define environment variables for EEM that are available for all policies. Environment variables
are useful for configuring common values that you can use in multiple policies. For example, you can
create an environment variable for the IP address of an external e-mail server.
You can use an environment variable in action statements by using the parameter substitution format.
Example 16-1 shows a sample action statement to force a module 1 shutdown, with a reset reason of
“EEM action.”
If you define an environment variable for the shutdown reason, called default-reason, you can replace
that reset reason with the environment variable, as shown in Example 16-2.
You can reuse this environment variable in any policy. For more information on environment variables,
see the “Defining an Environment Variable” section on page 16-253.
Note For information on configuring EEM event correlation, see the “Defining a User Policy Using the CLI”
section on page 16-254.
High Availability
Cisco NX-OS supports stateless restarts for EEM. After a reboot or supervisor switchover, Cisco NX-OS
applies the running configuration.
Virtualization Support
You configure EEM in the virtual device context (VDC) that you are logged into. By default, Cisco
NX-OS places you in the default VDC. You must be in this VDC to configure policies for module-based
events.
Not all actions or events are visible in all VDCs. You must have network-admin or vdc-admin privileges
to configure policies.
See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x, for
more information on VDCs.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 16-251
Chapter 16 Configuring the Embedded Event Manager
Licensing Requirements for EEM
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
16-252 OL-20635-03
Chapter 16 Configuring the Embedded Event Manager
Default Settings
Default Settings
Table 16-1 lists the default settings for EEM parameters.
Parameters Default
System policies Active
Configuring EEM
You can create policies that contain actions to take based on system policies. To display information
about the system policies, use the show event manager system-policy command. For more information
about system policies, see the “Embedded Event Manager System Events and Configuration Examples”
appendix.
This section includes the following topics:
• Defining an Environment Variable, page 16-253
• Defining a User Policy Using the CLI, page 16-254
• Defining a Policy using a VSH Script, page 16-260
• Registering and Activating a VSH Script Policy, page 16-261
• Overriding a Policy, page 16-261
• Configuring Memory Thresholds, page 16-263
• Configuring Syslog as EEM Publisher, page 16-265
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. event manager environment variable-name variable-value
3. (Optional) show event manager environment {variable-name | all}
4. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 16-253
Chapter 16 Configuring the Embedded Event Manager
Configuring EEM
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 event manager environment variable-name Creates an environment variable for EEM. The
variable-value variable-name can be any case-sensitive alphanumeric
Example:
string up to 29 characters. The variable-value can be
switch(config)# event manager any quoted alphanumeric string up to 39 characters,
environment emailto “[email protected]”
Step 3 show event manager environment (Optional) Displays information about the configured
{variable-name | all} environment variables.
Example:
switch(config)# show event manager
environment all
Step 4 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. event manager applet applet-name
3. (Optional) description policy-description
4. event event-statement
(Repeat Step 4 for multiple event statements.)
5. (Optional) tag tag {and | andnot | or} tag [and | andnot | or {tag}] {happens occurs in seconds}
6. action number[.number2] action-statement
(Repeat Step 6 for multiple action statements.)
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
16-254 OL-20635-03
Chapter 16 Configuring the Embedded Event Manager
Configuring EEM
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 event manager applet applet-name Registers the applet with EEM and enters applet
configuration mode. The applet-name can be any
Example:
switch(config)# event manager applet
case-sensitive alphanumeric string up to 29 characters.
monitorShutdown
switch(config-applet)#
Step 3 description policy-description (Optional) Configures a descriptive string for the
policy. The string can be any alphanumeric string up to
Example:
switch(config-applet)# description
80 characters. Enclose the string in quotation marks.
“Monitors interface shutdown.”
Step 4 event event-statement Configures the event statement for the policy. See the
“Configuring Event Statements” section on
Example:
switch(config-applet)# event cli match
page 16-256.
“shutdown” Repeat Step 4 for multiple event statements.
Step 5 tag tag {and | andnot | or} tag [and | (Optional) Correlates multiple events in the policy.
andnot | or {tag}] {happens occurs in
seconds} The range for the occurs argument is from 1 to
4294967295. The range for the seconds argument is
Example: from 0 to 4294967295 seconds.
switch(config-applet)# tag one or two
happens 1 in 10000
Step 6 action number[.number2] action-statement Configures an action statement for the policy. See the
“Configuring Action Statements” section on
Example:
switch(config-applet)# action 1.0 cli
page 16-259.
show interface e 3/1 Repeat Step 6 for multiple action statements.
Step 7 show event manager policy-state name (Optional) Displays information about the status of the
[module module-id] configured policy.
Example:
switch(config-applet)# show event
manager policy-state monitorShutdown
Step 8 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 16-255
Chapter 16 Configuring the Embedded Event Manager
Configuring EEM
Command Purpose
event cli [tag tag] match expression [count Triggers an event if you enter a command that
repeats | time seconds] matches the regular expression.
Example: The tag tag keyword-argument pair identifies this
switch(config-applet)# event cli match specific event when multiple events are included
“shutdown”
in the policy.
The repeats range is from 1 to 65000. The time
range, in seconds, is from 0 to 4294967295, where
0 indicates no time limit.
event counter [tag tag] name counter Triggers an event if the counter crosses the entry
entry-val entry entry-op {eq | ge | gt | le threshold based on the entry operation. The event
| lt |ne} [exit-val exit exit-op {eq | ge |
gt | le | lt |ne}]
resets immediately. Optionally, you can configure
the event to reset after the counter passes the exit
Example: threshold.
switch(config-applet)# event counter name
mycounter entry-val 20 gt The tag tag keyword-argument pair identifies this
specific event when multiple events are included
in the policy.
The counter name can be any case-sensitive,
alphanumeric string up to 28 characters. The entry
and exit value ranges are from 0 to 2147483647.
event fanabsent [fan number] time seconds Triggers an event if a fan is removed from the
device for more than the configured time, in
Example:
switch(config-applet)# event fanabsent time
seconds. The number range is module dependent.
300 The seconds range is from 10 to 64000.
event fanbad [fan number] time seconds Triggers an event if a fan fails for more than the
configured time, in seconds. The number range is
Example:
switch(config-applet)# event fanbad time
module dependent. The seconds range is from 10
3000 to 64000.
event gold module {slot | all} test Triggers an event if the named online diagnostic
test-name [severity {major | minor | test experiences the configured failure severity for
moderate}] testing-type {bootup |
monitoring | ondemand | scheduled}
the configured number of consecutive failures.
consecutive-failure count The slot range is from 1 to 10. The test-name is
the name of a configured online diagnostic test.
Example: The count range is from 1 to 1000.
switch(config-applet)# event gold module 2
test ASICRegisterCheck testing-type
ondemand consecutive-failure 2
event memory {critical | minor | severe} Triggers an event if a memory threshold is
crossed. See also the “Configuring Memory
Example:
switch(config-applet)# event memory
Thresholds” section on page 16-263.
critical
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
16-256 OL-20635-03
Chapter 16 Configuring the Embedded Event Manager
Configuring EEM
Command Purpose
event module [tag tag] status {online | Triggers an event if the specified module enters
offline | any} module {all | module-num} the selected status.
Example: The tag tag keyword-argument pair identifies this
switch(config-applet)# event module status specific event when multiple events are included
offline module all
in the policy.
event module-failure [tag tag] type Triggers an event if a module experiences the
failure-type module {slot | all} count failure type configured. See the Cisco Nexus 7000
repeats [time seconds]
Series NX-OS System Management Command
Example: Reference for information on the failure types.
switch(config-applet)# event module-failure
The tag tag keyword-argument pair identifies this
type lc-failed module 3 count 1
specific event when multiple events are included
in the policy.
The repeats range is from 0 to 4294967295. The
seconds range is from 0 to 4294967295, where 0
indicates no time limit.
event oir [tag tag] {fan | module | Triggers an event if the configured device element
powersupply} {anyoir | insert | remove} (fan, module, or power supply) is inserted or
[number]
removed from the device.
Example: The tag tag keyword-argument pair identifies this
switch(config-applet)# event oir fan remove
specific event when multiple events are included
4
in the policy.
You can optionally configure a specific fan,
module, or power supply number. The number
range is as follows:
• Fan number—Module dependent.
• Module number—Device dependent.
• Power supply number—The range is from 1
to 3.
event policy-default count repeats [time Uses the event configured in the system policy.
seconds] Use this option for overriding policies.
Example: The repeats range is from 1 to 65000. The seconds
switch(config-applet)# event policy-default range is from 0 to 4294967295, where 0 indicates
count 3
no time limit.
event poweroverbudget Triggers an event if the power budget exceeds the
capacity of the configured power supplies.
Example:
switch(config-applet)# event
poweroverbudget
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 16-257
Chapter 16 Configuring the Embedded Event Manager
Configuring EEM
Command Purpose
event snmp [tag tag] oid oid get-type Triggers an event if the SNMP OID crosses the
{exact | next} entry-op {eq | ge | gt | le entry threshold based on the entry operation. The
| lt |ne} entry-val entry [exit-comb {and |
or}] exit-op {eq | ge | gt | le | lt |ne}
event resets immediately, or optionally you can
exit-val exit exit-time time configure the event to reset after the counter
polling-interval interval passes the exit threshold. The OID is in dotted
decimal notation.
Example:
switch(config-applet)# event snmp oid The tag tag keyword-argument pair identifies this
1.3.6.1.2.1.31.1.1.1.6 get-type next specific event when multiple events are included
entry-op lt 300 entry-val 0 exit-op eq 400 in the policy.
exit-time 30 polling-interval 300
The entry and exit value ranges are from 0 to
18446744073709551615. The time, in seconds, is
from 0 to 2147483647. The interval, in seconds, is
from 1 to 2147483647.
event storm-control Triggers an event if traffic on a port exceeds the
configured storm control threshold.
Example:
switch(config-applet)# event storm-control
event sysmgr memory [module module-num] Triggers an event if the specified system manager
major major-percent minor minor-percent memory threshold is exceeded. The range for the
clear clear-percent
percentage is from 1 to 99.
Example:
switch(config-applet)# event sysmgr memory
minor 80
event sysmgr switchover count count time Triggers an event if the specified switchover count
interval is exceeded within the time interval specified. The
Example:
switchover count is from 1 to 65000. The time
switch(config-applet)# event sysmgr interval is from 0 to 2147483647.
switchover count 10 time 1000
event temperature [module slot] [sensor Triggers an event if the temperature sensor
number] threshold {any | major | minor} exceeds the configured threshold. The sensor
Example:
range is from 1 to 18.
switch(config-applet)# event temperature
module 2 threshold any
event track [tag tag] object-number state Triggers an event if the tracked object is in the
{any | down | up} configured state.
Example: The tag tag keyword-argument pair identifies this
switch(config-applet)# event track 1 state specific event when multiple events are included
down
in the policy.
The object-number range is from 1 to 500.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
16-258 OL-20635-03
Chapter 16 Configuring the Embedded Event Manager
Configuring EEM
Command Purpose
action number[.number2] cli command1 Runs the configured CLI commands. You can
[command2...] [local] optionally run the commands on the module
Example:
where the event occurred. The action label is in
switch(config-applet)# action 1.0 cli “show the format number1.number2.
interface e 3/1“
number can be any number up to 16 digits. The
range for number2 is from 0 to 9.
action number[.number2] counter name Modifies the counter by the configured value and
counter value val op {dec | inc | nop | operation. The action label is in the format
set}
number1.number2.
Example: number can be any number up to 16 digits. The
switch(config-applet)# action 2.0 counter
range for number2 is from 0 to 9.
name mycounter value 20 op inc
The counter name can be any case-sensitive,
alphanumeric string up to 28 characters. The val
can be an integer from 0 to 2147483647 or a
substituted parameter.
action number[.number2] event-default Executes the default action for the associated
event. The action label is in the format
Example:
switch(config-applet)# action 1.0
number1.number2.
event-default number can be any number up to 16 digits. The
range for number2 is from 0 to 9.
action number[.number2] forceshut [module Forces a module, crossbar, or the entire system to
slot | xbar xbar-number] reset-reason shut down. The action label is in the format
seconds
number1.number2.
Example: number can be any number up to 16 digits. The
switch(config-applet)# action 1.0 forceshut
range for number2 is from 0 to 9.
module 2 reset-reason “flapping links”
The reset reason is a quoted alphanumeric string
up to 80 characters.
action number[.number2] overbudgetshut Forces one or more modules or the entire system
[module slot [- slot]] to shut down because of a power overbudget issue.
Example: number can be any number up to 16 digits. The
switch(config-applet)# action 1.0 range for number2 is from 0 to 9.
overbudgetshut module 3-5
action number[.number2] policy-default Executes the default action for the policy that you
are overriding. The action label is in the format
Example:
switch(config-applet)# action 1.0
number1.number2.
policy-default number can be any number up to 16 digits. The
range for number2 is from 0 to 9.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 16-259
Chapter 16 Configuring the Embedded Event Manager
Configuring EEM
Command Purpose
action number[.number2] reload [module slot Forces one or more modules or the entire system
[- slot]] to reload.
Example: number can be any number up to 16 digits. The
switch(config-applet)# action 1.0 reload range for number2 is from 0 to 9.
module 3-5
action number[.number2] snmp-trap Sends an SNMP trap with the configured data.
{[intdata1 data [intdata2 data] [strdata number can be any number up to 16 digits. The
string]}
range for number2 is from 0 to 9.
Example: The data arguments can by any number up to 80
switch(config-applet)# action 1.0 snmp-trap
digits. The string can be any alphanumeric string
strdata “temperature problem”
up to 80 characters.
action number[.number2] syslog [priority Sends a customized syslog message at the
prio-val] msg error-message configured priority. number can be any number up
Example:
to 16 digits. The range for number2 is from 0 to 9.
switch(config-applet)# action 1.0 syslog The error-message can be any quoted
priority notifications msg “cpu high”
alphanumeric string up to 80 characters.
Note If you want to allow the triggered event to process any default actions, you must configure the EEM
policy to allow the default action. For example, if you match a CLI command in a match statement, you
must add the event-default action statement to the EEM policy or EEM will not allow the CLI command
to execute. You can use the terminal event-manager bypass command to allow all EEM policies with
CLI matches to execute the CLI command.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Ensure that you are logged in with administrator privileges.
Ensure that your script name is the same name as the script filename.
DETAILED STEPS
Step 1 In a text editor, list the commands that define the policy.
Step 2 Name the text file and save it.
Step 3 Copy the file to the following system directory:
bootflash://eem/user_script_policies
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
16-260 OL-20635-03
Chapter 16 Configuring the Embedded Event Manager
Configuring EEM
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. event manager policy policy-script
3. (Optional) show event manager policy internal name
4. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 event manager policy policy-script Registers and activates an EEM script policy. The
policy-script can be any case-sensitive alphanumeric
Example:
switch(config)# event manager policy
string up to 29 characters.
moduleScript
Step 3 show event manager policy internal name (Optional) Displays information about the configured
policy.
Example:
switch(config)# show event manager
policy internal moduleScript
Step 4 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
Overriding a Policy
You can override a system policy.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 16-261
Chapter 16 Configuring the Embedded Event Manager
Configuring EEM
SUMMARY STEPS
1. config t
2. (Optional) show event manager policy-state system-policy
3. event manager applet applet-name override system-policy
4. (Optional) description policy-description
5. event event-statement
6. action number action-statement
(Repeat Step 6 for multiple action statements.)
7. (Optional) show event manager policy-state name
8. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 show event manager policy-state (Optional) Displays information about the system
system-policy policy that you want to override, including thresholds.
Example:
Use the show event manager system-policy
switch(config-applet)# show event command to find the system policy names. For
manager policy-state __ethpm_link_flap information about system policies, see the “Embedded
Policy __ethpm_link_flap Event Manager System Events and Configuration
Cfg count : 5 Examples” appendix.
Cfg time interval : 10.000000
(seconds)
Hash default, Count 0
Step 3 event manager applet applet-name Overrides a system policy and enters applet
override system-policy configuration mode. The applet-name can be any
Example:
case-sensitive alphanumeric string up to 29 characters.
switch(config)# event manager applet The system-policy must be one of the existing system
ethport override __ethpm_link_flap policies.
switch(config-applet)#
Step 4 description policy-description (Optional) Configures a descriptive string for the
policy. The string can be any alphanumeric string up to
Example:
switch(config-applet)# description
80 characters. Enclose the string in quotation marks.
“Overrides link flap policy.”
Step 5 event event-statement Configures the event statement for the policy. See the
“Configuring Event Statements” section on
Example:
switch(config-applet)# event
page 16-256.
policy-default count 2 time 1000
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
16-262 OL-20635-03
Chapter 16 Configuring the Embedded Event Manager
Configuring EEM
Command Purpose
Step 6 action number action-statement Configures an action statement for the policy. See the
“Configuring Action Statements” section on
Example:
switch(config-applet)# action 1.0 syslog
page 16-259.
priority warnings msg “Link is Repeat Step 6 for multiple action statements.
flapping.”
Step 7 show event manager policy-state name (Optional) Displays information about the configured
policy.
Example:
switch(config-applet)# show event
manager policy-state ethport
Step 8 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Ensure that you are logged in with administrator privileges.
SUMMARY STEPS
1. config t
2. system memory-thresholds minor minor severe severe critical critical
3. (Optional) system memory-thresholds threshold critical no-process-kill
4. (Optional) show running-config | include “system memory”
5. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 16-263
Chapter 16 Configuring the Embedded Event Manager
Configuring EEM
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 system memory-thresholds minor minor Configures the system memory thresholds that
severe severe critical critical generate EEM memory events. The default values are
Example:
as follows:
switch(config)# system memory-thresholds • Minor—85
minor 60 severe 70 critical 80
• Severe—90
• Critical—95
When these memory thresholds are exceeded, the
system generates the following syslogs:
• 2009 May 7 17:06:30 switch %$ VDC-1 %$
%PLATFORM-2-MEMORY_ALERT: Memory
Status Alert : MINOR
• 2009 May 7 17:06:30 switch %$ VDC-1 %$
%PLATFORM-2-MEMORY_ALERT: Memory
Status Alert : SEVERE
• 2009 May 7 17:06:30 switch %$ VDC-1 %$
%PLATFORM-2-MEMORY_ALERT: Memory
Status Alert : CRITICAL
• 2009 May 7 17:06:35 switch %$ VDC-1 %$
%PLATFORM-2-MEMORY_ALERT: Memory
Status Alert : MINOR ALERT RECOVERED
• 2009 May 7 17:06:35 switch %$ VDC-1 %$
%PLATFORM-2-MEMORY_ALERT: Memory
Status Alert : SEVERE ALERT RECOVERED
• 2009 May 7 17:06:35 switch %$ VDC-1 %$
%PLATFORM-2-MEMORY_ALERT: Memory
Status Alert : CRITICAL ALERT RECOVERED
Step 3 system memory-thresholds threshold (Optional) Configures the system to not kill processes
critical no-process-kill when the memory cannot be allocated. The default
Example:
value is to allow the system to kill processes, starting
switch(config)# system memory-thresholds with the one that consumes the most memory.
threshold critical no-process-kill
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
16-264 OL-20635-03
Chapter 16 Configuring the Embedded Event Manager
Configuring EEM
Command Purpose
Step 4 show running-config | include “system (Optional) Displays information about the system
memory” memory configuration.
Example:
switch(config-applet)# show
running-config | include “system memory”
Step 5 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config
RESTRICTIONS
SUMMARY STEPS
1. config t
2. event manager applet applet-name
3. event syslog [tag tag] {occurs number | period seconds | pattern msg-text | priority priority}
4. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 event manager applet applet-name Registers an applet with EEM and enters applet
configuration mode.
Example:
switch(config)# event manager applet abc
switch(config-applet)#
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 16-265
Chapter 16 Configuring the Embedded Event Manager
Verifying the EEM Configuration
Command Purpose
Step 3 event syslog [tag tag] {occurs number | Monitors syslog messages and invokes the policy
period seconds | pattern msg-text | based on the search string in the policy.
priority priority}
• The tag tag keyword-argument pair identifies this
Example: specific event when multiple events are included
switch(config-applet)# event syslog
in the policy.
occurs 10
• The occurs number keyword-argument pair
specifies the number of occurrences. The range is
from 1 to 65000.
• The period seconds keyword-argument pair
specifies the interval during which the event
occurs. The range is from 1 to 4294967295.
• The pattern msg-text keyword-argument pair
specifies the matching regular expression. The
pattern can contain character text, an environment
variable, or a combination of the two. If the string
contains embedded blanks, it is enclosed in
quotation marks.
• The priority priority keyword-argument pair
specifies the priority of the syslog messages. If
this keyword is not selected, all syslog messages
are set at the informational priority level.
Step 4 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config-applet)# copy
running-config startup-config
Command Purpose
show event manager environment Displays information about the event manager
[variable-name | all] environment variables.
show event manager event-types [event | all | Displays information about the event manager
module slot] event types.
show event manager history events [detail] Displays the history of events for all policies.
[maximum num-events] [severity {catastrophic
| minor | moderate | severe}]
show event manager policy internal Displays information about the configured
[policy-name] [inactive] policies.
show event manager policy-state policy-name Displays information about the policy state,
including thresholds.
show event manager script system [policy-name Displays information about the script policies.
| all]
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
16-266 OL-20635-03
Chapter 16 Configuring the Embedded Event Manager
Configuration Examples for EEM
Command Purpose
show event manager system-policy [all] Displays information about the predefined system
policies.
show running-config eem Displays information about the running
configuration for EEM.
show startup-config eem Displays information about the startup
configuration for EEM.
This example shows how to override the __ethpm_link_flap system policy and shuts down the interface.
event manager applet ethport override __ethpm_link_flap
event policy-default count 2 time 1000
action 1 cli conf t
action 2 cli int et1/1
action 3 cli no shut
This example creates an EEM policy that allows the CLI command to execute but triggers an SNMP
notification when a user enters configuration mode on the device:
event manager applet TEST
event cli match "conf t"
action 1.0 snmp-trap strdata "Configuration change"
action 2.0 event-default
Note You must add the event-default action statement to the EEM policy, or EEM will not allow the
CLI command to execute.
This example shows how to correlate multiple events in an EEM policy and execute the policy based on
a combination of the event triggers. In this example, the EEM policy is triggered if one of the specified
syslog patterns occurs within 120 seconds.
event manager applet eem-correlate
event syslog tag one pattern "copy bootflash:.* running-config.*”
event syslog tag two pattern “copy run start”
event syslog tag three pattern “hello”
tag one or two or three happens 1 in 120
action 1.0 reload module 1
Note For additional EEM configuration examples, see Appendix 1, “Embedded Event Manager System
Events and Configuration Examples.”
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 16-267
Chapter 16 Configuring the Embedded Event Manager
Additional References
Additional References
For additional information related to implementing EEM, see the following sections:
• Related Documents, page 16-268
• Standards, page 16-268
Related Documents
Related Topic Document Title
EEM commands Cisco Nexus 7000 Series NX-OS System Management Command
Reference
VDCs Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
16-268 OL-20635-03
Send document comments to [email protected].
CHAPTER 17
Configuring Onboard Failure Logging
This chapter describes how to configure the onboard failure logging (OBFL) features on Cisco NX-OS
devices.
This chapter includes the following sections:
• Information About OBFL, page 17-269
• Licensing Requirements for OBFL, page 17-270
• Prerequisites for OBFL, page 17-270
• Guidelines and Limitations, page 17-271
• Default Settings, page 17-271
• Configuring OBFL, page 17-271
• Verifying the OBFL Configuration, page 17-274
• Configuration Example for OBFL, page 17-275
• Additional References, page 17-275
• Feature History for OBFL, page 17-276
OBFL Overview
Cisco NX-OS provides the ability to log failure data to persistent storage, which you can retrieve and
display for analysis at a later time. This onboard failure logging (OBFL) feature stores failure and
environmental information in nonvolatile memory on the module. The information will help analyze
failed modules.
The data stored by OBFL include the following:
• Time of initial power-on
• Slot number of the module in the chassis
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 17-269
Chapter 17 Configuring Onboard Failure Logging
Licensing Requirements for OBFL
Virtualization Support
You must be in the default virtual device context (VDC) to configure and display OBFL information. See
the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 5.x for more
information on VDCs.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
17-270 OL-20635-03
Chapter 17 Configuring Onboard Failure Logging
Guidelines and Limitations
Note Be aware that the Cisco NX-OS commands for this feature may differ from those commands used in
Cisco IOS.
Default Settings
Table 17-1 lists the default settings for OBFL parameters.
Parameters Default
OBFL All features enabled
Configuring OBFL
You can configure the OBFL features on Cisco NX-OS devices.
SUMMARY STEPS
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 17-271
Chapter 17 Configuring Onboard Failure Logging
Configuring OBFL
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global
configuration mode.
Example:
switch# config t
Enter configuration commands, one per line. End with
CNTL/Z.
switch(config)#
Step 2 hw-module logging onboard Enables all OBFL features.
Example:
switch(config)# hw-module logging onboard
Module: 7 Enabling ... was successful.
Module: 10 Enabling ... was successful.
Module: 12 Enabling ... was successful.
Step 3 hw-module logging onboard environmental-history Enables the OBFL
environmental history.
Example:
switch(config)# hw-module logging onboard
environmental-history
Module: 7 Enabling environmental-history ... was
successful.
Module: 10 Enabling environmental-history ... was
successful.
Module: 12 Enabling environmental-history ... was
successful.
Step 4 hw-module logging onboard error-stats Enables the OBFL error
statistics.
Example:
switch(config)# hw-module logging onboard error-stats
Module: 7 Enabling error-stats ... was successful.
Module: 10 Enabling error-stats ... was successful.
Module: 12 Enabling error-stats ... was successful.
Step 5 hw-module logging onboard interrupt-stats Enables the OBFL interrupt
statistics.
Example:
switch(config)# hw-module logging onboard interrupt-stats
Module: 7 Enabling interrupt-stats ... was
successful.
Module: 10 Enabling interrupt-stats ... was
successful.
Module: 12 Enabling interrupt-stats ... was
successful.
Step 6 hw-module logging onboard module slot Enables the OBFL information
for a module.
Example:
switch(config)# hw-module logging onboard module 7
Module: 7 Enabling ... was successful.
Step 7 hw-module logging onboard obfl-log Enables the boot uptime, device
version, and OBFL history.
Example:
switch(config)# hw-module logging onboard obfl-log
Module: 7 Enabling obfl-log ... was successful.
Module: 10 Enabling obfl-log ... was successful.
Module: 12 Enabling obfl-log ... was successful.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
17-272 OL-20635-03
Chapter 17 Configuring Onboard Failure Logging
Configuring OBFL
Command Purpose
Step 8 show logging onboard (Optional) Displays information
about OBFL.
Example:
switch(config)# show logging onboard
----------------------------
OBFL Status
----------------------------
Switch OBFL Log:
Enabled
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 17-273
Chapter 17 Configuring Onboard Failure Logging
Verifying the OBFL Configuration
To display OBFL information stored in flash on a module, perform one of the following tasks:
Command Purpose
show logging onboard boot-uptime Displays the boot and uptime information.
show logging onboard counter-stats Displays statistics on all ASIC counters.
show logging onboard device-version Displays device version information.
show logging onboard endtime Displays OBFL logs to a specified end time.
show logging onboard environmental-history Displays environmental history.
show logging onboard error-stats Displays error statistics.
show logging onboard exception-log Displays exception log information.
show logging onboard interrupt-stats Displays interrupt statistics.
show logging onboard kernel-trace Displays kernel trace information.
show logging onboard module slot Displays OBFL information for a specific
module.
show logging onboard obfl-history Displays history information.
show logging onboard obfl-logs Displays log information.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
17-274 OL-20635-03
Chapter 17 Configuring Onboard Failure Logging
Configuration Example for OBFL
Command Purpose
show logging onboard stack-trace Displays kernel stack trace information.
show logging onboard starttime Displays OBFL logs from a specified start time.
show logging onboard status Displays OBFL status information.
Note Use the clear logging onboard command to clear the OBFL information for each of the show command
options listed.
Additional References
For additional information related to implementing OBFL, see the following sections:
• Related Documents, page 17-275
• Standards, page 17-275
Related Documents
Related Topic Document Title
OBFL CLI commands Cisco Nexus 7000 Series NX-OS System Management Command
Reference
Configuration files Cisco Nexus 7000 Series NX-OS Fundamentals Configuration
Guide, Release 5.x
VDCs Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 17-275
Chapter 17 Configuring Onboard Failure Logging
Feature History for OBFL
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
17-276 OL-20635-03
Send document comments to [email protected].
CHAPTER 18
Configuring SPAN
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 18-277
Chapter 18 Configuring SPAN
Information About SPAN
SPAN Sources
The interfaces from which traffic can be monitored are called SPAN sources. Sources designate the
traffic to monitor and whether to copy ingress, egress, or both directions of traffic. SPAN sources include
the following:
• Ethernet ports
• Port channels
• The inband interface to the control plane CPU—You can monitor the inband interface only from the
default VDC. Inband traffic from all VDCs is monitored.
• VLANs—When a VLAN is specified as a SPAN source, all supported interfaces in the VLAN are
SPAN sources.
• Remote SPAN (RSPAN) VLANs
• Fabric port channels connected to the Cisco Nexus 2000 Series Fabric Extender
• Satellite ports and host interface port channels on the Cisco Nexus 2000 Series Fabric Extender—
These interfaces are supported in Layer 2 access mode, Layer 2 trunk mode, and Layer 3 mode.
Note A single SPAN session can include mixed sources in any combination of the above.
SPAN Destinations
SPAN destinations refer to the interfaces that monitor source ports. Destination ports receive the copied
traffic from SPAN sources.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18-278 OL-20635-03
Chapter 18 Configuring SPAN
Information About SPAN
• Destination ports do not participate in any spanning tree instance. SPAN output includes Bridge
Protocol Data Unit (BPDU) Spanning-Tree Protocol hello packets.
• An RSPAN VLAN cannot be used as a SPAN destination.
• You can configure SPAN destinations to inject packets to disrupt a certain TCP packet stream in
support of the Intrusion Detection System (IDS).
• You can configure SPAN destinations to enable a forwarding engine to learn the MAC address of
the IDS.
• F1 Series module FabricPath core ports, Fabric Extender HIF ports, HIF port channels, and Fabric
PO ports are not supported as SPAN destination ports.
• Shared interfaces cannot be used as SPAN destinations.
• VLAN ACL redirects to SPAN destination ports are not supported.
• All SPAN destinations configured for a given session will receive all spanned traffic. For more
information, see the “Virtual SPAN Sessions” section below.
SPAN Sessions
You can create up to 48 SPAN sessions designating sources and destinations to monitor.
Note Only two SPAN sessions, two ERSPAN sessions, or one SPAN session and one ERSPAN session can be
running simultaneously.
Figure 18-1 shows a SPAN configuration. Packets on three Ethernet ports are copied to destination port
Ethernet 2/5. Only traffic in the direction specified is copied.
E 2/3 Tx
Network analyzer
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 18-279
Chapter 18 Configuring SPAN
Information About SPAN
Note Virtual SPAN sessions cause all source packets to be copied to all destinations, whether the packets are
required at the destination or not. VLAN traffic filtering occurs at the egress destination port level.
E 2/5
Source Traffic Destination
VLAN Direction Ports
E 2/6
10 Rx E 2/5
Network analyzer
E 2/7 E 2/6
VLAN 11 11 Rx, Tx
E 2/7
186284
12 Tx
Rx is ingress
Network analyzer Tx is egress
VLAN 12
For information about configuring a virtual SPAN session, see the “Configuring a Virtual SPAN Session”
section on page 18-287.
High Availability
The SPAN feature supports stateless and stateful restarts. After a reboot or supervisor switchover, the
running configuration is applied. For more information on high availability, see the Cisco Nexus 7000
Series NX-OS High Availability and Redundancy Guide, Release 5.x.
Virtualization Support
A virtual device context (VDC) is a logical representation of a set of system resources. SPAN applies
only to the VDC where the commands are entered.
Note You can monitor the inband interface only from the default VDC. Inband traffic from all VDCs is
monitored.
For information about configuring VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device
Context Configuration Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18-280 OL-20635-03
Chapter 18 Configuring SPAN
Licensing Requirements for SPAN
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 18-281
Chapter 18 Configuring SPAN
Guidelines and Limitations
• Destination ports do not participate in any spanning tree instance. SPAN output includes Bridge
Protocol Data Unit (BPDU) Spanning-Tree Protocol hello packets.
• When a SPAN session contains source ports that are monitored in the transmit or transmit and
receive direction, packets that these ports receive may be replicated to the SPAN destination port
even though the packets are not actually transmitted on the source ports. Some examples of this
behavior on source ports include:
– Traffic that results from flooding
– Broadcast and multicast traffic
• For VLAN SPAN sessions with both ingress and egress configured, two packets (one from ingress
and one from egress) are forwarded from the destination port if the packets get switched on the same
VLAN.
• VLAN SPAN monitors only the traffic that leaves or enters Layer 2 ports in the VLAN.
• You can monitor the inband interface only from the default VDC. Inband traffic from all VDCs is
monitored.
• You can configure an RSPAN VLAN for use only as a SPAN session source.
• You can configure a SPAN session on the local device only.
• Multiple SPAN destinations are not supported when an F1 Series module is present in a VDC. If
multiple SPAN destinations are configured in a SPAN session, the session is disabled until the F1
Series module is powered down or moved to another VDC or the multiple SPAN destinations are
reduced to a single destination.
• A maximum of two bidirectional sessions are supported when an F1 Series module is present in a
VDC.
• A FabricPath core port is not supported as a SPAN destination when an F1 Series module is present
in a VDC. However, a FabricPath core port can be configured as a SPAN source interface.
• F1 Series modules are Layer 2 domain line cards. Packets from Layer 3 sources can be spanned and
directed to an F1 Series module SPAN destination. An F1 Series module interface cannot be
configured as Layer 3, but it can receive Layer 3 traffic in a SPAN destination mode.
• When using SPAN sessions on F1 Series modules, ensure that the total amount of source traffic in
a given session is less than or equal to the capacity of the SPAN destination interface or port channel
for that session. If the SPAN source traffic exceeds the capacity of the SPAN destination, packet
drops might occur on the SPAN source interfaces.
• If you span a core interface when inter-VLAN routing is enabled across L2MP, it is not possible to
capture the traffic egressing out of the core interface.
• Beginning with Cisco NX-OS Release 5.2, the Cisco Nexus 2000 Series Fabric Extender interfaces
and the fabric port channels connected to the Cisco Nexus 2000 Series Fabric Extender can be
configured as SPAN sources. However, they cannot be configured as SPAN destinations.
Note SPAN on Fabric Extender interfaces and fabric port channels is supported on the 32-port,
10-Gigabit M1 and M1 XL modules (N7K-M132XP-12 and N7K-M132XP-12L). SPAN
runs on the Cisco Nexus 7000 Series device, not on the Fabric Extender.
• SPAN is supported on Fabric Extender interfaces in Layer 2 access mode, Layer 2 trunk mode, and
Layer 3 mode. Layer 3 subinterfaces are not supported.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18-282 OL-20635-03
Chapter 18 Configuring SPAN
Default Settings
• If a port channel is the SPAN destination interface for SPAN traffic that is sourced from a Cisco
Nexus 7000 M1 Series module, only a single member interface will receive copied source packets.
The same limitation does not apply to SPAN traffic sourced from other Cisco Nexux modules,
including the Cisco Nexus 7000 M1-XL Series modules.
• Cisco NX-OS does not span Link Layer Discovery Protocol (LLDP) or Link Aggregation Control
Protocol (LACP) packets when the source interface is a Fabric Extender HIF (downlink) port or HIF
port channel.
• SPAN sessions cannot capture packets with broadcast or multicast MAC addresses that reach the
supervisor, such as ARP requests and Open Shortest Path First (OSPF) protocol hello packets, if the
source of the session is the supervisor ethernet in-band interface. To capture these packets, you must
use the physical interface as the source in the SPAN sessions.
• The rate limit percentage of a SPAN session is based on 10G for all modules (that is, 1% corresponds
to 0.1G), and the value is applied per every forwarding engine instance.
• MTU truncation and the SPAN rate limit are supported only on F1 Series modules.
Note MTU truncation and the SPAN rate limit cannot be enabled for the same SPAN session. If
you configure both for one session, only the rate limit is allowed on F1 Series modules, and
MTU truncation is disabled until you disable the rate limit configuration.
• MTU truncation on egress spanned FabricPath (core) packets is 16 bytes less than the configured
value because the SPAN destination removes the core header. In addition, when trunk ports are used
as the SPAN destination, the spanned ingress packets have 4 more bytes than the configured MTU
truncation size.
• For certain rate limit and packet size values, the SPAN packet rate is less than the configured value
because of the internal accounting of packet sizes and internal headers.
• Multicast best effort mode applies only to M1 Series modules.
• SPAN does not capture pause frames in a Fibre Channel over Ethernet (FCoE) network because
pause frames sent from the virtual expansion (VE) port are generated and terminated by the
outermost MAC layer. For more information on FCoE, see the Cisco NX-OS FCoE Configuration
Guide for Cisco Nexus 7000 and Cisco MDS 9500.
Default Settings
Table 18-1 lists the default settings for SPAN parameters.
Parameters Default
SPAN sessions Created in the shut state
MTU truncation Disabled
Multicast best effort mode Disabled
SPAN rate limit Disabled
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 18-283
Chapter 18 Configuring SPAN
Configuring SPAN
Configuring SPAN
This section includes the following topics:
• Configuring a SPAN Session, page 18-284
• Configuring a Virtual SPAN Session, page 18-287
• Configuring an RSPAN VLAN, page 18-290
• Shutting Down or Resuming a SPAN Session, page 18-291
• Configuring MTU Truncation for Each SPAN Session, page 18-292
• Configuring a Source Rate Limit for Each SPAN Session, page 18-294
• Configuring the Multicast Best Effort Mode for a SPAN Session, page 18-296
Note Cisco NX-OS commands for this feature may differ from those in Cisco IOS.
Note To use a Layer 3 port-channel sub-interface or a normal Layer 3 sub-interface as a SPAN source in the
monitor session, configure the VLAN filter on the parent Layer 3 Port channel or Layer 3 interface with
the same VLAN as the IEEE 802.1q VLAN encapsulation that is configured on the sub-interface. The
VLAN filter configured on the parent interface as source will ensure that the monitored traffic on the
SPAN destination port will be only for the VLANs that are configured.
When you specify the supervisor inband interface for a SPAN source, the device monitors all packets
that arrive on the supervisor hardware (ingress) and all packets generated by the supervisor hardware
(egress).
For destination ports, you can specify Ethernet ports or port-channels in either access or trunk mode.
You must enable monitor mode on all destination ports.
Make sure that you are in the correct VDC. To switch VDCs, use the switchto vdc command.
You must have already configured the destination ports in access or trunk mode. For more information,
see the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x.
SUMMARY STEPS
1. config t
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18-284 OL-20635-03
Chapter 18 Configuring SPAN
Configuring SPAN
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
switch(config)#
Step 2 interface ethernet slot/port[-port] Enters interface configuration mode on the selected
slot and port or range of ports.
Example:
switch(config)# interface ethernet 2/5
switch(config-if)#
Step 3 switchport Configures switchport parameters for the selected
slot and port or range of ports.
Example:
switch(config-if)# switchport
switch(config-if)#
Step 4 switchport mode [access | trunk | Configures the switchport mode for the selected slot
private-vlan] and port or range of ports.
Example: • access
switch(config-if)# switchport mode trunk
switch(config-if)# • trunk
• private-vlan
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 18-285
Chapter 18 Configuring SPAN
Configuring SPAN
Command Purpose
Step 5 switchport monitor [ingress [learning]] Configures the switchport interface as a SPAN
destination:
Example:
switch(config-if)# switchport monitor • ingress
Allows the SPAN destination port to inject
packets that disrupt a certain TCP packet
stream, for example, in networks with IDS.
• ingress learning
Allows the SPAN destination port to inject
packets, and allows the learning of MAC
addresses, for example, the IDS MAC address.
Step 6 (Optional) Repeat Steps 2 and 3 to configure —
monitoring on additional SPAN destinations.
Step 7 no monitor session session-number Clears the configuration of the specified SPAN
session. The new session configuration is added to
Example:
switch(config)# no monitor session 3
the existing session configuration.
Step 8 monitor session session-number Enters the monitor configuration mode. The new
session configuration is added to the existing session
Example:
switch(config)# monitor session 3
configuration. By default, the session is created in
switch(config-monitor)# the shut state.
Step 9 description description Configures a description for the session. By default,
no description is defined. The description can be up
Example:
switch(config-monitor)# description
to 32 alphanumeric characters.
my_span_session_3
Step 10 source {interface type | vlan Configures sources and the traffic direction in which
{1-3967,4048-4093}} [rx | tx | both] to copy packets. You can enter a range of Ethernet
Example 1:
ports, a port channel, an inband interface, a range of
switch(config-monitor)# source interface VLANs, a Cisco Nexus 2000 Series Fabric Extender
ethernet 2/1-3, ethernet 3/1 rx interface, or a fabric port channel connected to a
Cisco Nexus 2000 Series Fabric Extender.
Example 2:
switch(config-monitor)# source interface You can configure one or more sources, as either a
port-channel 2 series of comma-separated entries or a range of
numbers. You can specify up to 128 interfaces. The
Example 3:
VLAN range is from 1 to 3967 and 4048 to 4093.
switch(config-monitor)# source interface
sup-eth 0 both You can specify the traffic direction to copy as
ingress (tx), egress (tx), or both. By default, the
Example 4:
switch(config-monitor)# source vlan 3, 6-8
direction is both.
tx Note You can monitor the inband interface only
from the default VDC. The inband traffic
Example 5:
switch(config-monitor)# source interface from all VDCs is monitored.
ethernet 101/1/1-3
Step 11 (Optional) Repeat Step 8 to configure all SPAN —
sources.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18-286 OL-20635-03
Chapter 18 Configuring SPAN
Configuring SPAN
Command Purpose
Step 12 filter vlan {number | range} (Optional) Configures which VLANs to select from
the configured sources. You can configure one or
Example:
switch(config-monitor)# filter vlan 3-5, 7
more VLANs, as either a series of comma-separated
entries, or a range of numbers. The VLAN range is
from 1 to 3967 and 4048 to 4093.
Step 13 (Optional) Repeat Step 10 to configure all source —
VLANs to filter.
Step 14 destination interface type {number | Configures destinations for copied source packets.
range} You can configure one or more destinations, as
Example:
either a series of comma-separated entries or a range
switch(config-monitor)# destination of numbers. You can specify up to 128 interfaces.
interface ethernet 2/5, ethernet 3/7
Note SPAN destination ports must be either
access or trunk ports.
Example:
switch(config-monitor)# show monitor
session 3
Step 18 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config-monitor)# copy
running-config startup-config
Ensure that you are in the correct VDC (or use the switchto vdc command).
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 18-287
Chapter 18 Configuring SPAN
Configuring SPAN
You have already configured the destination ports in trunk mode. For more information, see the Cisco
Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x.
You have already configured the destination ports to monitor a SPAN session with the switchport
monitor command.
SUMMARY STEPS
1. config t
2. no monitor session session-number
3. monitor session session-number
4. source {interface type | vlan} {number | range} [rx | tx | both]
5. (Optional) Repeat Step 4 to configure all virtual SPAN VLAN sources.
6. destination interface type {number | range}
7. (Optional) Repeat Step 6 to configure all virtual SPAN destination ports.
8. no shut
9. (Optional) show monitor session {all | session-number | range session-range} [brief]
10. interface ethernet slot/port[-port]
11. switchport trunk allowed vlan {{number | range} | add {number | range} | except {number |
range} | remove {number | range} | all | none}
12. (Optional) Repeat Steps 10 and 11 to configure the allowed VLANs on each destination port.
13. (Optional) show interface ethernet slot/port[-port] trunk
14. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
switch(config)#
Step 2 no monitor session session-number Clears the configuration of the specified SPAN
session. New session configuration is added to the
Example:
switch(config)# no monitor session 3
existing session configuration.
Step 3 monitor session session-number Enters the monitor configuration mode. A new
session configuration is added to the existing session
Example:
switch(config)# monitor session 3
configuration.
switch(config-monitor)#
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18-288 OL-20635-03
Chapter 18 Configuring SPAN
Configuring SPAN
Command Purpose
Step 4 source {interface type | vlan} {number | Configures sources and the traffic direction in which
range} [rx | tx | both] to copy packets. You can configure one or more
Example:
sources, as either a series of comma-separated
switch(config-monitor)# source vlan 3, 6-8 entries, or a range of numbers. You can specify up to
tx 128 interfaces. The VLAN range is from 1 to 3967
and 4048 to 4093.
You can specify the traffic direction to copy as
ingress (tx), egress (tx), or both. By default, the
direction is both.
Step 5 (Optional) Repeat Step 4 to configure all virtual —
SPAN source VLANs.
Step 6 destination interface type {number | Configures destinations for copied source packets.
range} You can configure one or more interfaces, as either
Example:
a series of comma-separated entries, or a range of
switch(config-monitor)# destination numbers. The allowable range is from 1 to 128.
interface ethernet 2/5, ethernet 3/7
Note Configure destination ports as trunk ports.
For more information, see the Cisco Nexus
7000 Series NX-OS Interfaces Configuration
Guide, Release 5.x.
Step 7 (Optional) Repeat Step 6 to configure all virtual —
SPAN destination ports.
Step 8 no shut Enables the SPAN session. By default, the session is
created in the shut state.
Example:
switch(config-monitor)# no shut Note Only two SPAN sessions can be running
simultaneously.
Step 9 show monitor session {all | session-number (Optional) Displays the virtual SPAN configuration.
| range session-range} [brief]
Example:
switch(config-monitor)# show monitor
session 3
Step 10 interface ethernet slot/port[-port] Enters interface configuration mode on the selected
slot and port or range of ports.
Example:
switch(config)# interface ethernet 2/5
switch(config-if)#
Step 11 switchport trunk allowed vlan {{number | Configures the range of VLANS that are allowed on
range} | add {number | range} | except the interface. You can add to or remove from the
{number | range} | remove {number | range}
| all | none}
existing VLANs, you can select all VLANs except
those VLANs that you specify, or you can select all
Example: or none of the VLANs. By default, all VLANs are
switch(config-if)# switchport trunk allowed on the interface.
allowed vlan 3-5
You can configure one or more VLANs, as either a
series of comma-separated entries, or a range of
numbers. The VLAN range is from 1 to 3967 and
4048 to 4093.
Step 12 (Optional) Repeat Steps 10 and 11 to configure —
the allowed VLANs on each destination port.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 18-289
Chapter 18 Configuring SPAN
Configuring SPAN
Command Purpose
Step 13 show interface ethernet slot/port[-port] (Optional) Displays the interface trunking
trunk configuration for the selected slot and port or range
Example:
of ports.
switch(config-if)# show interface ethernet
2/5 trunk
Step 14 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config-if)# copy running-config
startup-config
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1. config t
2. vlan vlan
3. remote-span
4. exit
5. (Optional) show vlan
6. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
switch(config)#
Step 2 vlan vlan Enters VLAN configuration mode for the VLAN
specified.
Example:
switch(config)# vlan 901
switch(config-vlan)#
Step 3 remote-span Configures the VLAN as an RSPAN VLAN.
Example:
switch(config-vlan)# remote-span
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18-290 OL-20635-03
Chapter 18 Configuring SPAN
Configuring SPAN
Command Purpose
Step 4 exit Exits VLAN configuration mode.
Example:
switch(config-vlan)# exit
switch(config)#
Step 5 show vlan (Optional) Displays the VLAN configuration.
Remote SPAN VLANs are listed together.
Example:
switch(config)# show vlan
Step 6 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config)# copy running-config
startup-config
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1. config t
2. monitor session {session-range | all} shut
3. no monitor session {session-range | all} shut
4. monitor session session-number
5. shut
6. no shut
7. (Optional) show monitor
8. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 18-291
Chapter 18 Configuring SPAN
Configuring SPAN
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
switch(config)#
Step 2 monitor session {session-range | all} shut Shuts down the specified SPAN sessions. The
session ranges from 1 to 48. By default, sessions are
Example:
switch(config)# monitor session 3 shut
created in the shut state. Only two sessions can be
running at a time.
Step 3 no monitor session {session-range | all} Resumes (enables) the specified SPAN sessions. The
shut session ranges from 1 to 48. By default, sessions are
Example:
created in the shut state. Only two sessions can be
switch(config)# no monitor session 3 shut running at a time.
Note If a monitor session is enabled but its
operational status is down, then to enable the
session, you must first specify the monitor
session shut command followed by the no
monitor session shut command.
Step 4 monitor session session-number Enters the monitor configuration mode. The new
session configuration is added to the existing session
Example:
switch(config)# monitor session 3
configuration.
switch(config-monitor)#
Step 5 shut Shuts down the SPAN session. By default, the
session is created in the shut state.
Example:
switch(config-monitor)# shut
Step 6 no shut Enables the SPAN session. By default, the session is
created in the shut state.
Example:
switch(config-monitor)# no shut Note Only two SPAN sessions can be running
simultaneously.
Step 7 show monitor (Optional) Displays the status of SPAN sessions.
Example:
switch(config-monitor)# show monitor
Step 8 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config-monitor)# copy
running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18-292 OL-20635-03
Chapter 18 Configuring SPAN
Configuring SPAN
Note MTU truncation and the SPAN rate limit cannot be enabled for the same SPAN session. If you configure
both for one session, only the rate limit is allowed on F1 Series modules, and MTU truncation is disabled
until you disable the rate limit configuration.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 18-293
Chapter 18 Configuring SPAN
Configuring SPAN
SUMMARY STEPS
1. config t
2. monitor session session-number
3. [no] mtu mtu
4. (Optional) show monitor session-number
5. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
switch(config)#
Step 2 monitor session session-number Enters the monitor configuration mode and specifies
the SPAN session for which the MTU truncation size
Example:
switch(config)# monitor session 3
is to be configured.
switch(config-monitor)#
Step 3 [no] mtu mtu Configures the MTU truncation size for packets in
the specified SPAN session. The range is from 64 to
Example:
switch(config-monitor)# mtu 64
1500 bytes.
Step 4 show monitor session session-number (Optional) Displays the status of SPAN sessions,
including the configuration status of MTU
Example:
switch(config-monitor)# show monitor
truncation, the maximum bytes allowed for each
session 3 packet per session, and the modules on which MTU
truncation is and is not supported.
Step 5 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config-monitor)# copy
running-config startup-config
Note MTU truncation and the SPAN rate limit cannot be enabled for the same SPAN session. If you configure
both for one session, only the rate limit is allowed on F1 Series modules, and MTU truncation is disabled
until you disable the rate limit configuration.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18-294 OL-20635-03
Chapter 18 Configuring SPAN
Configuring SPAN
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1. config t
2. monitor session session-number
3. [no] rate-limit {auto | rate-limit}
4. (Optional) show monitor session-number
5. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
switch(config)#
Step 2 monitor session session-number Enters the monitor configuration mode and specifies
the SPAN session for which the source rate limit is
Example:
switch(config)# monitor session 3
to be configured.
switch(config-monitor)#
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 18-295
Chapter 18 Configuring SPAN
Configuring SPAN
Command Purpose
Step 3 [no] rate-limit {auto | rate-limit} Configures the source rate limit for SPAN packets in
the specified SPAN session in automatic or manual
Example:
switch(config-monitor)# rate-limit auto
mode:
• Auto mode—Automatically calculates the rate
limit on a per-gigabyte basis as follows:
destination bandwidth / aggregate source
bandwidth. For example, if the rate limit per
gigabyte is 0.5, then for every 1G of source
traffic, only 0.5G of packets are spanned.
For ingress traffic, the per-gigabyte limit is
applied to each forwarding engine of the F1
Series module based on how many ports are
used as the SPAN source so that source can be
spanned at the maximum available bandwidth.
For egress traffic, the per-gigabyte limit is
applied to each forwarding engine of the F1
Series module without considering how many
ports are used as the SPAN source.
• Manual mode—Specifies the percentage of the
maximum rate of SPAN packets that can be sent
out from each forwarding engine on a line card.
The range is from 1 to 100. For example, if the
rate limit is 10%, the maximum rate of SPAN
packets that can be sent out from each of the
forwarding engines on an F1 Series module is
1G (or 10% of the 10G line rate).
Step 4 show monitor session session-number (Optional) Displays the status of SPAN sessions,
including the configuration status of the rate limit,
Example:
switch(config-monitor)# show monitor
the percentage of the maximum SPAN rate allowed
session 3 per session, and the modules on which the rate limit
is and is not supported.
Step 5 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config-monitor)# copy
running-config startup-config
Ensure that you are in the correct VDC (or use the switchto vdc command).
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18-296 OL-20635-03
Chapter 18 Configuring SPAN
Verifying the SPAN Configuration
SUMMARY STEPS
1. config t
2. monitor session session-number
3. [no] multicast best-effort
4. (Optional) show monitor session-number
5. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
switch(config)#
Step 2 monitor session session-number Enters the monitor configuration mode and specifies
the SPAN session for which the multicast best effort
Example:
switch(config)# monitor session 3
mode is to be configured.
switch(config-monitor)#
Step 3 [no] multicast best-effort Configures the multicast best effort mode for the
specified SPAN session.
Example:
switch(config-monitor)# multicast
best-effort
Step 4 show monitor session session-number (Optional) Displays the status of SPAN sessions,
including the configuration status of the multicast
Example:
switch(config-monitor)# show monitor
best effort mode and the modules on which the best
session 3 effort mode is and is not supported.
Step 5 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config-monitor)# copy
running-config startup-config
Command Purpose
show monitor session {all | session-number | Displays the SPAN session configuration.
range session-range} [brief]
For detailed information about the fields in the output from these commands, see the Cisco Nexus 7000
Series NX-OS System Management Command Reference.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 18-297
Chapter 18 Configuring SPAN
Configuration Examples for SPAN
Step 1 Configure destination ports in access or trunk mode, and enable SPAN monitoring.
switch# config t
switch(config)# interface ethernet 2/5
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
switch(config-if)# switchport monitor
switch(config-if)# no shut
switch(config-if)# exit
switch(config)#
Step 1 Configure destination ports in access or trunk mode, and enable SPAN monitoring.
switch# config t
switch(config)# interface ethernet 3/1
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
switch(config-if)# switchport trunk allowed vlan add 100-200
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18-298 OL-20635-03
Chapter 18 Configuring SPAN
Configuration Examples for SPAN
Step 2 Configure destination ports in access or trunk mode, and enable SPAN monitoring.
switch# config t
switch(config)# interface ethernet 3/3
switch(config-if)# switchport
switch(config-if)# switchport mode trunk
switch(config-if)# switchport trunk allowed vlan add 100-200
switch(config-if)# switchport monitor
switch(config-if)# no shut
switch(config-if)# exit
switch(config)#
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 18-299
Chapter 18 Configuring SPAN
Additional References
Additional References
For additional information related to implementing SPAN, see the following sections:
• Related Documents, page 18-300
• Standards, page 18-300
Related Documents
Related Topic Document Title
VDCs Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x
Fabric Extender Configuring the Cisco Nexus 2000 Series Fabric Extender
SPAN commands: complete command syntax, Cisco Nexus 7000 Series NX-OS System Management Command
command modes, command history, defaults, usage Reference
guidelines, and examples
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18-300 OL-20635-03
Chapter 18 Configuring SPAN
Feature History for SPAN
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 18-301
Chapter 18 Configuring SPAN
Feature History for SPAN
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
18-302 OL-20635-03
Send document comments to [email protected].
CHAPTER 19
Configuring ERSPAN
This chapter describes how to configure an encapsulated remote switched port analyzer (ERSPAN) to
transport mirrored traffic in an IP network on Cisco NX-OS devices.
This chapter includes the following sections:
• Information About ERSPAN, page 19-303
• Licensing Requirements for ERSPAN, page 19-306
• Prerequisites for ERSPAN, page 19-306
• Guidelines and Limitations, page 19-306
• Default Settings, page 19-308
• Configuring ERSPAN, page 19-308
• Verifying the ERSPAN Configuration, page 19-317
• Configuration Examples for ERSPAN, page 19-317
• Additional References, page 19-319
• Feature History for ERSPAN, page 19-320
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 19-303
Chapter 19 Configuring ERSPAN
Information About ERSPAN
ERSPAN Sources
The interfaces from which traffic can be monitored are called ERSPAN sources. Sources designate the
traffic to monitor and whether to copy ingress, egress, or both directions of traffic. ERSPAN sources
include the following:
• Ethernet ports and port channels
• The inband interface to the control plane CPU—You can monitor the inband interface only from the
default VDC. Inband traffic from all VDCs is monitored.
• VLANs—When a VLAN is specified as an ERSPAN source, all supported interfaces in the VLAN
are ERSPAN sources.
• Fabric port channels connected to the Cisco Nexus 2000 Series Fabric Extender
• Satellite ports and host interface port channels on the Cisco Nexus 2000 Series Fabric Extender—
These interfaces are supported in Layer 2 access mode, Layer 2 trunk mode, and Layer 3 mode.
Note A single ERSPAN session can include mixed sources in any combination of the above.
ERSPAN Destinations
Destination ports receive the copied traffic from ERSPAN sources.
ERSPAN destination ports have the following characteristics:
• Destinations for an ERSPAN session include Ethernet ports or port-channel interfaces in either
access or trunk mode.
• A port configured as a destination port cannot also be configured as a source port.
• A destination port can be configured in only one ERSPAN session at a time.
• Destination ports do not participate in any spanning tree instance or any Layer 3 protocols.
• Ingress and ingress learning options are not supported on monitor destination ports.
• F1 Series module core ports, Fabric Extender HIF ports, HIF port channels, and Fabric PO ports are
not supported as SPAN destination ports.
ERSPAN Sessions
You can create ERSPAN sessions that designate sources and destinations to monitor.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
19-304 OL-20635-03
Chapter 19 Configuring ERSPAN
Information About ERSPAN
Note Only two ERSPAN or SPAN source sessions can run simultaneously across all VDCs. Only 23 ERSPAN
destination sessions can run simultaneously across all VDCs.
Destination switch
Switch D
(data center)
Routed D1 D2
GRE-encapsulated
traffic Probe
Routed
Network
Routed
Routed GRE-encapsulated
GRE-encapsulated traffic
traffic
A3 B4
Source switch(es)
Switch A Switch B
(access)
A1 A2 B1 B2 B3
199755
Multiple ERSPAN Sessions
Although you can define up to 48 ERSPAN sessions, only two ERSPAN or SPAN sessions can be
running simultaneously. You can shut down an unused ERSPAN session.
For information about shutting down ERSPAN sessions, see the “Shutting Down or Activating an
ERSPAN Session” section on page 19-314.
High Availability
The ERSPAN feature supports stateless and stateful restarts. After a reboot or supervisor switchover, the
running configuration is applied.
For more information on high availability, see the Cisco Nexus 7000 Series NX-OS High Availability and
Redundancy Guide, Release 5.x.
Virtualization Support
A virtual device context (VDC) is a logical representation of a set of system resources. ERSPAN applies
only to the VDC where the commands are entered.
Note You can monitor the inband interface only from the default VDC. Inband traffic from all VDCs is
monitored.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 19-305
Chapter 19 Configuring ERSPAN
Licensing Requirements for ERSPAN
For information about configuring VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device
Context Configuration Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
19-306 OL-20635-03
Chapter 19 Configuring ERSPAN
Guidelines and Limitations
• ERSPAN and ERSPAN ACL sessions are terminated identically at the destination router.
• ERSPAN is not supported for management ports.
• A destination port can be configured in only one ERSPAN session at a time.
• You cannot configure a port as both a source and destination port.
• A single ERSPAN session can include mixed sources in any combination of the following:
– Ethernet ports or port channels but not subinterfaces
– VLANs or port channels, which can be assigned to port channel subinterfaces
– The inband interface or port channels to the control plane CPU
Note ERSPAN does not monitor any packets that are generated by the supervisor, regardless of
their source.
• Destination ports do not participate in any spanning tree instance or Layer 3 protocols.
• When an ERSPAN session contains source ports that are monitored in the transmit or transmit and
receive direction, packets that these ports receive may be replicated to the ERSPAN destination port
even though the packets are not actually transmitted on the source ports. Some examples of this
behavior on source ports include:
– Traffic that results from flooding
– Broadcast and multicast traffic
• For VLAN ERSPAN sessions with both ingress and egress configured, two packets (one from
ingress and one from egress) are forwarded from the destination port if the packets get switched on
the same VLAN.
• VLAN ERSPAN monitors only the traffic that leaves or enters Layer 2 ports in the VLAN.
• You can monitor the inband interface only from the default VDC. Inband traffic from all VDCs is
monitored.
• Beginning with Cisco NX-OS Release 5.2, the Cisco Nexus 2000 Series Fabric Extender interfaces
and the fabric port channels connected to the Cisco Nexus 2000 Series Fabric Extender can be
configured as ERSPAN sources. However, they cannot be configured as ERSPAN destinations.
Note ERSPAN on Fabric Extender interfaces and fabric port channels is supported on the 32-port,
10-Gigabit M1 and M1 XL modules (N7K-M132XP-12 and N7K-M132XP-12L). ERSPAN
runs on the Cisco Nexus 7000 Series device, not on the Fabric Extender.
• ERSPAN is supported on Fabric Extender interfaces in Layer 2 access mode, Layer 2 trunk mode,
and Layer 3 mode. Layer 3 subinterfaces are not supported.
• Multicast best effort mode applies only to M1 Series modules.
• If ERSPAN is enabled on a vPC and ERSPAN packets need to be routed to the destination through
the vPC, packets coming through the vPC peer-link cannot be captured.
• ERSPAN ACLs are not supported for use with OTV.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 19-307
Chapter 19 Configuring ERSPAN
Default Settings
Default Settings
Table 19-1 lists the default settings for ERSPAN parameters.
Parameters Default
ERSPAN sessions Created in the shut state
Multicast best effort mode Disabled
Configuring ERSPAN
This section includes the following topics:
• Configuring an ERSPAN Source Session, page 19-308
• Configuring an ERSPAN Destination Session, page 19-311
• Shutting Down or Activating an ERSPAN Session, page 19-314
• Configuring the Multicast Best Effort Mode for an ERSPAN Session, page 19-316
Note ERSPAN does not monitor any packets that are generated by the supervisor, regardless of their source.
Ensure that you are in the correct VDC. To switch VDCs, use the switchto vdc command. For more
information, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide,
Release 5.x.
SUMMARY STEPS
1. config t
2. monitor erspan origin ip-address ip-address global
3. no monitor session {session-number | all}
4. monitor session {session-number | all} type erspan-source
5. description description
6. source {[interface [type slot/port[-port][, type slot/port[-port]]] [port-channel channel-number] |
[vlan {number | range}]} [rx | tx | both]
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
19-308 OL-20635-03
Chapter 19 Configuring ERSPAN
Configuring ERSPAN
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
switch(config)#
Step 2 monitor erspan origin ip-address Configures the ERSPAN global origin IP address.
ip-address global
Note The global origin IP address can be
Example: configured only in the default VDC. The
switch(config)# monitor erspan origin value that is configured in the default VDC
ip-address 10.0.0.1 global
is valid across all VDCs. Any change made
in the default VDC is applied across all
nondefault VDCs.
Step 3 no monitor session {session-number | all} Clears the configuration of the specified ERSPAN
session. The new session configuration is added to
Example:
switch(config)# no monitor session 3
the existing session configuration.
Step 4 monitor session {session-number | all} Configures an ERSPAN source session.
type erspan-source
Example:
switch(config)# monitor session 3 type
erspan-source
switch(config-erspan-src)#
Step 5 description description Configures a description for the session. By default,
no description is defined. The description can be up
Example:
switch(config-erspan-src)# description
to 32 alphanumeric characters.
erspan_src_session_3
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 19-309
Chapter 19 Configuring ERSPAN
Configuring ERSPAN
Command Purpose
Step 6 source {[interface [type Configures the sources and traffic direction in which
slot/port[-port][, type slot/port[-port]]] to copy packets. You can enter a range of Ethernet
[port-channel channel-number]] | [vlan
{number | range}]} [rx | tx | both]
ports, a port channel, an inband interface, a range of
VLANs, a Cisco Nexus 2000 Series Fabric Extender
Example 1: interface, or a fabric port channel connected to a
switch(config-erspan-src)# source Cisco Nexus 2000 Series Fabric Extender.
interface ethernet 2/1-3, ethernet 3/1 rx
You can configure one or more sources, as either a
Example 2: series of comma-separated entries or a range of
switch(config-erspan-src)# source numbers. You can specify up to 128 interfaces. For
interface port-channel 2
information on the VLAN range, see the Cisco
Example 3: Nexus 7000 Series NX-OS Layer 2 Switching
switch(config-erspan-src)# source Configuration Guide, Release 5.x.
interface sup-eth 0 both
You can specify the traffic direction to copy as
Example 4: ingress, egress, or both. The default direction is
switch(config-erspan-src)# source vlan 3, both.
6-8 tx
Note You can monitor the inband interface only
Example 5: from the default VDC. The inband traffic
switch(config-monitor)# source interface from all VDCs is monitored.
ethernet 101/1/1-3
Step 7 (Optional) Repeat Step 6 to configure all —
ERSPAN sources.
Step 8 filter vlan {number | range} (Optional) Configures which VLANs to select from
the configured sources. You can configure one or
Example:
switch(config-erspan-src)# filter vlan
more VLANs, as either a series of comma-separated
3-5, 7 entries or a range of numbers. For information on the
VLAN range, see the Cisco Nexus 7000 Series
NX-OS Layer 2 Switching Configuration Guide,
Release 5.x.
Step 9 (Optional) Repeat Step 8 to configure all source —
VLANs to filter.
Step 10 filter access-group acl-filter (Optional) Associates an ACL with the ERSPAN
session.
Example:
switch(config-erspan-src)# filter Note You can create an ACL using the standard
access-group ACL1 ACL configuration process. For more
information, see the Cisco Nexus 7000
Series NX-OS Security Configuration Guide,
Release 5.x.
Step 11 destination ip ip-address Configures the destination IP address in the
ERSPAN session. Only one destination IP address is
Example:
switch(config-erspan-src)# destination ip
supported per ERSPAN source session.
10.1.1.1 Note The Cisco Nexus 2000 Series Fabric
Extender interfaces and the fabric port
channels connected to the Cisco Nexus 2000
Series Fabric Extender cannot be configured
as SPAN destinations.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
19-310 OL-20635-03
Chapter 19 Configuring ERSPAN
Configuring ERSPAN
Command Purpose
Step 12 erspan-id erspan-id Configures the ERSPAN ID for the ERSPAN
session. The ERSPAN range is from 1 to 1023.
Example:
switch(config-erspan-src)# erspan-id 5
Step 13 vrf vrf-name Configures the VRF that the ERSPAN source
session uses for traffic forwarding.
Example:
switch(config-erspan-src)# vrf default
Ensure that you are in the correct VDC (or use the switchto vdc command).
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 19-311
Chapter 19 Configuring ERSPAN
Configuring ERSPAN
Ensure that you have already configured the destination ports in monitor mode. For more information,
see the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, Release 5.x.
SUMMARY STEPS
1. config t
2. interface ethernet slot/port[-port]
3. switchport
4. switchport mode [access | trunk]
5. switchport monitor
6. (Optional) Repeat Steps 2 to 5 to configure monitoring on additional ERSPAN destinations.
7. no monitor session {session-number | all}
8. monitor session {session-number | all} type erspan-destination
9. description description
10. source ip ip-address
11. destination {[interface [type slot/port[-port][, type slot/port[-port]]] | [port-channel
channel-number]]}
12. (Optional) Repeat Step 11 to configure all ERSPAN destination ports.
13. erspan-id erspan-id
14. vrf vrf-name
15. no shut
16. (Optional) show monitor session {all | session-number | range session-range}
17. (Optional) show running-config monitor
18. (Optional) show startup-config monitor
19. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
switch(config)#
Step 2 interface ethernet slot/port[-port] Enters interface configuration mode on the selected
slot and port or range of ports.
Example:
switch(config)# interface ethernet 2/5
switch(config-if)#
Step 3 switchport Configures switchport parameters for the selected
slot and port or range of ports.
Example:
switch(config-if)# switchport
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
19-312 OL-20635-03
Chapter 19 Configuring ERSPAN
Configuring ERSPAN
Command Purpose
Step 4 switchport mode [access | trunk] Configures the following switchport modes for the
selected slot and port or range of ports:
Example:
switch(config-if)# switchport mode trunk • access
• trunk
Step 5 switchport monitor Configures the switchport interface as an ERSPAN
destination.
Example:
switch(config-if)# switchport monitor
Step 6 (Optional) Repeat Steps 2 to 5 to configure —
monitoring on additional ERSPAN destinations.
Step 7 no monitor session {session-number | all} Clears the configuration of the specified ERSPAN
session. The new session configuration is added to
Example:
switch(config-if)# no monitor session 3
the existing session configuration.
Step 8 monitor session {session-number | all} Configures an ERSPAN destination session.
type erspan-destination
Example:
switch(config-if)# monitor session 3 type
erspan-destination
switch(config-erspan-dst)#
Step 9 description description Configures a description for the session. By default,
no description is defined. The description can be up
Example:
switch(config-erspan-dst)# description
to 32 alphanumeric characters.
erspan_dst_session_3
Step 10 source ip ip-address Configures the source IP address in the ERSPAN
session. Only one source IP address is supported per
Example:
switch(config-erspan-dst)# source ip
ERSPAN destination session.
10.1.1.1
Step 11 destination {[interface [type Configures a destination for copied source packets.
slot/port[-port][, type slot/port[-port]]] You can configure one or more interfaces as a series
[port-channel channel-number]]}
of comma-separated entries.
Example: Note You can configure destination ports as trunk
switch(config-erspan-dst)# destination
ports. For more information, see the Cisco
interface ethernet 2/5, ethernet 3/7
Nexus 7000 Series NX-OS Interfaces
Configuration Guide, Release 5.x.
Step 12 (Optional) Repeat Step 11 to configure all —
ERSPAN destinations.
Step 13 erspan-id erspan-id Configures the ERSPAN ID for the ERSPAN
session. The range is from 1 to 1023.
Example:
switch(config-erspan-dst)# erspan-id 5
Step 14 vrf vrf-name Configures the VRF that the ERSPAN destination
session uses for traffic forwarding.
Example:
switch(config-erspan-dst)# vrf default
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 19-313
Chapter 19 Configuring ERSPAN
Configuring ERSPAN
Command Purpose
Step 15 no shut Enables the ERSPAN destination session. By
default, the session is created in the shut state.
Example:
switch(config)# no shut Note Only 23 ERSPAN destination sessions
across VDCs can be running simultaneously.
Step 16 show monitor session {all | session-number (Optional) Displays the ERSPAN session
| range session-range} configuration.
Example:
switch(config)# show monitor session 3
Step 17 show running-config monitor (Optional) Displays the running ERSPAN
configuration.
Example:
switch(config)# show running-config
monitor
Step 18 show startup-config monitor (Optional) Displays the ERSPAN startup
configuration.
Example:
switch(config)# show startup-config
monitor
Step 19 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config)# copy running-config
startup-config
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1. config t
2. monitor session {session-range | all} shut
3. no monitor session {session-range | all} shut
4. monitor session session-number type erspan-source
5. monitor session session-number type erspan-destination
6. shut
7. no shut
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
19-314 OL-20635-03
Chapter 19 Configuring ERSPAN
Configuring ERSPAN
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
switch(config)#
Step 2 monitor session {session-range | all} shut Shuts down the specified ERSPAN sessions. The
session range is from 1 to 48. By default, sessions
Example:
switch(config)# monitor session 3 shut
are created in the shut state. Only two sessions can
be running at a time.
Step 3 no monitor session {session-range | all} Resumes (enables) the specified ERSPAN sessions.
shut The session range is from 1 to 48. By default,
Example:
sessions are created in the shut state. Only two
switch(config)# no monitor session 3 shut sessions can be running at a time.
Note If a monitor session is enabled but its
operational status is down, then to enable the
session, you must first specify the monitor
session shut command followed by the no
monitor session shut command.
Step 4 monitor session session-number type Enters the monitor configuration mode for the
erspan-source ERSPAN source type. The new session
Example:
configuration is added to the existing session
switch(config)# monitor session 3 type configuration.
erspan-source
switch(config-erspan-src)#
Step 5 monitor session session-number type Enters the monitor configuration mode for the
erspan-destination ERSPAN destination type.
Example:
switch(config-erspan-src)# monitor session
3 type erspan-destination
Step 6 shut Shuts down the ERSPAN session. By default, the
session is created in the shut state.
Example:
switch(config-erspan-src)# shut
Step 7 no shut Enables the ERSPAN session. By default, the
session is created in the shut state.
Example:
switch(config-erspan-src)# no shut Note Only two ERSPAN sessions can be running
simultaneously.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 19-315
Chapter 19 Configuring ERSPAN
Configuring ERSPAN
Command Purpose
Step 8 show monitor session all (Optional) Displays the status of ERSPAN sessions.
Example:
switch(config-erspan-src)# show monitor
session all
Step 9 show running-config monitor (Optional) Displays the ERSPAN running
configuration.
Example:
switch(config-erspan-src)# show
running-config monitor
Step 10 show startup-config monitor (Optional) Displays the ERSPAN startup
configuration.
Example:
switch(config-erspan-src)# show
startup-config monitor
Step 11 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config-erspan-src)# copy
running-config startup-config
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1. config t
2. monitor session session-number
3. [no] multicast best-effort
4. (Optional) show monitor session-number
5. (Optional) copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
19-316 OL-20635-03
Chapter 19 Configuring ERSPAN
Verifying the ERSPAN Configuration
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
switch(config)#
Step 2 monitor session session-number Enters the monitor configuration mode and specifies
the ERSPAN session for which the multicast best
Example:
switch(config)# monitor session 3
effort mode is to be configured.
switch(config-monitor)#
Step 3 [no] multicast best-effort Configures the multicast best effort mode for the
specified ERSPAN session.
Example:
switch(config-monitor)# multicast
best-effort
Step 4 show monitor session session-number (Optional) Displays the status of ERSPAN sessions,
including the configuration status of the multicast
Example:
switch(config-monitor)# show monitor
best effort mode and the modules on which the best
session 3 effort mode is and is not supported.
Step 5 copy running-config startup-config (Optional) Copies the running configuration to the
startup configuration.
Example:
switch(config-monitor)# copy
running-config startup-config
Command Purpose
show monitor session {all | session-number | Displays the ERSPAN session configuration.
range session-range}
show running-config monitor Displays the running ERSPAN configuration.
show startup-config monitor Displays the ERSPAN startup configuration.
For detailed information about the fields in the output from these commands, see the Cisco Nexus 7000
Series NX-OS System Management Command Reference.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 19-317
Chapter 19 Configuring ERSPAN
Configuration Examples for ERSPAN
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
19-318 OL-20635-03
Chapter 19 Configuring ERSPAN
Additional References
Configuration Example for ERSPAN Using the Multicast Best Effort Mode
This example shows how to configure the multicast best effort mode for an ERSPAN session:
switch# config t
switch(config)# monitor session 1
switch(config-monitor)# multicast best-effort
switch(config-monitor)# show monitor session 1
Additional References
For additional information related to implementing ERSPAN, see the following sections:
• Related Documents, page 19-319
• Standards, page 19-319
Related Documents
Related Topic Document Title
VDCs Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x
Fabric Extender Configuring the Cisco Nexus 2000 Series Fabric Extender
ERSPAN commands: complete command syntax, Cisco Nexus 7000 Series NX-OS System Management Command
command modes, command history, defaults, usage Reference
guidelines, and examples
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 19-319
Chapter 19 Configuring ERSPAN
Feature History for ERSPAN
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
19-320 OL-20635-03
Send document comments to [email protected].
CHAPTER 20
Configuring LLDP
This chapter describes how to configure the Link Layer Discovery Protocol (LLDP) in order to discover
other devices on the local network.
Note The Cisco NX-OS release that is running on a managed device may not support all of the features or
settings described in this chapter. For the latest feature information and caveats, see the documentation
and release notes for your platform and software release.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 20-321
Chapter 20 Configuring LLDP
Information About LLDP
LLDP Overview
The Cisco Discovery Protocol (CDP) is a device discovery protocol that runs over the data-link layer
(Layer 2) on all Cisco-manufactured devices (routers, bridges, access servers, and switches). CDP allows
network management applications to automatically discover and learn about other Cisco devices that are
connected to the network.
To permit the discovery of non-Cisco devices, the switch also supports the Link Layer Discovery
Protocol (LLDP), a vendor-neutral device discovery protocol that is defined in the IEEE 802.1ab
standard. LLDP allows network devices to advertise information about themselves to other devices on
the network. This protocol runs over the data-link layer, which allows two systems running different
network layer protocols to learn about each other.
LLDP is a one-way protocol that transmits information about the capabilities and current status of a
device and its interfaces. LLDP devices use the protocol to solicit information only from other LLDP
devices.
LLDP supports a set of attributes that it uses to discover other devices. These attributes contain type,
length, and value (TLV) descriptions. LLDP devices can use TLVs to send and receive information to other
devices on the network. Details such as configuration information, device capabilities, and device
identity can be advertised using this protocol.
LLDP advertises the following TLVs by default:
• DCBXP
• Management address
• Port description
• Port VLAN
• System capabilities
• System description
• System name
DCBXP Overview
The Data Center Bridging Exchange Protocol (DCBXP) is an extension of LLDP. It is used to announce,
exchange, and negotiate node parameters between peers. DCBXP parameters are packaged into a
specific DCBXP TLV. This TLV is designed to provide an acknowledgement to the received LLDP
packet. In this way, DCBXP adds a lightweight acknowledgement mechanism on top of LLDP so that
any application that needs a request-response semantic from a link-level protocol can make use of
DCBXP.
Other applications that need to exchange and negotiate parameters with peer nodes using DCBXP are as
follows:
• Priority-based Flow Control (PFC)—PFC is an enhancement to the existing Pause mechanism in
Ethernet. It enables Pause based on user priorities or classes of service. A physical link divided into
eight virtual links with PFC provides the capability to use Pause on a single virtual link without
affecting traffic on the other virtual links. Enabling Pause on a per-user-priority basis allows
administrators to create lossless links for traffic requiring no-drop service while retaining
packet-drop congestion management for IP traffic.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
20-322 OL-20635-03
Chapter 20 Configuring LLDP
Licensing Requirements for LLDP
Note For more information on the QoS features, see the Cisco Nexus 7000 Series NX-OS Quality of Service
Configuration Guide, Release 5.x.
DCBXP is enabled by default, provided LLDP is enabled. When LLDP is enabled, DCBXP can be
enabled or disabled using the [no] lldp tlv-select dcbxp command. DCBXP is disabled on ports where
LLDP transmit or receive is disabled.
High Availability
The LLDP feature supports stateless and stateful restarts. After a reboot or supervisor switchover, the
running configuration is applied.
For more information on high availability, see the Cisco Nexus 7000 Series NX-OS High Availability and
Redundancy Guide, Release 5.x.
Virtualization Support
One instance of LLDP is supported per virtual device context (VDC). You are automatically placed in
the default VDC unless you specify otherwise.
For information on VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration
Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 20-323
Chapter 20 Configuring LLDP
Guidelines and Limitations
Default Settings
Table 20-1 lists the LLDP default settings.
Parameter Default
Global LLDP Disabled
LLDP on interfaces Enabled, after LLDP is enabled globally
LLDP hold time (before discarding) 120 seconds
LLDP reinitialization delay 2 seconds
LLDP timer (packet update frequency) 30 seconds
LLDP TLVs Enabled
LLDP receive Enabled, after LLDP is enabled globally
LLDP transmit Enabled, after LLDP is enabled globally
DCBXP Enabled, provided LLDP is enabled
Configuring LLDP
This section includes the following topics:
• Enabling or Disabling LLDP Globally, page 20-325
• Enabling or Disabling LLDP on an Interface, page 20-326
• Configuring Optional LLDP Parameters, page 20-327
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
20-324 OL-20635-03
Chapter 20 Configuring LLDP
Configuring LLDP
Note Cisco NX-OS commands for this feature may differ from Cisco IOS commands for a similar feature.
Make sure that you are in the correct VDC. To switch VDCs, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. [no] feature lldp
3. (Optional) show running-config lldp
4. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 [no] feature lldp Enables or disables LLDP on the device. LLDP is
disabled by default.
Example:
switch(config)# feature lldp
Step 3 show running-config lldp (Optional) Displays the global LLDP configuration.
If LLDP is enabled, it shows “feature lldp.” If LLDP
Example:
switch(config)# show running-config lldp
is disabled, it shows an “Invalid command” error.
Step 4 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 20-325
Chapter 20 Configuring LLDP
Configuring LLDP
Make sure that you are in the correct VDC. To switch VDCs, use the switchto vdc command.
Make sure that you have globally enabled LLDP on the device.
SUMMARY STEPS
1. config t
2. interface ethernet slot/port
3. [no] lldp transmit
4. [no] lldp receive
5. (Optional) show lldp interface ethernet slot/port
6. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 interface ethernet slot/port Specifies the interface on which you are enabling
LLDP and enters the interface configuration mode.
Example:
switch(config)# interface ethernet 7/1
switch(config-if)
Step 3 [no] lldp transmit Enables or disables the transmission of LLDP
packets on an interface. After you globally enable
Example:
switch(config-if)# lldp transmit
LLDP, it is enabled on all supported interfaces by
default.
Step 4 [no] lldp receive Enables or disables the reception of LLDP packets
on an interface. After you globally enable LLDP, it
Example:
switch(config-if)# lldp receive
is enabled on all supported interfaces by default.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
20-326 OL-20635-03
Chapter 20 Configuring LLDP
Configuring LLDP
Command Purpose
Step 5 show lldp interface ethernet slot/port (Optional) Displays the LLDP configuration on the
interface.
Example:
switch(config-if)# show lldp interface
ethernet 7/1
Step 6 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config-if)# copy running-config
configuration to the startup configuration.
startup-config
This example shows how to disable the transmission of LLDP packets on an interface:
switch# config t
switch(config)# interface ethernet 7/1
switch(config-if)# no lldp transmit
Make sure that you are in the correct VDC. To switch VDCs, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. (Optional) [no] lldp holdtime seconds
3. (Optional) [no] lldp reinit seconds
4. (Optional) [no] lldp timer seconds
5. (Optional) show lldp timers
6. (Optional) [no] lldp tlv-select tlv
7. (Optional) show lldp tlv-select
8. (Optional) copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Enters global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 20-327
Chapter 20 Configuring LLDP
Configuring LLDP
Command Purpose
Step 2 [no] lldp holdtime seconds (Optional) Specifies the amount of time in seconds
that a receiving device should hold the information
Example:
switch(config)# lldp holdtime 200
sent by your device before discarding it.
The range is 10 to 255 seconds; the default is 120
seconds.
Step 3 [no] lldp reinit seconds (Optional) Specifies the delay time in seconds for
LLDP to initialize on any interface.
Example:
switch(config)# lldp reinit 5 The range is 1 to 10 seconds; the default is 2
seconds.
Step 4 [no] lldp timer seconds (Optional) Specifies the transmission frequency of
LLDP updates in seconds.
Example:
switch(config)# lldp timer 50 The range is 5 to 254 seconds; the default is 30
seconds.
Step 5 show lldp timers (Optional) Displays the LLDP hold time, delay time,
and update frequency configuration.
Example:
switch(config)# show lldp timers
Step 6 [no] lldp tlv-select tlv (Optional) Specifies the TLVs to send and receive in
LLDP packets. The available TLVs are dcbxp,
Example:
switch(config)# lldp tlv-select
management-address, port-description, port-vlan,
system-name system-capabilities, system-description, and
system-name. All available TLVs are enabled by
default.
Note For more information about using these
TLVs, see the Cisco Nexus 7000 Series
NX-OS System Management Command
Reference.
Step 7 show lldp tlv-select (Optional) Displays the LLDP TLV configuration.
Example:
switch(config)# show lldp tlv-select
Step 8 copy running-config startup-config (Optional) Saves the change persistently through
reboots and restarts by copying the running
Example:
switch(config)# copy running-config
configuration to the startup configuration.
startup-config
This example shows how to configure a hold time of 200 seconds, a delay time of 5 seconds, and an
update frequency of 50 seconds as well as how to disable the port-vlan TLV:
switch# config t
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# lldp holdtime 200
switch(config)# lldp reinit 5
switch(config)# lldp timer 50
switch(config)# no lldp tlv-select port-vlan
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
20-328 OL-20635-03
Chapter 20 Configuring LLDP
Verifying the LLDP Configuration
Command Purpose
show running-config lldp Displays the global LLDP configuration.
show lldp interface ethernet slot/port Displays the LLDP interface configuration.
show lldp timers Displays the LLDP hold time, delay time, and
update frequency configuration.
show lldp tlv-select Displays the LLDP TLV configuration.
show lldp dcbx interface ethernet slot/port Displays the local DCBX control status.
show lldp neighbors {detail | interface ethernet Displays the LLDP neighbor device status.
slot/port}
show lldp traffic Displays the LLDP counters, including the
number of LLDP packets sent and received by the
device, the number of discarded packets, and the
number of unrecognized TLVs.
show lldp traffic interface ethernet slot/port Displays the number of LLDP packets sent and
received on the interface.
Use the clear lldp counters command to clear the LLDP statistics.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 20-329
Chapter 20 Configuring LLDP
Additional References
Additional References
For additional information related to implementing LLDP, see the following sections:
• Related Documents, page 20-330
• Standards, page 20-330
Related Documents
Related Topic Document Title
LLDP commands: complete command syntax, Cisco Nexus 7000 Series NX-OS System Management Command
command modes, command history, defaults, usage Reference
guidelines, and examples
Fabric Extender Configuring the Cisco Nexus 2000 Series Fabric Extender
VDCs Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
20-330 OL-20635-03
Send document comments to [email protected].
CHAPTER 21
Configuring NetFlow
This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.
This chapter includes the following sections:
• Information About NetFlow, page 21-331
• Licensing Requirements for NetFlow, page 21-334
• Prerequisites for NetFlow, page 21-334
• Guidelines and Limitations, page 21-334
• Default Settings, page 21-335
• Configuring NetFlow, page 21-335
• Verifying the NetFlow Configuration, page 21-348
• Monitoring NetFlow, page 21-349
• Configuration Example for NetFlow, page 21-349
• Additional References, page 21-349
• Feature History for NetFlow, page 21-350
NetFlow Overview
NetFlow uses flows to provide statistics for accounting, network monitoring, and network planning. A
flow is a unidirectional stream of packets that arrives on a source interface (or VLAN) and has the same
values for the keys. A key is an identified value for a field within the packet. You create a flow using a
flow record to define the unique keys for your flow.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 21-331
Chapter 21 Configuring NetFlow
Information About NetFlow
Cisco NX-OS supports the Flexible NetFlow feature that enables enhanced network anomalies and
security detection. Flexible NetFlow allows you to define an optimal flow record for a particular
application by selecting the keys from a large collection of predefined fields. For more information on
the flow records, see the “Flow Records” section on page 21-332.
All key values must match for the packet to count in a given flow. A flow might gather other fields of
interest, depending on the export record version that you configure. Flows are stored in the NetFlow
cache.
You can export the data that NetFlow gathers for your flow by using an exporter and export this data to
a remote NetFlow collector. Cisco NX-OS exports a flow as part of a NetFlow export User Datagram
Protocol (UDP) datagram under the following circumstances:
• The flow has been inactive or active for too long.
• The flow cache is getting full.
• One of the counters (packets or bytes) has exceeded its maximum value.
• You have forced the flow to export.
For more information on exporters, see the “Exporters” section on page 21-332.
You define the size of the data that you want to collect for a flow using a monitor. The monitor combines
the flow record and exporter with the NetFlow cache information. For more information on monitors,
see the “Monitors” section on page 21-333.
Cisco NX-OS can gather NetFlow statistics in either full or sampled mode. Cisco NX-OS analyzes all
packets on the interface or subinterface for full NetFlow mode. For sampled mode, you configure the
sampling algorithm and rate that Cisco NX-OS analyzes packets. For more information on samplers, see
the “Samplers” section on page 21-333.
Flow Records
A flow record defines the keys that NetFlow uses to identify packets in the flow as well as other fields
of interest that NetFlow gathers for the flow. You can define a flow record with any combination of keys
and fields of interest. Cisco NX-OS supports a rich set of keys. A flow record also defines the types of
counters gathered per flow. You can configure 32-bit or 64-bit packet or byte counters. Cisco NX-OS
enables the following match fields as the defaults when you create a flow record:
• match interface input
• match interface output
• match flow direction
For more information, see the “Creating a Flow Record” section on page 21-336.
Exporters
An exporter contains network layer and transport layer details for the NetFlow export packet. You can
configure the following information in an exporter:
• Export destination IP address
• Source interface
• UDP port number (where the collector is listening for NetFlow packets)
• Export format
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
21-332 OL-20635-03
Chapter 21 Configuring NetFlow
Information About NetFlow
Note NetFlow export packets use the IP address that is assigned to the source interface. If the source interface
does not have an IP address assigned to it, the exporter will be inactive.
Cisco NX-OS exports data to the collector whenever a timeout occurs or when the flow is terminated
(TCP Fin or Rst received, for example). You can configure the following timers to force a flow export:
• Active timeout—Cisco NX-OS does not remove the cache entries from the cache.
• Inactive timeout—Cisco NX-OS removes the cache entries from the cache.
Export Formats
Cisco NX-OS supports the Version 5 and Version 9 export formats. We recommend that you use the
Version 9 export format for the following reasons:
• Variable field specification format
• Support for IPv6, Layer 2, and MPLS fields
• More efficient network utilization
If you configure the Version 5 export format, you have these limitations:
• Fixed field specifications
• No support for IPv6, Layer 2, or MPLS fields
• The Netflow.InputInterface and Netflow.OutputInterface represent a 16-bit I/O descriptor (IOD) of
the interface.
Note The IOD information of the interface can be retrieved using the show system internal im
info global command.
For information about the Version 9 export format, see RFC 3954.
Note Cisco NX-OS supports UDP as the transport protocol for exports to up to two collectors.
Monitors
A monitor references the flow record and flow exporter. You apply a monitor to an interface.
Samplers
If you are using sampled mode, you use the sampler to specify the rate at which packets are sampled. On
high bandwidth interfaces, applying NetFlow processing to every single packet can result in high CPU
utilization. Sampler configuration is for high-speed interfaces. You can configure samples for M out of
N. For example, 100 out of every 10,000 packets are sampled.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 21-333
Chapter 21 Configuring NetFlow
Licensing Requirements for NetFlow
High Availability
Cisco NX-OS supports stateful restarts for NetFlow. After a reboot or supervisor switchover, Cisco
NX-OS applies the running configuration.
Virtualization Support
A virtual device context (VDC) is a logical representation of a set of system resources. Within each
VDC, you can configure NetFlow. By default, Cisco NX-OS places you in the default VDC and any
flows that you define in this mode are only available for interfaces in the default VDC.
For information about configuring VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device
Context Configuration Guide, Release 5.x.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
21-334 OL-20635-03
Chapter 21 Configuring NetFlow
Default Settings
• If you change a Layer 2 interface to a Layer 3 interface, the software removes the Layer 2 NetFlow
configuration from the interface.
• Use v9 export to see the full 32-bit SNMP ifIndex values at the NetFlow connector.
• The maximum number of supported NetFlow entries is 512K.
• The Cisco Nexus 2000 Series Fabric Extender supports bridged NetFlow.
• Beginning with Cisco NX-OS Release 5.2, NetFlow is supported on switch virtual interfaces (SVIs)
for F1 Series ports. Bridged NetFlow on F1 Series ports is not supported.
Default Settings
Table 21-1 lists the default settings for NetFlow parameters.
Parameters Default
Egress and Ingress cache size 512K
Flow active timeout 1800 seconds
Flow timeout aggressive threshold disabled
Flow timeout fast threshold disabled
Flow timeout inactive 15 seconds
Flow timeout session aging disabled
Configuring NetFlow
To configure NetFlow, follow these steps:
Step 1 Enable the NetFlow feature (see the “Enabling the NetFlow Feature” section on page 21-336).
Step 2 Define a flow record by specifying keys and fields to the flow (see the “Creating a Flow Record” section
on page 21-336).
Step 3 Define an optional flow exporter by specifying the export format, protocol, destination, and other
parameters (see the “Creating a Flow Exporter” section on page 21-339).
Step 4 Define a flow monitor based on the flow record and flow exporter (see the “Creating a Flow Monitor”
section on page 21-341).
Step 5 Apply the flow monitor to a source interface, subinterface, VLAN interface (see the “Applying a Flow
to an Interface” section on page 21-343), or a VLAN (see the “Configuring Bridged NetFlow on a
VLAN” section on page 21-344).
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 21-335
Chapter 21 Configuring NetFlow
Configuring NetFlow
Note Be aware that the Cisco NX-OS commands for this feature may differ from those used in Cisco IOS.
Command Purpose
feature netflow Enables the NetFlow feature.
Example:
switch(config)# feature netflow
Use the following command in global configuration mode to disable NetFlow and remove all flows:
Command Purpose
no feature netflow Disables the NetFlow feature. The default is
disabled.
Example:
switch(config)# no feature netflow
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. flow record name
3. description string
4. match type
5. collect type
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
21-336 OL-20635-03
Chapter 21 Configuring NetFlow
Configuring NetFlow
6. show flow record [name] [record-name | netflow-original | netflow protocol-port | netflow {ipv4
| ipv6} {original-input | original-output}}
7. copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 flow record name Creates a flow record and enters flow record
configuration mode.
Example:
switch(config)# flow record Test
switch(config-flow-record)#
Step 3 description string (Optional) Describes this flow record as a maximum
63-character string.
Example:
switch(config-flow-record)# description
Ipv4Flow
Step 4 match type Specifies a match key. See the “Specifying the Match
Parameters” section on page 21-337 for more
Example:
switch(config-flow-record)# match
information on the type argument.
transport destination-port
Step 5 collect type Specifies the collection field. See the “Specifying the
Collect Parameters” section on page 21-338 for more
Example:
switch(config-flow-record)# collect
information on the type argument.
counter packets
Step 6 show flow record [name] [record-name | (Optional) Displays information about NetFlow flow
netflow-original | netflow protocol-port records.
| netflow {ipv4 | ipv6} {original-input
| original-output}}
Example:
switch(config-flow-exporter)# show flow
record netflow protocol-port
Step 7 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config-flow-exporter)# copy
running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 21-337
Chapter 21 Configuring NetFlow
Configuring NetFlow
Command Purpose
match ip {protocol | tos} Specifies the IP protocol or ToS fields as keys.
Example:
switch(config-flow-record)# match ip
protocol
match ipv4 {destination address | source Specifies the IPv4 source or destination address as a
address} key.
Example:
switch(config-flow-record)# match ipv4
destination address
match ipv6 {destination address | source Specifies the IPv6 key.
address | flow-label | options}
Example:
switch(config-flow-record)# match ipv6
flow-label
match transport {destination-port | Specifies the transport source or destination port as a
source-port} key.
Example:
switch(config-flow-record)# match
transport destination-port
match datalink {mac source-address | mac Specifies the Layer 2 attribute as a key.
destination-address | ethertype | vlan}
Example:
switch(config-flow-record)# match
datalink ethertype
Command Purpose
collect counter {bytes | packets} [long] Collects either packet-based or byte counters from the
flow. You can optionally specify that 64-bit counters
Example:
switch(config-flow-record)# collect
are used.
counter packets
collect flow {direction | sampler id} Collects the direction of the flow or the sampler
identifier used for the flow.
Example:
switch(config-flow-record)# collect flow
direction
collect interface {input | output} Collects the input or output interface attribute.
Example:
switch(config-flow-record)# collect
interface input
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
21-338 OL-20635-03
Chapter 21 Configuring NetFlow
Configuring NetFlow
Command Purpose
collect routing {destination | source} Collects the source or destination AS number of the
as [peer] local device or the peer.
Example:
switch(config-flow-record)# collect
routing destination as
collect routing forwarding-status Collects the forwarding status of the packet.
Example:
switch(config-flow-record)# collect
routing forwarding-status
collect routing next-hop address ipv4 Collects the next-hop IPv4 address.
[bgp]
Example:
switch(config-flow-record)# collect
routing next-hop address ipv4
collect routing next-hop address ipv6 Collects the next-hop IPv6 address.
[bgp]
Example:
switch(config-flow-record)# collect
routing next-hop address ipv6
collect timestamp sys-uptime {first | Collects the system up time for the first or last packet
last} in the flow.
Example:
switch(config-flow-record)# collect
timestamp sys-uptime last
collect transport tcp flags Collects the TCP transport layer flags for the packets
in the flow.
Example:
switch(config-flow-record)# collect
transport tcp flags
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. flow exporter name
3. destination {ipv4-address | ipv6-address} [use-vrf name]
4. source interface-type number
5. version {5 | 9}
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 21-339
Chapter 21 Configuring NetFlow
Configuring NetFlow
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 flow exporter name Creates a flow exporter and enters flow exporter
configuration mode.
Example:
switch(config)# flow exporter ExportTest
switch(config-flow-exporter)#
Step 3 destination {ipv4-address | Sets the destination IPv4 or IPv6 address for this
ipv6-address} [use-vrf name] exporter. You can optionally configure the VRF to use
Example:
to reach the NetFlow collector.
switch(config-flow-exporter)#
destination 192.0.2.1
Step 4 source interface-type number Specifies the interface to use to reach the NetFlow
collector at the configured destination.
Example:
switch(config-flow-exporter)# source
ethernet 2/1
Step 5 version {5 | 9} Specifies the NetFlow export version. Version 9 enters
the export version configuration submode.
Example:
switch(config-flow-exporter)# version 9
switch(config-flow-exporter-version-9)#
Step 6 show flow exporter [name] (Optional) Displays information about NetFlow flow
exporters.
Example:
switch(config-flow-exporter)# show flow
exporter
Step 7 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config-flow-exporter)# copy
running-config startup-config
You can optionally configure the following parameters for flow exporters:
Command Purpose
description string Describes this flow exporter as a maximum
63-character string.
Example:
switch(config-flow-exporter)#
description ExportV9
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
21-340 OL-20635-03
Chapter 21 Configuring NetFlow
Configuring NetFlow
Command Purpose
dscp value Specifies the differentiated services codepoint value.
The range is from 0 to 63.
Example:
switch(config-flow-exporter)# dscp 0
transport udp number Specifies the UDP port to use to reach the NetFlow
collector. The range is from 0 to 65535.
Example:
switch(config-flow-exporter)# transport
udp 200
You can optionally configure the following parameters in flow exporter version configuration submode:
Command Purpose
option {exporter-stats | interface-table Sets the exporter resend timer. The range is from 1 to
| sampler-table} timeout seconds 86400 seconds.
Example:
switch(config-flow-exporter-version-9)#
option exporter-stats timeout 1200
template data timeout seconds Sets the template data resend timer. The range is from
1 to 86400 seconds.
Example:
switch(config-flow-exporter-version-9)#
template data timeout 1200
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. flow monitor name
3. description string
4. exporter name
5. record {name | netflow-original | netflow protocol-port | netflow {ipv4 | ipv6} {original-input |
original-output}}
6. show flow monitor [name]
7. copy running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 21-341
Chapter 21 Configuring NetFlow
Configuring NetFlow
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 flow monitor name Creates a flow monitor and enters flow monitor
configuration mode.
Example:
switch(config)# flow monitor MonitorTest
switch(config-flow-monitor)#
Step 3 description string (Optional) Describes the flow monitor with an
alphanumeric string up to 63 characters.
Example:
switch(config-flow-monitor)# description
Ipv4Monitor
Step 4 exporter name Associates a flow exporter with this flow monitor.
Example:
switch(config-flow-monitor)# exporter
Exportv9
Step 5 record {name | netflow-original | Associates a flow record with the specified flow
netflow protocol-port | netflow {ipv4 | monitor.
ipv6} {original-input |
original-output}}
Example:
switch(config-flow-monitor)# record
IPv4Flow
Step 6 show flow monitor [name] (Optional) Displays information about NetFlow flow
monitors.
Example:
switch(config-flow-monitor)# show flow
monitor
Step 7 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config-flow-monitor)# copy
running-config startup-config
Creating a Sampler
You can create a sampler to define the NetFlow sampling rate for a flow.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
21-342 OL-20635-03
Chapter 21 Configuring NetFlow
Configuring NetFlow
SUMMARY STEPS
1. config t
2. sampler name
3. description string
4. mode samples out-of packets
5. show sampler [name]
6. copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 sampler name Creates a sampler and enters flow sampler
configuration mode.
Example:
switch(config)# sampler SampleTest
switch(config-flow-sampler)#
Step 3 description string (Optional) Describes the sampler with an
alphanumeric string up to 63 characters.
Example:
switch(config-flow-sampler)# description
Samples
Step 4 mode samples out-of packets Defines the number of samples to take per the number
of packets received. The samples range is from 1 to 64.
Example:
switch(config-flow-sampler)# mode 1
The packets range is from 1 to 8192 packets.
out-of 100
Step 5 show sampler [name] (Optional) Displays information about NetFlow
samplers.
Example:
switch(config-flow-sampler)# show
sampler
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config-flow-sampler)# copy
running-config startup-config
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 21-343
Chapter 21 Configuring NetFlow
Configuring NetFlow
SUMMARY STEPS
1. config t
2. interface interface-type number
3. ip flow monitor name {input | output} [sampler name]
4. ipv6 flow monitor name {input | output} [sampler name]
5. show flow interface [interface-type number]
6. copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 interface interface-type number Enters interface configuration mode. The interface
type can be Ethernet (including subinterfaces), port
Example:
switch(config)# interface ethernet 2/1
channel, VLAN, VLAN interface, or tunnel.
switch(config-if)#
Step 3 ip flow monitor name {input | output} Associates an IPv4 flow monitor and an optional
[sampler name] sampler to the interface for input or output packets.
Example:
switch(config-if)# ip flow monitor
MonitorTest input
Step 4 ipv6 flow monitor name {input | output} Associates an IPv6 flow monitor and an optional
[sampler name] sampler to the interface for input or output packets.
Example:
switch(config-if)# ipv6 flow monitor
MonitorTest input
Step 5 show flow interface [interface-type (Optional) Displays information about NetFlow on an
number] interface.
Example:
switch(config-if# show flow interface
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config-if)# copy running-config
startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
21-344 OL-20635-03
Chapter 21 Configuring NetFlow
Configuring NetFlow
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. vlan [configuration] vlan-id
3. ip flow monitor name {input | output} [sampler name]
4. copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 vlan [configuration] vlan-id Enters VLAN or VLAN configuration mode. The
vlan-id range is from 1 to 3967 or from 4048 to 4093.
Example:
switch(config)# vlan configuration 30 Note VLAN configuration mode enables you to
switch(config-vlan-config)# configure VLANs independently of their
creation, which is required for VTP client
support.
Step 3 ip flow monitor name {input | output} Associates a flow monitor and an optional sampler to
[sampler name] the VLAN for input or output packets.
Example:
switch(config-vlan-config)# ip flow
monitor MonitorTest input
Step 4 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config-vlan-config)# copy
running-config startup-config
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 21-345
Chapter 21 Configuring NetFlow
Configuring NetFlow
Note You cannot apply Layer 2 NetFlow to VLANs, egress interfaces, or Layer 3 interfaces such as VLAN
interfaces.
Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1. config t
2. flow record name
3. match datalink {mac source-address | mac destination-address | ethertype | vlan}
4. interface {ethernet slot/port} | {port-channel number}
5. switchport
6. mac packet-classify
7. layer2-switched flow monitor flow-name input [sampler sampler-name]
8. show flow record netflow layer2-switched input
9. copy running-config startup-config
DETAILED STEPS
Command Purpose
Step 1 config t Places you in global configuration mode.
Example:
switch# config t
Enter configuration commands, one per
line. End with CNTL/Z.
switch(config)#
Step 2 flow record name Enters flow record configuration mode. For more
information about configuring flow records, see the
Example:
switch(config)# flow record L2_record
“Creating a Flow Record” section on page 21-336.
Step 3 match datalink {mac source-address | mac Specifies the Layer 2 attribute as a key.
destination-address | ethertype | vlan}
Example:
switch(config-flow-record)# match
datalink ethertype
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
21-346 OL-20635-03
Chapter 21 Configuring NetFlow
Configuring NetFlow
Command Purpose
Step 4 interface {ethernet slot/port} | Enters interface configuration mode. The interface
{port-channel number} type can be a physical Ethernet port or a port channel.
Example 1:
switch(config)# interface ethernet 2/1
switch(config-if)#
Example 2:
switch(config)# interface port-channel 8
switch(config-if)#
Step 5 switchport Changes the interface to a Layer 2 physical interface.
For information about configuring switch ports, see the
Example:
switch(config-if)# switchport
Cisco Nexus 7000 Series NX-OS Layer 2 Switching
Configuration Guide, Release 5.x.
Step 6 mac packet-classify Forces MAC classification of packets. For more
information about using the mac packet-classify
Example:
switch(config-if)# mac packet-classify
command, see the Cisco Nexus 7000 Series NX-OS
Security Configuration Guide, Release 5.x.
Step 7 layer2-switched flow monitor flow-name Associates a flow monitor and an optional sampler to
input [sampler sampler-name] the switch port input packets. For information about
Example:
flow monitors, see the “Creating a Flow Monitor”
switch(config-vlan)# layer2-switched section on page 21-341. For information about
flow monitor L2_monitor input sampler samplers, see the “Creating a Sampler” section on
L2_sampler page 21-342.
Step 8 show flow record netflow layer2-switched (Optional) Displays information about the Layer 2
input NetFlow default record.
Example:
switch(config-if# show flow record
netflow layer2-switched input
Step 9 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config-vlan)# copy running-config
startup-config
Command Purpose
flow timeout active seconds Sets the active timeout value in seconds. The range is
from 60 to 4092. The default is 1800.
Example:
switch(config)# flow timeout active 90
flow timeout aggressive threshold Enables using a percentage that you want the NetFlow
percent table to be before aggressive aging starts. The range is
Example:
from 50 to 99. The default is disabled.
switch(config)# flow timeout aggressive
threshold 90
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 21-347
Chapter 21 Configuring NetFlow
Verifying the NetFlow Configuration
Command Purpose
flow timeout fast seconds threshold Enables using a fast timeout value and the number of
packets packets in a flow before aging begins. The fast timeout
Example:
range in seconds is from 32 to 512. The packet range is
switch(config)# flow timeout fast 40 from 1 to 4000. The default is disabled.
threshold 1200
flow timeout inactive seconds Sets the inactive timeout value in seconds. The range
is from 15 to 4092. The default is 15.
Example:
switch(config)# flow timeout inactive
900
flow timeout session Enables TCP session aging. The default is disabled.
Example:
switch(config)# flow timeout session
Command Purpose
show flow exporter [name] Displays information about NetFlow flow
exporters and statistics.
show flow interface [interface-type number] Displays information about NetFlow interfaces.
show flow monitor [name] [cache [detailed]] Displays information about NetFlow flow
monitors and statistics.
show flow record [name] Displays information about NetFlow flow
records.
show flow record netflow layer2-switched Displays information about the Layer 2 NetFlow
input configuration.
show flow timeout Displays information about NetFlow timeouts.
show hardware flow aging [vdc vdc_id] [detail] Displays information about NetFlow aging flows
[module module] in the hardware.
show hardware flow entry address Displays information about NetFlow table entries
table-address type {ip | ipv6} [module module] in the hardware.
show hardware flow ip [detail | instance Displays information about NetFlow IPv4 flows
instance | interface type number | module module in the hardware.
| monitor monitor_name | profile profile-id | vdc
vdc_id | vlan vlan_id] [detail] [instance instance]
[module module]
show hardware flow sampler [all | count | index Displays information about the NetFlow sampler
number | name sampler-name | vdc vdc_id] in the hardware.
[detail] [module module]
show hardware flow utilization [module module Displays information about NetFlow table
| instance instance [module module]] utilization in the hardware.
show sampler [name] Displays information about NetFlow samplers.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
21-348 OL-20635-03
Chapter 21 Configuring NetFlow
Monitoring NetFlow
Monitoring NetFlow
Use the show flow exporter command to display NetFlow statistics.
Use the clear flow exporter command to clear NetFlow exporter statistics. Use the clear flow monitor
command to clear the monitor cache and statistics.
Additional References
For additional information related to implementing NetFlow, see the following sections:
• Related Documents, page 21-349
• Standards, page 21-349
Related Documents
Related Topic Document Title
NetFlow CLI commands Cisco Nexus 7000 Series NX-OS System Management Command
Reference
VDCs and VRFs Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 5.x
Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 21-349
Chapter 21 Configuring NetFlow
Feature History for NetFlow
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
21-350 OL-20635-03
Send document comments to [email protected].
A P P E NDIX 22
IETF RFCs supported by Cisco NX-OS
System Management
This appendix lists the IETF RFCs for system management supported in Cisco NX-OS.
RFCs
RFCs Title
RFC 2819 Remote Network Monitoring Management Information Base
RFC 3164 The BSD syslog Protocol
RFCs 3411 to 3418 An Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks
RFC 3954 Cisco Systems NetFlow Services Export Version 9
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 22-351
Appendix 22 IETF RFCs supported by Cisco NX-OS System Management
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
22-352 OL-20635-03
Send document comments to [email protected].
A P P E NDIX 23
Embedded Event Manager System Events and
Configuration Examples
This appendix describes the Embedded Event Manager (EEM) system policies, events, and policy
configuration examples.
This appendix includes the following sections:
• EEM System Policies, page 23-353
• EEM Events, page 23-355
• Configuration Examples for EEM Policies, page 23-356
• Feature History for EEM Policies, page 23-367
Event Description
__PortLoopback Do CallHome, log error in Syslog/OBFL/Exception Log, and
disable further HM testing on affected ports after 10 consecutive
failures of GOLD "PortLoopback" test
__RewriteEngineLoopback Do CallHome, log error in Syslog/OBFL/Exception Log, and
disable further HM testing on affected ports after 10 consecutive
failures of GOLD "RewriteEngine" test
__asic_register_check Do CallHome, log error, and disable further HM testing for that
ASIC device/instance after 20 consecutive failures of GOLD
"ASICRegisterCheck" test
__compact_flash Do CallHome, log error, and disable further HM testing after 20
consecutive failures of GOLD "CompactFlash" test
__crypto_device Do CallHome and log error when GOLD "CryptoDevice" test
fails
__eobc_port_loopback Do CallHome and log error when GOLD "EOBCPortLoopback"
test fails
__ethpm_debug_1 Action: none
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 23-353
Appendix 23 Embedded Event Manager System Events and Configuration Examples
EEM System Policies
Event Description
__ethpm_debug_2 Action: none
__ethpm_debug_3 Action: none
__ethpm_debug_4 Action: none
__ethpm_link_flap More than 30 link flaps in a 420-second interval. Action: Error.
Disable the port
__external_compact_flash Do CallHome, log error, and disable further HM testing after 20
consecutive failures of GOLD "ExternalCompactFlash" test
__lamira_IDS_pkt_drop Generates syslogs on IDS drops
Note The system generates a maximum of one syslog every 30
minutes when an intrusion detection system (IDS) packet
is dropped. The syslog is generated as soon as the first
IDS packet drop occurs.
__lcm_module_failure Power cycle two times and then power down
__management_port_loopback Do CallHome and log error when GOLD
"ManagementPortLoopback" test fails
__nvram Do CallHome, log error, and disable further HM testing after 20
consecutive failures of GOLD "NVRAM" test
__pfm_fanabsent_all_systemfan Shuts down if both fan trays (f1 and f2) are absent for 2 minutes
__pfm_fanabsent_all_xbarfan Cisco Nexus 7010 switch only: Shuts down if both fabric module
fan trays (f3 and f4) are absent for 2 minutes
__pfm_fanabsent_any_singlefan Cisco Nexus 7018 switch: Shuts down half-chassis if the fan tray
is absent for 3 minutes
Cisco Nexus 7010 switch: Syslog (The remaining fan tray
increases its speed if one fan tray is absent.)
__pfm_fanbad_all_systemfan Syslog when fan goes bad
__pfm_fanbad_all_xbarfan Cisco Nexus 7010 switch only: Shuts down if both fabric module
fans (f3 and f4) are bad for 2 minutes
__pfm_fanbad_any_singlefan Syslog when fan goes bad
__pfm_power_over_budget Syslog warning for insufficient power overbudget
__pfm_tempev_major TempSensor Major Threshold. Action: Shutdown
__pfm_tempev_minor TempSensor Minor Threshold. Action: Syslog
__primary_bootrom Do CallHome, log error, and disable further HM testing after 20
consecutive failures of GOLD "PrimaryBootROM" test
__pwr_mgmt_bus Do CallHome, log error, and disable further HM testing for the
module or spine-card after 20 consecutive failures of GOLD
"PwrMgmtBus" test
__real_time_clock Do CallHome, log error, and disable further HM testing after 20
consecutive failures of GOLD "RealTimeClock" test
__secondary_bootrom Do CallHome, log error, and disable further HM testing after 20
consecutive failures of GOLD "SecondaryBootROM" test
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
23-354 OL-20635-03
Appendix 23 Embedded Event Manager System Events and Configuration Examples
EEM Events
Event Description
__spine_control_bus Do CallHome, log error, and disable further HM testing for that
module or spine-card after 20 consecutive failures of GOLD
"SpineControlBus" test
__standby_fabric_loopback Do CallHome, log error, and disable further HM testing after 10
consecutive failures
__status_bus Do CallHome, log error, and disable further HM testing after 5
consecutive failures of GOLD "StatusBus" test
__system_mgmt_bus Do Call Home, log error, and disable further HM testing for that
fan or power supply after 20 consecutive failures of GOLD
“SystemMgmtBus” test
__usb Do Call Home and log error when GOLD “USB” test fails
EEM Events
Table 23-2 describes the EEM events you can use on the device.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 23-355
Appendix 23 Embedded Event Manager System Events and Configuration Examples
Configuration Examples for EEM Policies
Note Outputs of show commands entered as part of EEM policy are archived in the logflash as text files with
the “eem_archive_” prefix. To view the archived output, use the show file logflash:eem_archive_n
command.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
23-356 OL-20635-03
Appendix 23 Embedded Event Manager System Events and Configuration Examples
Configuration Examples for EEM Policies
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 23-357
Appendix 23 Embedded Event Manager System Events and Configuration Examples
Configuration Examples for EEM Policies
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
23-358 OL-20635-03
Appendix 23 Embedded Event Manager System Events and Configuration Examples
Configuration Examples for EEM Policies
Enabling One Sensor While Disabling All Remaining Sensors of All Modules
This example shows how to disable all sensors on all modules except sensor 4 on module 9:
switch# config t
switch(config)# event manager applet myapplet1 override __pfm_tempev_major
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet2 override __pfm_tempev_major
switch(config-applet)# event temperature module 9 sensor 4 threshold major
switch(config-applet)# action 2 policy-default
switch(config-applet)# end
Enabling Multiple Sensors While Disabling All Remaining Sensors of All Modules
This example shows how to disable all sensors on all modules except sensors 4, 6, and 7 on module 9:
switch# config t
switch(config)# event manager applet myapplet1 override __pfm_tempev_major
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet2 override __pfm_tempev_major
switch(config-applet)# event temperature module 9 sensor 4 threshold major
switch(config-applet)# action 2 policy-default
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet3 override __pfm_tempev_major
switch(config-applet)# event temperature module 9 sensor 6 threshold major
switch(config-applet)# action 3 policy-default
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet4 override __pfm_tempev_major
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 23-359
Appendix 23 Embedded Event Manager System Events and Configuration Examples
Configuration Examples for EEM Policies
Enabling All Sensors of One Module While Disabling All Sensors of the Remaining Modules
This example shows how to disable all sensors on all modules except all sensors on module 9:
switch# config t
switch(config)# event manager applet myapplet1 override __pfm_tempev_major
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet2 override __pfm_tempev_major
switch(config-applet)# event temperature module 9 threshold major
switch(config-applet)# action 2 policy-default
switch(config-applet)# end
Enabling a Combination of Sensors on Modules While Disabling All Sensors of the Remaining
Modules
This example shows how to disable all sensors on all modules except sensors 3, 4, and 7 on module 2
and all sensors on module 3:
switch# config t
switch(config)# event manager applet myapplet1 override __pfm_tempev_major
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet2 override __pfm_tempev_major
switch(config-applet)# event temperature module 2 sensor 3 threshold major
switch(config-applet)# action 2 policy-default
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet3 override __pfm_tempev_major
switch(config-applet)# event temperature module 2 sensor 4 threshold major
switch(config-applet)# action 3 policy-default
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet4 override __pfm_tempev_major
switch(config-applet)# event temperature module 2 sensor 7 threshold major
switch(config-applet)# action 4 policy-default
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet5 override __pfm_tempev_major
switch(config-applet)# event temperature module 3 threshold major
switch(config-applet)# action 5 policy-default
switch(config-applet)# end
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
23-360 OL-20635-03
Appendix 23 Embedded Event Manager System Events and Configuration Examples
Configuration Examples for EEM Policies
• Overriding (Disabling) a Shutdown for Removal of Fan Trays Except for a Specified Set of Fan
Trays, page 23-362
• Overriding (Disabling) a Shutdown for Removal of All Fan Trays Except One from a Set of Fan
Trays, page 23-362
Note When you remove a fan tray from a Cisco Nexus 7010 switch, a shutdown does not occur. The remaining
fan tray increases its speed, and a message is written to the syslog.
Note When you remove a fan tray from a Cisco Nexus 7018 switch, the switch starts a 3-minute timer. If you
do not replace the fan tray within that 3 minutes, the switch shuts down the modules cooled by that timer
to prevent an overtemperature condition. If you override the timer with an EEM command, an
overtemperature condition can occur, which will cause a shutdown.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 23-361
Appendix 23 Embedded Event Manager System Events and Configuration Examples
Configuration Examples for EEM Policies
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet3 override __pfm_fanabsent_any_singlefan
switch(config-applet)# event fanabsent fan 4 time 60
switch(config-applet)# end
Overriding (Disabling) a Shutdown for Removal of All Fan Trays Except One
This example shows how to disable a shutdown so that you can remove all fan trays except one (fan tray
2):
switch# config t
switch(config)# event manager applet myapplet1 override __pfm_fanabsent_any_singlefan
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet2 override __pfm_fanabsent_any_singlefan
switch(config-applet)# event fanabsent fan 2 time 60
switch(config-applet)# action 2 policy-default
switch(config-applet)# end
Overriding (Disabling) a Shutdown for Removal of Fan Trays Except for a Specified Set of Fan
Trays
This example shows how to disable a shutdown so that you can remove fans except for a specified set of
fan trays (fan trays 2, 3, and 4):
switch# config t
switch(config)# event manager applet myapplet1 override __pfm_fanabsent_any_singlefan
switch(config-applet)# end
switch(config)# event manager applet myapplet2 override __pfm_fanabsent_any_singlefan
switch(config-applet)# event fanabsent fan 2,3,4 time 60
switch(config-applet)# action 2 policy-default
switch(config-applet)# end
Overriding (Disabling) a Shutdown for Removal of All Fan Trays Except One from a Set of Fan
Trays
This example shows how to disable a shutdown so that you can remove all fan trays except one from a
set of fan trays (fan trays 2, 3, or 4):
switch# config t
switch(config)# event manager applet myapplet1 override __pfm_fanabsent_any_singlefan
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet2 override __pfm_fanabsent_any_singlefan
switch(config-applet)# event fanabsent fan 2 time 60
switch(config-applet)# action 2 policy-default
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet3 override __pfm_fanabsent_any_singlefan
switch(config-applet)# event fanabsent fan 3 time 60
switch(config-applet)# action 3 policy-default
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
23-362 OL-20635-03
Appendix 23 Embedded Event Manager System Events and Configuration Examples
Configuration Examples for EEM Policies
switch(config-applet)# end
switch# config t
switch(config)# event manager applet myapplet4 override __pfm_fanabsent_any_singlefan
switch(config-applet)# event fanabsent fan 4 time 60
switch(config-applet)# action 4 policy-default
switch(config-applet)# end
In addition to the default policy, this example shows how to execute the policy myappletname and action
3 if fan tray 1 is absent for 60 seconds:
switch# config t
switch(config)# event manager applet myappletname
switch(config-applet)# event fanabsent fan 1 time 60
switch(config-applet)# action 3 cli “show env fan”
switch(config-applet)# end
[no] event temperature [mod module-number] [sensor sensor-number] threshold {major | minor
| any}
In addition to the default policy, this example shows how to execute the policy myappletname and action
1 if the temperature crosses the minor threshold on sensor 3 of module 2:
switch# config t
switch(config)# event manager applet myappletname
switch(config-applet)# event temperature module 2 sensor 3 threshold minor
switch(config-applet)# action 1 cli “show environ temperature”
switch(config-applet)# end
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 23-363
Appendix 23 Embedded Event Manager System Events and Configuration Examples
Configuration Examples for EEM Policies
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
23-364 OL-20635-03
Appendix 23 Embedded Event Manager System Events and Configuration Examples
Configuration Examples for EEM Policies
To create event manager parameters, use the event manager environment command. To display the
values of event manager parameters, use the show event manager environment all command.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 23-365
Appendix 23 Embedded Event Manager System Events and Configuration Examples
Configuration Examples for EEM Policies
When this event is triggered, the action defined in the policy is executed.
This example shows the use of an SNMP OID that is polled at an interval of 10 seconds and has a
threshold value of 95 percent:
switch# config t
switch(config)# event manager applet test_policy
switch(config-applet)# event snmp oid 1.3.6.1.4.1.9.9.305.1.1.1.0 get-type exact entry-op
gt entry-val 95 exit-op lt exit-val 90 poll-interval 10
This configuration triggers an SNMP notification (trap) from the switch to SNMP hosts. The SNMP
payload carries the values of user-defined fields intdata1, intdata2, and strdata.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
23-366 OL-20635-03
Appendix 23 Embedded Event Manager System Events and Configuration Examples
Feature History for EEM Policies
Step 2 Configure an EEM event to shut Ethernet interface 1/2 when the tracking object shuts down.
switch(config)# event manager applet track_3_23_down
switch(config-applet)# event track 1 state down
switch(config-applet)# action 1 syslog msg EEM applet track_3_23_down shutting down port
eth1/2 due to eth3/23 being down
switch(config-applet)# action 2 cli conf term
switch(config-applet)# action 3 cli interface ethernet 1/2
switch(config-applet)# action 4 cli shut
switch(config-applet)# end
Step 3 Configure an EEM event to bring up Ethernet interface 1/2 when Ethernet interface 3/23 comes up.
switch# config t
switch(config)# event manager applet track_3_23_up
switch(config-applet)# event track 1 state up
switch(config-applet)# action 1 syslog msg EEM applet track_3_23_down bringing up port
eth1/2 due to eth3/23 being up
switch(config-applet)# action 2 cli conf term
switch(config-applet)# action 3 cli interface ethernet 1/2
switch(config-applet)# action 4 cli no shut
switch(config-applet)# end
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 23-367
Appendix 23 Embedded Event Manager System Events and Configuration Examples
Feature History for EEM Policies
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
23-368 OL-20635-03
Send document comments to [email protected]
A P P E NDIX 24
Configuration Limits for Cisco NX-OS System
Management
The configuration limits are documented in the Cisco Nexus 7000 Series NX-OS Verified Scalability
Guide.
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
OL-20635-03 24-369
Appendix 24 Configuration Limits for Cisco NX-OS System Management
Cisco Nexus 7000 Series NX-OS System Management Configuration Guide, Release 5.x
24-370 OL-20635-03