Online networking labs & tools

SharonTools

Posted on by Posted in Tips 1 Comment

Useful commands for Nexus (7000, 5000, 2000)  switches

 

HSRP

hsrp 102
 preempt delay minimum 60
 priority 120
 ip 172.19.102.254

Command to lock the configuration when entering configuration mode

 configure terminal lock

Show the port profiles config under the int (the inhereted config)

 show port-profile expand-interface

Show vpc usage

show vpc usage

Check witch ports are pinned to FEX Uplink port

show int e1/6 fex-int

Redistibute fex static pinning (need to update the pinning max links firts)

fex pinning redistibute 101

Disable VDC combined host names

no vdc combined-hostname

Backup license

copy licenses bootflash://license.tar
 copy bootflash://license.tar tftp://1.1.1.1/license.tar

Save commands history to disk

 archive
 log config
 logging enable
 logging size 200
 hidekeys
 notify syslog

Save log to disk

 logging buffered
 logging persistent url disk0:/syslog size 134217728 filesize 16384

Check what is synced with CFS

show cfs application

Turn on CFS over IP (over mgmt port)

cfs eth distribute
cfs ipv4 distribute

Turn on CFS for NTP

ntp distribute

Commit ntp changes when using CFS

 ntp commit

Check fabric modules status

show module xbar

Disable LAN trafic on FCoE port

 interface ethernet slot/port
 shutdown lan

Unicast RPF

 interface Ethernet2/3
 ip address 172.23.231.240/23
 ip verify unicast source reachable-via any
 show ip interface vlan 10 | i unicast

Check modules hardware capabilities

show hardware capacity forwarding

Fabric utilization

show hardware capacity fabric-utilization

Check if was an interfaces drops on a module

show hardware capacity interface

Check port quees

show policy-map interface Ethernet 1/1 input type queuing

Tern on locator led

beacon

Tern on locator led – N2K

conf t
 fex 101
 beacon

Ccancel combined-hostname at hostnames

no vdc combined-hostname

Start new evaluation for license (Only for nexus 7000)

license grace-period

Check mac address table at hardware: (UCS)

A(nxos)# show platform fwm in replmac | in %Mac%

Jumbo frames

switch(config)#system jumbomtu 9216
 switch(config)#interface ethernet x/x
 switch(config-if)#switchport
 switch(config-if)#mtu 9216
 switch(config-if)#exit
 switch(config)# policy-map type network-qos jumbo
 switch(config-pmap-nq)# class type network-qos class-default
 switch(config-pmap-c-nq)# mtu 9216
 switch(config-pmap-c-nq)# exit
 switch(config-pmap-nq)# exit
 switch(config)# system qos
 switch(config-sys-qos)# service-policy type network-qos jumbo

Upgrade nexus

 copy ftp://a@73.192.99.217/n5000-uk9-kickstart.5.1.3.N1.0.328.bin bootflash:
 copy ftp://a@73.192.99.217/n5000-uk9.5.1.3.N1.0.328.bin bootflash:
 install all kickstart bootflash:n5000-uk9-kickstart.5.1.3.N1.0.328.bin system bootflash:n5000-uk9.5.1.3.N1.0.328.bin

Clock client – NXOS
>ntp server 10.0.0.10 prefer use-vrf default
Add fex (N2K) to N5K

 fex 101
 interface port-channel101
  switchport mode fex-fabric
 vpc 101
  fex associate 101
 interface Ethernet1/1-2
  switchport mode fex-fabric
  fex associate 101
  channel-group 101

Check Po load balancing statistics

show port-channel traffic

vPC track

track 10 list boolean or
 object 11
 object 12
 track 11 interface port-channel10 line-protocol
 track 12 interface Ethernet1/1 line-protocol
 vpc domain 10
 role priority 32767
 system-priority 1
 track 10
 peer-keepalive destination 192.168.100.2 source 192.168.100.1 vrf peerkeepalive

Sync config (for Nexus 5000 vPC peers)

 cfs ipv4 distribute
 cfs eth distribute
 switch-profile sync-test
 sync-peers destination 10.10.10.252

DHCP snooping

ip dhcp snooping
 ip dhcp snooping information option
 no ip dhcp snooping verify mac-address
 no ip dhcp relay
 ip dhcp snooping vlan 1-3967,4048-4093
 interface port-channel1
 ip dhcp snooping trust
 interface Ethernet101/1/48
 ip dhcp snooping trust

Arp inspect (protect DG)

ip arp inspection vlan 1-3967
 ip arp inspection filter Protect_DG vlan 1-3967
 arp access-list Protect_DG
 10 permit ip 0.0.0.254 0.0.0.255 mac 0000.0c07.ac00 FFFF.FFFF.FF00
 20 permit ip 0.0.0.254 0.0.0.255 mac 0000.5E00.0100 FFFF.FFFF.FF00
 30 deny ip host 172.19.102.254 mac any log
 40 permit ip any mac any

 

CCIE data center #43074

1 thought on “NX-OS general commands

  1. Hello Sharon

    Nice blog. Unfortunately the “archive” command is not available on Nexus/NXOS, only on Catalyst/IOS. If you managed to configure the “archive” stuff, please let me know which NXOS version. We are looking for a way to implement that on Nexus.
    Any hint or help is appreciated 🙂

    BR, Patrick

    Reply

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.