思科新一代数据中心级交换机中文配置向导Nexus7000
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Nexus Configuration Simple Guide
目录
Nexu7000缺省端口配置 (2)
CMP连接管理处理器配置 (3)
带外管理VRF (4)
划分Nexus 7010 VDC (5)
基于EthernetChannel的vPC (7)
割裂的vPC:HSRP和STP (11)
vPC的细部配置 (12)
Nexus的SPAN (13)
VDC的MGMT接口 (13)
DOWN的VLAN端口 (13)
Nexus的路由 (14)
Nexus上的NLB (15)
标识一个部件 (15)
Nexus7000基本配置汇总 (16)
Cisco NX-OS/IOS Configuration Fundamentals Comparison (16)
Cisco NX-OS/IOS Interface Comparison (24)
Cisco NX-OS/IOS Port-Channel Comparison (30)
Cisco NX-OS/IOS HSRP Comparison (35)
Cisco NX-OS/IOS STP Comparison (40)
Cisco NX-OS/IOS SPAN Comparison (44)
Cisco NX-OS/IOS OSPF Comparison (49)
Cisco NX-OS/IOS Layer-3 Virtualization Comparison (54)
vPC Role and Priority (61)
vPC Domain ID (62)
vPC Peer Link (62)
Configuration for single 10 GigE Card (62)
CFSoE (64)
vPC Peer Keepalive or FT Link (64)
vPC Ports (64)
Orphan Ports with non-vPC VLANs (65)
HSRP (66)
HSRP Configuration and Best Practices for vPC (66)
Advertising the Subnet (67)
L3 Link Between vPC Peers (67)
Cisco NX-OS/IOS TACACS+, RADIUS, and AAA Comparison (68)
Nexus5000的配置同步 (73)
初始化Nexus 2000 Fabric Module (75)
Nexu7000缺省端口配置
缺省时所有端口是关闭的
no system default switchport shutdown
copy running-config startup-config vdc-all 存配置
dir bootflash:
dir bootflash://sup-standby/
dir bootflash://sup-remote
show role
show inventory显示系统详细目录,或称为存货清单,可以看到各组件产品编号以及序列号
show hardware 显示系统硬件详细信息
show sprom backplane 1 显示交换机序列号
show environment power 显示电源信息
power redundancy-mode ps-redundant 如果没有双电网供电则使用此模式power redundancy-mode insrc-redundant 如果有双电网供电则使用此模式
show module 检验各模块状态
attach module slot_number
dir bootflash dir slot0:查看ACTIVE引擎的FLASH空间
如果查看备份引擎的FLASH空间呢?首先attach module command to attach to the module number, and then use the dir bootflash: or dir slot0:
out-of-service module slot Shutting Down a Supervisor or I/O Module
out-of-service xbar slot Shutting Down a Fabric Module
show environment
show environment temperature
show environment fan
banner motd #Welcome to the switch#
clock timezone
clock set
reload 重启交换机
reload module number
switchto VDC切换至某VDC管理界面
switchback
poweroff module slot_number
no poweroff module slot_number
poweroff xbar slot_number
CMP连接管理处理器配置
CMP配置:
You should also configure three IP addresses—one for each cmp-mgmt interface and one that is shared between the active and standby supervisor mgmt 0 interfaces.
attach cmp 进入CMP
命令输入后自动存盘,不需要copy run start
通过NX-OS CLI来配置CMP
1. configure terminal
2. interface cmp-mgmt module slot 通过module 槽号分别为5/6来实现主备引擎上的CMP配置
3. ip address ipv4-address/length
4. ip default-gateway i pv4-address
5. show running-config cmp
通过CMP CLI来配置CMP
1. attach cmp
2. configure terminal
3. ip default-gateway i pv4-address
4. interface cmp-mgmt
5. ip address ipv4-address/length
6. show running-config
在CMP上可执行的动作:
show cp state
reload cp
attach cp
monitor cp
ping or traceroute 192.0.2.15
reload system To reload the complete system, including the CMPs
带外管理VRF
Management VRF and Basic Connectivity
The management interface is, by default, part of the management VRF. The management interface “mgmt0” is the only interface allowed to be part of this VRF.
The philosophy beyond Management VRF is to provide total isolation for the management traffic
from the rest of the traffic flowing through the box by confining the former to its own forwarding table.
In this step we will:
- Verify that only the mgmt0 interface is part of the management VRF
- Verify that no other interface can be part of the management VRF
- Verify that the default gateway is reachable only using the management VRF
如果想Ping 带外网管的网关等地址必须在Ping命令后面加上vrf management
ping 10.2.8.1 vrf management
划分Nexus 7010 VDC
VDC是Nexus7000系列的特色功能。
通过将物理机箱划分为多个逻辑交换机,核心交换机区域将可以获得多台物理隔离的高性能交换机。
VDC具有完全隔离的路由表,VRF和接口,因此可以获得真实交换机属性的配置。
VDC的资源是占用全局机箱的,因此在必要的时候,需要通过调整VDC资源配置来进行VDC功能和性能的调整。
所有进入VDC的接口和资源都不能被其他VDC或者缺省VDC使用。
VDC配置
/en/US/docs/switches/datacenter/sw/5_x/nx-os/virtual_device_context/quick/g uide/Cisco_Nexus_7000_Series_NX-OS_Virtual_Device_Context_Quick_Start__Release_5.x_cha pter1.html
vdc MyVDC 创建VDC
allocate interface ethernet 2/11-1 分配接口
switchto vdc MyVDC Switch to the new VDC and enter the VDC admin user account password切换至一个VDC
switchback
setup 根据安装向导配置VDC
show vdc membership
show vdc current-vdc
When interfaces in different VDCs share the same port ASIC, reloading the VDC (with the reload vdc command) or provisioning interfaces to the VDC (with the allocate interface command) might cause short traffic disruptions (of 1 to 2 seconds) for these interfaces. If such behavior is undesirable, make sure to allocate all interfaces on the same port ASIC to the same VDC.
To see how the interfaces are mapping to the port ASIC, use this command:
slot slot_number show hardware internal dev-port-map 这个命令没有帮助,需盲打
copy running-config startup-config vdc-all
通过命令可以查看当前VDC的数量和状态。
系统机箱本身默认为VDC1,最多可以建立3个另外的VDC。
登录到系统默认的VDC1下,可以通过switchto vdc命令在不同的VDC之
reload都有针对单独VDC的配置。
不同VDC的名称,除了在vpc命令中直接指定,还可以进入到VDC配置界面后,直接用hostname命令进行更改。
基于EthernetChannel的vPC
vPC是Cisco NX-OS由于解决STP Block端口而使用的技术。
通过将两台设备虚拟成一台设备,使得系统可以使用两套冗余链路转发数据。
vPC完全基于EthernetChannel技术,所有成员组都必须在EthernetChannel当中,除了peer-link keepalive。
vPC仅仅能作用在二层Trunk结构下,完全不兼容任何L3环境。
vPC使用连接设备的peer-link必须使用10G以太网接口,而peer-link keepalive必须是路由接口。
配置手册推荐使用单独的VRF来隔离,以便于减小地址管理压力。
首先,配置L3端口,保证双方可以ping通:
将会导致一些vPC Domain重新收敛。
具体情况请见后面描述。
其次,进行完L3配置后,配置vPC Domain。
一台设备属于且只能属于一个vPC Domain,一个vPC Domain有且只能拥有两个成员。
Domain的配置当中,需要指定vPC对端设备的IP
态。
再次,配置peer-link。
Peer-link是vPC转发机箱间流量的链路,因此链路只能使用10G 以太网,配置手册推荐使用至少2条10G以太网电缆进行捆绑:
最后,将一段设备连接到两侧设备链路推入各自的EthernetChannel的组,并且将参加配置的EthernetChannel加入vPC组,保证对应的EthernetChannel在相同的转发vPC当中,
在配置当中,vpc的数字和port-channel的数字必须相同,并且这两个数字必须和Domain的数字不同。
否则,将会导致vpc无法启动的问题。
vPC配置的两端都必须是相容的Trunk配置,例如LACP或者no protocol。
LACP System priority的一致,有利于vPC状态下LARP的收敛,手册推荐配置为vPC成员设备拥有相同的值。
配置需要再全局和vPC配置模式下使用。
如果在配置中发现如下现象,则应当首先检查vPC中,成员EthernetChannel配置是否
正常:
注记:
对于不同的设备和不同的拓扑形态,vPC的具体配置也会有所不同。
1.对于简单的downstream设备
如图所示:
对于简单的downstream设备,两台Nexus设备使用标准的vPC配置方法。
两台设备之间配置peer-link和peer-link keepalive链路,在完成vPC配置之后,将于downstream连接的接口划入一个EthernetChannel,即便是该EthernetChannel也无妨,然偶将这个EthernetChannel接口划入到对应的vpc中,完成虚拟转发。
2.对于Nexus推荐的域环境
如图所示:
在Nexus5k和Nexus7k当中,使用fullmesh的结构来连接。
通过vPC技术,中间这四条链路可以保持全活的状态,结合vPC形成的虚拟拓扑,实际上相当于单台Nexus5k和Nexus7k之间连接了一条40G的链路,从而极大的提高了转发能力。
在这种配置实例当中,Nexus5k和Nexus7k需要单独配置自己的vPC Domain,在各自的vPC Domain正常建立后,将交叉的线路绑定成EthernetChannel,绑定协议不限于LACP或者no protocol。
下面的配置仅列出了左侧5k和7k的相关配置。
通过将同一台设备的两条链路捆绑成EthernetChannel,并将其放入相同的vPC转发
组,来完成双向的配置。
CAUTION
配置当中,并需保持vPC两侧配置的同步,即,两侧的VLAN,接口,VDC配置应
当一致,若配置不一致,则会导致vPC工作不正常。
所有的EthernetChannel必须工作在Trunk模式下,需要用Switchport mode trunk方
式和做显式的指派,否则会导致vPC工作不正常。
割裂的vPC:HSRP和STP
vPC处于割裂状态时,vPC Domain成员的状态取决于当前的系统角色(system role)。
当vPC Peer-link Keepalive链路中断时,所有的数据转发都不会受到影响;当vPC Peer-link链路中断时,处于Secondary角色的设备,所有处于vPC成员组的EthernetChannel都会被置为Down状态,使得该设备从vPC管理域中离线,从而停止数据转发,直到链路被修复。
当vPC Domain成员都处在正常工作状态时,对于vPC Peer-link和vPC Peer-link Keepalive的中断都不会终止系统的数据转发,只是vPC收敛可能会导致丢失1~2个数据包。
但是处于下列情况,会导致vPC Domain出现数据转发问题:
保证vPC Domain正常工作,将两台设备中间的链路全部中断,然后在两侧都配置reload restore命令情况下,重启两侧vPC Domain成员,在经过240s后,两侧设备都会处于双活状态,从而导致数据转发环路。
从得到的消息看,应该是STP导致的二层环路所致。
使用vPC配置命令:peer-switch也许可以解决这个问题。
该问题必须经由严格的操作时序才可重现。
vPC上的HSRP进行了特殊的修正,HSRP的Active负责相应ARP请求,但是standby角色也可以转发带有目的地为HSRP组虚拟MAC地址的数据包,这样就实现了HSRP的Load-Balance。
和HSRP一样,GLBP也是vPC所支持的热备份网关协议,但是GLBP通过AVG相应不同的ARP请求,并回应给不同AVF的MAC地址的方式来进行负载均衡。
但是HSRP在vPC环境中,收敛速度比GLBP更快。
在vPC当中,所有HSRP、GLPB或者VRRP的,处于Active角色设备,都必须配置在vPC的Primary设备上;同样的,STP配置中,关于VLAN的根桥,也必须和Primary设备保持一致。
HSRP在两侧应当拥有相同的HSRP组号,并且同一组号在单一VDC上不能重复。
基于vPC 的HSRP不能使用USE-BIA参数。
vPC的细部配置
role priority
vPC在没有role priority配置的情况下,由桥MAC来决定谁是primary设备,MAC绝对值较小的会当选,如果配置了role priority的,则该项配置值相对较小的会当选。
但是要shut peer-link一次,才能完成更改。
System-priority
这是vPC当中对于LACP的配置。
如果该值不配置,则不影响,但是如果配置了,则vPC Domain 中设备的system-priority值必须相同,如果不匹配,vPC启动可能会遇到麻烦。
Reload restore
该命令用于帮助Nexus启动后,找不到vPC对端时仍能激活vPC的功能。
缺省情况,如果vPC成员设备启动后无法找到对端,会导致所有vPC功能端口出于down状态,不能转发数据。
配置了这个命令后,该单独启动的设备会在最少240s后,将vPC成员端口转变为up状态,并且开始转发数据。
CAUTION
在vPC成员设备间所有电缆,包括peer-link和peer-link keepalive电缆中断的情况下,并且两侧vPC全部配置reload restore,将会在两端设备重新启动完成后,存在vPC双活,Nexus 将会与上层转发设备之间形成数据环路。
该情况仅出现在Nexus推荐的域环境中,并且要严格遵循步骤,才能出现。
Peer-switch
Peer-switch命令用于将vPC Domain成员设备虚拟成一个STP的根,从而实现生成树结构的优化,减少Primary设备失败后的STP重算时间。
Nexus的SPAN
Nexus支持SPAN,ESPAN和ERSPAN。
SPAN方式被称为本地SPAN,用于本地交换机接口作为源和目的;ESPAN用于将SPAN流量的目的设定为某个VLAN,并通过Trunk实现远程的SPAN;ERSPAN用于将SPAN流量封装在GRE中,通过路由方式进行远端的SPAN。
Nexus7000最大可以存在48个Session,但是只能有两个在工作;Fex端口只能做SPAN的源,不能做span的目的;EthernetChannel成员不能当span的源,nexus5K上连接fex接口不能当span的源;Nexus5K仅支持SPAN,而Nexus7K则支持所有的SPAN类型。
VDC的MGMT接口
MGMT接口在所有VDC当中共享。
在非VDC1中,show interface status 不显示,但是使用命令interface mgmt 0仍然可以将地址进行配置。
所有VDC的MGMT接口地址应当在同一个子网内。
DOWN的VLAN端口
在基于vPC的配置中,如果vPC Domain成员交换机关于VLAN配置不一致,就会导致VLAN 接口总是处于DOWN的状态,而无法被激活。
Nexus7K中,VLAN的配置和Interface VLAN的配置是相分离的,仅有Interface VLAN而没有VLAN,是会导致VLAN接口在两侧的配置不同,从而导致L3VLAN接口处于DOWN的状态。
缺省情况下,L3VLAN接口被shutdown,需要使用no命令激活。
可以尝试使用VTP来避免配置上的错误。
Nexus的路由
Nexus的OSPF
在Nexus当中,OSPF的带宽计算参考值已经从原来的100Mbps更改为40Gbps,并设定为默认值。
Nexus的OSPF已经不允许在OSPF进程下进行网络的宣告,所有对于OSPF的网络宣告都要
Nexus上的NLB
基于Windows Server系列操作系统的NLB,实验确认可以被支持。
标识一个部件
Nexus常常由很多部件构成,例如Fabric Module,或者xBAR等等,使用下面的命令可以激活面板上的Identification灯,从而标识出需要更换或者处理的模块。
locator-led {chassis | fan f-number | module slot | powersupply ps-number | xbar x-number} no locator-led{chassis | fan f-number | module slot | powersupply ps-number | xbar x-number}
这个命令模板是基于Nexus7k的,在Nexus5k上有些参数不能用,但是有fex参数用来标识
Fabric Module
光纤的类型
对于使用SFP的Nexus5010而言,需要考虑跨机房连接时的光纤类型。
系统提示的信息如下:
Nexus7000基本配置汇总
Cisco NX-OS/IOS Configuration Fundamentals Comparison
Objective
This tech note outlines the main differences for the configuration fundamentals between the Cisco NX-OS software and the Cisco IOS® Software. Sample configurations are included for Cisco NX-OS and Cisco IOS Software to illustrate some the differences after the first system startup. Please refer to the NX-OS documentation on for a complete list of supported features.
Cisco NX-OS Overview
The Cisco NX-OS is a data center class operating system designed for maximum scalability and application availability. The CLI interface for the NX-OS is very similar to Cisco IOS, so if you understand the Cisco IOS you
can easily adapt to the Cisco NX-OS. However, a few key differences should be understood prior to working with the Cisco NX-OS.
Important Cisco NX-OS and Cisco IOS Software Differences
In Cisco NX-OS:
When you first log into the NX-OS, you go
directly into EXEC mode.
Role Based Access Control (RBAC)
determines a user’s permissions by default.
NX-OS 5.0(2a) introduced privilege levels
and two-stage authentication using an enable
secret that can be enabled with the global
feature privilege configuration command.
By default, the admin user has
network-admin rights that allow full
read/write access. Additional users can be
created with very granular rights to permit or
deny specific CLI commands.
The Cisco NX-OS has a Setup Utility that
allows a user to specify the system defaults,
perform basic configuration, and apply a
pre-defined Control Plane Policing (CoPP)
security policy.
The Cisco NX-OS uses a feature based
license model. An Enterprise or Advanced
Services license is required depending on the
features required. Additional licenses may be
required in the future.
A 120 day license grace period is supported
for testing, but features are automatically
removed from the running configuration after
the expiration date is reached.
The Cisco NX-OS has the ability to enable
and disable features such as OSPF, BGP,
etc… using the feature configuration
command. Configuration and verification
commands are not available until you enable
the specific feature.
Interfaces are labeled in the configuration as
Ethernet. There aren’t any speed
designations.
The Cisco NX-OS supports Virtual Device
Contexts (VDCs), which allow a physical
device to be partitioned into logical devices.
When you log in for the first time You are in
the default VDC (VDC 1).
The Cisco NX-OS has two preconfigured
VRF instances by default (management,
default). The management VRF is applied to
the supervisor module out-of-band Ethernet
port (mgmt0), and the default VRF instance is
applied to all other I/O module Ethernet ports.
SSHv2 server/client functionality is enabled
by default. TELNET server functionality is
disabled by default. (The TELNET client is
enabled by default and cannot be disabled.)
VTY and Auxiliary port configurations do not
show up in the default configuration unless a
parameter is modified (The Console port is
included in the default configuration). The
VTY port supports 32 simultaneous sessions
and the timeout is disabled by default for all
three port types.
Things You Should Know
The following list provides some additional Cisco NX-OS information that should be helpful when configuring and maintaining the Cisco NX-OS.
The default administer user is predefined as
admin. An admin user password has to be
specified when the system is powered up for
the first time, or if the running configuration is
erased with the write erase command and
system is repowered.
If you remove a feature with the global no
feature configuration command, all relevant
commands related to that feature are
removed from the running configuration.
The NX-OS uses a kickstart image and a
system image. Both images are identified in
the configuration file as the kickstart and
system boot variables. The boot variables
determine what version of NX-OS is loaded
when the system is powered on. (The
kickstart and system boot variables have to
be configured for the same NX-OS version.)
The show running-config command
accepts several options, such as OSPF, BGP,
etc… that will display the runtime
configuration for a specific feature.
The show tech command accepts several
options that will display information for a
specific feature.
Configuration Comparison
The following sample code show similarities and differences between the Cisco NX-OS software and the Cisco IOS Software CLI.
Cisco IOS CLI Cisco NX-OS CLI Default User Prompt
n7000#
Entering Configuration Mode
n7000# configure terminal
Saving the Running Config to the Startup Config (nvram)
n7000# copy running-config startup-config
Erasing the startup config (nvram)
n7000# write erase
Installing a License
n7000# install license bootflash:license_file.lic Interface Naming Convention
interface Ethernet 1/1
Default VRF Configuration (management)
vrf context management
Configuring the Software Image Boot Variables
boot kickstart
bootflash:/n7000-s1-kickstart.4.0.
4.bin sup-1
boot system
bootflash:/n7000-s1-dk9.4.0.4.bin
sup-1
boot kickstart
bootflash:/n7000-s1-kickstart.4.0.
4.bin sup-2
boot system
bootflash:/n7000-s1-dk9.4.0.4.bin
sup-2
Enabling Features
feature ospf Enabling TELNET (SSHv2 is recommended)
feature telnet Configuring the VTY Timeout and
Session Limit
line vty
session-limit 10
exec-timeout 15
Cisco NX-OS/IOS Interface Comparison
Objective
This tech note outlines the main differences in interface support between Cisco® NX-OS Software and Cisco IOS® Software. Sample configurations are included for Cisco NX-OS and Cisco IOS Software for some common features to demonstrate the similarities and differences. Please refer to the NX-OS documentation on for a complete list of supported features.
Interface Configuration Overview
The NX-OS supports different physical and virtual interface types to meet various network connectivity requirements. The different interface types include: layer-2 switched (access or trunk), layer-3 routed, layer-3 routed (sub-interface trunk), switched virtual interface (SVI), port-channel, loopback, and tunnel interfaces. Port-channel interfaces are documented in the Cisco NX-OS/IOS Port-Channel Comparison Tech-Note.
Important Cisco NX-OS and Cisco IOS Software Differences
In Cisco NX-OS:
SVI command-line interface (CLI) configuration and verification
commands are not available until you enable the SVI feature with the feature interface-vlan command.
Tunnel interface command-line interface (CLI) configuration and
verification commands are not available until you enable the Tunnel
feature with the feature tunnel command.
Interfaces support stateful and stateless restarts after a supervisor
switchover for high availability.
Only 802.1q trunks are supported, so the encapsulation command isn't necessary when configuring a layer-2 switched trunk interface. (Cisco ISL is not supported)
An IP subnet mask can be applied using /xx or xxx.xxx.xxx.xxx
notation when configuring an IP address on a layer-3 interface.
The CLI syntax for specifying multiple interfaces is different in Cisco NX-OS Software. The range keyword has been omitted from the syntax (IE: interface ethernet 1/1-2)
The out-of-band management ethernet port located on the supervisor module is configured with the interface mgmt 0 CLI command.
Things You Should Know
The following list provides some additional facts about the Cisco NX-OS that should be helpful when configuring interfaces.
An interface can only be configured in 1 VDC at a time.
All 4 interfaces in a port group must be assigned to the same VDC when assigning interfaces on the 32 port 10GE module. There are not any restrictions for the 48 port 1GE modules.
10 GE interfaces can be configured in dedicated mode using the
rate-mode dedicated interface CLI command.
The default port type is configurable for L3 routed or L2 switched in the setup startup script. (L3 is the default port type prior to running the
script)
A layer-2 switched trunk port sends and receives traffic for all VLANs by
default (This is the same as Cisco IOS Software). Use the switchport trunk allowed vlan interface CLI command to specify the VLANs
allowed on the trunk.
The clear counters interface ethernet x/x CLI command resets the counters for a specific interface.
Configuration Comparison
The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. The CLI is very similar between Cisco IOS and Cisco NX-OS Software.
Cisco IOS CLI Cisco NX-OS CLI Configuring a Routed Interface
interface ethernet 1/1
ip address 192.168.1.1/24
no shutdown
Configuring a Switched Interface (VLAN 10)
vlan 10
interface ethernet 1/1
switchport
switchport mode access
switchport access vlan 10
no shutdown
Configuring a Switched Virtual Interface (SVI)
feature interface-vlan
interface vlan 10
ip address 192.168.1.1./24
no shutdown
Configuring a Switched Trunk Interface
interface ethernet 1/1
switchport mode trunk
switchport trunk allowed vlan 10,20
switchport trunk native vlan 2
no shutdown
Configuring a Routed Trunk Sub-Interface
interface ethernet 1/1
no switchport
no shutdown
interface ethernet 1/1.10
encapsulation dot1q 10
ip address 192.168.1.1/24
no shutdown
Configuring a Loopback Interface
interface loopback 1
ip address 192.168.1.1/32
no shutdown
Configuring a Tunnel Interface
feature tunnel
interface tunnel 1
ip address 192.168.1.1/24
tunnel source 172.16.1.1
tunnel destination 172.16.2.1
no shutdown
Configuring an Interface Description
interface ethernet 1/1
description Test Interface Configuring Jumbo Frames
interface ethernet 1/1
mtu 9216
Configuring Multiple Interfaces
(Examples)
interface ethernet 1/1-1
or
interface ethernet 1/1, ethernet 2/1
Verification Command Comparison
The following table lists some useful show commands for verifying the status and troubleshooting an interface.
Cisco NX-OS/IOS Port-Channel Comparison
Objective
This tech note outlines the main differences in Port-Channel support between Cisco® NX-OS Software and Cisco IOS® Software. Sample configurations are included for Cisco NX-OS and Cisco IOS Software for some common features to demonstrate the similarities and differences. Please refer to the NX-OS documentation on for a complete list of supported features.
Port-Channel Overview
Port-Channels provide a mechanism for aggregating multiple physical Ethernet links into a single logical Ethernet link. Port-Channels are typically used to increase availability and bandwidth, while simplifying the network topology. Port-Channels can be configured in Static Mode (no protocol) or in conjunction with a protocol such as LaCP defined in IEEE 802.3ad or PaGP for dynamic negotiations and keep-alive detection for failover.
Important Cisco NX-OS and Cisco IOS Software Differences
In Cisco NX-OS:
256 Port-Channels are supported per chassis
LaCP and Static Mode Port-Channels are supported (PaGP is not
supported in Cisco NX-OS Software).
LaCP command-line interface (CLI) configuration and verification
commands are not available until you enable the LaCP feature with the feature lacp command.
The CLI syntax for specifying multiple interfaces is different in Cisco NX-OS Software. The range keyword has been omitted from the syntax (IE: interface ethernet 1/1-2)
A Port-Channel can be converted between a layer-2 and layer-3
Port-Channel without removing the member ports.
The force keyword can be used when adding an interface to an existing Port-Channel to force the new interface to inherit all of the existing
Port-Channel compatibility parameters.
Things You Should Know
The following list provides some additional facts about the Cisco NX-OS that should be helpful when designing, configuring, and maintaining a network using Port-Channels.
A single Port-Channel cannot connect to two different VDCs in the same
chassis.
You cannot disable LaCP with the no feature lacp command if LaCP is configured for a Port-Channel. LaCP must be disabled on all
Port-Channels prior to disabling LaCP globally.
The show port-channel compatibility-parameters CLI command is very useful for verifying interface parameters when configuring
Port-Channels.
The show port-channel load-balance forwarding-path CLI command can be used to determine the individual link a flow traverses over a
specific Port-Channel.
Configuration Comparison
The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. The CLI is very similar between Cisco IOS and Cisco NX-OS. Cisco NX-OS does not use
the range keyword when specifying multiple interfaces. Cisco NX-OS also has the ability to force an interface to inherit existing Port-Channel compatibility parameters using the force keyword.
Cisco IOS CLI Cisco NX-OS CLI Enabling the LaCP Feature
feature lacp
Configuring LACP Active Mode
interface ethernet 1/1-2
channel-group 1 mode active Configuring LaCP Passive Mode
interface ethernet 1/1-2
channel-group 1 mode passive Configuring Static Mode (no protocol)
interface ethernet 1/1-2
channel-group 1 mode on
Enabling a Port Channel
interface port-channel 1
no shutdown
Layer-2 Port-Channel Example
interface ethernet 1/1-1
switchport
channel-group 1 mode active
interface port-channel 1
no shutdown
Layer-3 Port-Channel Example
interface ethernet 1/1-1
no switchport
channel-group 1 mode active
interface port-channel 1
ip address 192.168.1.1/32
no shutdown
Adding an Interface to an Existing Port-Channel
interface ethernet 1/3
channel-group 1 force mode active
Configuring the System Load-Balance Algorithm
port-channel load-balance ethernet
destination-mac
Configuring the Load-Balance Algorithm per Module
port-channel load-balance ethernet
destination-mac module 1
Verification Command Comparison
The following table lists some useful show commands for verifying and troubleshooting a Port-Channel configuration.
/wiki/Cisco_NX-OS/IOS_HSRP_Comparison
Cisco NX-OS/IOS HSRP Comparison Objective
This tech note outlines the main differences in Hot Standby Routing Protocol (HSRP) (IPv4) support between Cisco® NX-OS Software and Cisco IOS® Software. Sample configurations are included for Cisco NX-OS and Cisco IOS Software for some common features to demonstrate the similarities and differences. Please refer to the NX-OS documentation on for a complete list of supported features.
HSRP Overview
HSRP is a Cisco proprietary First Hop Redundancy Protocol (FHRP) designed to allow transparent failover for an IP client’s default gateway (first-hop router).
Important Cisco NX-OS and Cisco IOS Software Differences
In Cisco NX-OS:
HSRP command-line interface (CLI) configuration and verification
commands are not available until you enable the HSRP feature with the feature hsrp command.
HSRP is hierarchical. All related commands for an HSRP group are
configured under the group number.
The HSRP configuration commands use the format hsrp <option>
instead of standby<option>.
The HSRP verification commands use the format show hsrp <option> instead of show standby <option>.
HSRP supports stateful process restart by default.
The hello and hold-time timer ranges for the millisecond options are
different. In Cisco NX-OS, hello = 250 to 999 milliseconds, and hold time
= 750 to 3000 milliseconds. In Cisco IOS Software, hello = 15 to 999 milliseconds, and hold time = 50 to 3000 milliseconds.
Things You Should Know
The following list provides some additional facts about Cisco NX-OS that should be helpful when designing, configuring, and maintaining
HSRP-enabled networks.
If you remove the feature hsrp command, all relevant HSRP
configuration information is also removed.
HSRPv1 is enabled by default (HSRPv2 can be enabled per interface).
HSRPv1 supports 256 group numbers (0 to 255). HSRPv2 supports 4096 group numbers (0 to 4095).
HSRPv1 and HSRPv2 are not compatible. However, a device can be configured to run a different version on different interfaces.
The show running-config hsrp command displays the current HSRP configuration.
Configuration of more than one FHRP on an interface is not
recommended.
Object tracking is supported. Tracking can be configured for an
interface’s line protocol state, IP address state, and for IP route
reachability (determining whether a route is available in the routing
table).
An interface can track multiple objects.
Secondary IP addresses are supported in the same or a different group as the interface’s primary IP address.
Load sharing can be accomplished by using multiple HSRP groups per interface.
Configuration Comparison
The following sample code shows configuration similarities and differences between the Cisco NX-OS and Cisco IOS Software CLIs. There are two significant differences: Cisco NX-OS uses a hierarchical configuration, and it uses the hsrp keyword instead of the standby keyword for configuration
and verification commands. Both enhancements make the configuration easier to read.
Cisco IOS CLI Cisco NX-OS CLI Enabling the HSRP Feature
feature hsrp
Configuring HSRP on an Interface
interface Ethernet2/1
ip address 192.168.10.2/24
hsrp 0
ip 192.168.10.1
Configuring the priority and preempt Options
interface Ethernet2/1
ip address 192.168.10.2/24
hsrp 0
preempt
priority 110
ip 192.168.10.1
Modifying the Hello and Holdtime Timers (Seconds)
interface Ethernet2/1
ip address 192.168.10.2/24
hsrp 0
timers 1 3
ip 192.168.10.1
Modifying the Hello and Holdtime Timers (Milliseconds)。