21 September 2012

Nexus 7000 from Catalyst 6500 and 4500 Switches as of NX-OS 6.0

Some caveats: NX-OS does not support all the features of IOS, for example, acting as a DHCP server and NTP authentication.

IOS Commands (Nexus NX-OS Commands when different)


show versionDisplays information about the currently running system software image and an overview of the installed hardware.
show moduleDisplays information about the installed modules including module number, module type, number of ports on each module, module MAC addresses, and the module status.
router(config)#do show command

router(config)#show command! or
router(config)#do show command
View existing configuration information from the configuration command prompt using show commands.

 For NX-OS, the [Tab] key and "?" will work for Exec mode commands inside of configuration mode. The use of "do" in NX-OS is currently working, but is not documented.
router(config)# do Exec-commandrouter(config)# Exec-command! or
router(config)#do Exec-command
View existing configuration information from the configuration command prompt.

 For NX-OS, the [Tab] key and "?" will work for Exec mode commands inside of configuration mode. The use of "do" in NX-OS is currently working, but is not documented.
reloadReloads the operating system for the entire device 
 For the Nexus 7000, this command works only in the default VDC.
! 6500
hw-module module slot reset! 4500
no hw-module [slot | modulenumber powerhw-module [slot | modulenumber power
reload module mod-#
Reloads a module in the device by turning power off then on.
Note: For the Nexus 7000, this command works only in the default VDC
service timestamps [debug | log] [uptime | datetime [msec]] [localtime] [show-timezone] [year]

debug logging
logging timestamp {microseconds | milliseconds | seconds}
Apply a time stamp to debugging messages or system logging messages. 

 In NX-OS, to enable debug logging configure 'debug logging' command. NX-OS does not have as many options for timestamps.
service password-encryption! No equivalent NX-OS commandNote: By default, NX-OS encrypts plain text passwords and enables password strength checking.
logging buffered [discriminator discr-name] [buffer-size] [severity-level]

logging logfile logfile-name severity-level [size bytes]
Enable system message logging to a local buffer
username name {nopassword | password password | passwordencryption-type encrypted-password}username user-id [password [0 | 5password ]Create and configure a user account.
 By default, NX-OS encrypts plain text passwords and enables password strength checking.
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login console none
aaa authentication enable default none
aaa authentication ppp default local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 -15 start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa authorization commands level
aaa authorization config-commands
aaa session-id commonaaa authentication login default {group tacacs+ local}
aaa authentication login console noneaaa user default-role 
aaa accounting default group tacacs+aaa authorization commands default
aaa authorization config-commands default
Configuring AAA.
Note: Not all commands are supported on the NX-OS.
clock timezone zone hours-offset [minutes-offset]
clock summer-time zone recurring [week day month hh:mm week day month hh:mm [offset]]

clock timezone zone-name offset-hours offset-minutesclock summer-time zone-name start-week start-day start-month start-time end-week end-day end-month end-time offset-minutes
Configure the time zone offset from Coordinated Universal Time (UTC) as well as daylight savings time.
ip classless
! No equivalent NX-OS command
This commands is not available in NX-OS.
ip subnet-zero
no ip source-route
no ip bootp server

! No equivalent NX-OS command
These commands are not available in NX-OS.
no ip domain-lookup
ip domain-nam
e [vrf vrf-name] nameip name-server [vrf vrf-nameip-address
no ip domain-lookup
ip domain-name 
domain-name [use-vrf name]
ip name-server 
ip-address [use-vrf name]
Disable DNS lookup feature and configure a domain name and name server.
ip ssh time-out seconds
ip ssh authentication-retries tries
ip ssh version 2ipfeature ssh
ssh key {dsa [force] | rsa [length [force]]}
Enable an SSH server.

 The Cisco NX-OS commands for SSH are different from the Cisco IOS commands. NX-OS software supports only SSHv2.
power redundancy-mode {redundant | combined}power redundancy-mode {combined | insrc-redundant ps-redundant |redundant}Configure the power supply redundancy mode
! 6500
no power enable module mod-#! 4500
no hw-module [slot | modulenumber power
poweroff module mod-#
Powers off a module from configuration mode.
mode sso
auto-sync standard
! No equivalent NX-OS command
Configure CPU redundancy.

 : The Nexus 7000 supports dual supervisor modules to provide 1+1 redundancy for the control and management plane. Only one of the supervisor modules is active at any given time, while the other acts as a standby backup. No configuration commands are needed.
spanning-tree mode [pvst | mst | rapid-pvst]spanning-tree mode [rapid-pvst | mst]Default mode for IOS is PVST; default mode for NX-OS is RPVST.

 When you enter the command, all STP instances are stopped for the previous mode and are restarted in the new mode.
spanning-tree extend system-id! No equivalent NX-OS commandEnable the extended system ID feature on a chassis that supports 1024 MAC addresses. 
 NX-OS does not use this command, the extended system ID is always automatically enabled in NX-OS devices.
spanning-tree vlan vlan-id priority valueSet the STP bridge priority
vlan internal allocation policy ascending! No equivalent NX-OS commandConfigure the internal VLAN allocation scheme.
 NX-OS does not support this command.
interface type slot/numberswitchport
switchport mode access 
switchport access vlan vlan-idspanning-tree portfast
[speed {10 | 100 | 1000 | auto [10 | 100 | 1000] | nonegotiate}]
 type slot/number
switchport host
switchport access vlan 
[speed {10 | 100 | 1000 | auto [10 100 | 1000] | 10000 | auto}]
Configure a Layer 2 access port.

 NX-OS uses "Ethernet" as the type for all FastEthernet / GigabitEthernet / Ten Gigabit Ethernet interfaces.
The VLAN in the vlan-id needs to be created so that the interface will come up.
interface type slot/numberswitchport
switchport mode trunk
[switchport trunk allowed vlan vlan-id]
switchport trunk encapsulation [isl | dot1 | negotiate]
[switchport trunk allowed vlan add vlan-id]
[speed {10 | 100 | 1000 | auto [10 | 100 | 1000] | nonegotiate}]
type slot/number
switchport mode trunk
[switchport trunk allowed vlan 
[switchport trunk allowed vlan add 
[speed {10 | 100 | 1000
 auto [10 100 | 1000 ] | 10000 | auto}]
Configure a Layer 2 trunk port.

 NX-OS only supports 802.1Q encapsulation.
vlan vlan-#
interface vlan-#
no shutdownvlan vlan-#
feature interface-vlan
interface vlan-#
no shutdown
Configure a VLAN interface

 In NX-OS, the interface-vlan feature needs to be enabled before an interface VLAN can be configured. The VLAN needs to be defined as well for the interface to come up
interface port-channel channel-# 

switchport mode . . .
interface type slot/number
switchportchannel-group group_number mode {active | auto | desirable | on |passive}
feature LACP
interface port-channel 
switchport mode . . .
type slot/number
channel-group channel-
 number [force] [mode {on | active | passive}] 
Configure a Layer 2 LACP port channel. 
 In NX-OS, the LACP feature needs to be enabled before it can be used.
vtp domain domain-nameConfigure the VTP domain name
vtp {server client | transparent | off}
feature vtp
vtp {server client | transparent | off}
Configure the VTP mode.

 By default, VTP mode is off for NX-OS.
udld {enable | aggressive}
feature udld
Enable UDLD globally on a device.
ip route prefix mask next-hop-addressip route ip-prefix/length next-hop-address
Configure static routes.
ip access-list extended access-list-name 
[sequence-number{permit | denyprotocol source source-wildcard destination destination-wildcard . . .

ip access-list access-list-name 
[sequence-number{permit | denyprotocol source destination . . . 

Create or configure an IPv4 ACL

 NX-OS supports one type of IPv4 ACL which is similar to the named extended ACL in IOS.
ip access-list resequence access-list-name starting-sequence-number increment

resequence access-list-type access-list access-list-name starting-sequence-number increment
Resequence an ACL.
router eigrp as-numberfeature EIGRP
router eigrp
 instance-tag[autonomous-system as-number]
Configure EIGRP routing.

 In NX-OS, the EIGRP feature needs to be enabled before it can be used. You can use any case-sensitive alphanumeric string up to 20 characters as an instance tagIf you configure an instance-tag that does not qualify as an AS number, you must use the autonomous-systemcommand to configure the AS number explicitly or this EIGRP instance will remain in the shutdown state
network ip-address [wildcard-mask]
interface type slot/number
ip address ip-prefix/length
ip router eigrp instance-tag
Configure a network in EIGRP.

 For NX-OS, a network is configured in EIGRP by associating it through an interface the router uses to connect to the area. NX-OS uses CIDR notation for IP addresses, but can accept the ip-address mask format as well.
router ospf process-idfeature OSPF
router ospf
Configure OSPF routing.

 In NX-OS, the OSPF feature needs to be enabled before it can be used. Theinstance-tag is locally assigned and can be any alphanumeric string or positive integer.
network ip-address wildcard-mask area area-id
interface type slot/number
ip address ip-prefix/length
ip router ospf instance-tag area area-id
Configure a network in OSPF.

 For NX-OS, a network is configured in OSPF by associating it through an interface the router uses to connect to the area.
router ospf process-idauto-cost reference-bandwidth mbps

router ospf instance-tag
auto-cost reference-bandwidth
 bandwidth [Gbps | Mbps]
Configure a reference bandwidth for OSPF.
Note: For IOS, the default is 100 Mb/s. For NX-OS, the default is 40Gb/s.
router bgp as-number
no synchronization
bgp router-id ip-address
bgp always-compare-med
bgp log-neighbor-changes
bgp deterministic-med
bgp bestpath med missing-as-worst
no auto-summary

feature bgp
router bgp
bestpath med missing-as-worst
bestpath always-compare-med
Configure BGP routing.
Note: For NX-OS, the no synchronizationand no auto-summary commands are enabled by default.
router bgp as-numberneighbor ip-address remote-as as-number
network network-number [mask network-mask]
router bgp as-numaddress-family ipv4 unicast
 ip-address remote-as as-number

address-family ipv4 unicast
Advertise an IPv4 network in BGP.
router bgp as-numberneighbor peer-name peer-group
neighbor peer-name remote-as as-number
neighbor peer-name password 7 password
neighbor peer-name update-source Loopback0
neighbor peer-name send-community
neighbor peer-name timers 2 6
neighbor peer-name soft-reconfiguration inbound
neighbor ip-address-1 peer-group peer-name
neighbor ip-address-1 description descriptive-info
neighbor ip-address-2 peer-group peer-name
neighbor ip-address-2 description descriptive-info

router bgp as-numbertemplate peer peer-name
password 7
timers 3 9
address-family ipv4 unicast
soft-reconfiguration inbound
 ip-address-1 remote-as as-number
inherit peer peer-name
description descriptive-info
neighbor ip-address-2 remote-as as-number
inherit peer peer-name
description descriptive-info
Configure BGP Peer Group/Template.
interface type slot/number
ip address ip-address mask
ip helper-address ip-address
standby [group-numberip ip-address standby [group-numbertimershellotime holdtime
standby [group-numberpriority priority
standby [group-numberprempt
eature hsrp
ip dhcp relay
 type slot/number
ip address ip-prefix/length 
ip dhcp relay address 
hellotime holdtimepriority priority
Configure HSRP with an IP helper address to a DHCP server. Different command syntax is used. NX-OS also uses 'hsrp' as keyword, while IOS uses 'standby'.

 In NX-OS, the HSRP feature needs to be enabled before it can be used. To use the DHCP relay, DHCP services also has to be enabled. The HSRP holdtime needs to be at least 3x the hello time. NX-OS uses CIDR notation for IP addresses, but can accept the ip-address maskformat as well.
Prior to NX-OS 4.2(1), the service dhcpcommand enabled the DHCP Relay feature. In NX-OS 4.2(1) the command was changed to ip dhcp relay.
ip dhcp pool name! No equivalent NX-OS commandConfigure a Dynamic Host Configuration Protocol (DHCP) address pool on a DHCP server.

 The NX-OS supports DHCP snooping, and DHCP relay, but does notsupport acting as a DHCP server.
ip multicast-routingfeature PIMEnable IP multicast routing
ip prefix-list name seq seq-num permit prefix/length
Configure an IP prefix-list
ipv6 unicast-routinginterface type slot/numberipv6 address ipv6-prefix/prefix-length eui-64interface type slot/number
ipv6 address ipv6-prefix/prefix-length eui-64
Enable IPv6 traffic forwarding on an interface.

 NX-OS does NOT need to enable IPv6 routing globally.
ip telnet source-interface Loopback0
ip tftp source-interface Loopback0
ip domain-lookup source-interface Loopback0
ip flow-export source Loopback0
ip tacacs source-interface Loopback0
logging source-interface Loopback0
snmp-server trap-source Loopback0
ntp source Loopback0

aaa group server tacacs+ default use-vrf management
source-interface mgmt0
snmp-server source-interface trap mgmt0
snmp-server source-interface inform mgmt0
snmp-server host 
ip-address use-vrf management
snmp-server host 
ip-address source-interface mgmt0
ntp server ip-address use-vrf management
vrf context management
ip route ip-address
interface mgmt0
ip address
logging server ip-address serverity use-vrf management
Configure a management interface.
Note: The NX-OS management interface is in a separate management VRF.
ntp server ip-address
Configure an NTP server as a time source.
Note: NX-OS previously needed the NTP enable command - this command was deprecated in 5.2(1). Starting with 5.2(1), NX-OS devices can serve as an NTP server for other devices in the network. (Use the ntp master [stratum] command to set the device as an authoritative NTP server.)
ntp authenticate
ntp authentication-key 
number md5
ntp trusted-key 
ntp update-calendar
ntp server ip-address key key-id 

! No NX-OS support for ntp update-calendar command
Configure NTP authentication options.

 NX-OS does not currently support the ntp update-calendar command.

monitor session session-# 
source interface type slot/numbermonitor session session-# destination interface type slot/numberinterface type slot/numberswitchport 
switchport monitor [ingress | learning] 
monitor session session-numberdescription description
source interface 
type slot/number
destination interface 
type slot/number 
Enable SPAN sessions on interfaces or VLANs
snmp-server community RW-string RW acl-#
snmp-server community RO-string RO acl-#
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server host ip-address string
snmp ifmib ifindex persistsnmp-server community RW-string RW
snmp-server community
 RO-string RO
snmp-server community
 RW-string use-acl acl-name
snmp-server community RO-string use-acl acl-name
snmp-server enable traps snmp authentication
snmp-server enable traps link 
snmp-server enable traps entity
snmp-server host ip-address string
Enable common SNMP options.

 NX-OS syntax differs.
tacacs-server host ip-address
tacacs-server directed-request
tacacs-server key [0 | 7] key
feature tacacs+
tacacs-server host ip-address
tacacs-server directed-request
tacacs-server key [0 | 6 | 7] key
Configure TACACS+ server
I hope this gives you a useful overview of some common configuration and verification commands you may need when migrating.
Three useful Cisco documentation links for further information:
http://docwiki.cisco.com/wiki/Cisco_Nexus_7000_NX-OS/IOS_Comparison_Tech_Notes -- includes multiple articles comparing Cisco NX-OS and Cisco IOS features.

No comments:

Post a Comment